summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
committerYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
commite1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch)
treeae0c8b5f4cd8289d0797882ea18969f33ea59a1e
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz
vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip
New upstream version 5.6.1
-rw-r--r--Android.common.mk2
-rw-r--r--Makefile.am2
-rw-r--r--Makefile.in4
-rw-r--r--NEWS43
-rw-r--r--conf/Makefile.am2
-rw-r--r--conf/Makefile.in4
-rw-r--r--conf/options/charon.conf3
-rw-r--r--conf/options/charon.opt3
-rw-r--r--conf/options/pacman.conf12
-rw-r--r--conf/options/pacman.opt7
-rw-r--r--conf/options/sec-updater.conf42
-rw-r--r--conf/options/sec-updater.opt29
-rw-r--r--conf/plugins/eap-radius.conf4
-rw-r--r--conf/plugins/eap-radius.opt4
-rw-r--r--conf/plugins/systime-fix.conf4
-rw-r--r--conf/plugins/systime-fix.opt4
-rw-r--r--conf/strongswan.conf.5.main62
-rw-r--r--config.h.in5
-rwxr-xr-xconfigure210
-rw-r--r--configure.ac72
-rw-r--r--fuzz/Makefile.am23
-rw-r--r--fuzz/Makefile.in235
-rw-r--r--fuzz/libFuzzerLocal.c59
-rw-r--r--init/Makefile.in2
-rw-r--r--init/systemd-swanctl/Makefile.in2
-rw-r--r--init/systemd/Makefile.in2
-rw-r--r--man/Makefile.in2
-rw-r--r--man/ipsec.conf.5.in16
-rw-r--r--scripts/Makefile.in2
-rw-r--r--scripts/oid2der.c17
-rw-r--r--scripts/pubkey_speed.c4
-rw-r--r--src/Makefile.am4
-rw-r--r--src/Makefile.in11
-rw-r--r--src/_copyright/Makefile.in2
-rw-r--r--src/_updown/Makefile.in2
-rw-r--r--src/aikgen/Makefile.in2
-rw-r--r--src/charon-cmd/Makefile.in2
-rw-r--r--src/charon-nm/Makefile.in2
-rw-r--r--src/charon-svc/Makefile.in2
-rw-r--r--src/charon-systemd/Makefile.in2
-rw-r--r--src/charon-tkm/Makefile.in2
-rw-r--r--src/charon-tkm/src/charon-tkm.c47
-rw-r--r--src/charon-tkm/src/tkm/tkm_id_manager.c48
-rw-r--r--src/charon-tkm/src/tkm/tkm_id_manager.h20
-rw-r--r--src/charon-tkm/src/tkm/tkm_kernel_ipsec.c8
-rw-r--r--src/charon-tkm/src/tkm/tkm_keymat.c19
-rw-r--r--src/charon-tkm/src/tkm/tkm_private_key.c3
-rw-r--r--src/charon-tkm/src/tkm/tkm_public_key.c3
-rw-r--r--src/charon-tkm/tests/id_manager_tests.c97
-rw-r--r--src/charon-tkm/tests/kernel_sad_tests.c4
-rw-r--r--src/charon/Makefile.in2
-rw-r--r--src/charon/charon.c30
-rw-r--r--src/checksum/Makefile.am4
-rw-r--r--src/checksum/Makefile.in5
-rw-r--r--src/conftest/Makefile.in2
-rw-r--r--src/conftest/hooks/pretend_auth.c2
-rw-r--r--src/conftest/hooks/rebuild_auth.c2
-rw-r--r--src/dumm/Makefile.in2
-rw-r--r--src/include/Makefile.in2
-rw-r--r--src/ipsec/Makefile.in2
-rw-r--r--src/ipsec/_ipsec.82
-rw-r--r--src/ipsec/_ipsec.in2
-rw-r--r--src/libcharon/Makefile.am7
-rw-r--r--src/libcharon/Makefile.in299
-rw-r--r--src/libcharon/config/child_cfg.h3
-rw-r--r--src/libcharon/config/ike_cfg.c1
-rw-r--r--src/libcharon/config/proposal.c15
-rw-r--r--src/libcharon/config/proposal.h2
-rw-r--r--src/libcharon/control/controller.c5
-rw-r--r--src/libcharon/encoding/payloads/cert_payload.h2
-rw-r--r--src/libcharon/encoding/payloads/eap_payload.c2
-rw-r--r--src/libcharon/encoding/payloads/nonce_payload.c2
-rw-r--r--src/libcharon/encoding/payloads/transform_substructure.h2
-rw-r--r--src/libcharon/kernel/kernel_ipsec.h2
-rw-r--r--src/libcharon/plugins/addrblock/Makefile.in2
-rw-r--r--src/libcharon/plugins/android_dns/Makefile.in2
-rw-r--r--src/libcharon/plugins/android_log/Makefile.in2
-rw-r--r--src/libcharon/plugins/attr/Makefile.in2
-rw-r--r--src/libcharon/plugins/attr_sql/Makefile.in2
-rw-r--r--src/libcharon/plugins/bypass_lan/Makefile.in2
-rw-r--r--src/libcharon/plugins/certexpire/Makefile.in2
-rw-r--r--src/libcharon/plugins/connmark/Makefile.in2
-rw-r--r--src/libcharon/plugins/counters/Makefile.am19
-rw-r--r--src/libcharon/plugins/counters/Makefile.in804
-rw-r--r--src/libcharon/plugins/counters/counters_listener.c464
-rw-r--r--src/libcharon/plugins/counters/counters_listener.h49
-rw-r--r--src/libcharon/plugins/counters/counters_plugin.c101
-rw-r--r--src/libcharon/plugins/counters/counters_plugin.h45
-rw-r--r--src/libcharon/plugins/counters/counters_query.h124
-rw-r--r--src/libcharon/plugins/coupling/Makefile.in2
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.in2
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_socket.c4
-rw-r--r--src/libcharon/plugins/dnscert/Makefile.in2
-rw-r--r--src/libcharon/plugins/duplicheck/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c2
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c2
-rw-r--r--src/libcharon/plugins/eap_dynamic/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_peap/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.c45
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_accounting.c48
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_accounting.h11
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_simaka_sql/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_tls/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_tnc/Makefile.in2
-rw-r--r--src/libcharon/plugins/eap_ttls/Makefile.in2
-rw-r--r--src/libcharon/plugins/error_notify/Makefile.in2
-rw-r--r--src/libcharon/plugins/ext_auth/Makefile.in2
-rw-r--r--src/libcharon/plugins/farp/Makefile.in2
-rw-r--r--src/libcharon/plugins/forecast/Makefile.in2
-rw-r--r--src/libcharon/plugins/ha/Makefile.in2
-rw-r--r--src/libcharon/plugins/ipseckey/Makefile.in2
-rw-r--r--src/libcharon/plugins/kernel_iph/Makefile.in2
-rw-r--r--src/libcharon/plugins/kernel_libipsec/Makefile.in2
-rw-r--r--src/libcharon/plugins/kernel_netlink/Makefile.am10
-rw-r--r--src/libcharon/plugins/kernel_netlink/Makefile.in113
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c7
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c4
-rw-r--r--src/libcharon/plugins/kernel_pfkey/Makefile.in2
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c18
-rw-r--r--src/libcharon/plugins/kernel_pfroute/Makefile.in2
-rw-r--r--src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c5
-rw-r--r--src/libcharon/plugins/kernel_wfp/Makefile.in2
-rw-r--r--src/libcharon/plugins/led/Makefile.in2
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.in2
-rw-r--r--src/libcharon/plugins/lookip/Makefile.in2
-rw-r--r--src/libcharon/plugins/medcli/Makefile.in2
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.in2
-rw-r--r--src/libcharon/plugins/osx_attr/Makefile.in2
-rw-r--r--src/libcharon/plugins/p_cscf/Makefile.in2
-rw-r--r--src/libcharon/plugins/radattr/Makefile.in2
-rw-r--r--src/libcharon/plugins/resolve/Makefile.in2
-rw-r--r--src/libcharon/plugins/smp/Makefile.in2
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.in2
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.in2
-rw-r--r--src/libcharon/plugins/socket_win/Makefile.in2
-rw-r--r--src/libcharon/plugins/sql/Makefile.in2
-rw-r--r--src/libcharon/plugins/stroke/Makefile.am1
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in3
-rw-r--r--src/libcharon/plugins/stroke/stroke_counter.c369
-rw-r--r--src/libcharon/plugins/stroke/stroke_counter.h60
-rw-r--r--src/libcharon/plugins/stroke/stroke_plugin.c1
-rw-r--r--src/libcharon/plugins/stroke/stroke_socket.c3
-rw-r--r--src/libcharon/plugins/systime_fix/Makefile.in2
-rw-r--r--src/libcharon/plugins/systime_fix/systime_fix_plugin.c52
-rw-r--r--src/libcharon/plugins/tnc_ifmap/Makefile.in2
-rw-r--r--src/libcharon/plugins/tnc_pdp/Makefile.in2
-rw-r--r--src/libcharon/plugins/uci/Makefile.in2
-rw-r--r--src/libcharon/plugins/unity/Makefile.in2
-rw-r--r--src/libcharon/plugins/updown/Makefile.in2
-rw-r--r--src/libcharon/plugins/vici/Makefile.am1
-rw-r--r--src/libcharon/plugins/vici/Makefile.in3
-rw-r--r--src/libcharon/plugins/vici/README.md29
-rw-r--r--src/libcharon/plugins/vici/perl/Makefile.in2
-rw-r--r--src/libcharon/plugins/vici/python/Makefile.in2
-rw-r--r--src/libcharon/plugins/vici/ruby/Makefile.in4
-rw-r--r--src/libcharon/plugins/vici/vici_config.c26
-rw-r--r--src/libcharon/plugins/vici/vici_plugin.c1
-rw-r--r--src/libcharon/plugins/vici/vici_query.c161
-rw-r--r--src/libcharon/plugins/whitelist/Makefile.in2
-rw-r--r--src/libcharon/plugins/xauth_eap/Makefile.in2
-rw-r--r--src/libcharon/plugins/xauth_generic/Makefile.in2
-rw-r--r--src/libcharon/plugins/xauth_noauth/Makefile.in2
-rw-r--r--src/libcharon/plugins/xauth_pam/Makefile.in2
-rw-r--r--src/libcharon/sa/child_sa.c19
-rw-r--r--src/libcharon/sa/ike_sa.c18
-rw-r--r--src/libcharon/sa/ike_sa.h10
-rw-r--r--src/libcharon/sa/ike_sa_manager.c88
-rw-r--r--src/libcharon/sa/ike_sa_manager.h15
-rw-r--r--src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c4
-rw-r--r--src/libcharon/sa/ikev1/iv_manager.c1
-rw-r--r--src/libcharon/sa/ikev1/tasks/main_mode.c3
-rw-r--r--src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c173
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.h5
-rw-r--r--src/libcharon/sa/ikev2/task_manager_v2.c22
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_create.c1
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_delete.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth.c1
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_init.c15
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_vendor.c2
-rw-r--r--src/libcharon/sa/shunt_manager.c21
-rw-r--r--src/libcharon/tests/Makefile.in2
-rw-r--r--src/libfast/Makefile.in2
-rw-r--r--src/libfast/fast_dispatcher.c2
-rw-r--r--src/libfast/fast_dispatcher.h8
-rw-r--r--src/libfast/fast_session.h2
-rw-r--r--src/libimcv/Android.mk2
-rw-r--r--src/libimcv/Makefile.in2
-rw-r--r--src/libimcv/ietf/ietf_attr.c6
-rw-r--r--src/libimcv/ietf/ietf_attr.h2
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.c16
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.h20
-rw-r--r--src/libimcv/ietf/swima/ietf_swima_attr_req.c4
-rw-r--r--src/libimcv/imv/data.sql92
-rw-r--r--src/libimcv/imv/imv_agent.c4
-rw-r--r--src/libimcv/imv/tables.sql16
-rw-r--r--src/libimcv/plugins/imc_attestation/Makefile.in2
-rw-r--r--src/libimcv/plugins/imc_hcd/Makefile.in2
-rw-r--r--src/libimcv/plugins/imc_os/Makefile.in2
-rw-r--r--src/libimcv/plugins/imc_scanner/Makefile.in2
-rw-r--r--src/libimcv/plugins/imc_swid/Makefile.in2
-rw-r--r--src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag (renamed from src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag)4
-rw-r--r--src/libimcv/plugins/imc_swima/Makefile.in2
-rw-r--r--src/libimcv/plugins/imc_swima/imc_swima.c10
-rw-r--r--src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag (renamed from src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag)4
-rw-r--r--src/libimcv/plugins/imc_test/Makefile.in2
-rw-r--r--src/libimcv/plugins/imv_attestation/Makefile.in2
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_process.c15
-rw-r--r--src/libimcv/plugins/imv_hcd/Makefile.in2
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.am9
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.in110
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_agent.c3
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_database.c34
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.c24
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.h10
-rw-r--r--src/libimcv/plugins/imv_os/pacman.c499
-rwxr-xr-xsrc/libimcv/plugins/imv_os/pacman.sh203
-rw-r--r--src/libimcv/plugins/imv_scanner/Makefile.in2
-rw-r--r--src/libimcv/plugins/imv_swid/Makefile.in2
-rw-r--r--src/libimcv/plugins/imv_swima/Makefile.in2
-rw-r--r--src/libimcv/plugins/imv_swima/imv_swima_agent.c4
-rw-r--r--src/libimcv/plugins/imv_test/Makefile.in2
-rw-r--r--src/libimcv/pts/pts.c2
-rw-r--r--src/libimcv/pts/pts_database.c108
-rw-r--r--src/libimcv/pts/pts_database.h21
-rw-r--r--src/libimcv/pts/pts_file_meas.c12
-rw-r--r--src/libimcv/suites/test_imcv_seg.c24
-rw-r--r--src/libimcv/suites/test_imcv_swima.c2
-rw-r--r--src/libimcv/swid_gen/swid_gen.h2
-rw-r--r--src/libimcv/swima/swima_error.c2
-rw-r--r--src/libipsec/Makefile.in2
-rw-r--r--src/libipsec/ip_packet.c70
-rw-r--r--src/libipsec/ipsec_sa_mgr.c11
-rw-r--r--src/libipsec/tests/Makefile.in2
-rw-r--r--src/libpttls/Makefile.in2
-rw-r--r--src/libradius/Makefile.in2
-rw-r--r--src/libsimaka/Makefile.in2
-rw-r--r--src/libstrongswan/Android.mk1
-rw-r--r--src/libstrongswan/Makefile.am18
-rw-r--r--src/libstrongswan/Makefile.in477
-rw-r--r--src/libstrongswan/asn1/asn1.c32
-rw-r--r--src/libstrongswan/asn1/asn1.h25
-rw-r--r--src/libstrongswan/asn1/oid.c940
-rw-r--r--src/libstrongswan/asn1/oid.h477
-rw-r--r--src/libstrongswan/asn1/oid.txt6
-rw-r--r--src/libstrongswan/credentials/auth_cfg.c188
-rw-r--r--src/libstrongswan/credentials/auth_cfg.h4
-rw-r--r--src/libstrongswan/credentials/builder.c1
-rw-r--r--src/libstrongswan/credentials/builder.h4
-rw-r--r--src/libstrongswan/credentials/certificates/certificate.h7
-rw-r--r--src/libstrongswan/credentials/certificates/x509.c9
-rw-r--r--src/libstrongswan/credentials/certificates/x509.h7
-rw-r--r--src/libstrongswan/credentials/containers/pkcs12.c1
-rw-r--r--src/libstrongswan/credentials/cred_encoding.h2
-rw-r--r--src/libstrongswan/credentials/credential_manager.c6
-rw-r--r--src/libstrongswan/credentials/credential_manager.h5
-rw-r--r--src/libstrongswan/credentials/keys/private_key.h6
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c57
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h16
-rw-r--r--src/libstrongswan/credentials/keys/signature_params.c366
-rw-r--r--src/libstrongswan/credentials/keys/signature_params.h129
-rw-r--r--src/libstrongswan/credentials/sets/cert_cache.c28
-rw-r--r--src/libstrongswan/credentials/sets/cert_cache.h5
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c77
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h18
-rw-r--r--src/libstrongswan/crypto/prfs/prf.h3
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.h2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in25
-rw-r--r--src/libstrongswan/crypto/signers/signer.h3
-rw-r--r--src/libstrongswan/crypto/xofs/xof.c33
-rw-r--r--src/libstrongswan/crypto/xofs/xof.h19
-rw-r--r--src/libstrongswan/math/libnttfft/Makefile.in2
-rw-r--r--src/libstrongswan/math/libnttfft/tests/Makefile.in2
-rw-r--r--src/libstrongswan/networking/streams/stream_manager.c9
-rw-r--r--src/libstrongswan/networking/streams/stream_service_systemd.c71
-rw-r--r--src/libstrongswan/networking/streams/stream_service_systemd.h40
-rw-r--r--src/libstrongswan/plugins/acert/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/aesni/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/af_alg/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.c2
-rw-r--r--src/libstrongswan/plugins/bliss/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/bliss/bliss_private_key.c2
-rw-r--r--src/libstrongswan/plugins/bliss/bliss_public_key.c2
-rw-r--r--src/libstrongswan/plugins/bliss/tests/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c14
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/chapoly/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/cmac/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/constraints/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/curve25519/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/curve25519/curve25519_private_key.c2
-rw-r--r--src/libstrongswan/plugins/curve25519/curve25519_public_key.c2
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/files/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.c6
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.h6
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c22
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c229
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c75
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c11
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h5
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.c15
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c232
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c128
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/keychain/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/mgf1/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/mgf1/mgf1_plugin.c4
-rw-r--r--src/libstrongswan/plugins/mgf1/mgf1_xof.c8
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/newhope/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/newhope/tests/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/nonce/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/ntru/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crl.c111
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c5
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h5
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.c15
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.h3
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.c22
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.h14
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_pkcs7.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c158
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c512
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h3
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c146
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_sha1_prf.c1
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c93
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pem/pem_encoder.c2
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_builder.c20
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_cert.c2
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_encoder.c1
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_builder.c7
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_dh.c6
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_dh.h6
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_manager.c23
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c2
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c2
-rw-r--r--src/libstrongswan/plugins/pkcs12/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs7/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c5
-rw-r--r--src/libstrongswan/plugins/pkcs8/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs8/pkcs8_builder.c11
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c6
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_cert.c11
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/rc2/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/rdrand/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sha3/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/soup/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sshkey/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/unbound/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/winhttp/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.c89
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c97
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c85
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c4
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c35
-rw-r--r--src/libstrongswan/plugins/x509/x509_pkcs10.c80
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in2
-rw-r--r--src/libstrongswan/processing/watcher.c8
-rw-r--r--src/libstrongswan/selectors/traffic_selector.c223
-rw-r--r--src/libstrongswan/settings/settings.c44
-rw-r--r--src/libstrongswan/settings/settings.h4
-rw-r--r--src/libstrongswan/tests/Makefile.am13
-rw-r--r--src/libstrongswan/tests/Makefile.in1110
-rw-r--r--src/libstrongswan/tests/suites/test_asn1.c41
-rw-r--r--src/libstrongswan/tests/suites/test_auth_cfg.c105
-rw-r--r--src/libstrongswan/tests/suites/test_ecdsa.c7
-rw-r--r--src/libstrongswan/tests/suites/test_ed25519.c30
-rw-r--r--src/libstrongswan/tests/suites/test_hasher.c37
-rw-r--r--src/libstrongswan/tests/suites/test_rsa.c4827
-rw-r--r--src/libstrongswan/tests/suites/test_signature_params.c461
-rw-r--r--src/libstrongswan/tests/suites/test_traffic_selector.c38
-rw-r--r--src/libstrongswan/tests/suites/test_utils.c79
-rw-r--r--src/libstrongswan/tests/test_runner.c49
-rw-r--r--src/libstrongswan/tests/test_suite.c49
-rw-r--r--src/libstrongswan/tests/test_suite.h24
-rw-r--r--src/libstrongswan/tests/tests.h1
-rw-r--r--src/libstrongswan/utils/debug.h4
-rw-r--r--src/libstrongswan/utils/identification.c3
-rw-r--r--src/libstrongswan/utils/utils.h1
-rw-r--r--src/libstrongswan/utils/utils/time.c68
-rw-r--r--src/libstrongswan/utils/utils/time.h16
-rw-r--r--src/libtls/Makefile.in2
-rw-r--r--src/libtls/tests/Makefile.in2
-rw-r--r--src/libtls/tls_crypto.c15
-rw-r--r--src/libtls/tls_prf.c2
-rw-r--r--src/libtnccs/Makefile.in2
-rw-r--r--src/libtnccs/plugins/tnc_imc/Makefile.in2
-rw-r--r--src/libtnccs/plugins/tnc_imc/tnc_imc.c2
-rw-r--r--src/libtnccs/plugins/tnc_imv/Makefile.in2
-rw-r--r--src/libtnccs/plugins/tnc_imv/tnc_imv.c2
-rw-r--r--src/libtnccs/plugins/tnc_tnccs/Makefile.in2
-rw-r--r--src/libtnccs/plugins/tnccs_11/Makefile.in2
-rw-r--r--src/libtnccs/plugins/tnccs_20/Makefile.in2
-rw-r--r--src/libtnccs/plugins/tnccs_dynamic/Makefile.in2
-rw-r--r--src/libtncif/Makefile.in2
-rw-r--r--src/libtncif/tncif_pa_subtypes.c6
-rw-r--r--src/libtncif/tncif_pa_subtypes.h2
-rw-r--r--src/libtpmtss/Makefile.in2
-rw-r--r--src/libtpmtss/plugins/tpm/Makefile.in2
-rw-r--r--src/libtpmtss/plugins/tpm/tpm_private_key.c4
-rw-r--r--src/libtpmtss/tpm_tss_tss2.c2
-rw-r--r--src/manager/Makefile.in2
-rw-r--r--src/manager/templates/static/jquery.js2
-rw-r--r--src/medsrv/Makefile.in2
-rw-r--r--src/pki/Makefile.in2
-rw-r--r--src/pki/command.c8
-rw-r--r--src/pki/command.h2
-rw-r--r--src/pki/commands/acert.c23
-rw-r--r--src/pki/commands/gen.c2
-rw-r--r--src/pki/commands/issue.c25
-rw-r--r--src/pki/commands/req.c45
-rw-r--r--src/pki/commands/self.c27
-rw-r--r--src/pki/commands/signcrl.c49
-rw-r--r--src/pki/man/Makefile.in2
-rw-r--r--src/pki/man/pki---acert.1.in5
-rw-r--r--src/pki/man/pki---issue.1.in5
-rw-r--r--src/pki/man/pki---req.1.in5
-rw-r--r--src/pki/man/pki---self.1.in5
-rw-r--r--src/pki/man/pki---signcrl.1.in5
-rw-r--r--src/pki/pki.c52
-rw-r--r--src/pki/pki.h14
-rw-r--r--src/pool/Makefile.in2
-rw-r--r--src/pool/pool.c38
-rw-r--r--src/pool/pool_usage.c8
-rw-r--r--src/pt-tls-client/Makefile.in2
-rw-r--r--src/pt-tls-client/pt-tls-client.1.in4
-rw-r--r--src/pt-tls-client/pt-tls-client.c3
-rw-r--r--src/scepclient/Makefile.in2
-rw-r--r--src/sec-updater/Makefile.am18
-rw-r--r--src/sec-updater/Makefile.in845
-rw-r--r--src/sec-updater/sec-updater.8.in84
-rw-r--r--src/sec-updater/sec-updater.c565
-rwxr-xr-xsrc/sec-updater/sec-updater.sh168
-rw-r--r--src/starter/Makefile.am14
-rw-r--r--src/starter/Makefile.in16
-rw-r--r--src/starter/confread.c20
-rw-r--r--src/starter/keywords.c1
-rw-r--r--src/starter/keywords.h4
-rw-r--r--src/starter/keywords.h.in203
-rw-r--r--src/starter/keywords.txt1
-rw-r--r--src/starter/tests/Makefile.in2
-rw-r--r--src/stroke/Makefile.am14
-rw-r--r--src/stroke/Makefile.in16
-rw-r--r--src/stroke/stroke_keywords.h3
-rw-r--r--src/stroke/stroke_keywords.h.in79
-rw-r--r--src/sw-collector/Makefile.in2
-rw-r--r--src/sw-collector/sw-collector.8.in18
-rw-r--r--src/sw-collector/sw-collector.c1
-rw-r--r--src/swanctl/Makefile.am1
-rw-r--r--src/swanctl/Makefile.in15
-rw-r--r--src/swanctl/command.c9
-rw-r--r--src/swanctl/command.h2
-rw-r--r--src/swanctl/commands/counters.c154
-rw-r--r--src/swanctl/swanctl.conf3
-rw-r--r--src/swanctl/swanctl.conf.5.main72
-rw-r--r--src/swanctl/swanctl.opt47
-rw-r--r--testing/Makefile.in2
-rw-r--r--testing/config/kernel/config-4.132613
-rwxr-xr-xtesting/do-tests2
-rw-r--r--testing/hosts/default/etc/strongswan.conf.testing10
-rwxr-xr-xtesting/scripts/build-baseimage2
-rwxr-xr-xtesting/scripts/build-strongswan3
-rw-r--r--testing/scripts/recipes/013_strongswan.mk3
-rw-r--r--testing/ssh_config1
-rw-r--r--testing/testing.conf2
-rw-r--r--testing/tests/af-alg/alg-camellia/description.txt6
-rw-r--r--testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/af-alg/alg-camellia/posttest.dat4
-rw-r--r--testing/tests/af-alg/alg-camellia/pretest.dat4
-rw-r--r--testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf12
-rw-r--r--testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf12
-rw-r--r--testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf12
-rw-r--r--testing/tests/af-alg/rw-cert/posttest.dat6
-rw-r--r--testing/tests/af-alg/rw-cert/pretest.dat6
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/description.txt6
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat4
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat10
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/description.txt6
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat4
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat8
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/description.txt7
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat10
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/ipsec.conf22
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/swanctl/swanctl.conf27
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/ipsec.conf21
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/swanctl/swanctl.conf25
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat5
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat8
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/test.conf4
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/description.txt8
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat12
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/ipsec.conf22
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/swanctl/swanctl.conf27
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/ipsec.conf22
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/swanctl/swanctl.conf27
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/ipsec.conf21
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/swanctl/swanctl.conf25
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/posttest.dat8
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/pretest.dat14
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/test.conf4
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/description.txt5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/description.txt5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/description.txt6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/pretest.dat13
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/description.txt6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/pretest.dat13
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/description.txt4
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/description.txt4
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/description.txt6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/pretest.dat13
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/description.txt6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/pretest.dat13
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/description.txt7
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev1/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/posttest.dat12
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/pretest.dat17
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/description.txt7
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/posttest.dat12
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/pretest.dat17
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/description.txt10
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/posttest.dat (renamed from testing/tests/libipsec/rw-suite-b/posttest.dat)4
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/pretest.dat (renamed from testing/tests/libipsec/rw-suite-b/pretest.dat)6
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/description.txt10
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/pretest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/description.txt7
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/posttest.dat12
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/pretest.dat20
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/description.txt7
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/posttest.dat12
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/pretest.dat20
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/description.txt5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/evaltest.dat9
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/description.txt5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/evaltest.dat10
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6/host2host-ikev1/description.txt11
-rw-r--r--testing/tests/ipv6/host2host-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/host2host-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/host2host-ikev1/pretest.dat9
-rw-r--r--testing/tests/ipv6/host2host-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/host2host-ikev2/description.txt11
-rw-r--r--testing/tests/ipv6/host2host-ikev2/evaltest.dat8
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/host2host-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/host2host-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/host2host-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ikev1/description.txt13
-rw-r--r--testing/tests/ipv6/net2net-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/net2net-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ikev1/pretest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ikev1/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ikev2/description.txt13
-rw-r--r--testing/tests/ipv6/net2net-ikev2/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf10
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt14
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf11
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt14
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf11
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt23
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf31
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf31
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/rsa/sunKey.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509/sunCert.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/evaltest.dat8
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf25
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ikev1/description.txt4
-rw-r--r--testing/tests/ipv6/rw-ikev1/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-ikev1/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-ikev1/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-ikev1/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-ikev1/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ikev2/description.txt4
-rw-r--r--testing/tests/ipv6/rw-ikev2/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ikev2/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ikev2/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-ikev2/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt18
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt18
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/description.txt10
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/evaltest.dat13
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf37
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/pretest.dat16
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/description.txt10
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/swanctl/swanctl.conf37
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/pretest.dat16
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat13
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf26
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem)0
-rwxr-xr-xtesting/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf26
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem)0
-rwxr-xr-xtesting/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf25
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem)0
-rwxr-xr-xtesting/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/transport-ikev1/description.txt11
-rw-r--r--testing/tests/ipv6/transport-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ipv6/transport-ikev1/hosts/moon/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf8
-rw-r--r--testing/tests/ipv6/transport-ikev1/hosts/sun/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/transport-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/transport-ikev1/pretest.dat6
-rw-r--r--testing/tests/ipv6/transport-ikev1/test.conf6
-rw-r--r--testing/tests/ipv6/transport-ikev2/description.txt11
-rw-r--r--testing/tests/ipv6/transport-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/moon/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/sun/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/transport-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/transport-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/transport-ikev2/test.conf6
-rw-r--r--testing/tests/libipsec/host2host-cert/evaltest.dat6
-rw-r--r--testing/tests/libipsec/host2host-cert/hosts/moon/etc/ipsec.conf19
-rw-r--r--testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/libipsec/host2host-cert/hosts/moon/etc/swanctl/swanctl.conf26
-rw-r--r--testing/tests/libipsec/host2host-cert/hosts/sun/etc/ipsec.conf19
-rw-r--r--testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/libipsec/host2host-cert/hosts/sun/etc/swanctl/swanctl.conf26
-rw-r--r--testing/tests/libipsec/host2host-cert/posttest.dat5
-rw-r--r--testing/tests/libipsec/host2host-cert/pretest.dat6
-rw-r--r--testing/tests/libipsec/host2host-cert/test.conf4
-rw-r--r--testing/tests/libipsec/net2net-3des/evaltest.dat10
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-3des/posttest.dat5
-rw-r--r--testing/tests/libipsec/net2net-3des/pretest.dat10
-rw-r--r--testing/tests/libipsec/net2net-3des/test.conf4
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/description.txt14
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/evaltest.dat5
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf29
-rwxr-xr-xtesting/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/updown (renamed from testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown)53
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf29
-rwxr-xr-xtesting/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/updown (renamed from testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown)53
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/posttest.dat9
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/pretest.dat11
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/test.conf25
-rw-r--r--testing/tests/libipsec/net2net-cert/evaltest.dat6
-rw-r--r--testing/tests/libipsec/net2net-cert/hosts/moon/etc/ipsec.conf22
-rw-r--r--testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-cert/hosts/sun/etc/ipsec.conf22
-rw-r--r--testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-cert/posttest.dat5
-rw-r--r--testing/tests/libipsec/net2net-cert/pretest.dat10
-rw-r--r--testing/tests/libipsec/net2net-cert/test.conf4
-rw-r--r--testing/tests/libipsec/net2net-null/evaltest.dat10
-rw-r--r--testing/tests/libipsec/net2net-null/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-null/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-null/hosts/sun/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-null/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-null/posttest.dat5
-rw-r--r--testing/tests/libipsec/net2net-null/pretest.dat10
-rw-r--r--testing/tests/libipsec/net2net-null/test.conf4
-rw-r--r--testing/tests/libipsec/rw-suite-b/description.txt10
-rw-r--r--testing/tests/libipsec/rw-suite-b/evaltest.dat19
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.conf23
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem17
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/certs/carolCert.pem15
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/private/carolKey.pem5
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.secrets3
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf13
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.conf23
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem17
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/certs/daveCert.pem15
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/private/daveKey.pem5
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.secrets3
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.flush21
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.rules32
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf13
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.conf23
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem17
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/certs/moonCert.pem15
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/private/moonKey.pem5
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/libipsec/rw-suite-b/hosts/moon/etc/updown638
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/sql/ip-pool-db-expired/evaltest.dat4
-rw-r--r--testing/tests/sql/ip-pool-db-expired/posttest.dat6
-rw-r--r--testing/tests/sql/ip-pool-db-expired/pretest.dat9
-rw-r--r--testing/tests/sql/ip-pool-db-restart/posttest.dat6
-rw-r--r--testing/tests/sql/ip-pool-db-restart/pretest.dat9
-rw-r--r--testing/tests/sql/ip-pool-db/posttest.dat6
-rw-r--r--testing/tests/sql/ip-pool-db/pretest.dat9
-rw-r--r--testing/tests/sql/ip-split-pools-db-restart/posttest.dat6
-rw-r--r--testing/tests/sql/ip-split-pools-db-restart/pretest.dat9
-rw-r--r--testing/tests/sql/ip-split-pools-db/posttest.dat6
-rw-r--r--testing/tests/sql/ip-split-pools-db/pretest.dat9
-rw-r--r--testing/tests/sql/multi-level-ca/posttest.dat6
-rw-r--r--testing/tests/sql/multi-level-ca/pretest.dat9
-rw-r--r--testing/tests/sql/net2net-cert/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-cert/pretest.dat8
-rw-r--r--testing/tests/sql/net2net-psk/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-psk/pretest.dat8
-rw-r--r--testing/tests/sql/net2net-route-pem/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-route-pem/pretest.dat6
-rw-r--r--testing/tests/sql/net2net-start-pem/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-start-pem/pretest.dat8
-rw-r--r--testing/tests/sql/rw-cert/posttest.dat6
-rw-r--r--testing/tests/sql/rw-cert/pretest.dat9
-rw-r--r--testing/tests/sql/rw-eap-aka-rsa/posttest.dat4
-rw-r--r--testing/tests/sql/rw-eap-aka-rsa/pretest.dat6
-rw-r--r--testing/tests/sql/rw-psk-ipv4/posttest.dat6
-rw-r--r--testing/tests/sql/rw-psk-ipv4/pretest.dat9
-rw-r--r--testing/tests/sql/rw-psk-ipv6/posttest.dat6
-rw-r--r--testing/tests/sql/rw-psk-ipv6/pretest.dat9
-rw-r--r--testing/tests/sql/rw-psk-rsa-split/posttest.dat6
-rw-r--r--testing/tests/sql/rw-psk-rsa-split/pretest.dat9
-rw-r--r--testing/tests/sql/rw-rsa-keyid/posttest.dat6
-rw-r--r--testing/tests/sql/rw-rsa-keyid/pretest.dat9
-rw-r--r--testing/tests/sql/rw-rsa/posttest.dat6
-rw-r--r--testing/tests/sql/rw-rsa/pretest.dat9
-rw-r--r--testing/tests/sql/shunt-policies-nat-rw/posttest.dat6
-rw-r--r--testing/tests/sql/shunt-policies-nat-rw/pretest.dat9
-rwxr-xr-xtesting/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/config-payload/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/config-payload/pretest.dat6
-rw-r--r--testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/crl-to-cache/posttest.dat4
-rw-r--r--testing/tests/swanctl/crl-to-cache/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/dhcp-dynamic/posttest.dat6
-rw-r--r--testing/tests/swanctl/dhcp-dynamic/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf12
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf12
-rwxr-xr-xtesting/tests/swanctl/ip-pool/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/manual-prio/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/manual-prio/pretest.dat6
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat6
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat6
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/swanctl/multi-level-ca/posttest.dat12
-rw-r--r--testing/tests/swanctl/multi-level-ca/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf19
-rwxr-xr-xtesting/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf19
-rwxr-xr-xtesting/tests/swanctl/net2net-ed25519/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-ed25519/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/pretest.dat6
-rw-r--r--testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/net2net-multicast/posttest.dat4
-rw-r--r--testing/tests/swanctl/net2net-multicast/pretest.dat4
-rw-r--r--testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/net2net-pubkey/posttest.dat4
-rw-r--r--testing/tests/swanctl/net2net-pubkey/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-route/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-route/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/net2net-start/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-start/pretest.dat4
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/swanctl/ocsp-disabled/posttest.dat4
-rw-r--r--testing/tests/swanctl/ocsp-disabled/pretest.dat4
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf10
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf10
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/posttest.dat12
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/pretest.dat6
-rw-r--r--testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/ocsp-signer-cert/posttest.dat4
-rw-r--r--testing/tests/swanctl/ocsp-signer-cert/pretest.dat4
-rw-r--r--testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/protoport-dual/posttest.dat4
-rw-r--r--testing/tests/swanctl/protoport-dual/pretest.dat4
-rw-r--r--testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/protoport-range/posttest.dat4
-rw-r--r--testing/tests/swanctl/protoport-range/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/description.txt8
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/evaltest.dat14
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf18
-rw-r--r--testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem30
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf35
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf18
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf27
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf20
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf25
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/posttest.dat8
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/pretest.dat11
-rwxr-xr-x[-rw-r--r--]testing/tests/swanctl/rw-cert-pss/test.conf (renamed from testing/tests/libipsec/rw-suite-b/test.conf)4
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-cert/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-cert/pretest.dat6
-rw-r--r--testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-dnssec/posttest.dat6
-rw-r--r--testing/tests/swanctl/rw-dnssec/pretest.dat6
-rw-r--r--testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat4
-rw-r--r--testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat4
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat4
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf18
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf18
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf18
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/pretest.dat6
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/posttest.dat6
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/pretest.dat6
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf6
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf6
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat6
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat6
-rw-r--r--testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/xauth-rsa/posttest.dat6
-rw-r--r--testing/tests/swanctl/xauth-rsa/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/tnc/tnccs-11-radius/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-block/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-block/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fail-resp/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-fail-resp/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf12
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf21
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf25
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat8
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat8
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf15
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf20
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf20
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf18
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat2
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat2
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/evaltest.dat12
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf15
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/pretest.dat10
-rw-r--r--testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-os/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf12
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat10
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat10
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-pts/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-pts/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-tls/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-tls/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-dynamic/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-dynamic/pretest.dat6
1448 files changed, 25529 insertions, 8675 deletions
diff --git a/Android.common.mk b/Android.common.mk
index 1243e26f7..19d654e0c 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
)
# strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.6.0"
+strongswan_VERSION := "5.6.1"
diff --git a/Makefile.am b/Makefile.am
index 47e9e8ce6..54b822050 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -59,7 +59,7 @@ cov-report:
lcov -c -o $(top_builddir)/coverage/coverage.info -d $(top_builddir) \
--rc lcov_branch_coverage=1
lcov -r $(top_builddir)/coverage/coverage.info '*/tests/*' '*/suites/*' '/usr*' \
- -o $(top_builddir)/coverage/coverage.cleaned.info \
+ -o $(abs_top_builddir)/coverage/coverage.cleaned.info \
--rc lcov_branch_coverage=1
genhtml --num-spaces 4 --legend --branch-coverage --ignore-errors source \
-t "$(PACKAGE_STRING)" \
diff --git a/Makefile.in b/Makefile.in
index b08cb7bef..a3abb3483 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -276,9 +276,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -1039,7 +1041,7 @@ cov-reset-common:
@COVERAGE_TRUE@ lcov -c -o $(top_builddir)/coverage/coverage.info -d $(top_builddir) \
@COVERAGE_TRUE@ --rc lcov_branch_coverage=1
@COVERAGE_TRUE@ lcov -r $(top_builddir)/coverage/coverage.info '*/tests/*' '*/suites/*' '/usr*' \
-@COVERAGE_TRUE@ -o $(top_builddir)/coverage/coverage.cleaned.info \
+@COVERAGE_TRUE@ -o $(abs_top_builddir)/coverage/coverage.cleaned.info \
@COVERAGE_TRUE@ --rc lcov_branch_coverage=1
@COVERAGE_TRUE@ genhtml --num-spaces 4 --legend --branch-coverage --ignore-errors source \
@COVERAGE_TRUE@ -t "$(PACKAGE_STRING)" \
diff --git a/NEWS b/NEWS
index 8e82607b3..fe0d6f9c2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,46 @@
+strongswan-5.6.1
+----------------
+
+- In compliance with RFCs 8221 and 8247 several algorithms were removed from the
+ default ESP/AH and IKEv2 proposals, respectively (3DES, Blowfish and MD5 from
+ ESP/AH, MD5 and MODP-1024 from IKEv2). These algorithms may still be used in
+ custom proposals.
+
+- Added support for RSASSA-PSS signatures. For backwards compatibility they are
+ not used automatically by default, enable charon.rsa_pss to change that. To
+ explicitly use or require such signatures with IKEv2 signature authentication
+ (RFC 7427), regardless of whether that option is enabled, use ike:rsa/pss...
+ authentication constraints.
+
+- The pki tool can optionally sign certificates/CRLs with RSASSA-PSS via the
+ `--rsa-padding pss` option.
+
+- The sec-updater tool checks for security updates in dpkg-based repositories
+ (e.g. Debian/Ubuntu) and sets the security flags in the IMV policy database
+ accordingly. Additionally for each new package version a SWID tag for the
+ given OS and HW architecture is created and stored in the database.
+ Using the sec-updater.sh script template the lookup can be automated
+ (e.g. via an hourly cron job).
+
+- The introduction of file versions in the IMV database scheme broke file
+ reference hash measurements. This has been fixed by creating generic product
+ versions having an empty package name.
+
+- A new timeout option for the systime-fix plugin stops periodic system time
+ checks after a while and enforces a certificate verification, closing or
+ reauthenticating all SAs with invalid certificates.
+
+- The IKE event counters, previously only available via ipsec listcounters, may
+ now be queried/reset via vici and the new swanctl --counters command. They are
+ provided by the new optional counters plugin.
+
+- Class attributes received in RADIUS Access-Accept messages may optionally be
+ added to RADIUS accounting messages.
+
+- Inbound marks may optionally be installed on the SA again (was removed with
+ 5.5.2) by enabling the mark_in_sa option in swanctl.conf.
+
+
strongswan-5.6.0
----------------
diff --git a/conf/Makefile.am b/conf/Makefile.am
index 87319db22..38181db2c 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -18,13 +18,13 @@ options = \
options/imv_policy_manager.opt \
options/manager.opt \
options/medsrv.opt \
- options/pacman.opt \
options/pki.opt \
options/pool.opt \
options/scepclient.opt \
options/starter.opt \
options/swanctl.opt \
options/tnc.opt \
+ options/sec-updater.opt \
options/sw-collector.opt
plugins = \
diff --git a/conf/Makefile.in b/conf/Makefile.in
index b403c727d..c2cb213f7 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -199,9 +199,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -422,13 +424,13 @@ options = \
options/imv_policy_manager.opt \
options/manager.opt \
options/medsrv.opt \
- options/pacman.opt \
options/pki.opt \
options/pool.opt \
options/scepclient.opt \
options/starter.opt \
options/swanctl.opt \
options/tnc.opt \
+ options/sec-updater.opt \
options/sw-collector.opt
plugins = \
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index f0d084bed..cef9fe36c 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -230,6 +230,9 @@ charon {
# Priority of the routing table.
# routing_table_prio =
+ # Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+ # rsa_pss = no
+
# Delay in ms for sending packets, to simulate larger RTT.
# send_delay = 0
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 900b9b46b..161ebb724 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -341,6 +341,9 @@ charon.routing_table
charon.routing_table_prio
Priority of the routing table.
+charon.rsa_pss = no
+ Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+
charon.send_delay = 0
Delay in ms for sending packets, to simulate larger RTT.
diff --git a/conf/options/pacman.conf b/conf/options/pacman.conf
deleted file mode 100644
index 730e5435c..000000000
--- a/conf/options/pacman.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-pacman {
-
- # Database URI for the database that stores the package information. If it
- # contains a password, make sure to adjust the permissions of the config
- # file accordingly.
- # database =
-
- # Plugins to load in package manager.
- # load =
-
-}
-
diff --git a/conf/options/pacman.opt b/conf/options/pacman.opt
deleted file mode 100644
index dfb4ba2b1..000000000
--- a/conf/options/pacman.opt
+++ /dev/null
@@ -1,7 +0,0 @@
-pacman.database =
- Database URI for the database that stores the package information. If it
- contains a password, make sure to adjust the permissions of the config file
- accordingly.
-
-pacman.load =
- Plugins to load in package manager.
diff --git a/conf/options/sec-updater.conf b/conf/options/sec-updater.conf
new file mode 100644
index 000000000..081476a50
--- /dev/null
+++ b/conf/options/sec-updater.conf
@@ -0,0 +1,42 @@
+# Options for the sec-updater tool.
+sec-updater {
+
+ # Global IMV policy database URI. If it contains a password, make sure to
+ # adjust the permissions of the config file accordingly.
+ # database =
+
+ # Plugins to load in sec-updater tool.
+ # load =
+
+ # strongTNC manage.py command used to import SWID tags.
+ # tnc_manage_command = /var/www/tnc/manage.py
+
+ swid_gen {
+
+ # SWID generator command to be executed.
+ # command = /usr/local/bin/swid_generator
+
+ tag_creator {
+
+ # Name of the tagCreator entity.
+ # name = strongSwan Project
+
+ # regid of the tagCreator entity.
+ # regid = strongswan.org
+
+ }
+
+ }
+
+ tmp {
+
+ # Temporary storage for downloaded deb package file.
+ # deb_file = /tmp/sec-updater.deb
+
+ # Temporary storage for generated SWID tags.
+ # tag_file = /tmp/sec-updater.tag
+
+ }
+
+}
+
diff --git a/conf/options/sec-updater.opt b/conf/options/sec-updater.opt
new file mode 100644
index 000000000..f6669250e
--- /dev/null
+++ b/conf/options/sec-updater.opt
@@ -0,0 +1,29 @@
+sec-updater {}
+ Options for the sec-updater tool.
+
+ Options for the sec-updater tool.
+
+sec-updater.database =
+ Global IMV policy database URI. If it contains a password, make sure to
+ adjust the permissions of the config file accordingly.
+
+sec-updater.swid_gen.command = /usr/local/bin/swid_generator
+ SWID generator command to be executed.
+
+sec-updater.swid_gen.tag_creator.name = strongSwan Project
+ Name of the tagCreator entity.
+
+sec-updater.swid_gen.tag_creator.regid = strongswan.org
+ regid of the tagCreator entity.
+
+sec-updater.tnc_manage_command = /var/www/tnc/manage.py
+ strongTNC manage.py command used to import SWID tags.
+
+sec-updater.tmp.deb_file = /tmp/sec-updater.deb
+ Temporary storage for downloaded deb package file.
+
+sec-updater.tmp.tag_file = /tmp/sec-updater.tag
+ Temporary storage for generated SWID tags.
+
+sec-updater.load =
+ Plugins to load in sec-updater tool.
diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index 8858f3fc5..5a486114e 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -15,6 +15,10 @@ eap-radius {
# virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
# accounting_requires_vip = no
+ # If enabled, adds the Class attributes received in Access-Accept message to
+ # the RADIUS accounting messages.
+ # accounting_send_class = no
+
# Use class attributes in Access-Accept messages as group membership
# information.
# class_group = no
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index c3668ec06..f18a74c49 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -13,6 +13,10 @@ charon.plugins.eap-radius.accounting_requires_vip = no
If enabled, accounting is disabled unless an IKE_SA has at least one
virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
+charon.plugins.eap-radius.accounting_send_class = no
+ If enabled, adds the Class attributes received in Access-Accept message to
+ the RADIUS accounting messages.
+
charon.plugins.eap-radius.class_group = no
Use class attributes in Access-Accept messages as group membership
information.
diff --git a/conf/plugins/systime-fix.conf b/conf/plugins/systime-fix.conf
index f5cd4cd5d..1d9a6983a 100644
--- a/conf/plugins/systime-fix.conf
+++ b/conf/plugins/systime-fix.conf
@@ -18,5 +18,9 @@ systime-fix {
# strptime(3) format used to parse threshold option.
# threshold_format = %Y
+ # How long to wait for a valid system time if an interval is configured. 0
+ # to recheck indefinitely.
+ # timeout = 0s
+
}
diff --git a/conf/plugins/systime-fix.opt b/conf/plugins/systime-fix.opt
index 7abd03627..714981a52 100644
--- a/conf/plugins/systime-fix.opt
+++ b/conf/plugins/systime-fix.opt
@@ -10,3 +10,7 @@ charon.plugins.systime-fix.threshold =
charon.plugins.systime-fix.threshold_format = %Y
**strptime**(3) format used to parse threshold option.
+
+charon.plugins.systime-fix.timeout = 0s
+ How long to wait for a valid system time if an interval is configured. 0 to
+ recheck indefinitely.
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index 4f38c9b03..b54f3e492 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -632,6 +632,11 @@ If enabled, accounting is disabled unless an IKE_SA has at least one virtual IP.
Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
.TP
+.BR charon.plugins.eap-radius.accounting_send_class " [no]"
+If enabled, adds the Class attributes received in Access\-Accept message to the
+RADIUS accounting messages.
+
+.TP
.BR charon.plugins.eap-radius.class_group " [no]"
Use the
.RI "" "class" ""
@@ -1495,6 +1500,11 @@ Threshold date where system time is considered valid. Disabled if not specified.
format used to parse threshold option.
.TP
+.BR charon.plugins.systime-fix.timeout " [0s]"
+How long to wait for a valid system time if an interval is configured. 0 to
+recheck indefinitely.
+
+.TP
.BR charon.plugins.tnc-ifmap.client_cert " []"
Path to X.509 certificate file of IF\-MAP client.
@@ -1763,6 +1773,10 @@ Numerical routing table to install routes to.
Priority of the routing table.
.TP
+.BR charon.rsa_pss " [no]"
+Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+
+.TP
.BR charon.send_delay " [0]"
Delay in ms for sending packets, to simulate larger RTT.
@@ -2307,16 +2321,6 @@ Number of thread for mediation service web application.
Session timeout for mediation service.
.TP
-.BR pacman.database " []"
-Database URI for the database that stores the package information. If it
-contains a password, make sure to adjust the permissions of the config file
-accordingly.
-
-.TP
-.BR pacman.load " []"
-Plugins to load in package manager.
-
-.TP
.BR pki.load " []"
Plugins to load in ipsec pki tool.
@@ -2335,6 +2339,44 @@ Plugins to load in ipsec pool tool.
Plugins to load in ipsec scepclient tool.
.TP
+.B sec-updater
+.br
+Options for the sec\-updater tool.
+
+.TP
+.BR sec-updater.database " []"
+Global IMV policy database URI. If it contains a password, make sure to adjust
+the permissions of the config file accordingly.
+
+.TP
+.BR sec-updater.load " []"
+Plugins to load in sec\-updater tool.
+
+.TP
+.BR sec-updater.swid_gen.command " [/usr/local/bin/swid_generator]"
+SWID generator command to be executed.
+
+.TP
+.BR sec-updater.swid_gen.tag_creator.name " [strongSwan Project]"
+Name of the tagCreator entity.
+
+.TP
+.BR sec-updater.swid_gen.tag_creator.regid " [strongswan.org]"
+regid of the tagCreator entity.
+
+.TP
+.BR sec-updater.tmp.deb_file " [/tmp/sec-updater.deb]"
+Temporary storage for downloaded deb package file.
+
+.TP
+.BR sec-updater.tmp.tag_file " [/tmp/sec-updater.tag]"
+Temporary storage for generated SWID tags.
+
+.TP
+.BR sec-updater.tnc_manage_command " [/var/www/tnc/manage.py]"
+strongTNC manage.py command used to import SWID tags.
+
+.TP
.BR starter.config_file " [${sysconfdir}/ipsec.conf]"
Location of the ipsec.conf file
diff --git a/config.h.in b/config.h.in
index 06d399922..ba1deb1ce 100644
--- a/config.h.in
+++ b/config.h.in
@@ -136,7 +136,7 @@
/* Define to 1 if you have the `mmap' function. */
#undef HAVE_MMAP
-/* have mpz_mown_sec() */
+/* have mpz_powm_sec() */
#undef HAVE_MPZ_POWM_SEC
/* Define to 1 if you have the <netinet6/ipsec.h> header file. */
@@ -199,6 +199,9 @@
/* have PF_ROUTE RTM_IFANNOUNCE defined */
#undef HAVE_RTM_IFANNOUNCE
+/* Define to 1 if you have the `sd_listen_fds_with_names' function. */
+#undef HAVE_SD_LISTEN_FDS_WITH_NAMES
+
/* Define to 1 if you have the `sem_timedwait' function. */
#undef HAVE_SEM_TIMEDWAIT
diff --git a/configure b/configure
index 287d2b6eb..9eca70911 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.6.0.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.6.1.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='strongSwan'
PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.6.0'
-PACKAGE_STRING='strongSwan 5.6.0'
+PACKAGE_VERSION='5.6.1'
+PACKAGE_STRING='strongSwan 5.6.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -741,6 +741,8 @@ USE_LOCK_PROFILER_FALSE
USE_LOCK_PROFILER_TRUE
USE_LEAK_DETECTIVE_FALSE
USE_LEAK_DETECTIVE_TRUE
+USE_COUNTERS_FALSE
+USE_COUNTERS_TRUE
USE_ATTR_SQL_FALSE
USE_ATTR_SQL_TRUE
USE_ATTR_FALSE
@@ -1064,6 +1066,7 @@ RUBY_GEMS_INSTALL_FALSE
RUBY_GEMS_INSTALL_TRUE
RUBYGEMDIR
GEM
+FUZZING_LDFLAGS
COVERAGE_LDFLAGS
COVERAGE_CFLAGS
GENHTML
@@ -1080,6 +1083,7 @@ nm_LIBS
nm_CFLAGS
pcsclite_LIBS
pcsclite_CFLAGS
+OPENSSL_LIB
MYSQLCFLAG
MYSQLCONFIG
MYSQLLIB
@@ -1111,7 +1115,6 @@ USE_X86X64_FALSE
USE_X86X64_TRUE
USE_WINDOWS_FALSE
USE_WINDOWS_TRUE
-OPENSSL_LIB
RTLIB
USE_SYSLOG_FALSE
USE_SYSLOG_TRUE
@@ -1121,6 +1124,7 @@ SOCKLIB
BTLIB
DLLIB
ALLOCA
+GPERF_LEN_TYPE
GPERF
PERL
pkgpyexecdir
@@ -1447,6 +1451,7 @@ enable_android_log
enable_bypass_lan
enable_certexpire
enable_connmark
+enable_counters
enable_forecast
enable_duplicheck
enable_error_notify
@@ -2103,7 +2108,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures strongSwan 5.6.0 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.6.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -2174,7 +2179,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of strongSwan 5.6.0:";;
+ short | recursive ) echo "Configuration of strongSwan 5.6.1:";;
esac
cat <<\_ACEOF
@@ -2350,6 +2355,8 @@ Optional Features:
certificates.
--enable-connmark enable connmark plugin using conntrack based marks
to select return path SA.
+ --enable-counters enable plugin that collects several performance
+ counters.
--enable-forecast enable forecast plugin forwarding
broadcast/multicast messages.
--enable-duplicheck advanced duplicate checking plugin using liveness
@@ -2652,7 +2659,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-strongSwan configure 5.6.0
+strongSwan configure 5.6.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3174,7 +3181,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by strongSwan $as_me 5.6.0, which was
+It was created by strongSwan $as_me 5.6.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -4037,7 +4044,7 @@ fi
# Define the identity of the package.
PACKAGE='strongswan'
- VERSION='5.6.0'
+ VERSION='5.6.1'
cat >>confdefs.h <<_ACEOF
@@ -7044,6 +7051,22 @@ fi
disabled_by_default=${disabled_by_default}" connmark"
+# Check whether --enable-counters was given.
+if test "${enable_counters+set}" = set; then :
+ enableval=$enable_counters; counters_given=true
+ if test x$enableval = xyes; then
+ counters=true
+ else
+ counters=false
+ fi
+else
+ counters=false
+ counters_given=false
+
+fi
+
+ disabled_by_default=${disabled_by_default}" counters"
+
# Check whether --enable-forecast was given.
if test "${enable_forecast+set}" = set; then :
enableval=$enable_forecast; forecast_given=true
@@ -18070,6 +18093,45 @@ fi
$as_echo_n "checking gperf version >= 3.0.0... " >&6; }
if test -x "$GPERF"; then
if test "`$GPERF --version | $AWK -F' ' '/^GNU gperf/ { print $3 }' | $AWK -F. '{ print $1 }'`" -ge "3"; then
+ GPERF_OUTPUT="`echo foo | ${GPERF}`"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+ const char *in_word_set(const char*, size_t); $GPERF_OUTPUT
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ GPERF_LEN_TYPE=size_t
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+ const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ GPERF_LEN_TYPE=unsigned
+else
+ as_fn_error $? "unable to determine gperf len type" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
@@ -18166,10 +18228,14 @@ if test x$aikgen = xtrue; then
tss_trousers=true
fi
-if test x$ntru = xtrue -o x$bliss = xtrue; then
+if test x$gmp = xtrue -o x$ntru = xtrue -o x$bliss = xtrue; then
mgf1=true
fi
+if test x$stroke = xtrue; then
+ counters=true
+fi
+
# ===========================================
# check required libraries and header files
# ===========================================
@@ -19605,7 +19671,7 @@ if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
windows=true
- openssl_lib=eay32
+
PTHREADLIB=""
# explicitly disable ms-bitfields, as it breaks __attribute__((packed))
@@ -19618,7 +19684,6 @@ else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- openssl_lib=crypto
# check for clock_gettime() on non-Windows only. Otherwise this
# check might find clock_gettime() in libwinpthread, but we don't want
@@ -19699,8 +19764,6 @@ done
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-OPENSSL_LIB=-l$openssl_lib
-
if test "x$windows" = xtrue; then
USE_WINDOWS_TRUE=
USE_WINDOWS_FALSE='#'
@@ -19923,7 +19986,7 @@ $as_echo_n "checking mpz_powm_sec... " >&6; }
int
main ()
{
-void *x = mpz_powm_sec;
+void *x __attribute__((unused)); x = mpz_powm_sec;
;
return 0;
}
@@ -20869,6 +20932,20 @@ $as_echo "yes" >&6; }
fi
+ saved_LIBS=$LIBS
+ LIBS="$systemd_LIBS $systemd_daemon_LIBS"
+ for ac_func in sd_listen_fds_with_names
+do :
+ ac_fn_c_check_func "$LINENO" "sd_listen_fds_with_names" "ac_cv_func_sd_listen_fds_with_names"
+if test "x$ac_cv_func_sd_listen_fds_with_names" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SD_LISTEN_FDS_WITH_NAMES 1
+_ACEOF
+
+fi
+done
+
+ LIBS=$saved_LIBS
fi
if test x$tss_trousers = xtrue; then
@@ -21945,7 +22022,57 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
if test x$openssl = xtrue; then
- as_ac_Lib=`$as_echo "ac_cv_lib_$openssl_lib''_EVP_CIPHER_CTX_new" | $as_tr_sh`
+ if test "x$windows" = xtrue; then
+ openssl_lib=eay32
+ as_ac_Lib=`$as_echo "ac_cv_lib_$openssl_lib''_EVP_CIPHER_CTX_new" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -l$openssl_lib" >&5
+$as_echo_n "checking for EVP_CIPHER_CTX_new in -l$openssl_lib... " >&6; }
+if eval \${$as_ac_Lib+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-l$openssl_lib $DLLIB $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_CIPHER_CTX_new ();
+int
+main ()
+{
+return EVP_CIPHER_CTX_new ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$as_ac_Lib=yes"
+else
+ eval "$as_ac_Lib=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+eval ac_res=\$$as_ac_Lib
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
+ LIBS="$LIBS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; };openssl_lib=""
+fi
+
+ fi
+ if test -z "$openssl_lib"; then
+ openssl_lib=crypto
+ as_ac_Lib=`$as_echo "ac_cv_lib_$openssl_lib''_EVP_CIPHER_CTX_new" | $as_tr_sh`
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -l$openssl_lib" >&5
$as_echo_n "checking for EVP_CIPHER_CTX_new in -l$openssl_lib... " >&6; }
if eval \${$as_ac_Lib+:} false; then :
@@ -21989,6 +22116,9 @@ else
as_fn_error $? "OpenSSL lib$openssl_lib not found" "$LINENO" 5
fi
+ fi
+ OPENSSL_LIB=-l$openssl_lib
+
ac_fn_c_check_header_mongrel "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default"
if test "x$ac_cv_header_openssl_evp_h" = xyes; then :
@@ -23043,6 +23173,19 @@ $as_echo "$as_me: coverage enabled, adding \"-g -O0\" to CFLAGS" >&6;}
CFLAGS="${CFLAGS} -g -O0"
fi
+if test x$fuzzing = xtrue; then
+ if test x$libfuzzer = x; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: fuzz targets enabled without libFuzzer, using local driver" >&5
+$as_echo "$as_me: fuzz targets enabled without libFuzzer, using local driver" >&6;}
+ CFLAGS="${CFLAGS} -fsanitize=address"
+ libfuzzer="libFuzzerLocal.a"
+ else
+ # required for libFuzzer
+ FUZZING_LDFLAGS="-stdlib=libc++ -lstdc++"
+
+ fi
+fi
+
if test x$ruby_gems = xtrue; then
# Extract the first word of "gem", so it can be a program name with args.
set dummy gem; ac_word=$2
@@ -24364,6 +24507,12 @@ if test x$unity = xtrue; then
fi
+if test x$counters = xtrue; then
+ c_plugins=${c_plugins}" counters"
+ charon_plugins=${charon_plugins}" counters"
+
+ fi
+
@@ -25569,6 +25718,14 @@ else
USE_ATTR_SQL_FALSE=
fi
+ if test x$counters = xtrue; then
+ USE_COUNTERS_TRUE=
+ USE_COUNTERS_FALSE='#'
+else
+ USE_COUNTERS_TRUE='#'
+ USE_COUNTERS_FALSE=
+fi
+
# other options
# ---------------
@@ -25780,7 +25937,7 @@ else
USE_LIBPTTLS_FALSE=
fi
- if test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm -o x$aikgen = xtrue -o x$imcv = xtrue; then
+ if test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm = xtrue -o x$aikgen = xtrue -o x$imcv = xtrue; then
USE_LIBTPMTSS_TRUE=
USE_LIBTPMTSS_FALSE='#'
else
@@ -26079,8 +26236,8 @@ fi
if test -z "$USE_IMCV_TRUE"; then :
strongswan_options=${strongswan_options}" imcv"
fi
-if test -z "$USE_IMV_OS_TRUE"; then :
- strongswan_options=${strongswan_options}" pacman"
+if test -z "$USE_IMV_SWIMA_TRUE"; then :
+ strongswan_options=${strongswan_options}" sec-updater"
fi
if test -z "$USE_LIBTNCCS_TRUE"; then :
strongswan_options=${strongswan_options}" tnc"
@@ -26110,14 +26267,14 @@ fi
# build Makefiles
# =================
-ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile"
+ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile"
# =================
# build man pages
# =================
-ac_config_files="$ac_config_files conf/strongswan.conf.5.head conf/strongswan.conf.5.tail man/ipsec.conf.5 man/ipsec.secrets.5 src/charon-cmd/charon-cmd.8 src/pki/man/pki.1 src/pki/man/pki---acert.1 src/pki/man/pki---dn.1 src/pki/man/pki---gen.1 src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs12.1 src/pki/man/pki---pkcs7.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 src/pki/man/pki---self.1 src/pki/man/pki---signcrl.1 src/pki/man/pki---verify.1 src/swanctl/swanctl.8 src/swanctl/swanctl.conf.5.head src/swanctl/swanctl.conf.5.tail src/pt-tls-client/pt-tls-client.1 src/sw-collector/sw-collector.8"
+ac_config_files="$ac_config_files conf/strongswan.conf.5.head conf/strongswan.conf.5.tail man/ipsec.conf.5 man/ipsec.secrets.5 src/charon-cmd/charon-cmd.8 src/pki/man/pki.1 src/pki/man/pki---acert.1 src/pki/man/pki---dn.1 src/pki/man/pki---gen.1 src/pki/man/pki---issue.1 src/pki/man/pki---keyid.1 src/pki/man/pki---pkcs12.1 src/pki/man/pki---pkcs7.1 src/pki/man/pki---print.1 src/pki/man/pki---pub.1 src/pki/man/pki---req.1 src/pki/man/pki---self.1 src/pki/man/pki---signcrl.1 src/pki/man/pki---verify.1 src/swanctl/swanctl.8 src/swanctl/swanctl.conf.5.head src/swanctl/swanctl.conf.5.tail src/pt-tls-client/pt-tls-client.1 src/sw-collector/sw-collector.8 src/sec-updater/sec-updater.8"
cat >confcache <<\_ACEOF
@@ -26870,6 +27027,10 @@ if test -z "${USE_ATTR_SQL_TRUE}" && test -z "${USE_ATTR_SQL_FALSE}"; then
as_fn_error $? "conditional \"USE_ATTR_SQL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_COUNTERS_TRUE}" && test -z "${USE_COUNTERS_FALSE}"; then
+ as_fn_error $? "conditional \"USE_COUNTERS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_LEAK_DETECTIVE_TRUE}" && test -z "${USE_LEAK_DETECTIVE_FALSE}"; then
as_fn_error $? "conditional \"USE_LEAK_DETECTIVE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -27483,7 +27644,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by strongSwan $as_me 5.6.0, which was
+This file was extended by strongSwan $as_me 5.6.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -27549,7 +27710,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-strongSwan config.status 5.6.0
+strongSwan config.status 5.6.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -28102,6 +28263,7 @@ do
"src/libcharon/plugins/socket_win/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_win/Makefile" ;;
"src/libcharon/plugins/bypass_lan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/bypass_lan/Makefile" ;;
"src/libcharon/plugins/connmark/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/connmark/Makefile" ;;
+ "src/libcharon/plugins/counters/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/counters/Makefile" ;;
"src/libcharon/plugins/forecast/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/forecast/Makefile" ;;
"src/libcharon/plugins/farp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/farp/Makefile" ;;
"src/libcharon/plugins/smp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/smp/Makefile" ;;
@@ -28168,6 +28330,7 @@ do
"src/conftest/Makefile") CONFIG_FILES="$CONFIG_FILES src/conftest/Makefile" ;;
"src/pt-tls-client/Makefile") CONFIG_FILES="$CONFIG_FILES src/pt-tls-client/Makefile" ;;
"src/sw-collector/Makefile") CONFIG_FILES="$CONFIG_FILES src/sw-collector/Makefile" ;;
+ "src/sec-updater/Makefile") CONFIG_FILES="$CONFIG_FILES src/sec-updater/Makefile" ;;
"src/swanctl/Makefile") CONFIG_FILES="$CONFIG_FILES src/swanctl/Makefile" ;;
"scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;;
"testing/Makefile") CONFIG_FILES="$CONFIG_FILES testing/Makefile" ;;
@@ -28195,6 +28358,7 @@ do
"src/swanctl/swanctl.conf.5.tail") CONFIG_FILES="$CONFIG_FILES src/swanctl/swanctl.conf.5.tail" ;;
"src/pt-tls-client/pt-tls-client.1") CONFIG_FILES="$CONFIG_FILES src/pt-tls-client/pt-tls-client.1" ;;
"src/sw-collector/sw-collector.8") CONFIG_FILES="$CONFIG_FILES src/sw-collector/sw-collector.8" ;;
+ "src/sec-updater/sec-updater.8") CONFIG_FILES="$CONFIG_FILES src/sec-updater/sec-updater.8" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
diff --git a/configure.ac b/configure.ac
index 45277d967..6effecce3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
#
# Copyright (C) 2007-2017 Tobias Brunner
-# Copyright (C) 2006-2016 Andreas Steffen
+# Copyright (C) 2006-2017 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
# HSR Hochschule fuer Technik Rapperswil
#
@@ -19,7 +19,7 @@
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.6.0])
+AC_INIT([strongSwan],[5.6.1])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
@@ -263,6 +263,7 @@ ARG_ENABL_SET([android-log], [enable Android specific logger plugin.])
ARG_ENABL_SET([bypass-lan], [enable plugin to install bypass policies for local subnets.])
ARG_ENABL_SET([certexpire], [enable CSV export of expiration dates of used certificates.])
ARG_ENABL_SET([connmark], [enable connmark plugin using conntrack based marks to select return path SA.])
+ARG_ENABL_SET([counters], [enable plugin that collects several performance counters.])
ARG_ENABL_SET([forecast], [enable forecast plugin forwarding broadcast/multicast messages.])
ARG_ENABL_SET([duplicheck], [advanced duplicate checking plugin using liveness checks.])
ARG_ENABL_SET([error-notify], [enable error notification plugin.])
@@ -378,6 +379,21 @@ AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
AC_MSG_CHECKING([gperf version >= 3.0.0])
if test -x "$GPERF"; then
if test "`$GPERF --version | $AWK -F' ' '/^GNU gperf/ { print $3 }' | $AWK -F. '{ print $1 }'`" -ge "3"; then
+ GPERF_OUTPUT="`echo foo | ${GPERF}`"
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <string.h>
+ const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=size_t],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <string.h>
+ const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=unsigned],
+ [AC_MSG_ERROR([unable to determine gperf len type])]
+ )]
+ )
+ AC_SUBST(GPERF_LEN_TYPE)
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
@@ -471,10 +487,14 @@ if test x$aikgen = xtrue; then
tss_trousers=true
fi
-if test x$ntru = xtrue -o x$bliss = xtrue; then
+if test x$gmp = xtrue -o x$ntru = xtrue -o x$bliss = xtrue; then
mgf1=true
fi
+if test x$stroke = xtrue; then
+ counters=true
+fi
+
# ===========================================
# check required libraries and header files
# ===========================================
@@ -827,7 +847,7 @@ AC_COMPILE_IFELSE(
[
AC_MSG_RESULT([yes])
windows=true
- openssl_lib=eay32
+
AC_SUBST(PTHREADLIB, "")
# explicitly disable ms-bitfields, as it breaks __attribute__((packed))
case "$CFLAGS" in
@@ -837,7 +857,6 @@ AC_COMPILE_IFELSE(
],
[
AC_MSG_RESULT([no])
- openssl_lib=crypto
# check for clock_gettime() on non-Windows only. Otherwise this
# check might find clock_gettime() in libwinpthread, but we don't want
@@ -851,7 +870,6 @@ AC_COMPILE_IFELSE(
LIBS=$saved_LIBS
]
)
-AC_SUBST(OPENSSL_LIB, [-l$openssl_lib])
AM_CONDITIONAL(USE_WINDOWS, [test "x$windows" = xtrue])
AC_MSG_CHECKING([for working __attribute__((packed))])
@@ -919,9 +937,9 @@ if test x$gmp = xtrue; then
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include "gmp.h"]],
- [[void *x = mpz_powm_sec;]])],
+ [[void *x __attribute__((unused)); x = mpz_powm_sec;]])],
[AC_MSG_RESULT([yes]);
- AC_DEFINE([HAVE_MPZ_POWM_SEC], [], [have mpz_mown_sec()])],
+ AC_DEFINE([HAVE_MPZ_POWM_SEC], [], [have mpz_powm_sec()])],
[AC_MSG_RESULT([no])]
)
else
@@ -989,6 +1007,10 @@ if test x$systemd = xtrue; then
AC_SUBST(systemd_journal_CFLAGS)
AC_SUBST(systemd_journal_LIBS)]
)
+ saved_LIBS=$LIBS
+ LIBS="$systemd_LIBS $systemd_daemon_LIBS"
+ AC_CHECK_FUNCS(sd_listen_fds_with_names)
+ LIBS=$saved_LIBS
fi
if test x$tss_trousers = xtrue; then
@@ -1103,8 +1125,17 @@ if test x$sqlite = xtrue; then
fi
if test x$openssl = xtrue; then
- AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
- [AC_MSG_ERROR([OpenSSL lib$openssl_lib not found])],[$DLLIB])
+ if test "x$windows" = xtrue; then
+ openssl_lib=eay32
+ AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
+ [AC_MSG_RESULT([no]);openssl_lib=""],[$DLLIB])
+ fi
+ if test -z "$openssl_lib"; then
+ openssl_lib=crypto
+ AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
+ [AC_MSG_ERROR([OpenSSL lib$openssl_lib not found])],[$DLLIB])
+ fi
+ AC_SUBST(OPENSSL_LIB, [-l$openssl_lib])
AC_CHECK_HEADER([openssl/evp.h],,[AC_MSG_ERROR([OpenSSL header openssl/evp.h not found!])])
fi
@@ -1253,6 +1284,18 @@ if test x$coverage = xtrue; then
CFLAGS="${CFLAGS} -g -O0"
fi
+if test x$fuzzing = xtrue; then
+ if test x$libfuzzer = x; then
+ AC_MSG_NOTICE([fuzz targets enabled without libFuzzer, using local driver])
+ CFLAGS="${CFLAGS} -fsanitize=address"
+ libfuzzer="libFuzzerLocal.a"
+ else
+ # required for libFuzzer
+ FUZZING_LDFLAGS="-stdlib=libc++ -lstdc++"
+ AC_SUBST(FUZZING_LDFLAGS)
+ fi
+fi
+
if test x$ruby_gems = xtrue; then
AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
if test x$GEM = x; then
@@ -1459,6 +1502,7 @@ ADD_PLUGIN([radattr], [c charon])
ADD_PLUGIN([uci], [c charon])
ADD_PLUGIN([addrblock], [c charon])
ADD_PLUGIN([unity], [c charon])
+ADD_PLUGIN([counters], [c charon])
AC_SUBST(charon_plugins)
AC_SUBST(starter_plugins)
@@ -1635,6 +1679,7 @@ AM_CONDITIONAL(USE_UNITY, test x$unity = xtrue)
AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue)
AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue)
AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue)
+AM_CONDITIONAL(USE_COUNTERS, test x$counters = xtrue)
# other options
# ---------------
@@ -1664,7 +1709,7 @@ AM_CONDITIONAL(USE_LIBNTTFFT, test x$bliss = xtrue -o x$newhope = xtrue)
AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue)
-AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm -o x$aikgen = xtrue -o x$imcv = xtrue)
+AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm = xtrue -o x$aikgen = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue)
AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue)
AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
@@ -1737,7 +1782,7 @@ AM_COND_IF([USE_CHARON], [strongswan_options=${strongswan_options}" charon charo
AM_COND_IF([USE_FILE_CONFIG], [strongswan_options=${strongswan_options}" starter"])
AM_COND_IF([USE_IMV_ATTESTATION], [strongswan_options=${strongswan_options}" attest"])
AM_COND_IF([USE_IMCV], [strongswan_options=${strongswan_options}" imcv"])
-AM_COND_IF([USE_IMV_OS], [strongswan_options=${strongswan_options}" pacman"])
+AM_COND_IF([USE_IMV_SWIMA], [strongswan_options=${strongswan_options}" sec-updater"])
AM_COND_IF([USE_LIBTNCCS], [strongswan_options=${strongswan_options}" tnc"])
AM_COND_IF([USE_MANAGER], [strongswan_options=${strongswan_options}" manager"])
AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"])
@@ -1891,6 +1936,7 @@ AC_CONFIG_FILES([
src/libcharon/plugins/socket_win/Makefile
src/libcharon/plugins/bypass_lan/Makefile
src/libcharon/plugins/connmark/Makefile
+ src/libcharon/plugins/counters/Makefile
src/libcharon/plugins/forecast/Makefile
src/libcharon/plugins/farp/Makefile
src/libcharon/plugins/smp/Makefile
@@ -1957,6 +2003,7 @@ AC_CONFIG_FILES([
src/conftest/Makefile
src/pt-tls-client/Makefile
src/sw-collector/Makefile
+ src/sec-updater/Makefile
src/swanctl/Makefile
scripts/Makefile
testing/Makefile
@@ -1991,6 +2038,7 @@ AC_CONFIG_FILES([
src/swanctl/swanctl.conf.5.tail
src/pt-tls-client/pt-tls-client.1
src/sw-collector/sw-collector.8
+ src/sec-updater/sec-updater.8
])
AC_OUTPUT
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index 66debc226..bdc3e2ebc 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -1,12 +1,12 @@
-CPPFLAGS = @CPPFLAGS@ \
+AM_CPPFLAGS = @CPPFLAGS@ \
-I$(top_srcdir)/src/libstrongswan \
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS="\"${fuzz_plugins}\""
-LDFLAGS = @LDFLAGS@ ${libfuzzer} \
+fuzz_ldflags = ${libfuzzer} \
$(top_builddir)/src/libstrongswan/.libs/libstrongswan.a \
-Wl,-Bstatic -lgmp -Wl,-Bdynamic \
- -stdlib=libc++ -lstdc++
+ @FUZZING_LDFLAGS@
FUZZ_TARGETS=fuzz_certs
@@ -14,5 +14,18 @@ all-local: $(FUZZ_TARGETS)
CLEANFILES=$(FUZZ_TARGETS)
-fuzz_certs: fuzz_certs.c
- $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< $(LDFLAGS)
+fuzz_certs: fuzz_certs.c ${libfuzzer}
+ $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+
+noinst_LIBRARIES = libFuzzerLocal.a
+libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
+libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+check: all
+ for f in $(FUZZ_TARGETS); do \
+ corpus=$${f#fuzz_}; \
+ corpus=$${corpus%%_*}; \
+ ./$$f $(FUZZING_CORPORA)/$${corpus}/*; \
+ crashes=$(FUZZING_CORPORA)/$${corpus}-crash; \
+ test ! -d $${crashes} || ./$$f $${crashes}/*; \
+ done
diff --git a/fuzz/Makefile.in b/fuzz/Makefile.in
index 8306f44ec..31b590273 100644
--- a/fuzz/Makefile.in
+++ b/fuzz/Makefile.in
@@ -13,6 +13,7 @@
# PARTICULAR PURPOSE.
@SET_MAKE@
+
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
@@ -106,6 +107,17 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+AM_V_AR = $(am__v_AR_@AM_V@)
+am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@)
+am__v_AR_0 = @echo " AR " $@;
+am__v_AR_1 =
+libFuzzerLocal_a_AR = $(AR) $(ARFLAGS)
+libFuzzerLocal_a_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+am_libFuzzerLocal_a_OBJECTS = libFuzzerLocal.$(OBJEXT)
+libFuzzerLocal_a_OBJECTS = $(am_libFuzzerLocal_a_OBJECTS)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -118,15 +130,59 @@ AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libFuzzerLocal_a_SOURCES)
+DIST_SOURCES = $(libFuzzerLocal_a_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.in
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
@@ -146,11 +202,7 @@ CFLAGS = @CFLAGS@
COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@ \
- -I$(top_srcdir)/src/libstrongswan \
- -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
- -DPLUGINS="\"${fuzz_plugins}\""
-
+CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -165,9 +217,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -177,11 +231,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LCOV = @LCOV@
LD = @LD@
-LDFLAGS = @LDFLAGS@ ${libfuzzer} \
- $(top_builddir)/src/libstrongswan/.libs/libstrongswan.a \
- -Wl,-Bstatic -lgmp -Wl,-Bdynamic \
- -stdlib=libc++ -lstdc++
-
+LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
@@ -372,11 +422,25 @@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = @CPPFLAGS@ \
+ -I$(top_srcdir)/src/libstrongswan \
+ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+ -DPLUGINS="\"${fuzz_plugins}\""
+
+fuzz_ldflags = ${libfuzzer} \
+ $(top_builddir)/src/libstrongswan/.libs/libstrongswan.a \
+ -Wl,-Bstatic -lgmp -Wl,-Bdynamic \
+ @FUZZING_LDFLAGS@
+
FUZZ_TARGETS = fuzz_certs
CLEANFILES = $(FUZZ_TARGETS)
+noinst_LIBRARIES = libFuzzerLocal.a
+libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
+libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
all: all-am
.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
@@ -407,17 +471,103 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+
+libFuzzerLocal.a: $(libFuzzerLocal_a_OBJECTS) $(libFuzzerLocal_a_DEPENDENCIES) $(EXTRA_libFuzzerLocal_a_DEPENDENCIES)
+ $(AM_V_at)-rm -f libFuzzerLocal.a
+ $(AM_V_AR)$(libFuzzerLocal_a_AR) libFuzzerLocal.a $(libFuzzerLocal_a_OBJECTS) $(libFuzzerLocal_a_LIBADD)
+ $(AM_V_at)$(RANLIB) libFuzzerLocal.a
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libFuzzerLocal.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
-tags TAGS:
-ctags CTAGS:
-
-cscope cscopelist:
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -451,7 +601,7 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile all-local
+all-am: Makefile $(LIBRARIES) all-local
installdirs:
install: install-am
install-exec: install-exec-am
@@ -486,11 +636,14 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-libtool mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
+ mostlyclean-am
distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
-rm -f Makefile
-distclean-am: clean-am distclean-generic
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
dvi: dvi-am
@@ -533,12 +686,14 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
pdf: pdf-am
@@ -552,26 +707,36 @@ uninstall-am:
.MAKE: install-am install-strip
-.PHONY: all all-am all-local check check-am clean clean-generic \
- clean-libtool cscopelist-am ctags-am distclean \
- distclean-generic distclean-libtool distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
- uninstall-am
+.PHONY: CTAGS GTAGS TAGS all all-am all-local check check-am clean \
+ clean-generic clean-libtool clean-noinstLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am
.PRECIOUS: Makefile
all-local: $(FUZZ_TARGETS)
-fuzz_certs: fuzz_certs.c
- $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< $(LDFLAGS)
+fuzz_certs: fuzz_certs.c ${libfuzzer}
+ $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+
+check: all
+ for f in $(FUZZ_TARGETS); do \
+ corpus=$${f#fuzz_}; \
+ corpus=$${corpus%%_*}; \
+ ./$$f $(FUZZING_CORPORA)/$${corpus}/*; \
+ crashes=$(FUZZING_CORPORA)/$${corpus}-crash; \
+ test ! -d $${crashes} || ./$$f $${crashes}/*; \
+ done
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/fuzz/libFuzzerLocal.c b/fuzz/libFuzzerLocal.c
new file mode 100644
index 000000000..af5c50c66
--- /dev/null
+++ b/fuzz/libFuzzerLocal.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <library.h>
+
+extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
+__attribute__((weak)) extern int LLVMFuzzerInitialize(int *argc, char ***argv);
+
+/**
+ * This is a simple driver for the fuzz targets to verify test inputs outside
+ * of OSS-Fuzz.
+ *
+ * Failures will usually cause crashes.
+ */
+int main(int argc, char **argv)
+{
+ chunk_t *data;
+ int i, res = 0;
+
+ fprintf(stderr, "%s: running %d inputs\n", argv[0], argc - 1);
+ if (LLVMFuzzerInitialize)
+ {
+ LLVMFuzzerInitialize(&argc, &argv);
+ }
+ for (i = 1; i < argc; i++)
+ {
+ fprintf(stderr, "running: %s\n", argv[i]);
+ data = chunk_map(argv[i], FALSE);
+ if (!data)
+ {
+ fprintf(stderr, "opening %s failed: %s\n", argv[i], strerror(errno));
+ return 1;
+ }
+ res = LLVMFuzzerTestOneInput(data->ptr, data->len);
+ fprintf(stderr, "done: %s: (%zd bytes)\n", argv[i], data->len);
+ chunk_unmap(data);
+ if (res)
+ {
+ break;
+ }
+ }
+ fprintf(stderr, "%s: completed %d inputs\n", argv[0], i-1);
+ return res;
+}
diff --git a/init/Makefile.in b/init/Makefile.in
index a0b2b9bca..2db9855d3 100644
--- a/init/Makefile.in
+++ b/init/Makefile.in
@@ -223,9 +223,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in
index b68958d46..a1af33e03 100644
--- a/init/systemd-swanctl/Makefile.in
+++ b/init/systemd-swanctl/Makefile.in
@@ -191,9 +191,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in
index 3e20f5c7f..f79f43a13 100644
--- a/init/systemd/Makefile.in
+++ b/init/systemd/Makefile.in
@@ -191,9 +191,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/man/Makefile.in b/man/Makefile.in
index 795505a14..9b793627d 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -197,9 +197,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 69aeba8cb..774df75ac 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -631,6 +631,12 @@ constraint (without ike: prefix) will also apply to IKEv2 authentication, unless
this is disabled in
.BR strongswan.conf (5).
+To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g.
+.BR ike:rsa/pss-sha256 .
+If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures
+will only be used/accepted if enabled in
+.BR strongswan.conf (5).
+
For
.BR eap ,
an optional EAP method can be appended. Currently defined methods are
@@ -1031,8 +1037,8 @@ Relevant only locally, other end need not agree on it. Also see EXPIRY/REKEY
below.
.TP
.BR mark " = <value>[/<mask>]"
-sets an XFRM mark in the inbound and outbound
-IPsec SAs and policies. If the mask is missing then a default
+sets an XFRM mark on the inbound policy and outbound
+IPsec SA and policy. If the mask is missing then a default
mask of
.B 0xffffffff
is assumed. The special value
@@ -1043,13 +1049,13 @@ make the mark unique for each IPsec SA direction (in/out) the special value
may be used.
.TP
.BR mark_in " = <value>[/<mask>]"
-sets an XFRM mark in the inbound IPsec SA and
-policy. If the mask is missing then a default mask of
+sets an XFRM mark on the inbound policy (not on the SA). If the mask is missing
+then a default mask of
.B 0xffffffff
is assumed.
.TP
.BR mark_out " = <value>[/<mask>]"
-sets an XFRM mark in the outbound IPsec SA and
+sets an XFRM mark on the outbound IPsec SA and
policy. If the mask is missing then a default mask of
.B 0xffffffff
is assumed.
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index 1f1c37bc5..b13d3c5c6 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -305,9 +305,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/scripts/oid2der.c b/scripts/oid2der.c
index 793c9804a..c8ab8df0f 100644
--- a/scripts/oid2der.c
+++ b/scripts/oid2der.c
@@ -23,9 +23,26 @@ int main(int argc, char *argv[])
{
int i, nr = 0;
chunk_t oid;
+ char *decoded;
+ bool decode = FALSE;
+
+ if (streq(argv[1], "-d"))
+ {
+ decode = TRUE;
+ nr++;
+ }
while (argc > ++nr)
{
+ if (decode)
+ {
+ oid = chunk_from_hex(chunk_from_str(argv[nr]), NULL);
+ decoded = asn1_oid_to_string(oid);
+ printf("%s\n", decoded);
+ free(decoded);
+ free(oid.ptr);
+ continue;
+ }
oid = asn1_oid_from_string(argv[nr]);
if (oid.len)
{
diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c
index 66279ada3..2928772b8 100644
--- a/scripts/pubkey_speed.c
+++ b/scripts/pubkey_speed.c
@@ -118,7 +118,7 @@ int main(int argc, char *argv[])
start_timing(&timing);
for (round = 0; round < rounds; round++)
{
- if (!private->sign(private, scheme, data, &sigs[round]))
+ if (!private->sign(private, scheme, NULL, data, &sigs[round]))
{
printf("creating signature failed\n");
exit(1);
@@ -135,7 +135,7 @@ int main(int argc, char *argv[])
start_timing(&timing);
for (round = 0; round < rounds; round++)
{
- if (!public->verify(public, scheme, data, sigs[round]))
+ if (!public->verify(public, scheme, NULL, data, sigs[round]))
{
printf("signature verification failed\n");
exit(1);
diff --git a/src/Makefile.am b/src/Makefile.am
index 1bdb8337c..7bef1a5dd 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -132,6 +132,10 @@ if USE_IMC_SWIMA
SUBDIRS += sw-collector
endif
+if USE_IMV_SWIMA
+ SUBDIRS += sec-updater
+endif
+
if USE_INTEGRITY_TEST
SUBDIRS += checksum
endif
diff --git a/src/Makefile.in b/src/Makefile.in
index 84d2ad9a1..baae1e09a 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -120,8 +120,9 @@ host_triplet = @host@
@USE_SVC_TRUE@am__append_31 = charon-svc
@USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client
@USE_IMC_SWIMA_TRUE@am__append_33 = sw-collector
-@USE_INTEGRITY_TEST_TRUE@am__append_34 = checksum
-@USE_AIKGEN_TRUE@am__append_35 = aikgen
+@USE_IMV_SWIMA_TRUE@am__append_34 = sec-updater
+@USE_INTEGRITY_TEST_TRUE@am__append_35 = checksum
+@USE_AIKGEN_TRUE@am__append_36 = aikgen
subdir = src
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -200,7 +201,7 @@ DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \
libcharon starter ipsec _copyright charon charon-systemd \
charon-nm stroke _updown scepclient pki swanctl conftest dumm \
libfast manager medsrv pool charon-tkm charon-cmd charon-svc \
- pt-tls-client sw-collector checksum aikgen
+ pt-tls-client sw-collector sec-updater checksum aikgen
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
@@ -261,9 +262,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -475,7 +478,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_25) $(am__append_26) $(am__append_27) \
$(am__append_28) $(am__append_29) $(am__append_30) \
$(am__append_31) $(am__append_32) $(am__append_33) \
- $(am__append_34) $(am__append_35)
+ $(am__append_34) $(am__append_35) $(am__append_36)
all: all-recursive
.SUFFIXES:
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 5ba747ac7..af7a95df3 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -213,9 +213,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index c51d65dd5..86aca5ff9 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -191,9 +191,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in
index 61fcaf86c..7986a1d09 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikgen/Makefile.in
@@ -214,9 +214,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index ea492f957..b9fe0b7f6 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -251,9 +251,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 6733a3321..3cff97e7c 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -250,9 +250,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in
index 263c6a3fb..8da578457 100644
--- a/src/charon-svc/Makefile.in
+++ b/src/charon-svc/Makefile.in
@@ -214,9 +214,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in
index 9697c426b..f28204b33 100644
--- a/src/charon-systemd/Makefile.in
+++ b/src/charon-systemd/Makefile.in
@@ -218,9 +218,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index 258f33b0f..c2762f031 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -161,9 +161,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index a4d4d0cf5..7f014237a 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2017 Tobias Brunner
* Copyright (C) 2012 Reto Buerki
* Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -24,6 +24,7 @@
#include <sys/types.h>
#include <unistd.h>
#include <libgen.h>
+#include <fcntl.h>
#include <errno.h>
#include <daemon.h>
@@ -50,6 +51,11 @@
static tkm_listener_t *listener;
/**
+ * Name of the daemon
+ */
+static char *dmn_name;
+
+/**
* PID file, in which charon-tkm stores its process id
*/
static char *pidfile_name = NULL;
@@ -186,8 +192,11 @@ static bool check_pidfile()
pid = atoi(buf);
}
fclose(pidfile);
+ pidfile = NULL;
if (pid && kill(pid, 0) == 0)
- { /* such a process is running */
+ {
+ DBG1(DBG_DMN, "%s already running ('%s' exists)", dmn_name,
+ pidfile_name);
return TRUE;
}
}
@@ -199,13 +208,31 @@ static bool check_pidfile()
pidfile = fopen(pidfile_name, "w");
if (pidfile)
{
- ignore_result(fchown(fileno(pidfile),
+ int fd;
+
+ fd = fileno(pidfile);
+ if (fd == -1)
+ {
+ DBG1(DBG_DMN, "unable to determine fd for '%s'", pidfile_name);
+ return TRUE;
+ }
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)
+ {
+ DBG1(DBG_LIB, "setting FD_CLOEXEC for '%s' failed: %s",
+ pidfile_name, strerror(errno));
+ }
+ ignore_result(fchown(fd,
lib->caps->get_uid(lib->caps),
lib->caps->get_gid(lib->caps)));
fprintf(pidfile, "%d\n", getpid());
fflush(pidfile);
+ return FALSE;
+ }
+ else
+ {
+ DBG1(DBG_DMN, "unable to create pidfile '%s'", pidfile_name);
+ return TRUE;
}
- return FALSE;
}
/**
@@ -221,15 +248,15 @@ static void unlink_pidfile()
{
ignore_result(ftruncate(fileno(pidfile), 0));
fclose(pidfile);
+ unlink(pidfile_name);
}
- unlink(pidfile_name);
}
+
/**
* Main function, starts TKM backend.
*/
int main(int argc, char *argv[])
{
- char *dmn_name;
if (argc > 0 && strlen(argv[0]) > 0)
{
dmn_name = basename(argv[0]);
@@ -322,8 +349,6 @@ int main(int argc, char *argv[])
if (check_pidfile())
{
- DBG1(DBG_DMN, "%s already running (\"%s\" exists)", dmn_name,
- pidfile_name);
goto deinit;
}
@@ -372,8 +397,6 @@ int main(int argc, char *argv[])
/* main thread goes to run loop */
run();
- unlink_pidfile();
- free(pidfile_name);
status = 0;
charon->bus->remove_listener(charon->bus, &listener->listener);
listener->destroy(listener);
@@ -384,6 +407,8 @@ deinit:
destroy_dh_mapping();
libcharon_deinit();
tkm_deinit();
+ unlink_pidfile();
+ free(pidfile_name);
library_deinit();
return status;
}
diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.c b/src/charon-tkm/src/tkm/tkm_id_manager.c
index d8ff6753f..9a2ede03e 100644
--- a/src/charon-tkm/src/tkm/tkm_id_manager.c
+++ b/src/charon-tkm/src/tkm/tkm_id_manager.c
@@ -43,7 +43,7 @@ struct private_tkm_id_manager_t {
/**
* Per-kind array of free context ids
*/
- bool* ctxids[TKM_CTX_MAX];
+ int* ctxids[TKM_CTX_MAX];
/**
* Per-kind context limits.
@@ -85,9 +85,9 @@ METHOD(tkm_id_manager_t, acquire_id, int,
this->locks[kind]->write_lock(this->locks[kind]);
for (j = 0; j < this->limits[kind]; j++)
{
- if (!this->ctxids[kind][j])
+ if (this->ctxids[kind][j] == 0)
{
- this->ctxids[kind][j] = true;
+ this->ctxids[kind][j] = 1;
id = j + 1;
break;
}
@@ -103,24 +103,55 @@ METHOD(tkm_id_manager_t, acquire_id, int,
return id;
}
-METHOD(tkm_id_manager_t, release_id, bool,
+METHOD(tkm_id_manager_t, acquire_ref, bool,
+ private_tkm_id_manager_t * const this, const tkm_context_kind_t kind,
+ const int ref_id)
+{
+ const int idx = ref_id - 1;
+
+ if (!is_valid_kind(kind))
+ {
+ DBG1(DBG_LIB, "tried to acquire reference for invalid context kind '%d'",
+ kind);
+ return FALSE;
+ }
+
+ if (ref_id < 1 || (uint64_t)ref_id > this->limits[kind])
+ {
+ DBG1(DBG_LIB, "tried to acquire reference for context id %d out of "
+ "bounds (max %llu)", ref_id, this->limits[kind]);
+ return FALSE;
+ }
+
+ this->locks[kind]->write_lock(this->locks[kind]);
+ this->ctxids[kind][idx]++;
+ this->locks[kind]->unlock(this->locks[kind]);
+
+ return TRUE;
+}
+
+METHOD(tkm_id_manager_t, release_id, int,
private_tkm_id_manager_t * const this, const tkm_context_kind_t kind,
const int id)
{
const int idx = id - 1;
+ int refcount = 0;
if (!is_valid_kind(kind))
{
DBG1(DBG_LIB, "tried to release id %d for invalid context kind '%d'",
id, kind);
- return FALSE;
+ return -1;
}
this->locks[kind]->write_lock(this->locks[kind]);
- this->ctxids[kind][idx] = false;
+ if (this->ctxids[kind][idx] > 0)
+ {
+ refcount = --this->ctxids[kind][idx];
+ }
this->locks[kind]->unlock(this->locks[kind]);
- return TRUE;
+ return refcount;
}
@@ -147,6 +178,7 @@ tkm_id_manager_t *tkm_id_manager_create(const tkm_limits_t limits)
INIT(this,
.public = {
.acquire_id = _acquire_id,
+ .acquire_ref = _acquire_ref,
.release_id = _release_id,
.destroy = _destroy,
},
@@ -155,7 +187,7 @@ tkm_id_manager_t *tkm_id_manager_create(const tkm_limits_t limits)
for (i = 0; i < TKM_CTX_MAX; i++)
{
this->limits[i] = limits[i];
- this->ctxids[i] = calloc(limits[i], sizeof(bool));
+ this->ctxids[i] = calloc(limits[i], sizeof(int));
this->locks[i] = rwlock_create(RWLOCK_TYPE_DEFAULT);
DBG2(DBG_LIB, "%N initialized, %llu slot(s)", tkm_context_kind_names, i,
limits[i]);
diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.h b/src/charon-tkm/src/tkm/tkm_id_manager.h
index 0fc9ff8ef..1c48b57f1 100644
--- a/src/charon-tkm/src/tkm/tkm_id_manager.h
+++ b/src/charon-tkm/src/tkm/tkm_id_manager.h
@@ -74,15 +74,27 @@ struct tkm_id_manager_t {
const tkm_context_kind_t kind);
/**
+ * Acquire reference to given context id for a specific context kind.
+ *
+ * @param kind kind of context id
+ * @param ref_id id to acquire a reference for
+ * @return TRUE if reference could be acquired,
+ * FALSE otherwise
+ */
+ bool (*acquire_ref)(tkm_id_manager_t * const this,
+ const tkm_context_kind_t kind,
+ const int ref_id);
+
+ /**
* Release a previously acquired context id.
*
* @param kind kind of context id to release
* @param id id to release
- * @return TRUE if id was released, FALSE otherwise
+ * @return current refcount if id was released, -1 otherwise
*/
- bool (*release_id)(tkm_id_manager_t * const this,
- const tkm_context_kind_t kind,
- const int id);
+ int (*release_id)(tkm_id_manager_t * const this,
+ const tkm_context_kind_t kind,
+ const int id);
/**
* Destroy a tkm_id_manager instance.
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
index 5decde92b..48dd40aa5 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
@@ -134,6 +134,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
}
esa_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ESA);
+ if (esa_id == 0)
+ {
+ DBG1(DBG_KNL, "unable to acquire esa context id");
+ goto esa_id_failure;
+ }
+
if (!tkm->sad->insert(tkm->sad, esa_id, data->reqid, local, peer,
spi_loc, spi_rem, id->proto))
{
@@ -193,9 +199,11 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
return SUCCESS;
failure:
+ ike_esa_reset(esa_id);
tkm->sad->remove(tkm->sad, esa_id);
sad_failure:
tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_ESA, esa_id);
+esa_id_failure:
chunk_free(&esa.nonce_i);
chunk_free(&esa.nonce_r);
return FAILED;
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index a24760445..ed5366c2c 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -279,8 +279,15 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
}
isa_info = *((isa_info_t *)(rekey_skd.ptr));
DBG1(DBG_IKE, "deriving IKE keys (parent_isa: %llu, ae: %llu, nc: %llu,"
- "dh: %llu, spi_loc: %llx, spi_rem: %llx)", isa_info.parent_isa_id,
+ " dh: %llu, spi_loc: %llx, spi_rem: %llx)", isa_info.parent_isa_id,
isa_info.ae_id, nc_id, dh_id, spi_loc, spi_rem);
+
+ if (!tkm->idmgr->acquire_ref(tkm->idmgr, TKM_CTX_AE, isa_info.ae_id))
+ {
+ DBG1(DBG_IKE, "unable to acquire reference for ae: %llu",
+ isa_info.ae_id);
+ return FALSE;
+ }
this->ae_ctx_id = isa_info.ae_id;
res = ike_isa_create_child(this->isa_ctx_id, isa_info.parent_isa_id, 1,
dh_id, nc_id, nonce_rem, this->initiator,
@@ -416,11 +423,6 @@ METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
*skd = chunk_create((u_char *)isa_info, sizeof(isa_info_t));
- /*
- * remove ae context id, since control has now been handed over to the new
- * IKE SA keymat
- */
- this->ae_ctx_id = 0;
return PRF_HMAC_SHA2_512;
}
@@ -462,11 +464,12 @@ METHOD(keymat_t, destroy, void,
/* only reset ae context if set */
if (this->ae_ctx_id != 0)
{
- if (ike_ae_reset(this->ae_ctx_id) != TKM_OK)
+ int count;
+ count = tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_AE, this->ae_ctx_id);
+ if (count == 0 && ike_ae_reset(this->ae_ctx_id) != TKM_OK)
{
DBG1(DBG_IKE, "failed to reset AE context %d", this->ae_ctx_id);
}
- tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_AE, this->ae_ctx_id);
}
DESTROY_IF(this->hash_algorithms);
diff --git a/src/charon-tkm/src/tkm/tkm_private_key.c b/src/charon-tkm/src/tkm/tkm_private_key.c
index db57ec1c7..891b579ee 100644
--- a/src/charon-tkm/src/tkm/tkm_private_key.c
+++ b/src/charon-tkm/src/tkm/tkm_private_key.c
@@ -14,6 +14,7 @@
* for more details.
*/
+#include <library.h>
#include <utils/debug.h>
#include <tkm/constants.h>
#include <tkm/client.h>
@@ -58,7 +59,7 @@ METHOD(private_key_t, get_type, key_type_t,
}
METHOD(private_key_t, sign, bool,
- private_tkm_private_key_t *this, signature_scheme_t scheme,
+ private_tkm_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
signature_type sig;
diff --git a/src/charon-tkm/src/tkm/tkm_public_key.c b/src/charon-tkm/src/tkm/tkm_public_key.c
index 9ebdc29e6..2a14a9bdd 100644
--- a/src/charon-tkm/src/tkm/tkm_public_key.c
+++ b/src/charon-tkm/src/tkm/tkm_public_key.c
@@ -14,6 +14,7 @@
* for more details.
*/
+#include <library.h>
#include <utils/debug.h>
#include "tkm_public_key.h"
@@ -53,7 +54,7 @@ METHOD(public_key_t, get_type, key_type_t,
}
METHOD(public_key_t, verify, bool,
- private_tkm_public_key_t *this, signature_scheme_t scheme,
+ private_tkm_public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature)
{
return TRUE;
diff --git a/src/charon-tkm/tests/id_manager_tests.c b/src/charon-tkm/tests/id_manager_tests.c
index 8157496ca..fb5e56a05 100644
--- a/src/charon-tkm/tests/id_manager_tests.c
+++ b/src/charon-tkm/tests/id_manager_tests.c
@@ -84,21 +84,85 @@ START_TEST(test_acquire_id_same)
}
END_TEST
-START_TEST(test_release_id)
+START_TEST(test_acquire_ref)
{
int i, id = 0;
- bool released = false;
+ bool acquired = false;
+ tkm_id_manager_t *idmgr = tkm_id_manager_create(limits);
+
+ for (i = 0; i < TKM_CTX_MAX; i++)
+ {
+ id = idmgr->acquire_id(idmgr, i);
+ acquired = idmgr->acquire_ref(idmgr, i, id);
+ fail_unless(acquired, "Error acquiring reference context kind %d", i);
+
+ /* Reset test variable */
+ acquired = false;
+ }
+
+ idmgr->destroy(idmgr);
+}
+END_TEST
+
+START_TEST(test_acquire_ref_invalid_kind)
+{
+ bool acquired;
+ tkm_id_manager_t *idmgr = tkm_id_manager_create(limits);
+
+ acquired = idmgr->acquire_ref(idmgr, TKM_CTX_MAX, 1);
+ fail_if(acquired, "Acquired reference for invalid context kind %d", TKM_CTX_MAX);
+
+ /* Reset test variable */
+ acquired = 0;
+
+ acquired = idmgr->acquire_ref(idmgr, -1, 1);
+ fail_if(acquired, "Acquired reference for invalid context kind %d", -1);
+
+ idmgr->destroy(idmgr);
+}
+END_TEST
+
+START_TEST(test_acquire_ref_invalid_id)
+{
+ int i;
+ bool acquired;
+ tkm_id_manager_t *idmgr = tkm_id_manager_create(limits);
+
+ for (i = 0; i < TKM_CTX_MAX; i++)
+ {
+ acquired = idmgr->acquire_ref(idmgr, i, -1);
+ fail_if(acquired,
+ "Acquired reference for negative id of context kind %d", i);
+
+ /* Reset test variable */
+ acquired = false;
+
+ acquired = idmgr->acquire_ref(idmgr, i, limits[i] + 1);
+ fail_if(acquired,
+ "Acquired reference exceeding limit of context kind %d", i);
+
+ /* Reset test variable */
+ acquired = false;
+ }
+
+ idmgr->destroy(idmgr);
+}
+END_TEST
+
+START_TEST(test_release_id)
+{
+ int i, count, id = 0;
tkm_id_manager_t *idmgr = tkm_id_manager_create(limits);
for (i = 0; i < TKM_CTX_MAX; i++)
{
id = idmgr->acquire_id(idmgr, i);
- released = idmgr->release_id(idmgr, i, id);
+ count = idmgr->release_id(idmgr, i, id);
- fail_unless(released, "Error releasing id of context kind %d", i);
+ fail_unless(count == 0, "Error releasing id of context kind %d", i);
- /* Reset released variable */
- released = FALSE;
+ /* Reset count variable */
+ count = 0;
}
idmgr->destroy(idmgr);
@@ -107,17 +171,17 @@ END_TEST
START_TEST(test_release_id_invalid_kind)
{
- bool released = TRUE;
+ int count = 0;
tkm_id_manager_t *idmgr = tkm_id_manager_create(limits);
- released = idmgr->release_id(idmgr, TKM_CTX_MAX, 1);
- fail_if(released, "Released id for invalid context kind %d", TKM_CTX_MAX);
+ count = idmgr->release_id(idmgr, TKM_CTX_MAX, 1);
+ fail_if(count >= 0, "Released id for invalid context kind %d", TKM_CTX_MAX);
/* Reset test variable */
- released = TRUE;
+ count = 0;
- released = idmgr->release_id(idmgr, -1, 1);
- fail_if(released, "Released id for invalid context kind %d", -1);
+ count = idmgr->release_id(idmgr, -1, 1);
+ fail_if(count >= 0, "Released id for invalid context kind %d", -1);
idmgr->destroy(idmgr);
}
@@ -125,11 +189,11 @@ END_TEST
START_TEST(test_release_id_nonexistent)
{
- bool released = FALSE;
+ int count = 0;
tkm_id_manager_t *idmgr = tkm_id_manager_create(limits);
- released = idmgr->release_id(idmgr, TKM_CTX_NONCE, 1);
- fail_unless(released, "Release of nonexistent id failed");
+ count = idmgr->release_id(idmgr, TKM_CTX_NONCE, 1);
+ fail_unless(count == 0, "Release of nonexistent id failed");
idmgr->destroy(idmgr);
}
@@ -150,6 +214,9 @@ Suite *make_id_manager_tests()
tcase_add_test(tc, test_acquire_id);
tcase_add_test(tc, test_acquire_id_invalid_kind);
tcase_add_test(tc, test_acquire_id_same);
+ tcase_add_test(tc, test_acquire_ref);
+ tcase_add_test(tc, test_acquire_ref_invalid_kind);
+ tcase_add_test(tc, test_acquire_ref_invalid_id);
suite_add_tcase(s, tc);
tc = tcase_create("release");
diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c
index 39d8a790a..59ff77b68 100644
--- a/src/charon-tkm/tests/kernel_sad_tests.c
+++ b/src/charon-tkm/tests/kernel_sad_tests.c
@@ -123,11 +123,11 @@ START_TEST(test_remove)
tkm_kernel_sad_t *sad = tkm_kernel_sad_create();
fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50),
"Error inserting SAD entry");
- fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 23,
+ fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50, FALSE) == 23,
"Error getting esa id");
fail_unless(sad->remove(sad, 23),
"Error removing SAD entry");
- fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 0,
+ fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50, FALSE) == 0,
"Got esa id for removed SAD entry");
sad->destroy(sad);
addr->destroy(addr);
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 9c5283cd7..14bde277c 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -217,9 +217,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 520cb3c74..f23717034 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -1,9 +1,9 @@
/*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2017 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -203,8 +203,10 @@ static bool check_pidfile()
pid = atoi(buf);
}
fclose(pidfile);
+ pidfile = NULL;
if (pid && kill(pid, 0) == 0)
- { /* such a process is running */
+ {
+ DBG1(DBG_DMN, "charon already running ('"PID_FILE"' exists)");
return TRUE;
}
}
@@ -219,18 +221,28 @@ static bool check_pidfile()
int fd;
fd = fileno(pidfile);
- if (fd == -1 || fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)
+ if (fd == -1)
+ {
+ DBG1(DBG_DMN, "unable to determine fd for '"PID_FILE"'");
+ return TRUE;
+ }
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)
{
DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s",
strerror(errno));
}
- ignore_result(fchown(fileno(pidfile),
+ ignore_result(fchown(fd,
lib->caps->get_uid(lib->caps),
lib->caps->get_gid(lib->caps)));
fprintf(pidfile, "%d\n", getpid());
fflush(pidfile);
+ return FALSE;
+ }
+ else
+ {
+ DBG1(DBG_DMN, "unable to create pidfile '"PID_FILE"'");
+ return TRUE;
}
- return FALSE;
}
/**
@@ -246,8 +258,8 @@ static void unlink_pidfile()
{
ignore_result(ftruncate(fileno(pidfile), 0));
fclose(pidfile);
+ unlink(PID_FILE);
}
- unlink(PID_FILE);
}
/**
@@ -402,7 +414,6 @@ int main(int argc, char *argv[])
if (check_pidfile())
{
- DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
goto deinit;
}
@@ -434,12 +445,11 @@ int main(int argc, char *argv[])
/* main thread goes to run loop */
run();
- /* normal termination, cleanup and exit */
- unlink_pidfile();
status = 0;
deinit:
libcharon_deinit();
+ unlink_pidfile();
library_deinit();
return status;
}
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index 1856e2a31..107b26c31 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -130,6 +130,10 @@ if USE_IMC_SWIMA
exes += $(DESTDIR)$(sbindir)/sw-collector
endif
+if USE_IMV_SWIMA
+ exes += $(DESTDIR)$(sbindir)/sec-updater
+endif
+
checksum.c : checksum_builder $(deps) $(exes)
./checksum_builder $(libs) $(exes) > checksum.c
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index 87e78a99f..f46302994 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -123,6 +123,7 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT)
@USE_IMV_ATTESTATION_TRUE@am__append_32 = $(DESTDIR)$(ipsecdir)/attest
@USE_LIBPTTLS_TRUE@am__append_33 = $(DESTDIR)$(bindir)/pt-tls-client
@USE_IMC_SWIMA_TRUE@am__append_34 = $(DESTDIR)$(sbindir)/sw-collector
+@USE_IMV_SWIMA_TRUE@am__append_35 = $(DESTDIR)$(sbindir)/sec-updater
subdir = src/checksum
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -288,9 +289,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -528,7 +531,7 @@ libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \
exes = $(am__append_24) $(am__append_26) $(am__append_27) \
$(am__append_28) $(am__append_29) $(am__append_30) \
$(am__append_31) $(am__append_32) $(am__append_33) \
- $(am__append_34)
+ $(am__append_34) $(am__append_35)
all: all-am
.SUFFIXES:
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index 4f33d9891..1ea430c63 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -231,9 +231,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c
index d80196ed6..4be6f45db 100644
--- a/src/conftest/hooks/pretend_auth.c
+++ b/src/conftest/hooks/pretend_auth.c
@@ -244,7 +244,7 @@ static bool build_auth(private_pretend_auth_t *this,
private->destroy(private);
return FALSE;
}
- if (!private->sign(private, scheme, octets, &auth_data))
+ if (!private->sign(private, scheme, NULL, octets, &auth_data))
{
chunk_free(&octets);
private->destroy(private);
diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c
index b2df278a5..bc20292a1 100644
--- a/src/conftest/hooks/rebuild_auth.c
+++ b/src/conftest/hooks/rebuild_auth.c
@@ -143,7 +143,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
id->destroy(id);
return FALSE;
}
- if (!private->sign(private, scheme, octets, &auth_data))
+ if (!private->sign(private, scheme, NULL, octets, &auth_data))
{
chunk_free(&octets);
private->destroy(private);
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index 6c7cc4176..50b0abb64 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -258,9 +258,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index dde85cb09..4106494db 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -161,9 +161,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index 494dc45ee..46715938e 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -194,9 +194,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index b23b04207..17c918f60 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.6.0dr1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.6.1rc1" "strongSwan"
.
.SH NAME
.
diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
index 65fadf2de..283abdcd5 100644
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
@@ -310,7 +310,7 @@ aikgen|pki)
command_dir="$IPSEC_BINDIR"
# fall through
;;
-attest|conftest|dumm|irdumm|pacman|pool|pt-tls-client|scepclient|stroke|\
+attest|conftest|dumm|irdumm|pool|pt-tls-client|scepclient|stroke|\
duplicheck|error-notify|imv_policy_manager|load-tester|lookip|whitelist|\
_updown|_imv_policy)
# fall through
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index ed2236e04..964a19ec8 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -258,6 +258,13 @@ if MONOLITHIC
endif
endif
+if USE_COUNTERS
+ SUBDIRS += plugins/counters
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/counters/libstrongswan-counters.la
+endif
+endif
+
if USE_STROKE
SUBDIRS += plugins/stroke
if MONOLITHIC
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index fc6635826..d3cbb0fb6 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -169,134 +169,136 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_FORECAST_TRUE@am__append_19 = plugins/forecast/libstrongswan-forecast.la
@USE_FARP_TRUE@am__append_20 = plugins/farp
@MONOLITHIC_TRUE@@USE_FARP_TRUE@am__append_21 = plugins/farp/libstrongswan-farp.la
-@USE_STROKE_TRUE@am__append_22 = plugins/stroke
-@MONOLITHIC_TRUE@@USE_STROKE_TRUE@am__append_23 = plugins/stroke/libstrongswan-stroke.la
-@USE_VICI_TRUE@am__append_24 = plugins/vici
-@MONOLITHIC_TRUE@@USE_VICI_TRUE@am__append_25 = plugins/vici/libstrongswan-vici.la
-@USE_SMP_TRUE@am__append_26 = plugins/smp
-@MONOLITHIC_TRUE@@USE_SMP_TRUE@am__append_27 = plugins/smp/libstrongswan-smp.la
-@USE_SQL_TRUE@am__append_28 = plugins/sql
-@MONOLITHIC_TRUE@@USE_SQL_TRUE@am__append_29 = plugins/sql/libstrongswan-sql.la
-@USE_DNSCERT_TRUE@am__append_30 = plugins/dnscert
-@MONOLITHIC_TRUE@@USE_DNSCERT_TRUE@am__append_31 = plugins/dnscert/libstrongswan-dnscert.la
-@USE_IPSECKEY_TRUE@am__append_32 = plugins/ipseckey
-@MONOLITHIC_TRUE@@USE_IPSECKEY_TRUE@am__append_33 = plugins/ipseckey/libstrongswan-ipseckey.la
-@USE_UPDOWN_TRUE@am__append_34 = plugins/updown
-@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_35 = plugins/updown/libstrongswan-updown.la
-@USE_EXT_AUTH_TRUE@am__append_36 = plugins/ext_auth
-@MONOLITHIC_TRUE@@USE_EXT_AUTH_TRUE@am__append_37 = plugins/ext_auth/libstrongswan-ext-auth.la
-@USE_EAP_IDENTITY_TRUE@am__append_38 = plugins/eap_identity
-@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_39 = plugins/eap_identity/libstrongswan-eap-identity.la
-@USE_EAP_SIM_TRUE@am__append_40 = plugins/eap_sim
-@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_41 = plugins/eap_sim/libstrongswan-eap-sim.la
-@USE_EAP_SIM_FILE_TRUE@am__append_42 = plugins/eap_sim_file
-@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_43 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la
-@USE_EAP_SIM_PCSC_TRUE@am__append_44 = plugins/eap_sim_pcsc
-@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_45 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la
-@USE_EAP_SIMAKA_SQL_TRUE@am__append_46 = plugins/eap_simaka_sql
-@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_47 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la
-@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_48 = plugins/eap_simaka_pseudonym
-@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_49 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
-@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_50 = plugins/eap_simaka_reauth
-@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_51 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
-@USE_EAP_AKA_TRUE@am__append_52 = plugins/eap_aka
-@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_53 = plugins/eap_aka/libstrongswan-eap-aka.la
-@USE_EAP_AKA_3GPP_TRUE@am__append_54 = plugins/eap_aka_3gpp
-@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP_TRUE@am__append_55 = plugins/eap_aka_3gpp/libstrongswan-eap-aka-3gpp.la
-@USE_EAP_AKA_3GPP2_TRUE@am__append_56 = plugins/eap_aka_3gpp2
-@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_57 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
-@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_58 = $(top_builddir)/src/libsimaka/libsimaka.la
-@USE_EAP_MD5_TRUE@am__append_59 = plugins/eap_md5
-@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_60 = plugins/eap_md5/libstrongswan-eap-md5.la
-@USE_EAP_GTC_TRUE@am__append_61 = plugins/eap_gtc
-@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_62 = plugins/eap_gtc/libstrongswan-eap-gtc.la
-@USE_EAP_MSCHAPV2_TRUE@am__append_63 = plugins/eap_mschapv2
-@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_64 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
-@USE_EAP_DYNAMIC_TRUE@am__append_65 = plugins/eap_dynamic
-@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_66 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la
-@USE_EAP_RADIUS_TRUE@am__append_67 = plugins/eap_radius
-@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_68 = plugins/eap_radius/libstrongswan-eap-radius.la
-@USE_EAP_TLS_TRUE@am__append_69 = plugins/eap_tls
-@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_70 = plugins/eap_tls/libstrongswan-eap-tls.la
-@USE_EAP_TTLS_TRUE@am__append_71 = plugins/eap_ttls
-@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_72 = plugins/eap_ttls/libstrongswan-eap-ttls.la
-@USE_EAP_PEAP_TRUE@am__append_73 = plugins/eap_peap
-@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_74 = plugins/eap_peap/libstrongswan-eap-peap.la
-@USE_EAP_TNC_TRUE@am__append_75 = plugins/eap_tnc
-@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_76 = plugins/eap_tnc/libstrongswan-eap-tnc.la
-@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_77 = $(top_builddir)/src/libtls/libtls.la
-@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_78 = $(top_builddir)/src/libradius/libradius.la
-@USE_TNC_IFMAP_TRUE@am__append_79 = plugins/tnc_ifmap
-@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_80 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la
-@USE_TNC_PDP_TRUE@am__append_81 = plugins/tnc_pdp
-@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_82 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la
-@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_83 = $(top_builddir)/src/libtnccs/libtnccs.la
-@USE_MEDSRV_TRUE@am__append_84 = plugins/medsrv
-@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_85 = plugins/medsrv/libstrongswan-medsrv.la
-@USE_MEDCLI_TRUE@am__append_86 = plugins/medcli
-@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_87 = plugins/medcli/libstrongswan-medcli.la
-@USE_DHCP_TRUE@am__append_88 = plugins/dhcp
-@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_89 = plugins/dhcp/libstrongswan-dhcp.la
-@USE_OSX_ATTR_TRUE@am__append_90 = plugins/osx_attr
-@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_91 = plugins/osx_attr/libstrongswan-osx-attr.la
-@USE_P_CSCF_TRUE@am__append_92 = plugins/p_cscf
-@MONOLITHIC_TRUE@@USE_P_CSCF_TRUE@am__append_93 = plugins/p_cscf/libstrongswan-p-cscf.la
-@USE_ANDROID_DNS_TRUE@am__append_94 = plugins/android_dns
-@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_95 = plugins/android_dns/libstrongswan-android-dns.la
-@USE_ANDROID_LOG_TRUE@am__append_96 = plugins/android_log
-@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_97 = plugins/android_log/libstrongswan-android-log.la
-@USE_HA_TRUE@am__append_98 = plugins/ha
-@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_99 = plugins/ha/libstrongswan-ha.la
-@USE_KERNEL_PFKEY_TRUE@am__append_100 = plugins/kernel_pfkey
-@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_101 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
-@USE_KERNEL_PFROUTE_TRUE@am__append_102 = plugins/kernel_pfroute
-@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_103 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
-@USE_KERNEL_NETLINK_TRUE@am__append_104 = plugins/kernel_netlink
-@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_105 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
-@USE_KERNEL_LIBIPSEC_TRUE@am__append_106 = plugins/kernel_libipsec
-@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_107 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
-@USE_KERNEL_WFP_TRUE@am__append_108 = plugins/kernel_wfp
-@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_109 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
-@USE_KERNEL_IPH_TRUE@am__append_110 = plugins/kernel_iph
-@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_111 = plugins/kernel_iph/libstrongswan-kernel-iph.la
-@USE_WHITELIST_TRUE@am__append_112 = plugins/whitelist
-@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_113 = plugins/whitelist/libstrongswan-whitelist.la
-@USE_LOOKIP_TRUE@am__append_114 = plugins/lookip
-@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_115 = plugins/lookip/libstrongswan-lookip.la
-@USE_ERROR_NOTIFY_TRUE@am__append_116 = plugins/error_notify
-@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_117 = plugins/error_notify/libstrongswan-error-notify.la
-@USE_CERTEXPIRE_TRUE@am__append_118 = plugins/certexpire
-@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_119 = plugins/certexpire/libstrongswan-certexpire.la
-@USE_SYSTIME_FIX_TRUE@am__append_120 = plugins/systime_fix
-@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_121 = plugins/systime_fix/libstrongswan-systime-fix.la
-@USE_LED_TRUE@am__append_122 = plugins/led
-@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_123 = plugins/led/libstrongswan-led.la
-@USE_DUPLICHECK_TRUE@am__append_124 = plugins/duplicheck
-@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_125 = plugins/duplicheck/libstrongswan-duplicheck.la
-@USE_COUPLING_TRUE@am__append_126 = plugins/coupling
-@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_127 = plugins/coupling/libstrongswan-coupling.la
-@USE_RADATTR_TRUE@am__append_128 = plugins/radattr
-@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_129 = plugins/radattr/libstrongswan-radattr.la
-@USE_UCI_TRUE@am__append_130 = plugins/uci
-@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_131 = plugins/uci/libstrongswan-uci.la
-@USE_ADDRBLOCK_TRUE@am__append_132 = plugins/addrblock
-@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_133 = plugins/addrblock/libstrongswan-addrblock.la
-@USE_UNITY_TRUE@am__append_134 = plugins/unity
-@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_135 = plugins/unity/libstrongswan-unity.la
-@USE_XAUTH_GENERIC_TRUE@am__append_136 = plugins/xauth_generic
-@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_137 = plugins/xauth_generic/libstrongswan-xauth-generic.la
-@USE_XAUTH_EAP_TRUE@am__append_138 = plugins/xauth_eap
-@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_139 = plugins/xauth_eap/libstrongswan-xauth-eap.la
-@USE_XAUTH_PAM_TRUE@am__append_140 = plugins/xauth_pam
-@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_141 = plugins/xauth_pam/libstrongswan-xauth-pam.la
-@USE_XAUTH_NOAUTH_TRUE@am__append_142 = plugins/xauth_noauth
-@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_143 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
-@USE_RESOLVE_TRUE@am__append_144 = plugins/resolve
-@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_145 = plugins/resolve/libstrongswan-resolve.la
-@USE_ATTR_TRUE@am__append_146 = plugins/attr
-@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_147 = plugins/attr/libstrongswan-attr.la
-@USE_ATTR_SQL_TRUE@am__append_148 = plugins/attr_sql
-@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_149 = plugins/attr_sql/libstrongswan-attr-sql.la
+@USE_COUNTERS_TRUE@am__append_22 = plugins/counters
+@MONOLITHIC_TRUE@@USE_COUNTERS_TRUE@am__append_23 = plugins/counters/libstrongswan-counters.la
+@USE_STROKE_TRUE@am__append_24 = plugins/stroke
+@MONOLITHIC_TRUE@@USE_STROKE_TRUE@am__append_25 = plugins/stroke/libstrongswan-stroke.la
+@USE_VICI_TRUE@am__append_26 = plugins/vici
+@MONOLITHIC_TRUE@@USE_VICI_TRUE@am__append_27 = plugins/vici/libstrongswan-vici.la
+@USE_SMP_TRUE@am__append_28 = plugins/smp
+@MONOLITHIC_TRUE@@USE_SMP_TRUE@am__append_29 = plugins/smp/libstrongswan-smp.la
+@USE_SQL_TRUE@am__append_30 = plugins/sql
+@MONOLITHIC_TRUE@@USE_SQL_TRUE@am__append_31 = plugins/sql/libstrongswan-sql.la
+@USE_DNSCERT_TRUE@am__append_32 = plugins/dnscert
+@MONOLITHIC_TRUE@@USE_DNSCERT_TRUE@am__append_33 = plugins/dnscert/libstrongswan-dnscert.la
+@USE_IPSECKEY_TRUE@am__append_34 = plugins/ipseckey
+@MONOLITHIC_TRUE@@USE_IPSECKEY_TRUE@am__append_35 = plugins/ipseckey/libstrongswan-ipseckey.la
+@USE_UPDOWN_TRUE@am__append_36 = plugins/updown
+@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_37 = plugins/updown/libstrongswan-updown.la
+@USE_EXT_AUTH_TRUE@am__append_38 = plugins/ext_auth
+@MONOLITHIC_TRUE@@USE_EXT_AUTH_TRUE@am__append_39 = plugins/ext_auth/libstrongswan-ext-auth.la
+@USE_EAP_IDENTITY_TRUE@am__append_40 = plugins/eap_identity
+@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_41 = plugins/eap_identity/libstrongswan-eap-identity.la
+@USE_EAP_SIM_TRUE@am__append_42 = plugins/eap_sim
+@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_43 = plugins/eap_sim/libstrongswan-eap-sim.la
+@USE_EAP_SIM_FILE_TRUE@am__append_44 = plugins/eap_sim_file
+@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_45 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la
+@USE_EAP_SIM_PCSC_TRUE@am__append_46 = plugins/eap_sim_pcsc
+@MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE@am__append_47 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la
+@USE_EAP_SIMAKA_SQL_TRUE@am__append_48 = plugins/eap_simaka_sql
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE@am__append_49 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la
+@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_50 = plugins/eap_simaka_pseudonym
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_51 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
+@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_52 = plugins/eap_simaka_reauth
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_53 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
+@USE_EAP_AKA_TRUE@am__append_54 = plugins/eap_aka
+@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_55 = plugins/eap_aka/libstrongswan-eap-aka.la
+@USE_EAP_AKA_3GPP_TRUE@am__append_56 = plugins/eap_aka_3gpp
+@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP_TRUE@am__append_57 = plugins/eap_aka_3gpp/libstrongswan-eap-aka-3gpp.la
+@USE_EAP_AKA_3GPP2_TRUE@am__append_58 = plugins/eap_aka_3gpp2
+@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_59 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
+@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_60 = $(top_builddir)/src/libsimaka/libsimaka.la
+@USE_EAP_MD5_TRUE@am__append_61 = plugins/eap_md5
+@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_62 = plugins/eap_md5/libstrongswan-eap-md5.la
+@USE_EAP_GTC_TRUE@am__append_63 = plugins/eap_gtc
+@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_64 = plugins/eap_gtc/libstrongswan-eap-gtc.la
+@USE_EAP_MSCHAPV2_TRUE@am__append_65 = plugins/eap_mschapv2
+@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_66 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
+@USE_EAP_DYNAMIC_TRUE@am__append_67 = plugins/eap_dynamic
+@MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE@am__append_68 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la
+@USE_EAP_RADIUS_TRUE@am__append_69 = plugins/eap_radius
+@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_70 = plugins/eap_radius/libstrongswan-eap-radius.la
+@USE_EAP_TLS_TRUE@am__append_71 = plugins/eap_tls
+@MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE@am__append_72 = plugins/eap_tls/libstrongswan-eap-tls.la
+@USE_EAP_TTLS_TRUE@am__append_73 = plugins/eap_ttls
+@MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE@am__append_74 = plugins/eap_ttls/libstrongswan-eap-ttls.la
+@USE_EAP_PEAP_TRUE@am__append_75 = plugins/eap_peap
+@MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE@am__append_76 = plugins/eap_peap/libstrongswan-eap-peap.la
+@USE_EAP_TNC_TRUE@am__append_77 = plugins/eap_tnc
+@MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE@am__append_78 = plugins/eap_tnc/libstrongswan-eap-tnc.la
+@MONOLITHIC_TRUE@@USE_TLS_TRUE@am__append_79 = $(top_builddir)/src/libtls/libtls.la
+@MONOLITHIC_TRUE@@USE_RADIUS_TRUE@am__append_80 = $(top_builddir)/src/libradius/libradius.la
+@USE_TNC_IFMAP_TRUE@am__append_81 = plugins/tnc_ifmap
+@MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE@am__append_82 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la
+@USE_TNC_PDP_TRUE@am__append_83 = plugins/tnc_pdp
+@MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE@am__append_84 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la
+@MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE@am__append_85 = $(top_builddir)/src/libtnccs/libtnccs.la
+@USE_MEDSRV_TRUE@am__append_86 = plugins/medsrv
+@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_87 = plugins/medsrv/libstrongswan-medsrv.la
+@USE_MEDCLI_TRUE@am__append_88 = plugins/medcli
+@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_89 = plugins/medcli/libstrongswan-medcli.la
+@USE_DHCP_TRUE@am__append_90 = plugins/dhcp
+@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_91 = plugins/dhcp/libstrongswan-dhcp.la
+@USE_OSX_ATTR_TRUE@am__append_92 = plugins/osx_attr
+@MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE@am__append_93 = plugins/osx_attr/libstrongswan-osx-attr.la
+@USE_P_CSCF_TRUE@am__append_94 = plugins/p_cscf
+@MONOLITHIC_TRUE@@USE_P_CSCF_TRUE@am__append_95 = plugins/p_cscf/libstrongswan-p-cscf.la
+@USE_ANDROID_DNS_TRUE@am__append_96 = plugins/android_dns
+@MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE@am__append_97 = plugins/android_dns/libstrongswan-android-dns.la
+@USE_ANDROID_LOG_TRUE@am__append_98 = plugins/android_log
+@MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE@am__append_99 = plugins/android_log/libstrongswan-android-log.la
+@USE_HA_TRUE@am__append_100 = plugins/ha
+@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_101 = plugins/ha/libstrongswan-ha.la
+@USE_KERNEL_PFKEY_TRUE@am__append_102 = plugins/kernel_pfkey
+@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_103 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
+@USE_KERNEL_PFROUTE_TRUE@am__append_104 = plugins/kernel_pfroute
+@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_105 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
+@USE_KERNEL_NETLINK_TRUE@am__append_106 = plugins/kernel_netlink
+@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_107 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
+@USE_KERNEL_LIBIPSEC_TRUE@am__append_108 = plugins/kernel_libipsec
+@MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE@am__append_109 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
+@USE_KERNEL_WFP_TRUE@am__append_110 = plugins/kernel_wfp
+@MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE@am__append_111 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
+@USE_KERNEL_IPH_TRUE@am__append_112 = plugins/kernel_iph
+@MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE@am__append_113 = plugins/kernel_iph/libstrongswan-kernel-iph.la
+@USE_WHITELIST_TRUE@am__append_114 = plugins/whitelist
+@MONOLITHIC_TRUE@@USE_WHITELIST_TRUE@am__append_115 = plugins/whitelist/libstrongswan-whitelist.la
+@USE_LOOKIP_TRUE@am__append_116 = plugins/lookip
+@MONOLITHIC_TRUE@@USE_LOOKIP_TRUE@am__append_117 = plugins/lookip/libstrongswan-lookip.la
+@USE_ERROR_NOTIFY_TRUE@am__append_118 = plugins/error_notify
+@MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE@am__append_119 = plugins/error_notify/libstrongswan-error-notify.la
+@USE_CERTEXPIRE_TRUE@am__append_120 = plugins/certexpire
+@MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE@am__append_121 = plugins/certexpire/libstrongswan-certexpire.la
+@USE_SYSTIME_FIX_TRUE@am__append_122 = plugins/systime_fix
+@MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE@am__append_123 = plugins/systime_fix/libstrongswan-systime-fix.la
+@USE_LED_TRUE@am__append_124 = plugins/led
+@MONOLITHIC_TRUE@@USE_LED_TRUE@am__append_125 = plugins/led/libstrongswan-led.la
+@USE_DUPLICHECK_TRUE@am__append_126 = plugins/duplicheck
+@MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE@am__append_127 = plugins/duplicheck/libstrongswan-duplicheck.la
+@USE_COUPLING_TRUE@am__append_128 = plugins/coupling
+@MONOLITHIC_TRUE@@USE_COUPLING_TRUE@am__append_129 = plugins/coupling/libstrongswan-coupling.la
+@USE_RADATTR_TRUE@am__append_130 = plugins/radattr
+@MONOLITHIC_TRUE@@USE_RADATTR_TRUE@am__append_131 = plugins/radattr/libstrongswan-radattr.la
+@USE_UCI_TRUE@am__append_132 = plugins/uci
+@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_133 = plugins/uci/libstrongswan-uci.la
+@USE_ADDRBLOCK_TRUE@am__append_134 = plugins/addrblock
+@MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE@am__append_135 = plugins/addrblock/libstrongswan-addrblock.la
+@USE_UNITY_TRUE@am__append_136 = plugins/unity
+@MONOLITHIC_TRUE@@USE_UNITY_TRUE@am__append_137 = plugins/unity/libstrongswan-unity.la
+@USE_XAUTH_GENERIC_TRUE@am__append_138 = plugins/xauth_generic
+@MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE@am__append_139 = plugins/xauth_generic/libstrongswan-xauth-generic.la
+@USE_XAUTH_EAP_TRUE@am__append_140 = plugins/xauth_eap
+@MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE@am__append_141 = plugins/xauth_eap/libstrongswan-xauth-eap.la
+@USE_XAUTH_PAM_TRUE@am__append_142 = plugins/xauth_pam
+@MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE@am__append_143 = plugins/xauth_pam/libstrongswan-xauth-pam.la
+@USE_XAUTH_NOAUTH_TRUE@am__append_144 = plugins/xauth_noauth
+@MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE@am__append_145 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
+@USE_RESOLVE_TRUE@am__append_146 = plugins/resolve
+@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_147 = plugins/resolve/libstrongswan-resolve.la
+@USE_ATTR_TRUE@am__append_148 = plugins/attr
+@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_149 = plugins/attr/libstrongswan-attr.la
+@USE_ATTR_SQL_TRUE@am__append_150 = plugins/attr_sql
+@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_151 = plugins/attr_sql/libstrongswan-attr-sql.la
subdir = src/libcharon
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -359,11 +361,11 @@ libcharon_la_DEPENDENCIES = \
$(am__append_41) $(am__append_43) $(am__append_45) \
$(am__append_47) $(am__append_49) $(am__append_51) \
$(am__append_53) $(am__append_55) $(am__append_57) \
- $(am__append_58) $(am__append_60) $(am__append_62) \
+ $(am__append_59) $(am__append_60) $(am__append_62) \
$(am__append_64) $(am__append_66) $(am__append_68) \
$(am__append_70) $(am__append_72) $(am__append_74) \
- $(am__append_76) $(am__append_77) $(am__append_78) \
- $(am__append_80) $(am__append_82) $(am__append_83) \
+ $(am__append_76) $(am__append_78) $(am__append_79) \
+ $(am__append_80) $(am__append_82) $(am__append_84) \
$(am__append_85) $(am__append_87) $(am__append_89) \
$(am__append_91) $(am__append_93) $(am__append_95) \
$(am__append_97) $(am__append_99) $(am__append_101) \
@@ -374,7 +376,8 @@ libcharon_la_DEPENDENCIES = \
$(am__append_127) $(am__append_129) $(am__append_131) \
$(am__append_133) $(am__append_135) $(am__append_137) \
$(am__append_139) $(am__append_141) $(am__append_143) \
- $(am__append_145) $(am__append_147) $(am__append_149)
+ $(am__append_145) $(am__append_147) $(am__append_149) \
+ $(am__append_151)
am__libcharon_la_SOURCES_DIST = attributes/attributes.c \
attributes/attributes.h attributes/attribute_provider.h \
attributes/attribute_handler.h attributes/attribute_manager.c \
@@ -744,8 +747,8 @@ CTAGS = ctags
DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \
plugins/socket_dynamic plugins/socket_win plugins/connmark \
plugins/bypass_lan plugins/forecast plugins/farp \
- plugins/stroke plugins/vici plugins/smp plugins/sql \
- plugins/dnscert plugins/ipseckey plugins/updown \
+ plugins/counters plugins/stroke plugins/vici plugins/smp \
+ plugins/sql plugins/dnscert plugins/ipseckey plugins/updown \
plugins/ext_auth plugins/eap_identity plugins/eap_sim \
plugins/eap_sim_file plugins/eap_sim_pcsc \
plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \
@@ -825,9 +828,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -1157,12 +1162,12 @@ libcharon_la_LIBADD = \
$(am__append_37) $(am__append_39) $(am__append_41) \
$(am__append_43) $(am__append_45) $(am__append_47) \
$(am__append_49) $(am__append_51) $(am__append_53) \
- $(am__append_55) $(am__append_57) $(am__append_58) \
+ $(am__append_55) $(am__append_57) $(am__append_59) \
$(am__append_60) $(am__append_62) $(am__append_64) \
$(am__append_66) $(am__append_68) $(am__append_70) \
$(am__append_72) $(am__append_74) $(am__append_76) \
- $(am__append_77) $(am__append_78) $(am__append_80) \
- $(am__append_82) $(am__append_83) $(am__append_85) \
+ $(am__append_78) $(am__append_79) $(am__append_80) \
+ $(am__append_82) $(am__append_84) $(am__append_85) \
$(am__append_87) $(am__append_89) $(am__append_91) \
$(am__append_93) $(am__append_95) $(am__append_97) \
$(am__append_99) $(am__append_101) $(am__append_103) \
@@ -1173,7 +1178,7 @@ libcharon_la_LIBADD = \
$(am__append_129) $(am__append_131) $(am__append_133) \
$(am__append_135) $(am__append_137) $(am__append_139) \
$(am__append_141) $(am__append_143) $(am__append_145) \
- $(am__append_147) $(am__append_149)
+ $(am__append_147) $(am__append_149) $(am__append_151)
EXTRA_DIST = Android.mk
@STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c
@STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c
@@ -1190,12 +1195,12 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \
@MONOLITHIC_FALSE@ $(am__append_50) $(am__append_52) \
@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_56) \
-@MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \
+@MONOLITHIC_FALSE@ $(am__append_58) $(am__append_61) \
@MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \
@MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \
@MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \
-@MONOLITHIC_FALSE@ $(am__append_75) $(am__append_79) \
-@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_84) \
+@MONOLITHIC_FALSE@ $(am__append_75) $(am__append_77) \
+@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) \
@MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \
@MONOLITHIC_FALSE@ $(am__append_90) $(am__append_92) \
@MONOLITHIC_FALSE@ $(am__append_94) $(am__append_96) \
@@ -1211,7 +1216,8 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@ $(am__append_134) $(am__append_136) \
@MONOLITHIC_FALSE@ $(am__append_138) $(am__append_140) \
@MONOLITHIC_FALSE@ $(am__append_142) $(am__append_144) \
-@MONOLITHIC_FALSE@ $(am__append_146) $(am__append_148) tests
+@MONOLITHIC_FALSE@ $(am__append_146) $(am__append_148) \
+@MONOLITHIC_FALSE@ $(am__append_150) tests
# build optional plugins
########################
@@ -1228,12 +1234,12 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \
@MONOLITHIC_TRUE@ $(am__append_50) $(am__append_52) \
@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_56) \
-@MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \
+@MONOLITHIC_TRUE@ $(am__append_58) $(am__append_61) \
@MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \
@MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \
@MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \
-@MONOLITHIC_TRUE@ $(am__append_75) $(am__append_79) \
-@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_84) \
+@MONOLITHIC_TRUE@ $(am__append_75) $(am__append_77) \
+@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) \
@MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \
@MONOLITHIC_TRUE@ $(am__append_90) $(am__append_92) \
@MONOLITHIC_TRUE@ $(am__append_94) $(am__append_96) \
@@ -1249,7 +1255,8 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_TRUE@ $(am__append_134) $(am__append_136) \
@MONOLITHIC_TRUE@ $(am__append_138) $(am__append_140) \
@MONOLITHIC_TRUE@ $(am__append_142) $(am__append_144) \
-@MONOLITHIC_TRUE@ $(am__append_146) $(am__append_148) . tests
+@MONOLITHIC_TRUE@ $(am__append_146) $(am__append_148) \
+@MONOLITHIC_TRUE@ $(am__append_150) . tests
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index a102c459c..93904ec71 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -310,6 +310,9 @@ enum child_cfg_option_t {
/** Force 96-bit truncation for SHA-256 */
OPT_SHA256_96 = (1<<6),
+
+ /** Set mark on inbound SAs */
+ OPT_MARK_IN_SA = (1<<7),
};
/**
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index 93300781d..64413204b 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -580,6 +580,7 @@ bool ike_cfg_has_address(ike_cfg_t *cfg, host_t *addr, bool local)
host = host_create_from_string(str, 0);
if (host && addr->ip_equals(addr, host))
{
+ host->destroy(host);
found = TRUE;
break;
}
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 6c71f78d3..46c3c9400 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -872,9 +872,10 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case AUTH_AES_XCBC_96:
case AUTH_AES_CMAC_96:
case AUTH_HMAC_SHA1_96:
- case AUTH_HMAC_MD5_96:
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
break;
+ case AUTH_HMAC_MD5_96:
+ /* no, thanks */
default:
break;
}
@@ -908,9 +909,11 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
switch (prf)
{
case PRF_HMAC_SHA1:
- case PRF_HMAC_MD5:
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
break;
+ case PRF_HMAC_MD5:
+ /* no, thanks */
+ break;
default:
break;
}
@@ -970,6 +973,8 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
/* only for testing purposes */
break;
case MODP_768_BIT:
+ case MODP_1024_BIT:
+ case MODP_1536_BIT:
/* weak */
break;
case MODP_1024_160:
@@ -977,7 +982,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case MODP_2048_256:
/* RFC 5114 primes are of questionable source */
break;
- case MODP_1536_BIT:
case ECP_224_BIT:
case ECP_224_BP:
case ECP_192_BIT:
@@ -985,7 +989,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
/* rarely used */
break;
case MODP_2048_BIT:
- case MODP_1024_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
break;
default:
@@ -1017,14 +1020,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
case PROTO_AH:
@@ -1033,7 +1033,6 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
default:
diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h
index 2bdf3454f..0dc70f4c5 100644
--- a/src/libcharon/config/proposal.h
+++ b/src/libcharon/config/proposal.h
@@ -82,7 +82,7 @@ struct proposal_t {
uint16_t alg, uint16_t key_size);
/**
- * Get an enumerator over algorithms for a specifc algo type.
+ * Get an enumerator over algorithms for a specific algo type.
*
* @param type kind of algorithm
* @return enumerator over uint16_t alg, uint16_t key_size
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
index 8e7816b39..44a4d0aa8 100644
--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@@ -294,10 +294,7 @@ METHOD(listener_t, ike_state_change_terminate, bool,
switch (state)
{
case IKE_DESTROYING:
- if (ike_sa->get_state(ike_sa) == IKE_DELETING)
- { /* proper termination */
- this->status = SUCCESS;
- }
+ this->status = SUCCESS;
return listener_done(this);
default:
break;
diff --git a/src/libcharon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h
index 834f35d60..e134aac8d 100644
--- a/src/libcharon/encoding/payloads/cert_payload.h
+++ b/src/libcharon/encoding/payloads/cert_payload.h
@@ -131,7 +131,7 @@ cert_payload_t *cert_payload_create_from_cert(payload_type_t type,
/**
* Creates an IKEv2 certificate payload with hash and URL encoding.
*
- * @param hash hash of the DER encoded certificate (get's cloned)
+ * @param hash hash of the DER encoded certificate (gets cloned)
* @param url URL to the certificate
* @return cert_payload_t object
*/
diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index 923135da9..cbf74eb73 100644
--- a/src/libcharon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
@@ -441,7 +441,7 @@ eap_payload_t *eap_payload_create_nak(uint8_t identifier, eap_type_t type,
added_any = TRUE;
}
else if (reg_vendor)
- { /* found vendor specifc method, but this is not an expanded Nak */
+ { /* found vendor specific method, but this is not an expanded Nak */
found_vendor = TRUE;
}
}
diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c
index 17a0417dc..52b09b663 100644
--- a/src/libcharon/encoding/payloads/nonce_payload.c
+++ b/src/libcharon/encoding/payloads/nonce_payload.c
@@ -86,7 +86,7 @@ static encoding_rule_t encodings[] = {
{ RESERVED_BIT, offsetof(private_nonce_payload_t, reserved[6]) },
/* Length of the whole nonce payload*/
{ PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) },
- /* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */
+ /* some nonce bytes, length is defined in PAYLOAD_LENGTH */
{ CHUNK_DATA, offsetof(private_nonce_payload_t, nonce) },
};
diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h
index e75dc27bb..cb75f1ea7 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
@@ -107,7 +107,7 @@ transform_substructure_t *transform_substructure_create(payload_type_t type);
*
* @param type PLV2_TRANSFORM_SUBSTRUCTURE or PLV1_TRANSFORM_SUBSTRUCTURE
* @param type_or_number Type (IKEv2) or number (IKEv1) of transform
- * @param id transform id specifc for the transform type
+ * @param id transform id specific for the transform type
* @return transform_substructure_t object
*/
transform_substructure_t *transform_substructure_create_type(payload_type_t type,
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index 6fafeb760..b75304031 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -183,7 +183,7 @@ struct kernel_ipsec_query_policy_t {
* Policy information are cached in the interface. This is necessary to do
* reference counting. The Linux kernel does not allow the same policy
* installed twice, but we need this as CHILD_SA exist multiple times
- * when rekeying. Thats why we do reference counting of policies.
+ * when rekeying. That's why we do reference counting of policies.
*/
struct kernel_ipsec_t {
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 5a76c8187..62ce323d0 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index 8f5ae6ac7..bba9591ec 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 682fa15b9..0a5c7ec8d 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in
index 61570457e..2e7170472 100644
--- a/src/libcharon/plugins/attr/Makefile.in
+++ b/src/libcharon/plugins/attr/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in
index 14a144c38..b8b9885f2 100644
--- a/src/libcharon/plugins/attr_sql/Makefile.in
+++ b/src/libcharon/plugins/attr_sql/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/bypass_lan/Makefile.in b/src/libcharon/plugins/bypass_lan/Makefile.in
index 1c1a4523a..f882f6bc0 100644
--- a/src/libcharon/plugins/bypass_lan/Makefile.in
+++ b/src/libcharon/plugins/bypass_lan/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index 0ae0d28d7..cbfb07597 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in
index fb432cd67..6f0a2bddf 100644
--- a/src/libcharon/plugins/connmark/Makefile.in
+++ b/src/libcharon/plugins/connmark/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/counters/Makefile.am b/src/libcharon/plugins/counters/Makefile.am
new file mode 100644
index 000000000..e5bde3f7a
--- /dev/null
+++ b/src/libcharon/plugins/counters/Makefile.am
@@ -0,0 +1,19 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-counters.la
+else
+plugin_LTLIBRARIES = libstrongswan-counters.la
+endif
+
+libstrongswan_counters_la_SOURCES = \
+ counters_plugin.h counters_plugin.c \
+ counters_listener.h counters_listener.c \
+ counters_query.h
+
+libstrongswan_counters_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/counters/Makefile.in b/src/libcharon/plugins/counters/Makefile.in
new file mode 100644
index 000000000..491ba80b3
--- /dev/null
+++ b/src/libcharon/plugins/counters/Makefile.in
@@ -0,0 +1,804 @@
+# Makefile.in generated by automake 1.15 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/counters
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_counters_la_LIBADD =
+am_libstrongswan_counters_la_OBJECTS = counters_plugin.lo \
+ counters_listener.lo
+libstrongswan_counters_la_OBJECTS = \
+ $(am_libstrongswan_counters_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libstrongswan_counters_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_counters_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_counters_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_counters_la_rpath =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libstrongswan_counters_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_counters_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+ATOMICLIB = @ATOMICLIB@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+fuzz_plugins = @fuzz_plugins@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libfuzzer = @libfuzzer@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+ruby_CFLAGS = @ruby_CFLAGS@
+ruby_LIBS = @ruby_LIBS@
+runstatedir = @runstatedir@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
+tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
+tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
+tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-counters.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-counters.la
+libstrongswan_counters_la_SOURCES = \
+ counters_plugin.h counters_plugin.c \
+ counters_listener.h counters_listener.c \
+ counters_query.h
+
+libstrongswan_counters_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/counters/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/counters/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+libstrongswan-counters.la: $(libstrongswan_counters_la_OBJECTS) $(libstrongswan_counters_la_DEPENDENCIES) $(EXTRA_libstrongswan_counters_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_counters_la_LINK) $(am_libstrongswan_counters_la_rpath) $(libstrongswan_counters_la_OBJECTS) $(libstrongswan_counters_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/counters_listener.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/counters_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pluginLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/counters/counters_listener.c b/src/libcharon/plugins/counters/counters_listener.c
new file mode 100644
index 000000000..a32614e8c
--- /dev/null
+++ b/src/libcharon/plugins/counters/counters_listener.c
@@ -0,0 +1,464 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "counters_listener.h"
+#include "counters_query.h"
+
+#include <threading/spinlock.h>
+#include <collections/hashtable.h>
+#include <collections/array.h>
+
+typedef struct private_counters_listener_t private_counters_listener_t;
+typedef struct private_counters_query_t private_counters_query_t;
+
+/**
+ * Query interface
+ */
+struct private_counters_query_t {
+
+ /**
+ * Public interface
+ */
+ counters_query_t public;
+
+ /**
+ * Reference to this
+ */
+ private_counters_listener_t *this;
+};
+
+/**
+ * Private data
+ */
+struct private_counters_listener_t {
+
+ /**
+ * Public interface
+ */
+ counters_listener_t public;
+
+ /**
+ * Query interface
+ */
+ private_counters_query_t query;
+
+ /**
+ * Global counter values
+ */
+ uint64_t counters[COUNTER_MAX];
+
+ /**
+ * Counters for specific connection names, char* => entry_t
+ */
+ hashtable_t *conns;
+
+ /**
+ * Lock for counter values
+ */
+ spinlock_t *lock;
+};
+
+/**
+ * Counters for a specific connection name
+ */
+typedef struct {
+ /** connection name */
+ char *name;
+ /** counter values for connection */
+ uint64_t counters[COUNTER_MAX];
+} entry_t;
+
+/**
+ * Destroy named entry
+ */
+static void destroy_entry(entry_t *this)
+{
+ free(this->name);
+ free(this);
+}
+
+/**
+ * Hashtable hash function
+ */
+static u_int hash(char *name)
+{
+ return chunk_hash(chunk_from_str(name));
+}
+
+/**
+ * Hashtable equals function
+ */
+static bool equals(char *a, char *b)
+{
+ return streq(a, b);
+}
+
+/**
+ * Get the name of an IKE_SA, but return NULL if it is not known yet
+ */
+static char *get_ike_sa_name(ike_sa_t *ike_sa)
+{
+ peer_cfg_t *peer_cfg;
+
+ if (ike_sa)
+ {
+ peer_cfg = ike_sa->get_peer_cfg(ike_sa);
+ if (peer_cfg)
+ {
+ return peer_cfg->get_name(peer_cfg);
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Increase a counter for a named entry
+ */
+static void count_named(private_counters_listener_t *this,
+ ike_sa_t *ike_sa, counter_type_t type)
+{
+ entry_t *entry;
+ char *name;
+
+ name = get_ike_sa_name(ike_sa);
+ if (name)
+ {
+ entry = this->conns->get(this->conns, name);
+ if (!entry)
+ {
+ INIT(entry,
+ .name = strdup(name),
+ );
+ this->conns->put(this->conns, entry->name, entry);
+ }
+ entry->counters[type]++;
+ }
+}
+
+METHOD(listener_t, alert, bool,
+ private_counters_listener_t *this, ike_sa_t *ike_sa,
+ alert_t alert, va_list args)
+{
+ counter_type_t type;
+
+ switch (alert)
+ {
+ case ALERT_INVALID_IKE_SPI:
+ type = COUNTER_IN_INVALID_IKE_SPI;
+ break;
+ case ALERT_PARSE_ERROR_HEADER:
+ case ALERT_PARSE_ERROR_BODY:
+ type = COUNTER_IN_INVALID;
+ break;
+ default:
+ return TRUE;
+ }
+
+ this->lock->lock(this->lock);
+ this->counters[type]++;
+ count_named(this, ike_sa, type);
+ this->lock->unlock(this->lock);
+
+ return TRUE;
+}
+
+METHOD(listener_t, ike_rekey, bool,
+ private_counters_listener_t *this, ike_sa_t *old, ike_sa_t *new)
+{
+ counter_type_t type;
+ ike_sa_id_t *id;
+
+ id = new->get_id(new);
+ if (id->is_initiator(id))
+ {
+ type = COUNTER_INIT_IKE_SA_REKEY;
+ }
+ else
+ {
+ type = COUNTER_RESP_IKE_SA_REKEY;
+ }
+
+ this->lock->lock(this->lock);
+ this->counters[type]++;
+ count_named(this, old, type);
+ this->lock->unlock(this->lock);
+
+ return TRUE;
+}
+
+METHOD(listener_t, child_rekey, bool,
+ private_counters_listener_t *this, ike_sa_t *ike_sa,
+ child_sa_t *old, child_sa_t *new)
+{
+ this->lock->lock(this->lock);
+ this->counters[COUNTER_CHILD_SA_REKEY]++;
+ count_named(this, ike_sa, COUNTER_CHILD_SA_REKEY);
+ this->lock->unlock(this->lock);
+
+ return TRUE;
+}
+
+METHOD(listener_t, message_hook, bool,
+ private_counters_listener_t *this, ike_sa_t *ike_sa, message_t *message,
+ bool incoming, bool plain)
+{
+ counter_type_t type;
+ bool request;
+
+ if ((incoming && !plain) || (!incoming && !plain))
+ { /* handle each message only once */
+ return TRUE;
+ }
+
+ request = message->get_request(message);
+ switch (message->get_exchange_type(message))
+ {
+ case IKE_SA_INIT:
+ if (incoming)
+ {
+ type = request ? COUNTER_IN_IKE_SA_INIT_REQ
+ : COUNTER_IN_IKE_SA_INIT_RSP;
+ }
+ else
+ {
+ type = request ? COUNTER_OUT_IKE_SA_INIT_REQ
+ : COUNTER_OUT_IKE_SA_INIT_RES;
+ }
+ break;
+ case IKE_AUTH:
+ if (incoming)
+ {
+ type = request ? COUNTER_IN_IKE_AUTH_REQ
+ : COUNTER_IN_IKE_AUTH_RSP;
+ }
+ else
+ {
+ type = request ? COUNTER_OUT_IKE_AUTH_REQ
+ : COUNTER_OUT_IKE_AUTH_RSP;
+ }
+ break;
+ case CREATE_CHILD_SA:
+ if (incoming)
+ {
+ type = request ? COUNTER_IN_CREATE_CHILD_SA_REQ
+ : COUNTER_IN_CREATE_CHILD_SA_RSP;
+ }
+ else
+ {
+ type = request ? COUNTER_OUT_CREATE_CHILD_SA_REQ
+ : COUNTER_OUT_CREATE_CHILD_SA_RSP;
+ }
+ break;
+ case INFORMATIONAL:
+ if (incoming)
+ {
+ type = request ? COUNTER_IN_INFORMATIONAL_REQ
+ : COUNTER_IN_INFORMATIONAL_RSP;
+ }
+ else
+ {
+ type = request ? COUNTER_OUT_INFORMATIONAL_REQ
+ : COUNTER_OUT_INFORMATIONAL_RSP;
+ }
+ break;
+ default:
+ return TRUE;
+ }
+
+ this->lock->lock(this->lock);
+ this->counters[type]++;
+ count_named(this, ike_sa, type);
+ this->lock->unlock(this->lock);
+
+ return TRUE;
+}
+
+CALLBACK(free_names, void,
+ array_t * names)
+{
+ array_destroy_function(names, (void*)free, NULL);
+}
+
+METHOD(counters_query_t, get_names, enumerator_t*,
+ private_counters_query_t *query)
+{
+ private_counters_listener_t *this = query->this;
+ enumerator_t *enumerator;
+ array_t *names;
+ char *name;
+
+ this->lock->lock(this->lock);
+ names = array_create(0, this->conns->get_count(this->conns));
+ enumerator = this->conns->create_enumerator(this->conns);
+ while (enumerator->enumerate(enumerator, &name, NULL))
+ {
+ array_insert(names, ARRAY_TAIL, strdup(name));
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+
+ array_sort(names, (void*)strcmp, NULL);
+
+ return enumerator_create_cleaner(array_create_enumerator(names),
+ free_names, names);
+}
+
+METHOD(counters_query_t, get, bool,
+ private_counters_query_t *query, counter_type_t type, char *name,
+ uint64_t *value)
+{
+ private_counters_listener_t *this = query->this;
+ uint64_t *counters = this->counters;
+
+ this->lock->lock(this->lock);
+ if (name)
+ {
+ entry_t *entry;
+
+ entry = this->conns->get(this->conns, name);
+ if (!entry)
+ {
+ this->lock->unlock(this->lock);
+ return FALSE;
+ }
+ counters = entry->counters;
+ }
+ if (value)
+ {
+ *value = counters[type];
+ }
+ this->lock->unlock(this->lock);
+ return TRUE;
+}
+
+METHOD(counters_query_t, get_all, uint64_t*,
+ private_counters_query_t *query, char *name)
+{
+ private_counters_listener_t *this = query->this;
+ entry_t *entry;
+ uint64_t *result, *counters = this->counters;
+ counter_type_t i;
+
+ result = calloc(COUNTER_MAX, sizeof(uint64_t));
+
+ this->lock->lock(this->lock);
+ if (name)
+ {
+ entry = this->conns->get(this->conns, name);
+ if (!entry)
+ {
+ this->lock->unlock(this->lock);
+ free(result);
+ return NULL;
+ }
+ counters = &entry->counters[0];
+ }
+ for (i = 0; i < countof(this->counters); i++)
+ {
+ result[i] = counters[i];
+ }
+ this->lock->unlock(this->lock);
+ return result;
+}
+
+METHOD(counters_query_t, reset, void,
+ private_counters_query_t *query, char *name)
+{
+ private_counters_listener_t *this = query->this;
+ entry_t *entry = NULL;
+
+ this->lock->lock(this->lock);
+ if (name)
+ {
+ entry = this->conns->remove(this->conns, name);
+ }
+ else
+ {
+ memset(&this->counters, 0, sizeof(this->counters));
+ }
+ this->lock->unlock(this->lock);
+
+ if (entry)
+ {
+ destroy_entry(entry);
+ }
+}
+
+METHOD(counters_query_t, reset_all, void,
+ private_counters_query_t *query)
+{
+ private_counters_listener_t *this = query->this;
+ hashtable_t *new_conns, *conns;
+
+ new_conns = hashtable_create((hashtable_hash_t)hash,
+ (hashtable_equals_t)equals, 4);
+
+ this->lock->lock(this->lock);
+ conns = this->conns;
+ this->conns = new_conns;
+ this->lock->unlock(this->lock);
+
+ conns->destroy_function(conns, (void*)destroy_entry);
+}
+
+METHOD(counters_listener_t, destroy, void,
+ private_counters_listener_t *this)
+{
+ lib->set(lib, "counters", NULL);
+
+ this->conns->destroy_function(this->conns, (void*)destroy_entry);
+ this->lock->destroy(this->lock);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+counters_listener_t *counters_listener_create()
+{
+ private_counters_listener_t *this;
+
+ INIT(this,
+ .public = {
+ .listener = {
+ .alert = _alert,
+ .ike_rekey = _ike_rekey,
+ .child_rekey = _child_rekey,
+ .message = _message_hook,
+ },
+ .destroy = _destroy,
+ },
+ .query = {
+ .public = {
+ .get_names = _get_names,
+ .get = _get,
+ .get_all = _get_all,
+ .reset = _reset,
+ .reset_all = _reset_all,
+ },
+ },
+ .conns = hashtable_create((hashtable_hash_t)hash,
+ (hashtable_equals_t)equals, 4),
+ .lock = spinlock_create(),
+ );
+ this->query.this = this;
+
+ lib->set(lib, "counters", &this->query);
+
+ return &this->public;
+}
diff --git a/src/libcharon/plugins/counters/counters_listener.h b/src/libcharon/plugins/counters/counters_listener.h
new file mode 100644
index 000000000..6d9168f4c
--- /dev/null
+++ b/src/libcharon/plugins/counters/counters_listener.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup counters_listener counters_listener
+ * @{ @ingroup counters
+ */
+
+#ifndef COUNTERS_LISTENER_H_
+#define COUNTERS_LISTENER_H_
+
+#include <bus/listeners/listener.h>
+
+typedef struct counters_listener_t counters_listener_t;
+
+/**
+ * Collect counter values for different IKE events.
+ */
+struct counters_listener_t {
+
+ /**
+ * Implements listener_t interface.
+ */
+ listener_t listener;
+
+ /**
+ * Destroy a counters_listener_t.
+ */
+ void (*destroy)(counters_listener_t *this);
+};
+
+/**
+ * Create a counters_listener_t instance.
+ */
+counters_listener_t *counters_listener_create();
+
+#endif /** COUNTERS_LISTENER_H_ @}*/
diff --git a/src/libcharon/plugins/counters/counters_plugin.c b/src/libcharon/plugins/counters/counters_plugin.c
new file mode 100644
index 000000000..48de92760
--- /dev/null
+++ b/src/libcharon/plugins/counters/counters_plugin.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "counters_plugin.h"
+
+#include <daemon.h>
+#include <plugins/plugin_feature.h>
+
+#include "counters_listener.h"
+
+typedef struct private_counters_plugin_t private_counters_plugin_t;
+
+/**
+ * Private data
+ */
+struct private_counters_plugin_t {
+
+ /**
+ * Public interface
+ */
+ counters_plugin_t public;
+
+ /**
+ * Listener implementation
+ */
+ counters_listener_t *listener;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_counters_plugin_t *this)
+{
+ return "counters";
+}
+
+/**
+ * Register listener
+ */
+static bool plugin_cb(private_counters_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *cb_data)
+{
+ if (reg)
+ {
+ charon->bus->add_listener(charon->bus, &this->listener->listener);
+ }
+ else
+ {
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ }
+ return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+ private_counters_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "counters"),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_counters_plugin_t *this)
+{
+ this->listener->destroy(this->listener);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+plugin_t *counters_plugin_create()
+{
+ private_counters_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ .listener = counters_listener_create(),
+ );
+
+ return &this->public.plugin;
+}
diff --git a/src/libcharon/plugins/counters/counters_plugin.h b/src/libcharon/plugins/counters/counters_plugin.h
new file mode 100644
index 000000000..76fe2c236
--- /dev/null
+++ b/src/libcharon/plugins/counters/counters_plugin.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup counters counters
+ * @ingroup cplugins
+ *
+ * @defgroup counters_plugin counters_plugin
+ * @{ @ingroup counters
+ */
+
+#ifndef COUNTERS_PLUGIN_H_
+#define COUNTERS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct counters_plugin_t counters_plugin_t;
+
+/**
+ * Plugin collecting several IKE event counters.
+ *
+ * Interested components can query individual counters via the 'counters'
+ * object registered on lib that implements the counters_query.h interface.
+ */
+struct counters_plugin_t {
+
+ /**
+ * Implements plugin_t. interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** COUNTERS_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/counters/counters_query.h b/src/libcharon/plugins/counters/counters_query.h
new file mode 100644
index 000000000..f785a68c8
--- /dev/null
+++ b/src/libcharon/plugins/counters/counters_query.h
@@ -0,0 +1,124 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup counters_query counters_query
+ * @{ @ingroup counters
+ */
+
+#ifndef COUNTERS_QUERY_H_
+#define COUNTERS_QUERY_H_
+
+#include <bus/listeners/listener.h>
+
+typedef struct counters_query_t counters_query_t;
+typedef enum counter_type_t counter_type_t;
+
+enum counter_type_t {
+ /** initiated IKE_SA rekeyings */
+ COUNTER_INIT_IKE_SA_REKEY,
+ /** responded IKE_SA rekeyings */
+ COUNTER_RESP_IKE_SA_REKEY,
+ /** completed CHILD_SA rekeyings */
+ COUNTER_CHILD_SA_REKEY,
+ /** messages with invalid types, length, or a value out of range */
+ COUNTER_IN_INVALID,
+ /** messages with an invalid IKE SPI */
+ COUNTER_IN_INVALID_IKE_SPI,
+ /** received IKE_SA_INIT requests */
+ COUNTER_IN_IKE_SA_INIT_REQ,
+ /** received IKE_SA_INIT responses */
+ COUNTER_IN_IKE_SA_INIT_RSP,
+ /** sent IKE_SA_INIT requests */
+ COUNTER_OUT_IKE_SA_INIT_REQ,
+ /** sent IKE_SA_INIT responses */
+ COUNTER_OUT_IKE_SA_INIT_RES,
+ /** received IKE_AUTH requests */
+ COUNTER_IN_IKE_AUTH_REQ,
+ /** received IKE_AUTH responses */
+ COUNTER_IN_IKE_AUTH_RSP,
+ /** sent IKE_AUTH requests */
+ COUNTER_OUT_IKE_AUTH_REQ,
+ /** sent IKE_AUTH responses */
+ COUNTER_OUT_IKE_AUTH_RSP,
+ /** received CREATE_CHILD_SA requests */
+ COUNTER_IN_CREATE_CHILD_SA_REQ,
+ /** received CREATE_CHILD_SA responses */
+ COUNTER_IN_CREATE_CHILD_SA_RSP,
+ /** sent CREATE_CHILD_SA requests */
+ COUNTER_OUT_CREATE_CHILD_SA_REQ,
+ /** sent CREATE_CHILD_SA responses */
+ COUNTER_OUT_CREATE_CHILD_SA_RSP,
+ /** received INFORMATIONAL requests */
+ COUNTER_IN_INFORMATIONAL_REQ,
+ /** received INFORMATIONAL responses */
+ COUNTER_IN_INFORMATIONAL_RSP,
+ /** sent INFORMATIONAL requests */
+ COUNTER_OUT_INFORMATIONAL_REQ,
+ /** sent INFORMATIONAL responses */
+ COUNTER_OUT_INFORMATIONAL_RSP,
+ /** number of counter types */
+ COUNTER_MAX
+};
+
+/**
+ * Query counter values for different IKE events.
+ */
+struct counters_query_t {
+
+ /**
+ * Enumerate all connection names for which counters are currently recorded.
+ *
+ * @return enumerator over names (char *)
+ */
+ enumerator_t *(*get_names)(counters_query_t *this);
+
+ /**
+ * Get a current global or connection-specific counter value.
+ *
+ * @param type counter to query
+ * @param name connection name to get counter for, NULL for global
+ * @param[out] value counter value
+ * @return TRUE if value found and returned
+ */
+ bool (*get)(counters_query_t *this, counter_type_t type, char *name,
+ uint64_t *value);
+
+ /**
+ * Get all global or connection-specific counter values.
+ *
+ * @param name connection name to get counters for, NULL for global
+ * @return array of counters (has to be freed), NULL if named
+ * connection is not found
+ */
+ uint64_t *(*get_all)(counters_query_t *this, char *name);
+
+ /**
+ * Reset all global or connection-specific counters.
+ *
+ * @param name connection name to reset counters, NULL for global
+ */
+ void (*reset)(counters_query_t *this, char *name);
+
+ /**
+ * Reset counters for all connections, global counters are unaffected.
+ */
+ void (*reset_all)(counters_query_t *this);
+};
+
+#endif /** COUNTERS_QUERY_H_ @}*/
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index 06f2592f0..5859a21ee 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index aaca1ec99..f8e2d7398 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index 42f8f1ef9..7541c3b49 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -176,7 +176,7 @@ typedef struct __attribute__((packed)) {
char server_hostname[64];
char boot_filename[128];
uint32_t magic_cookie;
- char options[252];
+ u_char options[252];
} dhcp_t;
/**
@@ -438,7 +438,7 @@ METHOD(dhcp_socket_t, release, void,
DBG1(DBG_CFG, "sending DHCP RELEASE for %H to %H", release, server);
chunk = release->get_address(release);
- memcpy(&dhcp.client_address, chunk.ptr,
+ memcpy((char*)&dhcp.client_address, chunk.ptr,
min(chunk.len, sizeof(dhcp.client_address)));
option = (dhcp_option_t*)&dhcp.options[optlen];
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index 0febca96d..d0a4d7fc3 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index db4491113..9be0c495b 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -254,9 +254,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 09291aff5..dd66b65b7 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
index 2b73a57ce..2f3d0b83e 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c
index 3d0e06146..650af86d9 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c
+++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c
@@ -77,7 +77,7 @@ METHOD(plugin_t, get_name, char*,
}
/**
- * Try to instanciate ea_aka_3gpp functions and card/provider backends
+ * Try to instantiate ea_aka_3gpp functions and card/provider backends
*/
static bool register_functions(private_eap_aka_3gpp_t *this,
plugin_feature_t *feature, bool reg, void *data)
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index a14afbc55..f5fc3fb48 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
index d7d0d0507..3f9db71c6 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
@@ -55,7 +55,7 @@ METHOD(plugin_t, get_name, char*,
}
/**
- * Try to instanciate 3gpp2 functions and card/provider backends
+ * Try to instantiate 3gpp2 functions and card/provider backends
*/
static bool register_functions(private_eap_aka_3gpp2_t *this,
plugin_feature_t *feature, bool reg, void *data)
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index e6427106a..494f0a8c5 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index 0075513b2..4dc68f94f 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 7481fe377..44f097ef4 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index f26a58550..3c634db82 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index abc3081b8..505d6ea52 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 8e8597cab..20f2ecab1 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index 938243394..f5100fc53 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index a2530e653..fbbf6da83 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2012-2017 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -271,37 +272,47 @@ METHOD(eap_method_t, initiate, status_t,
}
/**
- * Handle the Class attribute as group membership information
+ * Handle the Class attribute
*/
static void process_class(radius_message_t *msg)
{
enumerator_t *enumerator;
+ ike_sa_t *ike_sa;
+ identification_t *id;
+ auth_cfg_t *auth;
chunk_t data;
+ bool class_group, class_send;
int type;
+ class_group = lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.class_group", FALSE, lib->ns);
+ class_send = lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.accounting_send_class", FALSE, lib->ns);
+ ike_sa = charon->bus->get_sa(charon->bus);
+
+ if ((!class_group && !class_send) || !ike_sa)
+ {
+ return;
+ }
+
enumerator = msg->create_enumerator(msg);
while (enumerator->enumerate(enumerator, &type, &data))
{
if (type == RAT_CLASS)
{
- identification_t *id;
- ike_sa_t *ike_sa;
- auth_cfg_t *auth;
-
- if (data.len >= 44)
+ if (class_group && data.len < 44)
{ /* quirk: ignore long class attributes, these are used for
* other purposes by some RADIUS servers (such as NPS). */
- continue;
- }
-
- ike_sa = charon->bus->get_sa(charon->bus);
- if (ike_sa)
- {
auth = ike_sa->get_auth_cfg(ike_sa, FALSE);
id = identification_create_from_data(data);
- DBG1(DBG_CFG, "received group membership '%Y' from RADIUS", id);
+ DBG1(DBG_CFG, "received group membership '%Y' from RADIUS",
+ id);
auth->add(auth, AUTH_RULE_GROUP, id);
}
+ if (class_send)
+ {
+ eap_radius_accounting_add_class(ike_sa, data);
+ }
}
}
enumerator->destroy(enumerator);
@@ -631,11 +642,7 @@ static void process_cfg_attributes(radius_message_t *msg)
*/
void eap_radius_process_attributes(radius_message_t *message)
{
- if (lib->settings->get_bool(lib->settings,
- "%s.plugins.eap-radius.class_group", FALSE, lib->ns))
- {
- process_class(message);
- }
+ process_class(message);
if (lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.filter_id", FALSE, lib->ns))
{
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index e1f5be06a..92611492b 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2015-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
@@ -160,6 +160,8 @@ typedef struct {
ike_sa_id_t *id;
/** RADIUS accounting session ID */
char sid[24];
+ /** cached Class attributes */
+ array_t *class_attrs;
/** number of sent/received octets/packets for expired SAs */
usage_t usage;
/** list of cached SAs, sa_entry_t (sorted by their unique ID) */
@@ -186,6 +188,7 @@ static void destroy_entry(entry_t *this)
{
array_destroy_function(this->cached, (void*)free, NULL);
array_destroy_function(this->migrated, (void*)free, NULL);
+ array_destroy_function(this->class_attrs, (void*)chunk_free, NULL);
this->id->destroy(this->id);
free(this);
}
@@ -458,6 +461,23 @@ static void add_ike_sa_parameters(private_eap_radius_accounting_t *this,
}
/**
+ * Add the Class attributes received in the Access-Accept message to the
+ * RADIUS accounting message
+ */
+static void add_class_attributes(radius_message_t *message, entry_t *entry)
+{
+ enumerator_t *enumerator;
+ chunk_t *cls;
+
+ enumerator = array_create_enumerator(entry->class_attrs);
+ while (enumerator->enumerate(enumerator, &cls))
+ {
+ message->add(message, RAT_CLASS, *cls);
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
* Get an existing or create a new entry from the locked session table
*/
static entry_t* get_or_create_entry(private_eap_radius_accounting_t *this,
@@ -585,6 +605,7 @@ static job_requeue_t send_interim(interim_data_t *data)
message->add(message, RAT_ACCT_STATUS_TYPE, chunk_from_thing(value));
message->add(message, RAT_ACCT_SESSION_ID,
chunk_create(entry->sid, strlen(entry->sid)));
+ add_class_attributes(message, entry);
add_ike_sa_parameters(this, message, ike_sa);
value = htonl(usage.bytes.sent);
@@ -704,6 +725,7 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
message->add(message, RAT_ACCT_STATUS_TYPE, chunk_from_thing(value));
message->add(message, RAT_ACCT_SESSION_ID,
chunk_create(entry->sid, strlen(entry->sid)));
+ add_class_attributes(message, entry);
if (!entry->interim.interval)
{
@@ -766,6 +788,7 @@ static void send_stop(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
message->add(message, RAT_ACCT_STATUS_TYPE, chunk_from_thing(value));
message->add(message, RAT_ACCT_SESSION_ID,
chunk_create(entry->sid, strlen(entry->sid)));
+ add_class_attributes(message, entry);
add_ike_sa_parameters(this, message, ike_sa);
value = htonl(entry->usage.bytes.sent);
@@ -1064,3 +1087,24 @@ void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval)
singleton->mutex->unlock(singleton->mutex);
}
}
+
+/*
+ * Described in header
+ */
+void eap_radius_accounting_add_class(ike_sa_t *ike_sa, chunk_t cls)
+{
+ if (singleton)
+ {
+ entry_t *entry;
+ chunk_t clone;
+
+ DBG2(DBG_CFG, "cache RADIUS Class attribute %B", &cls);
+ singleton->mutex->lock(singleton->mutex);
+ entry = get_or_create_entry(singleton, ike_sa->get_id(ike_sa),
+ ike_sa->get_unique_id(ike_sa));
+ clone = chunk_clone(cls);
+ array_insert_create_value(&entry->class_attrs, sizeof(chunk_t),
+ ARRAY_TAIL, &clone);
+ singleton->mutex->unlock(singleton->mutex);
+ }
+} \ No newline at end of file
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
index f7a19c9b5..dc1edcf54 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
@@ -54,4 +57,12 @@ eap_radius_accounting_t *eap_radius_accounting_create();
*/
void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval);
+/**
+ * Add a Class attribute for the given IKE_SA.
+ *
+ * @param ike_sa IKE_SA for which the attribute was received
+ * @param cls Class attribute value
+ */
+void eap_radius_accounting_add_class(ike_sa_t *ike_sa, chunk_t cls);
+
#endif /** EAP_RADIUS_ACCOUNTING_H_ @}*/
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index f7b2d3e2d..ae25d21c2 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index a78155080..a02cbbd23 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index 28e7b4612..d9cfda351 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -250,9 +250,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 98d4fe9cc..9f56b01da 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -250,9 +250,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 539dc657e..9e41bf270 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index 284178e13..0f6b7e95a 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index 9e69e068c..83726b645 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index 6f5d3a466..1047ea0e0 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index 5a9310a7d..1a779c60b 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index 7322bc036..7439befbc 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -255,9 +255,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in
index 8ab170b6d..d669b5707 100644
--- a/src/libcharon/plugins/ext_auth/Makefile.in
+++ b/src/libcharon/plugins/ext_auth/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 4328db1f9..dc07f34c1 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in
index 15589b35d..f89ed736d 100644
--- a/src/libcharon/plugins/forecast/Makefile.in
+++ b/src/libcharon/plugins/forecast/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index cdf33f61f..455108834 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index adb40765e..b212e2e33 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in
index 6164f5c7b..cc4450a95 100644
--- a/src/libcharon/plugins/kernel_iph/Makefile.in
+++ b/src/libcharon/plugins/kernel_iph/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index e604be758..09c03ed33 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.am b/src/libcharon/plugins/kernel_netlink/Makefile.am
index 41c7304c6..0e39c0d24 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.am
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.am
@@ -25,22 +25,22 @@ libstrongswan_kernel_netlink_la_LIBADD = $(DLLIB)
libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
-TESTS = tests
+TESTS = kernel_netlink_tests
check_PROGRAMS = $(TESTS)
-tests_SOURCES = \
+kernel_netlink_tests_SOURCES = \
tests.h tests.c \
suites/test_socket.c \
kernel_netlink_shared.c
-tests_CFLAGS = \
+kernel_netlink_tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/tests \
-DNETLINK_MSG_LOSS_HOOK=netlink_msg_loss \
@COVERAGE_CFLAGS@
-tests_LDFLAGS = @COVERAGE_LDFLAGS@
-tests_LDADD = \
+kernel_netlink_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+kernel_netlink_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in
index 8d653104e..7ec64084b 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.in
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.in
@@ -88,7 +88,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-TESTS = tests$(EXEEXT)
+TESTS = kernel_netlink_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libcharon/plugins/kernel_netlink
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -156,18 +156,20 @@ libstrongswan_kernel_netlink_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
@MONOLITHIC_FALSE@am_libstrongswan_kernel_netlink_la_rpath = -rpath \
@MONOLITHIC_FALSE@ $(plugindir)
@MONOLITHIC_TRUE@am_libstrongswan_kernel_netlink_la_rpath =
-am__EXEEXT_1 = tests$(EXEEXT)
+am__EXEEXT_1 = kernel_netlink_tests$(EXEEXT)
am__dirstamp = $(am__leading_dot)dirstamp
-am_tests_OBJECTS = tests-tests.$(OBJEXT) \
- suites/tests-test_socket.$(OBJEXT) \
- tests-kernel_netlink_shared.$(OBJEXT)
-tests_OBJECTS = $(am_tests_OBJECTS)
-tests_DEPENDENCIES = \
+am_kernel_netlink_tests_OBJECTS = \
+ kernel_netlink_tests-tests.$(OBJEXT) \
+ suites/kernel_netlink_tests-test_socket.$(OBJEXT) \
+ kernel_netlink_tests-kernel_netlink_shared.$(OBJEXT)
+kernel_netlink_tests_OBJECTS = $(am_kernel_netlink_tests_OBJECTS)
+kernel_netlink_tests_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
-tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(tests_CFLAGS) $(CFLAGS) \
- $(tests_LDFLAGS) $(LDFLAGS) -o $@
+kernel_netlink_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(kernel_netlink_tests_CFLAGS) $(CFLAGS) \
+ $(kernel_netlink_tests_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -202,9 +204,10 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES) $(tests_SOURCES)
+SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES) \
+ $(kernel_netlink_tests_SOURCES)
DIST_SOURCES = $(libstrongswan_kernel_netlink_la_SOURCES) \
- $(tests_SOURCES)
+ $(kernel_netlink_tests_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -286,9 +289,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -509,19 +514,19 @@ libstrongswan_kernel_netlink_la_SOURCES = \
libstrongswan_kernel_netlink_la_LIBADD = $(DLLIB)
libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
-tests_SOURCES = \
+kernel_netlink_tests_SOURCES = \
tests.h tests.c \
suites/test_socket.c \
kernel_netlink_shared.c
-tests_CFLAGS = \
+kernel_netlink_tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/tests \
-DNETLINK_MSG_LOSS_HOOK=netlink_msg_loss \
@COVERAGE_CFLAGS@
-tests_LDFLAGS = @COVERAGE_LDFLAGS@
-tests_LDADD = \
+kernel_netlink_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+kernel_netlink_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
@@ -622,12 +627,12 @@ suites/$(am__dirstamp):
suites/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) suites/$(DEPDIR)
@: > suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_socket.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
+suites/kernel_netlink_tests-test_socket.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
-tests$(EXEEXT): $(tests_OBJECTS) $(tests_DEPENDENCIES) $(EXTRA_tests_DEPENDENCIES)
- @rm -f tests$(EXEEXT)
- $(AM_V_CCLD)$(tests_LINK) $(tests_OBJECTS) $(tests_LDADD) $(LIBS)
+kernel_netlink_tests$(EXEEXT): $(kernel_netlink_tests_OBJECTS) $(kernel_netlink_tests_DEPENDENCIES) $(EXTRA_kernel_netlink_tests_DEPENDENCIES)
+ @rm -f kernel_netlink_tests$(EXEEXT)
+ $(AM_V_CCLD)$(kernel_netlink_tests_LINK) $(kernel_netlink_tests_OBJECTS) $(kernel_netlink_tests_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -640,9 +645,9 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_net.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_plugin.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_shared.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tests-kernel_netlink_shared.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tests-tests.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_socket.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_tests-kernel_netlink_shared.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_netlink_tests-tests.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/kernel_netlink_tests-test_socket.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -668,47 +673,47 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-tests-tests.o: tests.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.o -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.o' libtool=no @AMDEPBACKSLASH@
+kernel_netlink_tests-tests.o: tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -MT kernel_netlink_tests-tests.o -MD -MP -MF $(DEPDIR)/kernel_netlink_tests-tests.Tpo -c -o kernel_netlink_tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/kernel_netlink_tests-tests.Tpo $(DEPDIR)/kernel_netlink_tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='kernel_netlink_tests-tests.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -c -o kernel_netlink_tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
-tests-tests.obj: tests.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.obj -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.obj' libtool=no @AMDEPBACKSLASH@
+kernel_netlink_tests-tests.obj: tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -MT kernel_netlink_tests-tests.obj -MD -MP -MF $(DEPDIR)/kernel_netlink_tests-tests.Tpo -c -o kernel_netlink_tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/kernel_netlink_tests-tests.Tpo $(DEPDIR)/kernel_netlink_tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='kernel_netlink_tests-tests.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -c -o kernel_netlink_tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
-suites/tests-test_socket.o: suites/test_socket.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_socket.o -MD -MP -MF suites/$(DEPDIR)/tests-test_socket.Tpo -c -o suites/tests-test_socket.o `test -f 'suites/test_socket.c' || echo '$(srcdir)/'`suites/test_socket.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_socket.Tpo suites/$(DEPDIR)/tests-test_socket.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_socket.c' object='suites/tests-test_socket.o' libtool=no @AMDEPBACKSLASH@
+suites/kernel_netlink_tests-test_socket.o: suites/test_socket.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -MT suites/kernel_netlink_tests-test_socket.o -MD -MP -MF suites/$(DEPDIR)/kernel_netlink_tests-test_socket.Tpo -c -o suites/kernel_netlink_tests-test_socket.o `test -f 'suites/test_socket.c' || echo '$(srcdir)/'`suites/test_socket.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/kernel_netlink_tests-test_socket.Tpo suites/$(DEPDIR)/kernel_netlink_tests-test_socket.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_socket.c' object='suites/kernel_netlink_tests-test_socket.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_socket.o `test -f 'suites/test_socket.c' || echo '$(srcdir)/'`suites/test_socket.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -c -o suites/kernel_netlink_tests-test_socket.o `test -f 'suites/test_socket.c' || echo '$(srcdir)/'`suites/test_socket.c
-suites/tests-test_socket.obj: suites/test_socket.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_socket.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_socket.Tpo -c -o suites/tests-test_socket.obj `if test -f 'suites/test_socket.c'; then $(CYGPATH_W) 'suites/test_socket.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_socket.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_socket.Tpo suites/$(DEPDIR)/tests-test_socket.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_socket.c' object='suites/tests-test_socket.obj' libtool=no @AMDEPBACKSLASH@
+suites/kernel_netlink_tests-test_socket.obj: suites/test_socket.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -MT suites/kernel_netlink_tests-test_socket.obj -MD -MP -MF suites/$(DEPDIR)/kernel_netlink_tests-test_socket.Tpo -c -o suites/kernel_netlink_tests-test_socket.obj `if test -f 'suites/test_socket.c'; then $(CYGPATH_W) 'suites/test_socket.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_socket.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/kernel_netlink_tests-test_socket.Tpo suites/$(DEPDIR)/kernel_netlink_tests-test_socket.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_socket.c' object='suites/kernel_netlink_tests-test_socket.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_socket.obj `if test -f 'suites/test_socket.c'; then $(CYGPATH_W) 'suites/test_socket.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_socket.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -c -o suites/kernel_netlink_tests-test_socket.obj `if test -f 'suites/test_socket.c'; then $(CYGPATH_W) 'suites/test_socket.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_socket.c'; fi`
-tests-kernel_netlink_shared.o: kernel_netlink_shared.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-kernel_netlink_shared.o -MD -MP -MF $(DEPDIR)/tests-kernel_netlink_shared.Tpo -c -o tests-kernel_netlink_shared.o `test -f 'kernel_netlink_shared.c' || echo '$(srcdir)/'`kernel_netlink_shared.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-kernel_netlink_shared.Tpo $(DEPDIR)/tests-kernel_netlink_shared.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kernel_netlink_shared.c' object='tests-kernel_netlink_shared.o' libtool=no @AMDEPBACKSLASH@
+kernel_netlink_tests-kernel_netlink_shared.o: kernel_netlink_shared.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -MT kernel_netlink_tests-kernel_netlink_shared.o -MD -MP -MF $(DEPDIR)/kernel_netlink_tests-kernel_netlink_shared.Tpo -c -o kernel_netlink_tests-kernel_netlink_shared.o `test -f 'kernel_netlink_shared.c' || echo '$(srcdir)/'`kernel_netlink_shared.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/kernel_netlink_tests-kernel_netlink_shared.Tpo $(DEPDIR)/kernel_netlink_tests-kernel_netlink_shared.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kernel_netlink_shared.c' object='kernel_netlink_tests-kernel_netlink_shared.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-kernel_netlink_shared.o `test -f 'kernel_netlink_shared.c' || echo '$(srcdir)/'`kernel_netlink_shared.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -c -o kernel_netlink_tests-kernel_netlink_shared.o `test -f 'kernel_netlink_shared.c' || echo '$(srcdir)/'`kernel_netlink_shared.c
-tests-kernel_netlink_shared.obj: kernel_netlink_shared.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-kernel_netlink_shared.obj -MD -MP -MF $(DEPDIR)/tests-kernel_netlink_shared.Tpo -c -o tests-kernel_netlink_shared.obj `if test -f 'kernel_netlink_shared.c'; then $(CYGPATH_W) 'kernel_netlink_shared.c'; else $(CYGPATH_W) '$(srcdir)/kernel_netlink_shared.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-kernel_netlink_shared.Tpo $(DEPDIR)/tests-kernel_netlink_shared.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kernel_netlink_shared.c' object='tests-kernel_netlink_shared.obj' libtool=no @AMDEPBACKSLASH@
+kernel_netlink_tests-kernel_netlink_shared.obj: kernel_netlink_shared.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -MT kernel_netlink_tests-kernel_netlink_shared.obj -MD -MP -MF $(DEPDIR)/kernel_netlink_tests-kernel_netlink_shared.Tpo -c -o kernel_netlink_tests-kernel_netlink_shared.obj `if test -f 'kernel_netlink_shared.c'; then $(CYGPATH_W) 'kernel_netlink_shared.c'; else $(CYGPATH_W) '$(srcdir)/kernel_netlink_shared.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/kernel_netlink_tests-kernel_netlink_shared.Tpo $(DEPDIR)/kernel_netlink_tests-kernel_netlink_shared.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kernel_netlink_shared.c' object='kernel_netlink_tests-kernel_netlink_shared.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-kernel_netlink_shared.obj `if test -f 'kernel_netlink_shared.c'; then $(CYGPATH_W) 'kernel_netlink_shared.c'; else $(CYGPATH_W) '$(srcdir)/kernel_netlink_shared.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kernel_netlink_tests_CFLAGS) $(CFLAGS) -c -o kernel_netlink_tests-kernel_netlink_shared.obj `if test -f 'kernel_netlink_shared.c'; then $(CYGPATH_W) 'kernel_netlink_shared.c'; else $(CYGPATH_W) '$(srcdir)/kernel_netlink_shared.c'; fi`
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 8ddaa71d3..4e79dfced 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -143,7 +143,7 @@ ENUM(xfrm_msg_names, XFRM_MSG_NEWSA, XFRM_MSG_MAPPING,
"XFRM_MSG_MAPPING"
);
-ENUM(xfrm_attr_type_names, XFRMA_UNSPEC, XFRMA_REPLAY_ESN_VAL,
+ENUM(xfrm_attr_type_names, XFRMA_UNSPEC, XFRMA_OFFLOAD_DEV,
"XFRMA_UNSPEC",
"XFRMA_ALG_AUTH",
"XFRMA_ALG_CRYPT",
@@ -168,6 +168,11 @@ ENUM(xfrm_attr_type_names, XFRMA_UNSPEC, XFRMA_REPLAY_ESN_VAL,
"XFRMA_MARK",
"XFRMA_TFCPAD",
"XFRMA_REPLAY_ESN_VAL",
+ "XFRMA_SA_EXTRA_FLAGS",
+ "XFRMA_PROTO",
+ "XFRMA_ADDRESS_FILTER",
+ "XFRMA_PAD",
+ "XFRMA_OFFLOAD_DEV",
);
/**
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 0dd3e30cb..a21d0ae7f 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1183,13 +1183,13 @@ static void process_link(private_kernel_netlink_net_t *this,
INIT(entry,
.ifindex = msg->ifi_index,
.addrs = linked_list_create(),
- .usable = charon->kernel->is_interface_usable(
- charon->kernel, name),
);
this->ifaces->insert_last(this->ifaces, entry);
}
strncpy(entry->ifname, name, IFNAMSIZ);
entry->ifname[IFNAMSIZ-1] = '\0';
+ entry->usable = charon->kernel->is_interface_usable(charon->kernel,
+ name);
if (event && entry->usable)
{
if (!(entry->flags & IFF_UP) && (msg->ifi_flags & IFF_UP))
diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in
index 0ef880035..0d3d3775b 100644
--- a/src/libcharon/plugins/kernel_pfkey/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index fd1adb2ae..710107889 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1740,7 +1740,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
#ifdef __linux__
sa->sadb_sa_replay = min(data->replay_window, 32);
#else
- sa->sadb_sa_replay = (data->replay_window + 7) / 8;
+ sa->sadb_sa_replay = min((data->replay_window + 7) / 8, UINT8_MAX);
#endif
}
sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, data->int_alg);
@@ -1749,6 +1749,19 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
}
PFKEY_EXT_ADD(msg, sa);
+#ifdef SADB_X_EXT_SA_REPLAY
+ if (data->inbound)
+ {
+ struct sadb_x_sa_replay *replay;
+
+ replay = (struct sadb_x_sa_replay*)PFKEY_EXT_ADD_NEXT(msg);
+ replay->sadb_x_replay_exttype = SADB_X_EXT_SA_REPLAY;
+ replay->sadb_x_replay_len = PFKEY_LEN(sizeof(struct sadb_x_sa_replay));
+ replay->sadb_x_replay_replay = min(data->replay_window, UINT32_MAX-32);
+ PFKEY_EXT_ADD(msg, replay);
+ }
+#endif
+
sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg);
sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange));
@@ -1960,6 +1973,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
PFKEY_EXT_COPY(msg, response.lft_soft);
PFKEY_EXT_COPY(msg, response.lft_hard);
+#ifndef __FreeBSD__
+ /* FreeBSD 11.1 does not allow key updates via SADB_UPDATE for mature SAs */
if (response.key_encr)
{
PFKEY_EXT_COPY(msg, response.key_encr);
@@ -1969,6 +1984,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
{
PFKEY_EXT_COPY(msg, response.key_auth);
}
+#endif
#ifdef HAVE_NATT
if (data->new_encap)
diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in
index 1f232502a..dc4d1c852 100644
--- a/src/libcharon/plugins/kernel_pfroute/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
index da7ae472d..e1f10e93f 100644
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -864,6 +864,11 @@ static void process_link(private_kernel_pfroute_net_t *this,
.flags = msg->ifm_flags,
.addrs = linked_list_create(),
);
+#ifdef __APPLE__
+ /* Similar to the issue described above, on 10.13 we need this delay as
+ * we might otherwise not be able to convert the index to a name yet. */
+ usleep(50000);
+#endif
if (if_indextoname(iface->ifindex, iface->ifname))
{
DBG1(DBG_KNL, "interface %s appeared", iface->ifname);
diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in
index 263ec5d64..98e147717 100644
--- a/src/libcharon/plugins/kernel_wfp/Makefile.in
+++ b/src/libcharon/plugins/kernel_wfp/Makefile.in
@@ -255,9 +255,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 54a7ccf44..7abb83daa 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index b25f3a669..42ad9abf3 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -257,9 +257,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index 4db0b7dc2..b8c5d2249 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -253,9 +253,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 721edbdd5..47175b4b9 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index 81d895df1..176e2a5cb 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index e9bd93803..ec1916aba 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in
index 7ccbfb102..9afed4111 100644
--- a/src/libcharon/plugins/p_cscf/Makefile.in
+++ b/src/libcharon/plugins/p_cscf/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index 2e4ea256d..ee16cceb8 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in
index 0db2cb187..45e2723cc 100644
--- a/src/libcharon/plugins/resolve/Makefile.in
+++ b/src/libcharon/plugins/resolve/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 5f3517c25..33484587b 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index 54e9ed9b9..05684706e 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 1971282a1..39558dc24 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in
index 6efd3e189..bb349c0a3 100644
--- a/src/libcharon/plugins/socket_win/Makefile.in
+++ b/src/libcharon/plugins/socket_win/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index e0b813d6b..96733406e 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am
index 26edc3dcd..9456dd908 100644
--- a/src/libcharon/plugins/stroke/Makefile.am
+++ b/src/libcharon/plugins/stroke/Makefile.am
@@ -1,5 +1,6 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libcharon/plugins/counters \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/stroke \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 70374b32f..3cf95f9a9 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -454,6 +456,7 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libcharon/plugins/counters \
-I$(top_srcdir)/src/libcharon \
-I$(top_srcdir)/src/stroke \
-DIPSEC_CONFDIR=\"${sysconfdir}\" \
diff --git a/src/libcharon/plugins/stroke/stroke_counter.c b/src/libcharon/plugins/stroke/stroke_counter.c
index e93fd4ef2..8eb9968e4 100644
--- a/src/libcharon/plugins/stroke/stroke_counter.c
+++ b/src/libcharon/plugins/stroke/stroke_counter.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
@@ -13,10 +16,11 @@
* for more details.
*/
+#include <inttypes.h>
+
#include "stroke_counter.h"
-#include <threading/spinlock.h>
-#include <collections/hashtable.h>
+#include <counters_query.h>
ENUM(stroke_counter_type_names,
COUNTER_INIT_IKE_SA_REKEY, COUNTER_OUT_INFORMATIONAL_RSP,
@@ -56,277 +60,51 @@ struct private_stroke_counter_t {
stroke_counter_t public;
/**
- * Global counter values
- */
- uint64_t counter[COUNTER_MAX];
-
- /**
- * Counters for specific connection names, char* => entry_t
- */
- hashtable_t *conns;
-
- /**
- * Lock for counter values
+ * Reference to query interface
*/
- spinlock_t *lock;
+ counters_query_t *query;
};
/**
- * Counters for a specific connection name
- */
-typedef struct {
- /** connection name */
- char *name;
- /** counter values for connection */
- uint64_t counter[COUNTER_MAX];
-} entry_t;
-
-/**
- * Destroy named entry
- */
-static void destroy_entry(entry_t *this)
-{
- free(this->name);
- free(this);
-}
-
-/**
- * Hashtable hash function
- */
-static u_int hash(char *name)
-{
- return chunk_hash(chunk_from_str(name));
-}
-
-/**
- * Hashtable equals function
- */
-static bool equals(char *a, char *b)
-{
- return streq(a, b);
-}
-
-/**
- * Get the name of an IKE_SA, but return NULL if it is not known yet
- */
-static char *get_ike_sa_name(ike_sa_t *ike_sa)
-{
- peer_cfg_t *peer_cfg;
-
- if (ike_sa)
- {
- peer_cfg = ike_sa->get_peer_cfg(ike_sa);
- if (peer_cfg)
- {
- return peer_cfg->get_name(peer_cfg);
- }
- }
- return NULL;
-}
-
-/**
- * Increase a counter for a named entry
+ * Make sure we have the query interface
*/
-static void count_named(private_stroke_counter_t *this,
- ike_sa_t *ike_sa, stroke_counter_type_t type)
+static inline bool ensure_query(private_stroke_counter_t *this)
{
- entry_t *entry;
- char *name;
-
- name = get_ike_sa_name(ike_sa);
- if (name)
+ if (this->query)
{
- entry = this->conns->get(this->conns, name);
- if (!entry)
- {
- INIT(entry,
- .name = strdup(name),
- );
- this->conns->put(this->conns, entry->name, entry);
- }
- entry->counter[type]++;
- }
-}
-
-METHOD(listener_t, alert, bool,
- private_stroke_counter_t *this, ike_sa_t *ike_sa,
- alert_t alert, va_list args)
-{
- stroke_counter_type_t type;
-
- switch (alert)
- {
- case ALERT_INVALID_IKE_SPI:
- type = COUNTER_IN_INVALID_IKE_SPI;
- break;
- case ALERT_PARSE_ERROR_HEADER:
- case ALERT_PARSE_ERROR_BODY:
- type = COUNTER_IN_INVALID;
- break;
- default:
- return TRUE;
- }
-
- this->lock->lock(this->lock);
- this->counter[type]++;
- count_named(this, ike_sa, type);
- this->lock->unlock(this->lock);
-
- return TRUE;
-}
-
-METHOD(listener_t, ike_rekey, bool,
- private_stroke_counter_t *this, ike_sa_t *old, ike_sa_t *new)
-{
- stroke_counter_type_t type;
- ike_sa_id_t *id;
-
- id = new->get_id(new);
- if (id->is_initiator(id))
- {
- type = COUNTER_INIT_IKE_SA_REKEY;
- }
- else
- {
- type = COUNTER_RESP_IKE_SA_REKEY;
- }
-
- this->lock->lock(this->lock);
- this->counter[type]++;
- count_named(this, old, type);
- this->lock->unlock(this->lock);
-
- return TRUE;
-}
-
-METHOD(listener_t, child_rekey, bool,
- private_stroke_counter_t *this, ike_sa_t *ike_sa,
- child_sa_t *old, child_sa_t *new)
-{
- this->lock->lock(this->lock);
- this->counter[COUNTER_CHILD_SA_REKEY]++;
- count_named(this, ike_sa, COUNTER_CHILD_SA_REKEY);
- this->lock->unlock(this->lock);
-
- return TRUE;
-}
-
-METHOD(listener_t, message_hook, bool,
- private_stroke_counter_t *this, ike_sa_t *ike_sa, message_t *message,
- bool incoming, bool plain)
-{
- stroke_counter_type_t type;
- bool request;
-
- if ((incoming && !plain) || (!incoming && !plain))
- { /* handle each message only once */
return TRUE;
}
-
- request = message->get_request(message);
- switch (message->get_exchange_type(message))
- {
- case IKE_SA_INIT:
- if (incoming)
- {
- type = request ? COUNTER_IN_IKE_SA_INIT_REQ
- : COUNTER_IN_IKE_SA_INIT_RSP;
- }
- else
- {
- type = request ? COUNTER_OUT_IKE_SA_INIT_REQ
- : COUNTER_OUT_IKE_SA_INIT_RES;
- }
- break;
- case IKE_AUTH:
- if (incoming)
- {
- type = request ? COUNTER_IN_IKE_AUTH_REQ
- : COUNTER_IN_IKE_AUTH_RSP;
- }
- else
- {
- type = request ? COUNTER_OUT_IKE_AUTH_REQ
- : COUNTER_OUT_IKE_AUTH_RSP;
- }
- break;
- case CREATE_CHILD_SA:
- if (incoming)
- {
- type = request ? COUNTER_IN_CREATE_CHILD_SA_REQ
- : COUNTER_IN_CREATE_CHILD_SA_RSP;
- }
- else
- {
- type = request ? COUNTER_OUT_CREATE_CHILD_SA_REQ
- : COUNTER_OUT_CREATE_CHILD_SA_RSP;
- }
- break;
- case INFORMATIONAL:
- if (incoming)
- {
- type = request ? COUNTER_IN_INFORMATIONAL_REQ
- : COUNTER_IN_INFORMATIONAL_RSP;
- }
- else
- {
- type = request ? COUNTER_OUT_INFORMATIONAL_REQ
- : COUNTER_OUT_INFORMATIONAL_RSP;
- }
- break;
- default:
- return TRUE;
- }
-
- this->lock->lock(this->lock);
- this->counter[type]++;
- count_named(this, ike_sa, type);
- this->lock->unlock(this->lock);
-
- return TRUE;
+ return (this->query = lib->get(lib, "counters")) != NULL;
}
/**
- * Print a single counter value to out
- */
-static void print_counter(FILE *out, stroke_counter_type_t type,
- uint64_t counter)
-{
- fprintf(out, "%-18N %12llu\n", stroke_counter_type_names, type, counter);
-}
-
-/**
- * Print IKE counters for a specific connection
+ * Print global or connection-specific IKE counters
*/
static void print_one(private_stroke_counter_t *this, FILE *out, char *name)
{
- uint64_t counter[COUNTER_MAX];
- entry_t *entry;
- int i;
+ uint64_t *counters;
+ counter_type_t i;
- this->lock->lock(this->lock);
- entry = this->conns->get(this->conns, name);
- if (entry)
+ counters = this->query->get_all(this->query, name);
+ if (!counters)
{
- for (i = 0; i < countof(this->counter); i++)
- {
- counter[i] = entry->counter[i];
- }
+ fprintf(out, "No IKE counters found for '%s'\n", name);
+ return;
}
- this->lock->unlock(this->lock);
-
- if (entry)
+ if (name)
{
fprintf(out, "\nList of IKE counters for '%s':\n\n", name);
- for (i = 0; i < countof(this->counter); i++)
- {
- print_counter(out, i, counter[i]);
- }
}
else
{
- fprintf(out, "No IKE counters found for '%s'\n", name);
+ fprintf(out, "\nList of IKE counters:\n\n");
+ }
+ for (i = 0; i < COUNTER_MAX; i++)
+ {
+ fprintf(out, "%-18N %12"PRIu64"\n", stroke_counter_type_names, i,
+ counters[i]);
}
+ free(counters);
}
/**
@@ -335,104 +113,44 @@ static void print_one(private_stroke_counter_t *this, FILE *out, char *name)
static void print_all(private_stroke_counter_t *this, FILE *out)
{
enumerator_t *enumerator;
- entry_t *entry;
- linked_list_t *list;
char *name;
- list = linked_list_create();
-
- this->lock->lock(this->lock);
- enumerator = this->conns->create_enumerator(this->conns);
- while (enumerator->enumerate(enumerator, &name, &entry))
- {
- list->insert_last(list, strdup(name));
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- enumerator = list->create_enumerator(list);
+ enumerator = this->query->get_names(this->query);
while (enumerator->enumerate(enumerator, &name))
{
print_one(this, out, name);
}
enumerator->destroy(enumerator);
-
- list->destroy_function(list, free);
-}
-
-/**
- * Print global counters
- */
-static void print_global(private_stroke_counter_t *this, FILE *out)
-{
- uint64_t counter[COUNTER_MAX];
- int i;
-
- this->lock->lock(this->lock);
- for (i = 0; i < countof(this->counter); i++)
- {
- counter[i] = this->counter[i];
- }
- this->lock->unlock(this->lock);
-
- fprintf(out, "\nList of IKE counters:\n\n");
-
- for (i = 0; i < countof(this->counter); i++)
- {
- print_counter(out, i, counter[i]);
- }
}
METHOD(stroke_counter_t, print, void,
private_stroke_counter_t *this, FILE *out, char *name)
{
- if (name)
+ if (!ensure_query(this))
+ {
+ fprintf(out, "\nNo counters available (plugin missing?)\n\n");
+ return;
+ }
+ if (name && streq(name, "all"))
{
- if (streq(name, "all"))
- {
- return print_all(this, out);
- }
- return print_one(this, out, name);
+ return print_all(this, out);
}
- return print_global(this, out);
+ return print_one(this, out, name);
}
METHOD(stroke_counter_t, reset, void,
private_stroke_counter_t *this, char *name)
{
- this->lock->lock(this->lock);
- if (name)
- {
- entry_t *entry;
-
- entry = this->conns->remove(this->conns, name);
- if (entry)
- {
- destroy_entry(entry);
- }
- }
- else
+ if (!ensure_query(this))
{
- memset(&this->counter, 0, sizeof(this->counter));
+ return;
}
- this->lock->unlock(this->lock);
+ this->query->reset(this->query, name);
}
METHOD(stroke_counter_t, destroy, void,
private_stroke_counter_t *this)
{
- enumerator_t *enumerator;
- char *name;
- entry_t *entry;
-
- enumerator = this->conns->create_enumerator(this->conns);
- while (enumerator->enumerate(enumerator, &name, &entry))
- {
- destroy_entry(entry);
- }
- enumerator->destroy(enumerator);
- this->conns->destroy(this->conns);
- this->lock->destroy(this->lock);
free(this);
}
@@ -445,19 +163,10 @@ stroke_counter_t *stroke_counter_create()
INIT(this,
.public = {
- .listener = {
- .alert = _alert,
- .ike_rekey = _ike_rekey,
- .child_rekey = _child_rekey,
- .message = _message_hook,
- },
.print = _print,
.reset = _reset,
.destroy = _destroy,
},
- .conns = hashtable_create((hashtable_hash_t)hash,
- (hashtable_equals_t)equals, 4),
- .lock = spinlock_create(),
);
return &this->public;
diff --git a/src/libcharon/plugins/stroke/stroke_counter.h b/src/libcharon/plugins/stroke/stroke_counter.h
index fecf39f56..2ff431c88 100644
--- a/src/libcharon/plugins/stroke/stroke_counter.h
+++ b/src/libcharon/plugins/stroke/stroke_counter.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG
*
@@ -21,69 +24,16 @@
#ifndef STROKE_COUNTER_H_
#define STROKE_COUNTER_H_
-#include <bus/listeners/listener.h>
+#include <library.h>
typedef struct stroke_counter_t stroke_counter_t;
-typedef enum stroke_counter_type_t stroke_counter_type_t;
-
-enum stroke_counter_type_t {
- /** initiated IKE_SA rekeyings */
- COUNTER_INIT_IKE_SA_REKEY,
- /** responded IKE_SA rekeyings */
- COUNTER_RESP_IKE_SA_REKEY,
- /** completed CHILD_SA rekeyings */
- COUNTER_CHILD_SA_REKEY,
- /** messages with invalid types, length, or a value out of range */
- COUNTER_IN_INVALID,
- /** messages with an invalid IKE SPI */
- COUNTER_IN_INVALID_IKE_SPI,
- /** received IKE_SA_INIT requests */
- COUNTER_IN_IKE_SA_INIT_REQ,
- /** received IKE_SA_INIT responses */
- COUNTER_IN_IKE_SA_INIT_RSP,
- /** sent IKE_SA_INIT requests */
- COUNTER_OUT_IKE_SA_INIT_REQ,
- /** sent IKE_SA_INIT responses */
- COUNTER_OUT_IKE_SA_INIT_RES,
- /** received IKE_AUTH requests */
- COUNTER_IN_IKE_AUTH_REQ,
- /** received IKE_AUTH responses */
- COUNTER_IN_IKE_AUTH_RSP,
- /** sent IKE_AUTH requests */
- COUNTER_OUT_IKE_AUTH_REQ,
- /** sent IKE_AUTH responses */
- COUNTER_OUT_IKE_AUTH_RSP,
- /** received CREATE_CHILD_SA requests */
- COUNTER_IN_CREATE_CHILD_SA_REQ,
- /** received CREATE_CHILD_SA responses */
- COUNTER_IN_CREATE_CHILD_SA_RSP,
- /** sent CREATE_CHILD_SA requests */
- COUNTER_OUT_CREATE_CHILD_SA_REQ,
- /** sent CREATE_CHILD_SA responses */
- COUNTER_OUT_CREATE_CHILD_SA_RSP,
- /** received INFORMATIONAL requests */
- COUNTER_IN_INFORMATIONAL_REQ,
- /** received INFORMATIONAL responses */
- COUNTER_IN_INFORMATIONAL_RSP,
- /** sent INFORMATIONAL requests */
- COUNTER_OUT_INFORMATIONAL_REQ,
- /** sent INFORMATIONAL responses */
- COUNTER_OUT_INFORMATIONAL_RSP,
- /** number of counter types */
- COUNTER_MAX
-};
/**
- * Collection of counter values for different IKE events.
+ * Interface for counter values for different IKE events.
*/
struct stroke_counter_t {
/**
- * Implements listener_t.
- */
- listener_t listener;
-
- /**
* Print counter values to an output stream.
*
* @param out output stream to write to
diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c
index 62095e368..0a34fb458 100644
--- a/src/libcharon/plugins/stroke/stroke_plugin.c
+++ b/src/libcharon/plugins/stroke/stroke_plugin.c
@@ -66,6 +66,7 @@ METHOD(plugin_t, get_features, int,
static plugin_feature_t f[] = {
PLUGIN_CALLBACK((plugin_feature_callback_t)register_stroke, NULL),
PLUGIN_PROVIDE(CUSTOM, "stroke"),
+ PLUGIN_SDEPEND(CUSTOM, "counters"),
PLUGIN_SDEPEND(PRIVKEY, KEY_RSA),
PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA),
PLUGIN_SDEPEND(PRIVKEY, KEY_DSA),
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 65d345db3..c568440b7 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -744,7 +744,6 @@ METHOD(stroke_socket_t, destroy, void,
&this->attribute->provider);
charon->attributes->remove_handler(charon->attributes,
&this->handler->handler);
- charon->bus->remove_listener(charon->bus, &this->counter->listener);
this->cred->destroy(this->cred);
this->ca->destroy(this->ca);
this->config->destroy(this->config);
@@ -789,7 +788,7 @@ stroke_socket_t *stroke_socket_create()
&this->attribute->provider);
charon->attributes->add_handler(charon->attributes,
&this->handler->handler);
- charon->bus->add_listener(charon->bus, &this->counter->listener);
+
max_concurrent = lib->settings->get_int(lib->settings,
"%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT,
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 278eaa17b..0667d359c 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
index c1594b0b2..3209c91dc 100644
--- a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
+++ b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
@@ -55,6 +55,11 @@ struct private_systime_fix_plugin_t {
u_int interval;
/**
+ * How long to wait for a valid system time, 0 to wait indefinitely
+ */
+ time_t timeout;
+
+ /**
* Timestamp where we start considering system time valid
*/
time_t threshold;
@@ -118,6 +123,23 @@ static bool has_invalid_certs(ike_sa_t *ike_sa)
}
/**
+ * Check if we reached the timeout
+ */
+static inline bool timeout_reached(private_systime_fix_plugin_t *this)
+{
+ if (this->timeout == 0)
+ { /* disabled */
+ return FALSE;
+ }
+ if (this->timeout <= this->interval)
+ {
+ return TRUE;
+ }
+ this->timeout -= this->interval;
+ return FALSE;
+}
+
+/**
* Check system time, reevaluate certificates
*/
static job_requeue_t check_systime(private_systime_fix_plugin_t *this)
@@ -129,15 +151,23 @@ static job_requeue_t check_systime(private_systime_fix_plugin_t *this)
if (time(NULL) < this->threshold)
{
- DBG2(DBG_CFG, "systime not valid, rechecking in %ds", this->interval);
- lib->scheduler->schedule_job(lib->scheduler, (job_t*)
- callback_job_create((callback_job_cb_t)check_systime, this,
- NULL, NULL), this->interval);
- return JOB_REQUEUE_NONE;
+ if (!timeout_reached(this))
+ {
+ DBG2(DBG_CFG, "system time not valid, rechecking in %us",
+ this->interval);
+ return JOB_RESCHEDULE(this->interval);
+ }
+ DBG1(DBG_CFG, "timeout reached while waiting for valid system time, "
+ "force rechecking certificates");
+ /* force regular lifetime checks for new connections */
+ lib->credmgr->remove_validator(lib->credmgr,
+ &this->validator->validator);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "system time got valid, rechecking certificates");
}
- DBG1(DBG_CFG, "system time got valid, rechecking certificates");
-
enumerator = charon->ike_sa_manager->create_enumerator(
charon->ike_sa_manager, TRUE);
while (enumerator->enumerate(enumerator, &ike_sa))
@@ -225,7 +255,7 @@ static bool plugin_cb(private_systime_fix_plugin_t *this,
lib->credmgr->add_validator(lib->credmgr, &this->validator->validator);
if (this->interval != 0)
{
- DBG1(DBG_CFG, "starting systime check, interval: %ds",
+ DBG1(DBG_CFG, "starting system time check, interval: %us",
this->interval);
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
callback_job_create((callback_job_cb_t)check_systime,
@@ -275,6 +305,8 @@ plugin_t *systime_fix_plugin_create()
},
.interval = lib->settings->get_int(lib->settings,
"%s.plugins.%s.interval", 0, lib->ns, get_name(this)),
+ .timeout = lib->settings->get_time(lib->settings,
+ "%s.plugins.%s.timeout", 0, lib->ns, get_name(this)),
.reauth = lib->settings->get_bool(lib->settings,
"%s.plugins.%s.reauth", FALSE, lib->ns, get_name(this)),
);
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index 3b146e1ee..dcf2c5858 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -250,9 +250,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index 3452080a8..02587d1f0 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -251,9 +251,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index 2c127985c..a01a5f74e 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index b82c37966..fd29de336 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 4c648fbad..0f2a055d2 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am
index af0b65cd0..e8bcdbaa3 100644
--- a/src/libcharon/plugins/vici/Makefile.am
+++ b/src/libcharon/plugins/vici/Makefile.am
@@ -2,6 +2,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/plugins/pubkey \
-I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libcharon/plugins/counters \
-DSWANCTLDIR=\""${swanctldir}\"" \
-DIPSEC_PIDDIR=\"${piddir}\"
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index cd3dafb08..d28223dca 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -343,9 +343,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -550,6 +552,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/plugins/pubkey \
-I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libcharon/plugins/counters \
-DSWANCTLDIR=\""${swanctldir}\"" \
-DIPSEC_PIDDIR=\"${piddir}\"
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index f47f80cad..83521250d 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -682,6 +682,35 @@ List currently loaded algorithms and their implementation.
}
}
+### get-counters() ###
+
+List global or connection-specific counters for several IKE events.
+
+ {
+ name = <optional connection name, omit for global counters>
+ all = <yes to get counters for all connections, name is ignored>
+ } => {
+ counters = {
+ <name|empty for global counters> = {
+ <pairs of counter name and 64-bit counter value>
+ }
+ }
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### reset-counters() ###
+
+Reset global or connection-specific IKE event counters.
+
+ {
+ name = <optional connection name, omit for global counters>
+ all = <yes to reset counters for all connections, name is ignored>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
## Server-issued events ##
Based on the packet layer, the vici plugin raises event messages using named
diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in
index f48eb6abb..59b0774b8 100644
--- a/src/libcharon/plugins/vici/perl/Makefile.in
+++ b/src/libcharon/plugins/vici/perl/Makefile.in
@@ -161,9 +161,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in
index 7d5944ab1..057ea88f4 100644
--- a/src/libcharon/plugins/vici/python/Makefile.in
+++ b/src/libcharon/plugins/vici/python/Makefile.in
@@ -183,9 +183,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index b1222765b..ff4e07d2d 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -161,9 +161,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -474,8 +476,8 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-@RUBY_GEMS_INSTALL_FALSE@install-data-local:
@RUBY_GEMS_INSTALL_FALSE@uninstall-local:
+@RUBY_GEMS_INSTALL_FALSE@install-data-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 0c355e3a0..e0e2955e2 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -495,6 +495,7 @@ static void log_child_data(child_data_t *data, char *name)
{
child_cfg_create_t *cfg = &data->cfg;
+#define has_opt(opt) ({ (cfg->options & (opt)) == (opt); })
DBG2(DBG_CFG, " child %s:", name);
DBG2(DBG_CFG, " rekey_time = %llu", cfg->lifetime.time.rekey);
DBG2(DBG_CFG, " life_time = %llu", cfg->lifetime.time.life);
@@ -506,12 +507,12 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " life_packets = %llu", cfg->lifetime.packets.life);
DBG2(DBG_CFG, " rand_packets = %llu", cfg->lifetime.packets.jitter);
DBG2(DBG_CFG, " updown = %s", cfg->updown);
- DBG2(DBG_CFG, " hostaccess = %u", cfg->options & OPT_HOSTACCESS);
- DBG2(DBG_CFG, " ipcomp = %u", cfg->options & OPT_IPCOMP);
+ DBG2(DBG_CFG, " hostaccess = %u", has_opt(OPT_HOSTACCESS));
+ DBG2(DBG_CFG, " ipcomp = %u", has_opt(OPT_IPCOMP));
DBG2(DBG_CFG, " mode = %N%s", ipsec_mode_names, cfg->mode,
- cfg->options & OPT_PROXY_MODE ? "_PROXY" : "");
+ has_opt(OPT_PROXY_MODE) ? "_PROXY" : "");
DBG2(DBG_CFG, " policies = %u", data->policies);
- DBG2(DBG_CFG, " policies_fwd_out = %u", cfg->options & OPT_FWD_OUT_POLICIES);
+ DBG2(DBG_CFG, " policies_fwd_out = %u", has_opt(OPT_FWD_OUT_POLICIES));
if (data->replay_window != REPLAY_UNDEFINED)
{
DBG2(DBG_CFG, " replay_window = %u", data->replay_window);
@@ -525,14 +526,15 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " interface = %s", cfg->interface);
DBG2(DBG_CFG, " mark_in = %u/%u",
cfg->mark_in.value, cfg->mark_in.mask);
+ DBG2(DBG_CFG, " mark_in_sa = %u", has_opt(OPT_MARK_IN_SA));
DBG2(DBG_CFG, " mark_out = %u/%u",
cfg->mark_out.value, cfg->mark_out.mask);
DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity);
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
- DBG2(DBG_CFG, " hw_offload = %u", cfg->options & OPT_HW_OFFLOAD);
- DBG2(DBG_CFG, " sha256_96 = %u", cfg->options & OPT_SHA256_96);
+ DBG2(DBG_CFG, " hw_offload = %u", has_opt(OPT_HW_OFFLOAD));
+ DBG2(DBG_CFG, " sha256_96 = %u", has_opt(OPT_SHA256_96));
}
/**
@@ -882,7 +884,7 @@ CALLBACK(parse_opt_fwd_out, bool,
}
/**
- * Parse OPT_FWD_OUT_POLICIES option
+ * Parse OPT_IPCOMP option
*/
CALLBACK(parse_opt_ipcomp, bool,
child_cfg_option_t *out, chunk_t v)
@@ -909,6 +911,15 @@ CALLBACK(parse_opt_sha256_96, bool,
}
/**
+ * Parse OPT_MARK_IN_SA option
+ */
+CALLBACK(parse_opt_mark_in, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_MARK_IN_SA, v);
+}
+
+/**
* Parse an action_t
*/
CALLBACK(parse_action, bool,
@@ -1562,6 +1573,7 @@ CALLBACK(child_kv, bool,
{ "inactivity", parse_time, &child->cfg.inactivity },
{ "reqid", parse_uint32, &child->cfg.reqid },
{ "mark_in", parse_mark, &child->cfg.mark_in },
+ { "mark_in_sa", parse_opt_mark_in, &child->cfg.options },
{ "mark_out", parse_mark, &child->cfg.mark_out },
{ "tfc_padding", parse_tfc, &child->cfg.tfc },
{ "priority", parse_uint32, &child->cfg.priority },
diff --git a/src/libcharon/plugins/vici/vici_plugin.c b/src/libcharon/plugins/vici/vici_plugin.c
index 136651261..53da75e2a 100644
--- a/src/libcharon/plugins/vici/vici_plugin.c
+++ b/src/libcharon/plugins/vici/vici_plugin.c
@@ -176,6 +176,7 @@ METHOD(plugin_t, get_features, int,
static plugin_feature_t f[] = {
PLUGIN_CALLBACK((plugin_feature_callback_t)register_vici, NULL),
PLUGIN_PROVIDE(CUSTOM, "vici"),
+ PLUGIN_SDEPEND(CUSTOM, "counters"),
};
*features = f;
return countof(f);
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 2cc59591f..134ea375d 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2015 Tobias Brunner, Andreas Steffen
+ * Copyright (C) 2015-2017 Tobias Brunner
+ * Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2014 Martin Willi
@@ -55,6 +56,32 @@
#include <asn1/asn1.h>
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>
+#include <counters_query.h>
+
+ENUM(vici_counter_type_names,
+ COUNTER_INIT_IKE_SA_REKEY, COUNTER_OUT_INFORMATIONAL_RSP,
+ "ike-rekey-init",
+ "ike-rekey-resp",
+ "child-rekey",
+ "invalid",
+ "invalid-spi",
+ "ike-init-in-req",
+ "ike-init-in-resp",
+ "ike-init-out-req",
+ "ike-init-out-resp",
+ "ike-auth-in-req",
+ "ike-auth-in-resp",
+ "ike-auth-out-req",
+ "ike-auth-out-resp",
+ "create-child-in-req",
+ "create-child-in-resp",
+ "create-child-out-req",
+ "create-child-out-resp",
+ "info-in-req",
+ "info-in-resp",
+ "info-out-req",
+ "info-out-resp",
+);
typedef struct private_vici_query_t private_vici_query_t;
@@ -74,6 +101,11 @@ struct private_vici_query_t {
vici_dispatcher_t *dispatcher;
/**
+ * Query interface for counters
+ */
+ counters_query_t *counters;
+
+ /**
* Daemon startup timestamp
*/
time_t uptime;
@@ -1223,6 +1255,131 @@ CALLBACK(get_algorithms, vici_message_t*,
return b->finalize(b);
}
+/**
+ * Make sure we have the counters query interface
+ */
+static inline bool ensure_counters(private_vici_query_t *this)
+{
+ if (this->counters)
+ {
+ return TRUE;
+ }
+ return (this->counters = lib->get(lib, "counters")) != NULL;
+}
+
+/**
+ * Add a single set of counters to the message
+ *
+ * Frees the array of counter values
+ */
+static void add_counters(vici_builder_t *b, char *name, uint64_t *counters)
+{
+ char buf[BUF_LEN];
+ counter_type_t i;
+
+ b->begin_section(b, name ?: "");
+ for (i = 0; i < COUNTER_MAX; i++)
+ {
+ snprintf(buf, sizeof(buf), "%N", vici_counter_type_names, i);
+ b->add_kv(b, buf, "%"PRIu64, counters[i]);
+ }
+ b->end_section(b);
+ free(counters);
+}
+
+CALLBACK(get_counters, vici_message_t*,
+ private_vici_query_t *this, char *name, u_int id, vici_message_t *request)
+{
+ vici_builder_t *b;
+ enumerator_t *enumerator;
+ uint64_t *counters;
+ char *conn, *errmsg = NULL;
+ bool all;
+
+ b = vici_builder_create();
+
+ if (ensure_counters(this))
+ {
+ conn = request->get_str(request, NULL, "name");
+ all = request->get_bool(request, FALSE, "all");
+
+ b->begin_section(b, "counters");
+ if (all)
+ {
+ enumerator = this->counters->get_names(this->counters);
+ while (enumerator->enumerate(enumerator, &conn))
+ {
+ counters = this->counters->get_all(this->counters, conn);
+ if (counters)
+ {
+ add_counters(b, conn, counters);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ else
+ {
+ counters = this->counters->get_all(this->counters, conn);
+ if (counters)
+ {
+ add_counters(b, conn, counters);
+ }
+ else
+ {
+ errmsg = "no counters found for this connection";
+ }
+ }
+ b->end_section(b);
+ }
+ else
+ {
+ errmsg = "no counters available (plugin missing?)";
+ }
+
+ b->add_kv(b, "success", errmsg ? "no" : "yes");
+ if (errmsg)
+ {
+ b->add_kv(b, "errmsg", "%s", errmsg);
+ }
+ return b->finalize(b);
+}
+
+CALLBACK(reset_counters, vici_message_t*,
+ private_vici_query_t *this, char *name, u_int id, vici_message_t *request)
+{
+ vici_builder_t *b;
+ char *conn, *errmsg = NULL;
+ bool all;
+
+ b = vici_builder_create();
+
+ if (ensure_counters(this))
+ {
+ conn = request->get_str(request, NULL, "name");
+ all = request->get_bool(request, FALSE, "all");
+
+ if (all)
+ {
+ this->counters->reset_all(this->counters);
+ }
+ else
+ {
+ this->counters->reset(this->counters, conn);
+ }
+ }
+ else
+ {
+ errmsg = "no counters available (plugin missing?)";
+ }
+
+ b->add_kv(b, "success", errmsg ? "no" : "yes");
+ if (errmsg)
+ {
+ b->add_kv(b, "errmsg", "%s", errmsg);
+ }
+ return b->finalize(b);
+}
+
CALLBACK(version, vici_message_t*,
private_vici_query_t *this, char *name, u_int id, vici_message_t *request)
{
@@ -1423,6 +1580,8 @@ static void manage_commands(private_vici_query_t *this, bool reg)
manage_command(this, "list-conns", list_conns, reg);
manage_command(this, "list-certs", list_certs, reg);
manage_command(this, "get-algorithms", get_algorithms, reg);
+ manage_command(this, "get-counters", get_counters, reg);
+ manage_command(this, "reset-counters", reset_counters, reg);
manage_command(this, "version", version, reg);
manage_command(this, "stats", stats, reg);
}
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index 50c790af5..ad9a092cc 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -254,9 +254,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index 7d3dc897b..d702a01a6 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index 8b937bb8d..eeeb4190a 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index ff2e6e9ab..87a6c872a 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index 0f320dfeb..a224ffba4 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 4133d9182..91da4d3e6 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -254,7 +254,7 @@ struct private_child_sa_t {
};
/**
- * convert an IKEv2 specific protocol identifier to the IP protocol identifier.
+ * Convert an IKEv2 specific protocol identifier to the IP protocol identifier
*/
static inline uint8_t proto_ike2ip(protocol_id_t protocol)
{
@@ -269,6 +269,18 @@ static inline uint8_t proto_ike2ip(protocol_id_t protocol)
}
}
+/**
+ * Returns the mark to use on the inbound SA
+ */
+static inline mark_t mark_in_sa(private_child_sa_t *this)
+{
+ if (this->config->has_option(this->config, OPT_MARK_IN_SA))
+ {
+ return this->mark_in;
+ }
+ return (mark_t){};
+}
+
METHOD(child_sa_t, get_name, char*,
private_child_sa_t *this)
{
@@ -525,6 +537,7 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound)
.dst = this->my_addr,
.spi = this->my_spi,
.proto = proto_ike2ip(this->protocol),
+ .mark = mark_in_sa(this),
};
kernel_ipsec_query_sa_t query = {};
@@ -857,7 +870,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
.dst = dst,
.spi = spi,
.proto = proto_ike2ip(this->protocol),
- .mark = inbound ? (mark_t){} : this->mark_out,
+ .mark = inbound ? mark_in_sa(this) : this->mark_out,
};
sa = (kernel_ipsec_add_sa_t){
.reqid = this->reqid,
@@ -1475,6 +1488,7 @@ METHOD(child_sa_t, update, status_t,
.dst = this->my_addr,
.spi = this->my_spi,
.proto = proto_ike2ip(this->protocol),
+ .mark = mark_in_sa(this),
};
kernel_ipsec_update_sa_t sa = {
.cpi = this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0,
@@ -1660,6 +1674,7 @@ METHOD(child_sa_t, destroy, void,
.dst = this->my_addr,
.spi = this->my_spi,
.proto = proto_ike2ip(this->protocol),
+ .mark = mark_in_sa(this),
};
kernel_ipsec_del_sa_t sa = {
.cpi = this->my_cpi,
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 045858792..823cf2579 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2016 Tobias Brunner
+ * Copyright (C) 2006-2017 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -914,9 +914,15 @@ METHOD(ike_sa_t, set_state, void,
}
METHOD(ike_sa_t, reset, void,
- private_ike_sa_t *this)
+ private_ike_sa_t *this, bool new_spi)
{
- /* the responder ID is reset, as peer may choose another one */
+ /* reset the initiator SPI if requested */
+ if (new_spi)
+ {
+ charon->ike_sa_manager->new_initiator_spi(charon->ike_sa_manager,
+ &this->public);
+ }
+ /* the responder ID is reset, as peer may choose another one */
if (this->ike_sa_id->is_initiator(this->ike_sa_id))
{
this->ike_sa_id->set_responder_spi(this->ike_sa_id, 0);
@@ -1849,7 +1855,7 @@ METHOD(ike_sa_t, reauth, status_t,
{
DBG0(DBG_IKE, "reinitiating IKE_SA %s[%d]",
get_name(this), this->unique_id);
- reset(this);
+ reset(this, TRUE);
return this->task_manager->initiate(this->task_manager);
}
/* we can't reauthenticate as responder when we use EAP or virtual IPs.
@@ -2222,7 +2228,7 @@ static bool redirect_connecting(private_ike_sa_t *this, identification_t *to)
{
return FALSE;
}
- reset(this);
+ reset(this, TRUE);
DESTROY_IF(this->redirected_from);
this->redirected_from = this->other_host->clone(this->other_host);
DESTROY_IF(this->remote_host);
@@ -2351,7 +2357,7 @@ METHOD(ike_sa_t, retransmit, status_t,
{
DBG1(DBG_IKE, "peer not responding, trying again (%d/%d)",
this->keyingtry + 1, tries);
- reset(this);
+ reset(this, TRUE);
resolve_hosts(this);
return this->task_manager->initiate(this->task_manager);
}
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index c8ba2fd2a..fbc367292 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2016 Tobias Brunner
+ * Copyright (C) 2006-2017 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -1014,7 +1014,7 @@ struct ike_sa_t {
/**
* Rekey the IKE_SA.
*
- * Sets up a new IKE_SA, moves all CHILDs to it and deletes this IKE_SA.
+ * Sets up a new IKE_SA, moves all CHILD_SAs to it and deletes this IKE_SA.
*
* @return - SUCCESS, if IKE_SA rekeying initiated
*/
@@ -1169,9 +1169,11 @@ struct ike_sa_t {
void (*inherit_post) (ike_sa_t *this, ike_sa_t *other);
/**
- * Reset the IKE_SA, useable when initiating fails
+ * Reset the IKE_SA, useable when initiating fails.
+ *
+ * @param new_spi TRUE to allocate a new initiator SPI
*/
- void (*reset) (ike_sa_t *this);
+ void (*reset) (ike_sa_t *this, bool new_spi);
/**
* Destroys a ike_sa_t object.
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index c0bfebb83..101d98678 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1,9 +1,10 @@
/*
* Copyright (C) 2005-2011 Martin Willi
* Copyright (C) 2011 revosec AG
- * Copyright (C) 2008-2016 Tobias Brunner
+ *
+ * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -1572,6 +1573,88 @@ METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*,
return ike_sa;
}
+METHOD(ike_sa_manager_t, new_initiator_spi, bool,
+ private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
+{
+ ike_sa_state_t state;
+ ike_sa_id_t *ike_sa_id;
+ entry_t *entry;
+ u_int segment;
+ uint64_t new_spi, spi;
+
+ state = ike_sa->get_state(ike_sa);
+ if (state != IKE_CONNECTING)
+ {
+ DBG1(DBG_MGR, "unable to change initiator SPI for IKE_SA in state "
+ "%N", ike_sa_state_names, state);
+ return FALSE;
+ }
+
+ ike_sa_id = ike_sa->get_id(ike_sa);
+ if (!ike_sa_id->is_initiator(ike_sa_id))
+ {
+ DBG1(DBG_MGR, "unable to change initiator SPI of IKE_SA as responder");
+ return FALSE;
+ }
+
+ if (ike_sa != charon->bus->get_sa(charon->bus))
+ {
+ DBG1(DBG_MGR, "unable to change initiator SPI of IKE_SA not checked "
+ "out by current thread");
+ return FALSE;
+ }
+
+ new_spi = get_spi(this);
+ if (!new_spi)
+ {
+ DBG1(DBG_MGR, "unable to allocate new initiator SPI for IKE_SA");
+ return FALSE;
+ }
+
+ if (get_entry_by_sa(this, ike_sa_id, ike_sa, &entry, &segment) == SUCCESS)
+ {
+ if (entry->driveout_waiting_threads && entry->driveout_new_threads)
+ { /* it looks like flush() has been called and the SA is being deleted
+ * anyway, no need for a new SPI */
+ DBG2(DBG_MGR, "ignored change of initiator SPI during shutdown");
+ unlock_single_segment(this, segment);
+ return FALSE;
+ }
+ /* threads waiting for this entry do so using the (soon) wrong IKE_SA
+ * ID and, therefore, likely on the wrong segment, so drive them out */
+ entry->driveout_waiting_threads = TRUE;
+ entry->driveout_new_threads = TRUE;
+ while (entry->waiting_threads)
+ {
+ entry->condvar->broadcast(entry->condvar);
+ entry->condvar->wait(entry->condvar, this->segments[segment].mutex);
+ }
+ remove_entry(this, entry);
+ unlock_single_segment(this, segment);
+ }
+ else
+ {
+ DBG1(DBG_MGR, "unable to change initiator SPI of IKE_SA, not found");
+ return FALSE;
+ }
+
+ spi = ike_sa_id->get_initiator_spi(ike_sa_id);
+
+ DBG2(DBG_MGR, "change initiator SPI of IKE_SA %s[%u] from %.16"PRIx64" to "
+ "%.16"PRIx64, ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
+ be64toh(spi), be64toh(new_spi));
+
+ ike_sa_id->set_initiator_spi(ike_sa_id, new_spi);
+ entry->ike_sa_id->replace_values(entry->ike_sa_id, ike_sa_id);
+
+ entry->driveout_waiting_threads = FALSE;
+ entry->driveout_new_threads = FALSE;
+
+ segment = put_entry(this, entry);
+ unlock_single_segment(this, segment);
+ return TRUE;
+}
+
CALLBACK(enumerator_filter_wait, bool,
private_ike_sa_manager_t *this, enumerator_t *orig, va_list args)
{
@@ -2277,6 +2360,7 @@ ike_sa_manager_t *ike_sa_manager_create()
.checkout_by_config = _checkout_by_config,
.checkout_by_id = _checkout_by_id,
.checkout_by_name = _checkout_by_name,
+ .new_initiator_spi = _new_initiator_spi,
.check_uniqueness = _check_uniqueness,
.has_contact = _has_contact,
.create_enumerator = _create_enumerator,
diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
index 4298c54e2..efad2e4d6 100644
--- a/src/libcharon/sa/ike_sa_manager.h
+++ b/src/libcharon/sa/ike_sa_manager.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2008-2015 Tobias Brunner
+ * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -109,6 +109,17 @@ struct ike_sa_manager_t {
peer_cfg_t *peer_cfg);
/**
+ * Reset initiator SPI.
+ *
+ * Allocate a new initiator SPI for the given IKE_SA in state IKE_CONNECTING
+ * and update internal data.
+ *
+ * @param ike_sa IKE_SA to update
+ * @return TRUE if SPI successfully changed
+ */
+ bool (*new_initiator_spi)(ike_sa_manager_t* this, ike_sa_t *ike_sa);
+
+ /**
* Check for duplicates of the given IKE_SA.
*
* Measures are taken according to the uniqueness policy of the IKE_SA.
diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
index 344c1bf5d..41be15a08 100644
--- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
+++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
@@ -110,7 +110,7 @@ METHOD(authenticator_t, build, status_t,
}
free(dh.ptr);
- if (private->sign(private, scheme, hash, &sig))
+ if (private->sign(private, scheme, NULL, hash, &sig))
{
sig_payload = hash_payload_create(PLV1_SIGNATURE);
sig_payload->set_hash(sig_payload, sig);
@@ -176,7 +176,7 @@ METHOD(authenticator_t, process, status_t,
id, auth, TRUE);
while (enumerator->enumerate(enumerator, &public, &current_auth))
{
- if (public->verify(public, scheme, hash, sig))
+ if (public->verify(public, scheme, NULL, hash, sig))
{
DBG1(DBG_IKE, "authentication of '%Y' with %N successful",
id, signature_scheme_names, scheme);
diff --git a/src/libcharon/sa/ikev1/iv_manager.c b/src/libcharon/sa/ikev1/iv_manager.c
index c9f737ccd..2a6e5c04f 100644
--- a/src/libcharon/sa/ikev1/iv_manager.c
+++ b/src/libcharon/sa/ikev1/iv_manager.c
@@ -15,6 +15,7 @@
#include "iv_manager.h"
+#include <library.h>
#include <collections/linked_list.h>
/**
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 628ea0de8..4c16adba3 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -221,8 +221,7 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE);
if (idr && !idr->contains_wildcards(idr))
{
- if (this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO &&
- this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
+ if (this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
{
host = this->ike_sa->get_other_host(this->ike_sa);
if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager,
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 19ea72d0b..65baf8771 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2008-2015 Tobias Brunner
+ * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -61,10 +61,9 @@ struct private_pubkey_authenticator_t {
* Parse authentication data used for Signature Authentication as per RFC 7427
*/
static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type,
- signature_scheme_t *scheme)
+ signature_params_t *params)
{
uint8_t len;
- int oid;
if (!auth_data->len)
{
@@ -72,14 +71,11 @@ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type,
}
len = auth_data->ptr[0];
*auth_data = chunk_skip(*auth_data, 1);
- /* we currently don't support schemes that require parameters */
- oid = asn1_parse_algorithmIdentifier(*auth_data, 1, NULL);
- *scheme = signature_scheme_from_oid(oid);
- if (*scheme == SIGN_UNKNOWN)
+ if (!signature_params_parse(*auth_data, 1, params))
{
return FALSE;
}
- *key_type = key_type_from_signature_scheme(*scheme);
+ *key_type = key_type_from_signature_scheme(params->scheme);
*auth_data = chunk_skip(*auth_data, len);
return TRUE;
}
@@ -88,18 +84,16 @@ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type,
* Build authentication data used for Signature Authentication as per RFC 7427
*/
static bool build_signature_auth_data(chunk_t *auth_data,
- signature_scheme_t scheme)
+ signature_params_t *params)
{
chunk_t data;
uint8_t len;
- int oid;
- oid = signature_scheme_to_oid(scheme);
- if (oid == OID_UNKNOWN)
+ if (!signature_params_build(params, &data))
{
+ chunk_free(auth_data);
return FALSE;
}
- data = asn1_algorithmIdentifier(oid);
len = data.len;
*auth_data = chunk_cat("cmm", chunk_from_thing(len), data, *auth_data);
return TRUE;
@@ -114,13 +108,13 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
{
enumerator_t *enumerator;
signature_scheme_t scheme;
- uintptr_t config;
+ signature_params_t *config;
auth_rule_t rule;
key_type_t key_type;
bool have_config = FALSE;
array_t *selected;
- selected = array_create(sizeof(signature_scheme_t), 0);
+ selected = array_create(0, 0);
key_type = private->get_type(private);
enumerator = auth->create_enumerator(auth);
while (enumerator->enumerate(enumerator, &rule, &config))
@@ -130,12 +124,12 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
continue;
}
have_config = TRUE;
- if (key_type == key_type_from_signature_scheme(config) &&
+ if (key_type == key_type_from_signature_scheme(config->scheme) &&
keymat->hash_algorithm_supported(keymat,
- hasher_from_signature_scheme(config)))
+ hasher_from_signature_scheme(config->scheme,
+ config->params)))
{
- scheme = config;
- array_insert(selected, ARRAY_TAIL, &scheme);
+ array_insert(selected, ARRAY_TAIL, signature_params_clone(config));
}
}
enumerator->destroy(enumerator);
@@ -146,24 +140,30 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
* and supported by the other peer */
enumerator = signature_schemes_for_key(key_type,
private->get_keysize(private));
- while (enumerator->enumerate(enumerator, &scheme))
+ while (enumerator->enumerate(enumerator, &config))
{
+ if (config->scheme == SIGN_RSA_EMSA_PSS &&
+ !lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+ lib->ns))
+ {
+ continue;
+ }
if (keymat->hash_algorithm_supported(keymat,
- hasher_from_signature_scheme(scheme)))
+ hasher_from_signature_scheme(config->scheme,
+ config->params)))
{
- array_insert(selected, ARRAY_TAIL, &scheme);
+ array_insert(selected, ARRAY_TAIL,
+ signature_params_clone(config));
}
}
enumerator->destroy(enumerator);
- /* for RSA we tried at least SHA-512, also try other schemes down to
- * what we'd use with classic authentication */
+ /* for RSA we tried at least SHA-512, also try other schemes */
if (key_type == KEY_RSA)
{
signature_scheme_t schemes[] = {
SIGN_RSA_EMSA_PKCS1_SHA2_384,
SIGN_RSA_EMSA_PKCS1_SHA2_256,
- SIGN_RSA_EMSA_PKCS1_SHA1,
}, contained;
bool found;
int i, j;
@@ -182,9 +182,13 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
}
}
if (!found && keymat->hash_algorithm_supported(keymat,
- hasher_from_signature_scheme(scheme)))
+ hasher_from_signature_scheme(scheme,
+ NULL)))
{
- array_insert(selected, ARRAY_TAIL, &scheme);
+ INIT(config,
+ .scheme = scheme,
+ )
+ array_insert(selected, ARRAY_TAIL, config);
}
}
}
@@ -192,6 +196,12 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
return selected;
}
+CALLBACK(destroy_scheme, void,
+ signature_params_t *params, int idx, void *user)
+{
+ signature_params_destroy(params);
+}
+
/**
* Create a signature using RFC 7427 signature authentication
*/
@@ -201,7 +211,7 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
{
enumerator_t *enumerator;
keymat_v2_t *keymat;
- signature_scheme_t scheme = SIGN_UNKNOWN, *schemep;
+ signature_params_t *params = NULL;
array_t *schemes;
chunk_t octets = chunk_empty;
status_t status = FAILED;
@@ -221,11 +231,11 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
schemes))
{
enumerator = array_create_enumerator(schemes);
- while (enumerator->enumerate(enumerator, &schemep))
+ while (enumerator->enumerate(enumerator, &params))
{
- scheme = *schemep;
- if (private->sign(private, scheme, octets, auth_data) &&
- build_signature_auth_data(auth_data, scheme))
+ if (private->sign(private, params->scheme, params->params, octets,
+ auth_data) &&
+ build_signature_auth_data(auth_data, params))
{
status = SUCCESS;
break;
@@ -233,16 +243,34 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
else
{
DBG2(DBG_IKE, "unable to create %N signature for %N key",
- signature_scheme_names, scheme, key_type_names,
+ signature_scheme_names, params->scheme, key_type_names,
private->get_type(private));
}
}
enumerator->destroy(enumerator);
}
- DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id,
- signature_scheme_names, scheme,
- status == SUCCESS ? "successful" : "failed");
- array_destroy(schemes);
+ if (params)
+ {
+ if (params->scheme == SIGN_RSA_EMSA_PSS)
+ {
+ rsa_pss_params_t *pss = params->params;
+ DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N_%N %s", id,
+ signature_scheme_names, params->scheme,
+ hash_algorithm_short_names_upper, pss->hash,
+ status == SUCCESS ? "successful" : "failed");
+ }
+ else
+ {
+ DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id,
+ signature_scheme_names, params->scheme,
+ status == SUCCESS ? "successful" : "failed");
+ }
+ }
+ else
+ {
+ DBG1(DBG_IKE, "authentication of '%Y' (myself) failed", id);
+ }
+ array_destroy_function(schemes, destroy_scheme, NULL);
chunk_free(&octets);
return status;
}
@@ -253,23 +281,27 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
*/
static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
bool verify, identification_t *id,
- chunk_t *octets, signature_scheme_t *scheme)
+ chunk_t *octets, signature_params_t **scheme)
{
keymat_v2_t *keymat;
array_t *schemes;
bool success = FALSE;
- schemes = array_create(sizeof(signature_scheme_t), 0);
- array_insert(schemes, ARRAY_TAIL, scheme);
+ schemes = array_create(0, 0);
+ array_insert(schemes, ARRAY_TAIL, *scheme);
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
if (keymat->get_auth_octets(keymat, verify, this->ike_sa_init, this->nonce,
id, this->reserved, octets, schemes) &&
- array_get(schemes, 0, &scheme))
+ array_remove(schemes, 0, scheme))
{
success = TRUE;
}
- array_destroy(schemes);
+ else
+ {
+ *scheme = NULL;
+ }
+ array_destroy_function(schemes, destroy_scheme, NULL);
return success;
}
@@ -282,6 +314,7 @@ static status_t sign_classic(private_pubkey_authenticator_t *this,
chunk_t *auth_data)
{
signature_scheme_t scheme;
+ signature_params_t *params;
chunk_t octets = chunk_empty;
status_t status = FAILED;
@@ -319,11 +352,18 @@ static status_t sign_classic(private_pubkey_authenticator_t *this,
return FAILED;
}
- if (get_auth_octets_scheme(this, FALSE, id, &octets, &scheme) &&
- private->sign(private, scheme, octets, auth_data))
+ INIT(params,
+ .scheme = scheme,
+ );
+ if (get_auth_octets_scheme(this, FALSE, id, &octets, &params) &&
+ private->sign(private, params->scheme, NULL, octets, auth_data))
{
status = SUCCESS;
}
+ if (params)
+ {
+ signature_params_destroy(params);
+ }
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id,
auth_method_names, *auth_method,
status == SUCCESS ? "successful" : "failed");
@@ -385,7 +425,7 @@ METHOD(authenticator_t, process, status_t,
auth_cfg_t *auth, *current_auth;
enumerator_t *enumerator;
key_type_t key_type = KEY_ECDSA;
- signature_scheme_t scheme;
+ signature_params_t *params;
status_t status = NOT_FOUND;
const char *reason = "unsupported";
bool online;
@@ -395,25 +435,26 @@ METHOD(authenticator_t, process, status_t,
{
return FAILED;
}
+ INIT(params);
auth_method = auth_payload->get_auth_method(auth_payload);
auth_data = auth_payload->get_data(auth_payload);
switch (auth_method)
{
case AUTH_RSA:
key_type = KEY_RSA;
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
+ params->scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
break;
case AUTH_ECDSA_256:
- scheme = SIGN_ECDSA_256;
+ params->scheme = SIGN_ECDSA_256;
break;
case AUTH_ECDSA_384:
- scheme = SIGN_ECDSA_384;
+ params->scheme = SIGN_ECDSA_384;
break;
case AUTH_ECDSA_521:
- scheme = SIGN_ECDSA_521;
+ params->scheme = SIGN_ECDSA_521;
break;
case AUTH_DS:
- if (parse_signature_auth_data(&auth_data, &key_type, &scheme))
+ if (parse_signature_auth_data(&auth_data, &key_type, params))
{
break;
}
@@ -422,10 +463,11 @@ METHOD(authenticator_t, process, status_t,
default:
DBG1(DBG_IKE, "%N authentication %s", auth_method_names,
auth_method, reason);
+ signature_params_destroy(params);
return INVALID_ARG;
}
id = this->ike_sa->get_other_id(this->ike_sa);
- if (!get_auth_octets_scheme(this, TRUE, id, &octets, &scheme))
+ if (!get_auth_octets_scheme(this, TRUE, id, &octets, &params))
{
return FAILED;
}
@@ -436,15 +478,31 @@ METHOD(authenticator_t, process, status_t,
key_type, id, auth, online);
while (enumerator->enumerate(enumerator, &public, &current_auth))
{
- if (public->verify(public, scheme, octets, auth_data))
+ if (public->verify(public, params->scheme, params->params, octets,
+ auth_data))
{
- DBG1(DBG_IKE, "authentication of '%Y' with %N successful", id,
- auth_method == AUTH_DS ? signature_scheme_names : auth_method_names,
- auth_method == AUTH_DS ? scheme : auth_method);
+ if (auth_method != AUTH_DS)
+ {
+ DBG1(DBG_IKE, "authentication of '%Y' with %N successful", id,
+ auth_method_names, auth_method);
+ }
+ else if (params->scheme == SIGN_RSA_EMSA_PSS)
+ {
+ rsa_pss_params_t *pss = params->params;
+ DBG1(DBG_IKE, "authentication of '%Y' with %N_%N successful",
+ id, signature_scheme_names, params->scheme,
+ hash_algorithm_short_names_upper, pss->hash);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "authentication of '%Y' with %N successful", id,
+ signature_scheme_names, params->scheme);
+ }
status = SUCCESS;
auth->merge(auth, current_auth, FALSE);
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
- auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, (uintptr_t)scheme);
+ auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME,
+ signature_params_clone(params));
if (!online)
{
auth->add(auth, AUTH_RULE_CERT_VALIDATION_SUSPENDED, TRUE);
@@ -459,6 +517,7 @@ METHOD(authenticator_t, process, status_t,
}
enumerator->destroy(enumerator);
chunk_free(&octets);
+ signature_params_destroy(params);
if (status == NOT_FOUND)
{
DBG1(DBG_IKE, "no trusted %N public key found for '%Y'",
diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h
index 36bf149fe..084ed40f0 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.h
+++ b/src/libcharon/sa/ikev2/keymat_v2.h
@@ -101,8 +101,9 @@ struct keymat_v2_t {
* @param id identity
* @param reserved reserved bytes of id_payload
* @param octests chunk receiving allocated auth octets
- * @param schemes array containing signature schemes in case they
- * need to be modified by the keymat implementation
+ * @param schemes array containing signature schemes
+ * (signature_params_t*) in case they need to be
+ * modified by the keymat implementation
* @return TRUE if octets created successfully
*/
bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index c2ddbc588..361eb0fe1 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -131,7 +131,7 @@ struct private_task_manager_t {
array_t *queued_tasks;
/**
- * Array of active tasks, initiated by ourselve
+ * Array of active tasks, initiated by ourselves
*/
array_t *active_tasks;
@@ -1780,9 +1780,11 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
enumerator_t *enumerator;
child_sa_t *child_sa;
child_cfg_t *cfg;
+ peer_cfg_t *peer;
ike_sa_t *new;
host_t *host;
queued_task_t *queued;
+ bool children = FALSE;
new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager,
this->ike_sa->get_version(this->ike_sa), TRUE);
@@ -1791,7 +1793,8 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
return;
}
- new->set_peer_cfg(new, this->ike_sa->get_peer_cfg(this->ike_sa));
+ peer = this->ike_sa->get_peer_cfg(this->ike_sa);
+ new->set_peer_cfg(new, peer);
host = this->ike_sa->get_other_host(this->ike_sa);
new->set_other_host(new, host->clone(host));
host = this->ike_sa->get_my_host(this->ike_sa);
@@ -1809,6 +1812,7 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
cfg = child_sa->get_config(child_sa);
new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg),
FALSE, NULL, NULL)->task);
+ children = TRUE;
}
enumerator->destroy(enumerator);
@@ -1821,10 +1825,24 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
new->queue_task(new, queued->task);
array_remove_at(this->queued_tasks, enumerator);
free(queued);
+ children = TRUE;
}
}
enumerator->destroy(enumerator);
+ if (!children
+#ifdef ME
+ /* allow reauth of mediation connections without CHILD_SAs */
+ && !peer->is_mediation(peer)
+#endif /* ME */
+ )
+ {
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
+ DBG1(DBG_IKE, "unable to reauthenticate IKE_SA, no CHILD_SA "
+ "to recreate");
+ return;
+ }
+
/* suspend online revocation checking until the SA is established */
new->set_condition(new, COND_ONLINE_VALIDATION_SUSPENDED, TRUE);
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index cac3bc0a2..4d4d72e0b 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1377,7 +1377,6 @@ METHOD(task_t, build_r, status_t,
uint16_t group = htons(this->dh_group);
message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
chunk_from_thing(group));
- handle_child_sa_failure(this, message);
return SUCCESS;
}
case FAILED:
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index 2217295b6..164f8fc03 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -349,7 +349,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
child_sa->get_unique_id(child_sa)), delay);
continue;
}
- else if (expire)
+ else if (now < expire)
{ /* let it expire naturally */
continue;
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 53daaf2ad..aeaa701c9 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -471,7 +471,6 @@ METHOD(task_t, build_i, status_t,
if (idr && !idr->contains_wildcards(idr) &&
message->get_message_id(message) == 1 &&
- this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO &&
this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
{
host_t *host;
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 58b710616..d75d21715 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -158,7 +158,7 @@ static void send_supported_hash_algorithms(private_ike_init_t *this,
peer_cfg_t *peer;
auth_cfg_t *auth;
auth_rule_t rule;
- uintptr_t config;
+ signature_params_t *config;
int written;
size_t len = BUF_LEN;
char buf[len];
@@ -177,7 +177,8 @@ static void send_supported_hash_algorithms(private_ike_init_t *this,
{
if (rule == AUTH_RULE_IKE_SIGNATURE_SCHEME)
{
- hash = hasher_from_signature_scheme(config);
+ hash = hasher_from_signature_scheme(config->scheme,
+ config->params);
if (hasher_algorithm_for_ikev2(hash))
{
algos->add(algos, hash);
@@ -502,7 +503,11 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
this->dh = this->keymat->keymat.create_dh(
&this->keymat->keymat, this->dh_group);
}
- if (this->dh)
+ else if (this->dh)
+ {
+ this->dh_failed = this->dh->get_dh_group(this->dh) != this->dh_group;
+ }
+ if (this->dh && !this->dh_failed)
{
this->dh_failed = !this->dh->set_other_public_value(this->dh,
ke_payload->get_key_exchange_data(ke_payload));
@@ -811,7 +816,7 @@ METHOD(task_t, process_i, status_t,
if (this->old_sa == NULL)
{ /* reset the IKE_SA if we are not rekeying */
- this->ike_sa->reset(this->ike_sa);
+ this->ike_sa->reset(this->ike_sa, FALSE);
}
enumerator->destroy(enumerator);
@@ -829,7 +834,7 @@ METHOD(task_t, process_i, status_t,
{
chunk_free(&this->cookie);
this->cookie = chunk_clone(notify->get_notification_data(notify));
- this->ike_sa->reset(this->ike_sa);
+ this->ike_sa->reset(this->ike_sa, FALSE);
enumerator->destroy(enumerator);
DBG2(DBG_IKE, "received %N notify", notify_type_names, type);
this->retry++;
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index e85b276e8..f72fbc437 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -97,6 +97,8 @@ static vid_data_t vids[] = {
"\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"},
{ "Cisco Delete Reason", 0, NULL, 0,
"CISCO-DELETE-REASON" },
+ { "Cisco FlexVPN Supported", 0, NULL, 0,
+ "FLEXVPN-SUPPORTED" },
{ "Cisco Copyright (c) 2009", 0, NULL, 0,
"CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc." },
{ "FRAGMENTATION", 0, NULL, 16,
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c
index ad12f0579..3a254cea5 100644
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -96,6 +96,7 @@ static bool install_shunt_policy(child_cfg_t *child)
status_t status = SUCCESS;
uint32_t manual_prio;
char *interface;
+ bool fwd_out;
ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT };
switch (child->get_mode(child))
@@ -122,6 +123,7 @@ static bool install_shunt_policy(child_cfg_t *child)
manual_prio = child->get_manual_prio(child);
interface = child->get_interface(child);
+ fwd_out = child->has_option(child, OPT_FWD_OUT_POLICIES);
/* enumerate pairs of traffic selectors */
e_my_ts = my_ts_list->create_enumerator(my_ts_list);
@@ -157,9 +159,11 @@ static bool install_shunt_policy(child_cfg_t *child)
.sa = &sa,
};
status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
- /* install "outbound" forward policy */
- id.dir = POLICY_FWD;
- status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
+ if (fwd_out)
+ { /* install "outbound" forward policy */
+ id.dir = POLICY_FWD;
+ status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
+ }
/* install in policy */
id = (kernel_ipsec_policy_id_t){
.dir = POLICY_IN,
@@ -255,6 +259,7 @@ static void uninstall_shunt_policy(child_cfg_t *child)
status_t status = SUCCESS;
uint32_t manual_prio;
char *interface;
+ bool fwd_out;
ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT };
switch (child->get_mode(child))
@@ -281,6 +286,7 @@ static void uninstall_shunt_policy(child_cfg_t *child)
manual_prio = child->get_manual_prio(child);
interface = child->get_interface(child);
+ fwd_out = child->has_option(child, OPT_FWD_OUT_POLICIES);
/* enumerate pairs of traffic selectors */
e_my_ts = my_ts_list->create_enumerator(my_ts_list);
@@ -316,9 +322,12 @@ static void uninstall_shunt_policy(child_cfg_t *child)
.sa = &sa,
};
status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
- /* uninstall "outbound" forward policy */
- id.dir = POLICY_FWD;
- status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
+ if (fwd_out)
+ {
+ /* uninstall "outbound" forward policy */
+ id.dir = POLICY_FWD;
+ status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
+ }
/* uninstall in policy */
id = (kernel_ipsec_policy_id_t){
.dir = POLICY_IN,
diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in
index 8a2775bc0..66d2431c9 100644
--- a/src/libcharon/tests/Makefile.in
+++ b/src/libcharon/tests/Makefile.in
@@ -269,9 +269,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index d147b27d8..604899b5a 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -250,9 +250,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c
index 66a2ee514..4b422f077 100644
--- a/src/libfast/fast_dispatcher.c
+++ b/src/libfast/fast_dispatcher.c
@@ -136,7 +136,7 @@ typedef struct {
} session_entry_t;
/**
- * create a session and instanciate controllers
+ * create a session and instantiate controllers
*/
static fast_session_t* load_session(private_fast_dispatcher_t *this)
{
diff --git a/src/libfast/fast_dispatcher.h b/src/libfast/fast_dispatcher.h
index 6546385c6..21708a744 100644
--- a/src/libfast/fast_dispatcher.h
+++ b/src/libfast/fast_dispatcher.h
@@ -25,11 +25,11 @@
* The application has a global context and a session context. The global
* context is accessed from all sessions simultaneously and therefore
* needs to be threadsave. Often a database wrapper is the global context.
- * The session context is instanciated per session. Sessions are managed
+ * The session context is instantiated per session. Sessions are managed
* automatically through session cookies. The session context is kept alive
* until the session times out. It must implement the context_t interface and
* a #fast_context_constructor_t is needed to create instances. To each session,
- * a set of controllers gets instanciated. The controller instances are per
+ * a set of controllers gets instantiated. The controller instances are per
* session, so you can hold private data for each user.
* Controllers need to implement the controller_t interface and need a
* #fast_controller_constructor_t function to create instances.
@@ -72,7 +72,7 @@ typedef struct fast_dispatcher_t fast_dispatcher_t;
*
* The dispatcher creates a session for each client (using SID cookies). In
* each session, a session context is created using the context constructor.
- * Each controller is instanciated in the session using the controller
+ * Each controller is instantiated in the session using the controller
* constructor added with add_controller.
*/
struct fast_dispatcher_t {
@@ -102,7 +102,7 @@ struct fast_dispatcher_t {
/**
* Start with dispatching.
*
- * Instanciate a constant thread pool and start dispatching requests.
+ * Instantiate a constant thread pool and start dispatching requests.
*
* @param threads number of dispatching threads
*/
diff --git a/src/libfast/fast_session.h b/src/libfast/fast_session.h
index 2ff450b93..3fca3673e 100644
--- a/src/libfast/fast_session.h
+++ b/src/libfast/fast_session.h
@@ -28,7 +28,7 @@
typedef struct fast_session_t fast_session_t;
/**
- * Session handling class, instanciated for each user session.
+ * Session handling class, instantiated for each user session.
*/
struct fast_session_t {
diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk
index 4df3dcb64..9f3172074 100644
--- a/src/libimcv/Android.mk
+++ b/src/libimcv/Android.mk
@@ -79,6 +79,8 @@ libimcv_la_SOURCES := \
swid/swid_inventory.h swid/swid_inventory.c \
swid/swid_tag.h swid/swid_tag.c \
swid/swid_tag_id.h swid/swid_tag_id.c \
+ swid_gen/swid_gen.h swid_gen/swid_gen.c \
+ swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \
swima/swima_data_model.h swima/swima_data_model.c \
swima/swima_record.h swima/swima_record.c \
swima/swima_event.h swima/swima_event.c \
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 246ffe29d..ef2c9c35b 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -440,9 +440,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c
index 9e3e83d4d..44e0ef24f 100644
--- a/src/libimcv/ietf/ietf_attr.c
+++ b/src/libimcv/ietf/ietf_attr.c
@@ -47,10 +47,10 @@ ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING,
"Forwarding Enabled",
"Factory Default Password Enabled",
);
-ENUM_NEXT(ietf_attr_names, IETF_ATTR_SW_REQUEST,
+ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST,
IETF_ATTR_SRC_METADATA_RESP,
IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
- "SW Request",
+ "SWIMA Request",
"SW Identifier Inventory",
"SW Identifier Events",
"SW Inventory",
@@ -97,7 +97,7 @@ pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length,
case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
return generic_attr_bool_create_from_data(length, value,
pen_type_create(PEN_IETF, type));
- case IETF_ATTR_SW_REQUEST:
+ case IETF_ATTR_SWIMA_REQUEST:
return ietf_swima_attr_req_create_from_data(length, value);
case IETF_ATTR_SW_ID_INVENTORY:
return ietf_swima_attr_sw_inv_create_from_data(length, value, TRUE);
diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h
index d2ea98201..cbf4a49a2 100644
--- a/src/libimcv/ietf/ietf_attr.h
+++ b/src/libimcv/ietf/ietf_attr.h
@@ -48,7 +48,7 @@ enum ietf_attr_t {
IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED = 12,
/* draft-ietf-sacm-nea-swid-patnc */
- IETF_ATTR_SW_REQUEST = 17,
+ IETF_ATTR_SWIMA_REQUEST = 17,
IETF_ATTR_SW_ID_INVENTORY = 18,
IETF_ATTR_SW_ID_EVENTS = 19,
IETF_ATTR_SW_INVENTORY = 20,
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
index 966c095e2..75f279298 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
@@ -27,16 +27,16 @@ ENUM_BEGIN(pa_tnc_error_code_names, PA_ERROR_RESERVED,
"Version Not Supported",
"Attribute Type Not Supported"
);
-ENUM_NEXT(pa_tnc_error_code_names, PA_ERROR_SW,
- PA_ERROR_SW_SUBSCRIPTION_ID_REUSE,
+ENUM_NEXT(pa_tnc_error_code_names, PA_ERROR_SWIMA,
+ PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE,
PA_ERROR_ATTR_TYPE_NOT_SUPPORTED,
- "SW Error",
- "SW Subscription Denied",
- "SW Response Too Large",
- "SW Subscription Fulfillment Error",
- "SW Subscription ID Reuse"
+ "SWIMA Error",
+ "SWIMA Subscription Denied",
+ "SWIMA Response Too Large",
+ "SWIMA Subscription Fulfillment Error",
+ "SWIMA Subscription ID Reuse"
);
-ENUM_END(pa_tnc_error_code_names, PA_ERROR_SW_SUBSCRIPTION_ID_REUSE);
+ENUM_END(pa_tnc_error_code_names, PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE);
typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t;
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
index 7dbc33828..dd0be72ff 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
@@ -33,18 +33,18 @@ typedef enum pa_tnc_error_code_t pa_tnc_error_code_t;
enum pa_tnc_error_code_t {
/* RFC 5792 PA-TNC */
- PA_ERROR_RESERVED = 0,
- PA_ERROR_INVALID_PARAMETER = 1,
- PA_ERROR_VERSION_NOT_SUPPORTED = 2,
- PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3,
- PA_ERROR_PA_TNC_MSG_ROOF = 3,
+ PA_ERROR_RESERVED = 0,
+ PA_ERROR_INVALID_PARAMETER = 1,
+ PA_ERROR_VERSION_NOT_SUPPORTED = 2,
+ PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3,
+ PA_ERROR_PA_TNC_MSG_ROOF = 3,
/* draft-ietf-sacm-nea-swid-patnc (SWIMA) */
- PA_ERROR_SW = 32,
- PA_ERROR_SW_SUBSCRIPTION_DENIED = 33,
- PA_ERROR_SW_RESPONSE_TOO_LARGE = 34,
- PA_ERROR_SW_SUBSCRIPTION_FULFILLMENT = 35,
- PA_ERROR_SW_SUBSCRIPTION_ID_REUSE = 36
+ PA_ERROR_SWIMA = 32,
+ PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 33,
+ PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 34,
+ PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 35,
+ PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 36
};
/**
diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.c b/src/libimcv/ietf/swima/ietf_swima_attr_req.c
index 07d0b0c5f..d67497373 100644
--- a/src/libimcv/ietf/swima/ietf_swima_attr_req.c
+++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.c
@@ -274,7 +274,7 @@ pa_tnc_attr_t *ietf_swima_attr_req_create(uint8_t flags, uint32_t request_id)
.set_targets = _set_targets,
.get_targets = _get_targets,
},
- .type = { PEN_IETF, IETF_ATTR_SW_REQUEST },
+ .type = { PEN_IETF, IETF_ATTR_SWIMA_REQUEST },
.flags = flags & SW_REQ_RESERVED_MASK,
.request_id = request_id,
.targets = swima_inventory_create(),
@@ -309,7 +309,7 @@ pa_tnc_attr_t *ietf_swima_attr_req_create_from_data(size_t length, chunk_t data)
.set_targets = _set_targets,
.get_targets = _get_targets,
},
- .type = { PEN_IETF, IETF_ATTR_SW_REQUEST },
+ .type = { PEN_IETF, IETF_ATTR_SWIMA_REQUEST },
.length = length,
.value = chunk_clone(data),
.targets = swima_inventory_create(),
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index a872499d2..40a0f5eeb 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -484,30 +484,66 @@ INSERT INTO products ( /* 81 */
'Android 6.0.1'
);
-INSERT INTO products ( /* 82 */
+INSERT INTO products ( /* 82 */
name
) VALUES (
'Debian 8.5 i686'
);
-INSERT INTO products ( /* 83 */
+INSERT INTO products ( /* 83 */
name
) VALUES (
'Debian 8.5 x86_64'
);
-INSERT INTO products ( /* 84 */
+INSERT INTO products ( /* 84 */
name
) VALUES (
'Debian 8.6 i686'
);
-INSERT INTO products ( /* 85 */
+INSERT INTO products ( /* 85 */
name
) VALUES (
'Debian 8.6 x86_64'
);
+INSERT INTO products ( /* 86 */
+ name
+) VALUES (
+ 'Debian 8.7 i686'
+);
+
+INSERT INTO products ( /* 87 */
+ name
+) VALUES (
+ 'Debian 8.7 x86_64'
+);
+
+INSERT INTO products ( /* 88 */
+ name
+) VALUES (
+ 'Debian 8.8 i686'
+);
+
+INSERT INTO products ( /* 89 */
+ name
+) VALUES (
+ 'Debian 8.8 x86_64'
+);
+
+INSERT INTO products ( /* 90 */
+ name
+) VALUES (
+ 'Debian 8.9 i686'
+);
+
+INSERT INTO products ( /* 91 */
+ name
+) VALUES (
+ 'Debian 8.9 x86_64'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -1039,6 +1075,36 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 82
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 4, 84
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 4, 86
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 4, 88
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 4, 90
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -1129,6 +1195,24 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 87
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 5, 89
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 5, 91
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index e96faa77e..bb0b3b75b 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -685,9 +685,9 @@ METHOD(imv_agent_t, create_language_enumerator, enumerator_t*,
);
if (!this->get_attribute ||
- !this->get_attribute(this->id, state->get_connection_id(state),
+ this->get_attribute(this->id, state->get_connection_id(state),
TNC_ATTRIBUTEID_PREFERRED_LANGUAGE, BUF_LEN,
- e->lang_buf, &e->lang_len) == TNC_RESULT_SUCCESS ||
+ e->lang_buf, &e->lang_len) != TNC_RESULT_SUCCESS ||
e->lang_len >= BUF_LEN)
{
e->lang_len = 0;
diff --git a/src/libimcv/imv/tables.sql b/src/libimcv/imv/tables.sql
index 8bde8898f..b50c6ed12 100644
--- a/src/libimcv/imv/tables.sql
+++ b/src/libimcv/imv/tables.sql
@@ -253,24 +253,30 @@ CREATE INDEX "swid_entityroles_entity_id" ON "swid_entityroles" (
DROP TABLE IF EXISTS "swid_tags";
CREATE TABLE "swid_tags" (
"id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ "version_id" INTEGER REFERENCES "versions" ("id"),
"package_name" VARCHAR(255) NOT NULL,
- "version" VARCHAR(255) NOT NULL,
+ "version_str" VARCHAR(255) NOT NULL,
"unique_id" VARCHAR(255) NOT NULL,
"swid_xml" TEXT NOT NULL,
"software_id" VARCHAR(255) NOT NULL
);
+DROP INDEX IF EXISTS "swid_tags_software_id";
DROP INDEX if EXISTS "swid_tags_unique_id";
+DROP INDEX IF EXISTS "swid_tags_version";
DROP INDEX IF EXISTS "swid_tags_package_name";
-DROP INDEX IF EXISTS "swid_tags_software_id";
+
+CREATE INDEX "swid_tags_software_id" ON "swid_tags" (
+ "software_id"
+);
CREATE INDEX "swid_tags_unique_id" ON "swid_tags" (
"unique_id"
);
+CREATE INDEX "swid_tags_version_id" ON "swid_tags" (
+ "version_id"
+);
CREATE INDEX "swid_tags_package_name" ON "swid_tags" (
"package_name"
);
-CREATE INDEX "swid_tags_software_id" ON "swid_tags" (
- "software_id"
-);
DROP TABLE IF EXISTS "swid_tags_files";
CREATE TABLE "swid_tags_files" (
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
index 1600d4d2f..bc079ff12 100644
--- a/src/libimcv/plugins/imc_attestation/Makefile.in
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in
index b12499d82..1b71b26d0 100644
--- a/src/libimcv/plugins/imc_hcd/Makefile.in
+++ b/src/libimcv/plugins/imc_hcd/Makefile.in
@@ -242,9 +242,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index 14c6e02a0..e62c04bea 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -242,9 +242,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index 664ffdff6..a054a475b 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -243,9 +243,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
index b6a77dda4..f58935f2e 100644
--- a/src/libimcv/plugins/imc_swid/Makefile.in
+++ b/src/libimcv/plugins/imc_swid/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag
index 644c0989c..f10740d60 100644
--- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-0.swidtag
+++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentity
name="strongSwan"
- tagId="strongSwan-5-6-0"
- version="5.6.0" versionScheme="alphanumeric"
+ tagId="strongSwan-5-6-1"
+ version="5.6.1" versionScheme="alphanumeric"
xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
<Entity
name="strongSwan Project"
diff --git a/src/libimcv/plugins/imc_swima/Makefile.in b/src/libimcv/plugins/imc_swima/Makefile.in
index ae1d024af..ed2191921 100644
--- a/src/libimcv/plugins/imc_swima/Makefile.in
+++ b/src/libimcv/plugins/imc_swima/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imc_swima/imc_swima.c b/src/libimcv/plugins/imc_swima/imc_swima.c
index e120cf7fc..67080e050 100644
--- a/src/libimcv/plugins/imc_swima/imc_swima.c
+++ b/src/libimcv/plugins/imc_swima/imc_swima.c
@@ -35,7 +35,7 @@
static const char imc_name[] = "SWIMA";
static pen_type_t msg_types[] = {
- { PEN_IETF, PA_SUBTYPE_IETF_SW }
+ { PEN_IETF, PA_SUBTYPE_IETF_SWIMA }
};
static imc_agent_t *imc_swima;
@@ -180,7 +180,7 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
{
snprintf(error_msg, msg_len, "failed to collect SW%s events, "
"fallback to SW%s inventory", id_str, id_str);
- attr = swima_error_create(PA_ERROR_SW, request_id, 0, error_msg);
+ attr = swima_error_create(PA_ERROR_SWIMA, request_id, 0, error_msg);
msg->add_attribute(msg, attr);
}
else {
@@ -207,7 +207,7 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
{
snprintf(error_msg, msg_len, "failed to collect SW%s inventory",
id_str);
- attr = swima_error_create(PA_ERROR_SW, request_id, 0, error_msg);
+ attr = swima_error_create(PA_ERROR_SWIMA, request_id, 0, error_msg);
}
else
{
@@ -258,7 +258,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
type = attr->get_type(attr);
- if (type.vendor_id != PEN_IETF || type.type != IETF_ATTR_SW_REQUEST)
+ if (type.vendor_id != PEN_IETF || type.type != IETF_ATTR_SWIMA_REQUEST)
{
continue;
}
@@ -270,7 +270,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
if (flags & (IETF_SWIMA_ATTR_REQ_FLAG_S | IETF_SWIMA_ATTR_REQ_FLAG_C))
{
- attr = swima_error_create(PA_ERROR_SW_SUBSCRIPTION_DENIED,
+ attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED,
request_id, 0, "no subscription available yet");
out_msg->add_attribute(out_msg, attr);
break;
diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag
index 644c0989c..f10740d60 100644
--- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-0.swidtag
+++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentity
name="strongSwan"
- tagId="strongSwan-5-6-0"
- version="5.6.0" versionScheme="alphanumeric"
+ tagId="strongSwan-5-6-1"
+ version="5.6.1" versionScheme="alphanumeric"
xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
<Entity
name="strongSwan Project"
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index a002f0baf..fc6d2f6fb 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -242,9 +242,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
index 3872b9a57..f9eb9d6ed 100644
--- a/src/libimcv/plugins/imv_attestation/Makefile.in
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -256,9 +256,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
index b1ee16bf8..60a9edc0f 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -318,15 +318,24 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
enumerator_t *e;
char *filename;
chunk_t measurement;
+ int vid;
+
+ if (!pts_db->get_product_version(pts_db,
+ pts->get_platform_id(pts), &vid))
+ {
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ break;
+ }
e = measurements->create_enumerator(measurements);
while (e->enumerate(e, &filename, &measurement))
{
- if (pts_db->add_file_measurement(pts_db,
- pts->get_platform_id(pts), algo, measurement,
- filename, is_dir, arg_int) != SUCCESS)
+ if (!pts_db->add_file_measurement(pts_db, vid, algo,
+ measurement, filename, is_dir, arg_int))
{
eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ e->destroy(e);
+ break;
}
}
e->destroy(e);
diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in
index fda666b06..99bf6d916 100644
--- a/src/libimcv/plugins/imv_hcd/Makefile.in
+++ b/src/libimcv/plugins/imv_hcd/Makefile.in
@@ -242,9 +242,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am
index f5bc9010c..50a87d877 100644
--- a/src/libimcv/plugins/imv_os/Makefile.am
+++ b/src/libimcv/plugins/imv_os/Makefile.am
@@ -18,12 +18,3 @@ imv_os_la_SOURCES = \
imv_os_database.c imv_os_database.h
imv_os_la_LDFLAGS = -module -avoid-version -no-undefined
-
-if !USE_WINDOWS
-ipsec_PROGRAMS = pacman
-pacman_SOURCES = pacman.c
-pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-pacman.o : $(top_builddir)/config.status
-
-EXTRA_DIST = pacman.sh
-endif
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index a8d80b3f8..d5a6f07f1 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -14,7 +14,6 @@
@SET_MAKE@
-
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
@@ -89,7 +88,6 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-@USE_WINDOWS_FALSE@ipsec_PROGRAMS = pacman$(EXEEXT)
subdir = src/libimcv/plugins/imv_os
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -136,7 +134,7 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
-am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"
+am__installdirs = "$(DESTDIR)$(imcvdir)"
LTLIBRARIES = $(imcv_LTLIBRARIES)
imv_os_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
$(top_builddir)/src/libstrongswan/libstrongswan.la
@@ -150,11 +148,6 @@ am__v_lt_1 =
imv_os_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(imv_os_la_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(ipsec_PROGRAMS)
-am__pacman_SOURCES_DIST = pacman.c
-@USE_WINDOWS_FALSE@am_pacman_OBJECTS = pacman.$(OBJEXT)
-pacman_OBJECTS = $(am_pacman_OBJECTS)
-@USE_WINDOWS_FALSE@pacman_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -189,8 +182,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(imv_os_la_SOURCES) $(pacman_SOURCES)
-DIST_SOURCES = $(imv_os_la_SOURCES) $(am__pacman_SOURCES_DIST)
+SOURCES = $(imv_os_la_SOURCES)
+DIST_SOURCES = $(imv_os_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -250,9 +243,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -472,9 +467,6 @@ imv_os_la_SOURCES = \
imv_os_database.c imv_os_database.h
imv_os_la_LDFLAGS = -module -avoid-version -no-undefined
-@USE_WINDOWS_FALSE@pacman_SOURCES = pacman.c
-@USE_WINDOWS_FALSE@pacman_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-@USE_WINDOWS_FALSE@EXTRA_DIST = pacman.sh
all: all-am
.SUFFIXES:
@@ -546,59 +538,6 @@ clean-imcvLTLIBRARIES:
imv-os.la: $(imv_os_la_OBJECTS) $(imv_os_la_DEPENDENCIES) $(EXTRA_imv_os_la_DEPENDENCIES)
$(AM_V_CCLD)$(imv_os_la_LINK) -rpath $(imcvdir) $(imv_os_la_OBJECTS) $(imv_os_la_LIBADD) $(LIBS)
-install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
- @$(NORMAL_INSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
- fi; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p \
- || test -f $$p1 \
- ; then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' \
- -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-ipsecPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' \
- `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files
-
-clean-ipsecPROGRAMS:
- @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-pacman$(EXEEXT): $(pacman_OBJECTS) $(pacman_DEPENDENCIES) $(EXTRA_pacman_DEPENDENCIES)
- @rm -f pacman$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(pacman_OBJECTS) $(pacman_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -610,7 +549,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_agent.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_database.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_os_state.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pacman.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -726,9 +664,9 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
+all-am: Makefile $(LTLIBRARIES)
installdirs:
- for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(imcvdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -763,8 +701,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-ipsecPROGRAMS \
- clean-libtool mostlyclean-am
+clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
+ mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -784,7 +722,7 @@ info: info-am
info-am:
-install-data-am: install-imcvLTLIBRARIES install-ipsecPROGRAMS
+install-data-am: install-imcvLTLIBRARIES
install-dvi: install-dvi-am
@@ -830,29 +768,27 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS
+uninstall-am: uninstall-imcvLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-ipsecPROGRAMS clean-libtool \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
+ clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
+ ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am \
install-imcvLTLIBRARIES install-info install-info-am \
- install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
- uninstall-ipsecPROGRAMS
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-imcvLTLIBRARIES
.PRECIOUS: Makefile
-@USE_WINDOWS_FALSE@pacman.o : $(top_builddir)/config.status
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index 4bf6c7e21..3fa3d0965 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -705,8 +705,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
eval = fail ? TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR :
TNC_IMV_EVALUATION_RESULT_COMPLIANT;
snprintf(result_str, BUF_LEN, "processed %d packages: "
- "%d not updated, %d blacklisted, %d ok, "
- "%d unknown",
+ "%d vulnerable, %d blacklisted, %d ok, %d unknown",
count, count_update, count_blacklist, count_ok,
count - count_update - count_blacklist - count_ok);
break;
diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c
index 31b889b74..049c844bc 100644
--- a/src/libimcv/plugins/imv_os/imv_os_database.c
+++ b/src/libimcv/plugins/imv_os/imv_os_database.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2014 Andreas Steffen
+ * Copyright (C) 2012-2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -51,7 +51,7 @@ METHOD(imv_os_database_t, check_packages, status_t,
char *product, *package, *release, *cur_release;
chunk_t name, version;
int pid, gid, security, blacklist;
- int count = 0, count_ok = 0, count_no_match = 0, count_blacklist = 0;
+ int count = 0, count_ok = 0, count_security = 0, count_blacklist = 0;
enumerator_t *e;
status_t status = SUCCESS;
bool found, match;
@@ -103,11 +103,8 @@ METHOD(imv_os_database_t, check_packages, status_t,
if (!e->enumerate(e, &gid))
{
/* package not present in database for any product - skip */
- if (os_type == OS_TYPE_ANDROID)
- {
- DBG2(DBG_IMV, "package '%s' (%.*s) not found",
- package, version.len, version.ptr);
- }
+ DBG2(DBG_IMV, "package '%s' (%.*s) not found",
+ package, version.len, version.ptr);
free(package);
e->destroy(e);
continue;
@@ -148,36 +145,41 @@ METHOD(imv_os_database_t, check_packages, status_t,
{
if (blacklist)
{
- DBG2(DBG_IMV, "package '%s' (%s) is blacklisted",
+ DBG1(DBG_IMV, "package '%s' (%s) is blacklisted",
package, release);
count_blacklist++;
os_state->add_bad_package(os_state, package,
OS_PACKAGE_STATE_BLACKLIST);
}
+ else if (security)
+ {
+ DBG1(DBG_IMV, "package '%s' (%s) is vulnerable",
+ package, release);
+ os_state->add_bad_package(os_state, package,
+ OS_PACKAGE_STATE_SECURITY);
+ count_security++;
+ }
else
{
- DBG2(DBG_IMV, "package '%s' (%s)%s is ok", package, release,
- security ? " [s]" : "");
+ DBG2(DBG_IMV, "package '%s' (%s) is ok",
+ package, release);
count_ok++;
}
}
else
{
DBG1(DBG_IMV, "package '%s' (%s) no match", package, release);
- count_no_match++;
- os_state->add_bad_package(os_state, package,
- OS_PACKAGE_STATE_SECURITY);
}
}
else
{
- /* package not present in database for this product - skip */
+ DBG2(DBG_IMV, "package '%s' (%s) unknown", package, release);
}
free(package);
free(release);
}
- os_state->set_count(os_state, count, count_no_match,
- count_blacklist, count_ok);
+ os_state->set_count(os_state, count, count_security, count_blacklist,
+ count_ok);
return status;
}
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index ac826a77c..af5daf0fc 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2014 Andreas Steffen
+ * Copyright (C) 2012-2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -121,9 +121,9 @@ struct private_imv_os_state_t {
int count;
/**
- * Number of not updated packages
+ * Number of vulnerable packages
*/
- int count_update;
+ int count_security;
/**
* Number of blacklisted packages
@@ -372,7 +372,7 @@ METHOD(imv_state_t, get_reason_string, bool,
private_imv_os_state_t *this, enumerator_t *language_enumerator,
chunk_t *reason_string, char **reason_language)
{
- if (!this->count_update && !this->count_blacklist & !this->os_settings)
+ if (!this->count_security && !this->count_blacklist & !this->os_settings)
{
return FALSE;
}
@@ -383,7 +383,7 @@ METHOD(imv_state_t, get_reason_string, bool,
DESTROY_IF(this->reason_string);
this->reason_string = imv_reason_string_create(*reason_language, "\n");
- if (this->count_update || this->count_blacklist)
+ if (this->count_security || this->count_blacklist)
{
this->reason_string->add_reason(this->reason_string, reason_packages);
}
@@ -403,7 +403,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
imv_os_info_t *os_info;
bool as_xml = FALSE;
- if (!this->count_update && !this->count_blacklist & !this->os_settings)
+ if (!this->count_security && !this->count_blacklist & !this->os_settings)
{
return FALSE;
}
@@ -430,7 +430,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
}
/* List of packages in need of an update, if any */
- if (this->count_update)
+ if (this->count_security)
{
this->remediation_string->add_instruction(this->remediation_string,
instr_update_packages_title,
@@ -492,26 +492,26 @@ METHOD(imv_os_state_t, get_handshake_state, imv_os_handshake_state_t,
METHOD(imv_os_state_t, set_count, void,
- private_imv_os_state_t *this, int count, int count_update,
+ private_imv_os_state_t *this, int count, int count_security,
int count_blacklist, int count_ok)
{
this->count += count;
- this->count_update += count_update;
+ this->count_security += count_security;
this->count_blacklist += count_blacklist;
this->count_ok += count_ok;
}
METHOD(imv_os_state_t, get_count, void,
- private_imv_os_state_t *this, int *count, int *count_update,
+ private_imv_os_state_t *this, int *count, int *count_security,
int *count_blacklist, int *count_ok)
{
if (count)
{
*count = this->count;
}
- if (count_update)
+ if (count_security)
{
- *count_update = this->count_update;
+ *count_security = this->count_security;
}
if (count_blacklist)
{
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index aa9b64076..d73a47412 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2014 Andreas Steffen
+ * Copyright (C) 2012-2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -81,22 +81,22 @@ struct imv_os_state_t {
* Set [or with multiple attributes increment] package counters
*
* @param count Number of processed packages
- * @param count_update Number of not updated packages
+ * @param count_security Number of vulnerable packages
* @param count_blacklist Number of blacklisted packages
* @param count_ok Number of whitelisted packages
*/
- void (*set_count)(imv_os_state_t *this, int count, int count_update,
+ void (*set_count)(imv_os_state_t *this, int count, int count_security,
int count_blacklist, int count_ok);
/**
* Set [or with multiple attributes increment] package counters
*
* @param count Number of processed packages
- * @param count_update Number of not updated packages
+ * @param count_security Number of vulnerable packages
* @param count_blacklist Number of blacklisted packages
* @param count_ok Number of whitelisted packages
*/
- void (*get_count)(imv_os_state_t *this, int *count, int *count_update,
+ void (*get_count)(imv_os_state_t *this, int *count, int *count_security,
int *count_blacklist, int *count_ok);
/**
diff --git a/src/libimcv/plugins/imv_os/pacman.c b/src/libimcv/plugins/imv_os/pacman.c
deleted file mode 100644
index fbcab5eba..000000000
--- a/src/libimcv/plugins/imv_os/pacman.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/*
- * Copyright (C) 2012 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-#include <getopt.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <syslog.h>
-#include <time.h>
-#include <sys/stat.h>
-
-#include "imv_os_state.h"
-
-#include <library.h>
-#include <utils/debug.h>
-
-typedef enum pacman_state_t pacman_state_t;
-
-enum pacman_state_t {
- PACMAN_STATE_BEGIN_PACKAGE,
- PACMAN_STATE_VERSION,
- PACMAN_STATE_END_PACKAGE
-};
-
-typedef struct stats_t stats_t;
-
-struct stats_t {
- time_t release;
- int product;
- int packages;
- int new_packages;
- int new_versions;
- int updated_versions;
- int deleted_versions;
-};
-
-/**
- * global debug output variables
- */
-static int debug_level = 1;
-static bool stderr_quiet = TRUE;
-
-/**
- * pacman dbg function
- */
-static void pacman_dbg(debug_t group, level_t level, char *fmt, ...)
-{
- int priority = LOG_INFO;
- char buffer[8192];
- char *current = buffer, *next;
- va_list args;
-
- if (level <= debug_level)
- {
- if (!stderr_quiet)
- {
- va_start(args, fmt);
- vfprintf(stderr, fmt, args);
- fprintf(stderr, "\n");
- va_end(args);
- }
-
- /* write in memory buffer first */
- va_start(args, fmt);
- vsnprintf(buffer, sizeof(buffer), fmt, args);
- va_end(args);
-
- /* do a syslog with every line */
- while (current)
- {
- next = strchr(current, '\n');
- if (next)
- {
- *(next++) = '\0';
- }
- syslog(priority, "%s\n", current);
- current = next;
- }
- }
-}
-
-/**
- * atexit handler to close everything on shutdown
- */
-static void cleanup(void)
-{
- closelog();
- library_deinit();
-}
-
-static void usage(void)
-{
- printf("Parses package information files from Debian/Ubuntu repositories and\n");
- printf("stores the extracted information in the database used by the OS IMV.\n\n");
- printf("ipsec pacman --product <name> --file <filename> [--security]\n\n");
- printf(" --help print usage information\n");
- printf(" --product <name> name of the Debian/Ubuntu release, as stored in the DB\n");
- printf(" --file <filename> package information file to parse\n");
- printf(" --security set this when parsing a file with security updates\n");
- printf("\n");
-}
-
-/**
- * Update the package database
- */
-static bool update_database(database_t *db, char *package, char *version,
- bool security, stats_t *stats)
-{
- char *cur_version, *version_update = NULL, *version_delete = NULL;
- int cur_security, security_update = 0, security_delete = 0;
- int pac_id = 0, vid = 0, vid_update = 0, vid_delete = 0;
- u_int cur_time;
- bool add_version = TRUE;
- enumerator_t *e;
-
- /* increment package count */
- stats->packages++;
-
- /* check if package is already in database */
- e = db->query(db, "SELECT id FROM packages WHERE name = ?",
- DB_TEXT, package, DB_INT);
- if (!e)
- {
- return FALSE;
- }
- if (!e->enumerate(e, &pac_id))
- {
- pac_id = 0;
- }
- e->destroy(e);
-
- if (!pac_id && security)
- {
- if (db->execute(db, &pac_id, "INSERT INTO packages (name) VALUES (?)",
- DB_TEXT, package) != 1)
- {
- fprintf(stderr, "could not store package '%s' to database\n",
- package);
- return FALSE;
- }
- stats->new_packages++;
- }
-
- /* check for package versions already in database */
- e = db->query(db,
- "SELECT id, release, security, time FROM versions "
- "WHERE package = ? AND product = ?", DB_INT, pac_id,
- DB_INT, stats->product, DB_INT, DB_TEXT, DB_INT, DB_UINT);
- if (!e)
- {
- return FALSE;
- }
-
- while (e->enumerate(e, &vid, &cur_version, &cur_security, &cur_time))
- {
- if (streq(version, cur_version))
- {
- /* already in data base */
- add_version = FALSE;
- break;
- }
- else if (stats->release >= cur_time)
- {
- if (security)
- {
- if (cur_security)
- {
- vid_update = vid;
- version_update = strdup(cur_version);
- security_update = cur_security;
- }
- else
- {
- vid_delete = vid;
- version_delete = strdup(cur_version);
- security_delete = cur_security;
- }
- }
- else
- {
- if (!cur_security)
- {
- vid_update = vid;
- version_update = strdup(cur_version);
- security_update = cur_security;
- }
- }
- }
- else
- {
- if (security == cur_security)
- {
- add_version = FALSE;
- }
- }
- }
- e->destroy(e);
-
- if ((!vid && !security) || (vid && !add_version))
- {
- free(version_update);
- free(version_delete);
- return TRUE;
- }
-
- if ((!vid && security) || (vid && !vid_update))
- {
- printf("%s (%s) %s\n", package, version, security ? "[s]" : "");
-
- if (db->execute(db, &vid,
- "INSERT INTO versions "
- "(package, product, release, security, time) "
- "VALUES (?, ?, ?, ?, ?)", DB_INT, pac_id, DB_INT, stats->product,
- DB_TEXT, version, DB_INT, security, DB_INT, stats->release) != 1)
- {
- fprintf(stderr, "could not store version '%s' to database\n",
- version);
- free(version_update);
- free(version_delete);
- return FALSE;
- }
- stats->new_versions++;
- }
- else
- {
- printf("%s (%s) %s updated by\n",
- package, version_update, security_update ? "[s]" : "");
- printf("%s (%s) %s\n", package, version, security ? "[s]" : "");
-
- if (db->execute(db, NULL,
- "UPDATE versions SET release = ?, time = ? WHERE id = ?",
- DB_TEXT, version, DB_INT, stats->release, DB_INT, vid_update) <= 0)
- {
- fprintf(stderr, "could not update version '%s' to database\n",
- version);
- free(version_update);
- free(version_delete);
- return FALSE;
- }
- stats->updated_versions++;
- }
-
- if (vid_delete)
- {
- printf("%s (%s) %s deleted\n",
- package, version_delete, security_delete ? "[s]" : "");
- if (db->execute(db, NULL,
- "DELETE FROM versions WHERE id = ?",
- DB_INT, vid_delete) <= 0)
- {
- fprintf(stderr, "could not delete version '%s' from database\n",
- version_delete);
- free(version_update);
- free(version_delete);
- return FALSE;
- }
- stats->deleted_versions++;
- }
- free(version_update);
- free(version_delete);
-
- return TRUE;
-}
-
-/**
- * Process a package file and store updates in the database
- */
-static void process_packages(char *filename, char *product, bool security)
-{
- char *uri, line[BUF_LEN], *pos, *package = NULL, *version = NULL;
- pacman_state_t pacman_state;
- enumerator_t *e;
- database_t *db;
- int pid;
- FILE *file;
- stats_t stats;
- bool success;
-
- /* initialize statistics */
- memset(&stats, 0x00, sizeof(stats_t));
-
- /* Set release date to current time */
- stats.release = time(NULL);
-
- /* opening package file */
- printf("loading\"%s\"\n", filename);
- file = fopen(filename, "r");
- if (!file)
- {
- fprintf(stderr, "could not open \"%s\"\n", filename);
- exit(EXIT_FAILURE);
- }
-
- /* connect package database */
- uri = lib->settings->get_str(lib->settings, "pacman.database", NULL);
- if (!uri)
- {
- fprintf(stderr, "database URI pacman.database not set\n");
- fclose(file);
- exit(EXIT_FAILURE);
- }
- db = lib->db->create(lib->db, uri);
- if (!db)
- {
- fprintf(stderr, "could not connect to database '%s'\n", uri);
- fclose(file);
- exit(EXIT_FAILURE);
- }
-
- /* check if product is already in database */
- e = db->query(db, "SELECT id FROM products WHERE name = ?",
- DB_TEXT, product, DB_INT);
- if (e)
- {
- if (e->enumerate(e, &pid))
- {
- stats.product = pid;
- }
- e->destroy(e);
- }
- if (!stats.product)
- {
- if (db->execute(db, &pid, "INSERT INTO products (name) VALUES (?)",
- DB_TEXT, product) != 1)
- {
- fprintf(stderr, "could not store product '%s' to database\n",
- product);
- fclose(file);
- db->destroy(db);
- exit(EXIT_FAILURE);
- }
- stats.product = pid;
- }
-
- pacman_state = PACMAN_STATE_BEGIN_PACKAGE;
-
- while (fgets(line, sizeof(line), file))
- {
- /* set read pointer to beginning of line */
- pos = line;
-
- switch (pacman_state)
- {
- case PACMAN_STATE_BEGIN_PACKAGE:
- pos = strstr(pos, "Package: ");
- if (!pos)
- {
- continue;
- }
- pos += 9;
- package = pos;
- pos = strchr(pos, '\n');
- if (pos)
- {
- package = strndup(package, pos - package);
- pacman_state = PACMAN_STATE_VERSION;
- }
- break;
- case PACMAN_STATE_VERSION:
- pos = strstr(pos, "Version: ");
- if (!pos)
- {
- continue;
- }
- pos += 9;
- version = pos;
- pos = strchr(pos, '\n');
- if (pos)
- {
- version = strndup(version, pos - version);
- pacman_state = PACMAN_STATE_END_PACKAGE;
- }
- break;
- case PACMAN_STATE_END_PACKAGE:
- if (*pos != '\n')
- {
- continue;
- }
- success = update_database(db, package, version, security, &stats);
- free(package);
- free(version);
- if (!success)
- {
- fclose(file);
- db->destroy(db);
- exit(EXIT_FAILURE);
- }
- pacman_state = PACMAN_STATE_BEGIN_PACKAGE;
- }
- }
- switch (pacman_state)
- {
- case PACMAN_STATE_END_PACKAGE:
- free(version);
- /* fall-through */
- case PACMAN_STATE_VERSION:
- free(package);
- break;
- default:
- break;
- }
- fclose(file);
- db->destroy(db);
-
- printf("processed %d packages, %d new packages, %d new versions, "
- "%d updated versions, %d deleted versions\n",
- stats.packages, stats.new_packages, stats.new_versions,
- stats.updated_versions, stats.deleted_versions);
-}
-
-static void do_args(int argc, char *argv[])
-{
- char *filename = NULL, *product = NULL;
- bool security = FALSE;
-
- /* reinit getopt state */
- optind = 0;
-
- while (TRUE)
- {
- int c;
-
- struct option long_opts[] = {
- { "help", no_argument, NULL, 'h' },
- { "file", required_argument, NULL, 'f' },
- { "product", required_argument, NULL, 'p' },
- { "security", no_argument, NULL, 's' },
- { 0,0,0,0 }
- };
-
- c = getopt_long(argc, argv, "", long_opts, NULL);
- switch (c)
- {
- case EOF:
- break;
- case 'h':
- usage();
- exit(EXIT_SUCCESS);
- case 'f':
- filename = optarg;
- continue;
- case 'p':
- product = optarg;
- continue;
- case 's':
- security = TRUE;
- continue;
- }
- break;
- }
-
- if (filename && product)
- {
- process_packages(filename, product, security);
- }
- else
- {
- usage();
- exit(EXIT_FAILURE);
- }
-}
-
-int main(int argc, char *argv[])
-{
- /* enable attest debugging hook */
- dbg = pacman_dbg;
- openlog("pacman", 0, LOG_DEBUG);
-
- atexit(cleanup);
-
- /* initialize library */
- if (!library_init(NULL, "pacman"))
- {
- exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
- }
- if (!lib->plugins->load(lib->plugins,
- lib->settings->get_str(lib->settings, "pacman.load", "sqlite")))
- {
- exit(SS_RC_INITIALIZATION_FAILED);
- }
- do_args(argc, argv);
-
- exit(EXIT_SUCCESS);
-}
-
diff --git a/src/libimcv/plugins/imv_os/pacman.sh b/src/libimcv/plugins/imv_os/pacman.sh
deleted file mode 100755
index fcf35b644..000000000
--- a/src/libimcv/plugins/imv_os/pacman.sh
+++ /dev/null
@@ -1,203 +0,0 @@
-#!/bin/sh
-
-DIR="/etc/pts"
-DATE=`date +%Y%m%d-%H%M`
-UBUNTU="http://security.ubuntu.com/ubuntu/dists"
-UBUNTU_VERSIONS="trusty saucy raring quantal precise lucid"
-UBUNTU_DIRS="main multiverse restricted universe"
-UBUNTU_ARCH="binary-amd64 binary-i386"
-DEBIAN="http://security.debian.org/dists"
-DEBIAN_VERSIONS="jessie wheezy squeeze"
-DEBIAN_DIRS="main contrib non-free"
-DEBIAN_ARCH="binary-amd64 binary-i386"
-PACMAN=/usr/libexec/ipsec/pacman
-PACMAN_LOG="$DIR/$DATE-pacman.log"
-
-mkdir -p $DIR/dists
-cd $DIR/dists
-
-for v in $UBUNTU_VERSIONS
-do
- for a in $UBUNTU_ARCH
- do
- mkdir -p $v-security/$a $v-updates/$a
- for d in $UBUNTU_DIRS
- do
- wget $UBUNTU/$v-security/$d/$a/Packages.bz2 -O $v-security/$a/Packages-$d.bz2
- bunzip2 -f $v-security/$a/Packages-$d.bz2
- wget $UBUNTU/$v-updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2
- bunzip2 -f $v-updates/$a/Packages-$d.bz2
- done
- done
-done
-
-for v in $DEBIAN_VERSIONS
-do
- for a in $DEBIAN_ARCH
- do
- mkdir -p $v-updates/$a
- for d in $DEBIAN_DIRS
- do
- wget $DEBIAN/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2
- bunzip2 -f $v-updates/$a/Packages-$d.bz2
- done
- done
-done
-
-for f in trusty-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 14.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in trusty-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 14.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in trusty-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 14.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in trusty-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 14.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in saucy-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.10 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in saucy-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.10 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in saucy-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.10 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in saucy-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.10 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in raring-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in raring-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in raring-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in raring-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in quantal-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.10 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in quantal-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.10 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in quantal-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.10 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in quantal-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.10 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in precise-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in precise-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in precise-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in precise-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in lucid-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 10.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in lucid-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 10.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in lucid-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 10.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in lucid-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 10.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in jessie-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 8.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in jessie-updates/binary-i386/*
-do
- $PACMAN --product "Debian 8.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-for f in wheezy-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 7.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in wheezy-updates/binary-i386/*
-do
- $PACMAN --product "Debian 7.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-for f in squeeze-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 6.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in squeeze-updates/binary-i386/*
-do
- $PACMAN --product "Debian 6.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-cp $DIR/config.db $DIR/config.db-$DATE
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index b851f84e7..2649f499d 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in
index c745b4597..faccb683e 100644
--- a/src/libimcv/plugins/imv_swid/Makefile.in
+++ b/src/libimcv/plugins/imv_swid/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imv_swima/Makefile.in b/src/libimcv/plugins/imv_swima/Makefile.in
index 56eafa5ad..e2132b576 100644
--- a/src/libimcv/plugins/imv_swima/Makefile.in
+++ b/src/libimcv/plugins/imv_swima/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
index efa2b1105..1d9944200 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
@@ -44,7 +44,7 @@ typedef struct private_imv_swima_agent_t private_imv_swima_agent_t;
/* Subscribed PA-TNC message subtypes */
static pen_type_t msg_types[] = {
- { PEN_IETF, PA_SUBTYPE_IETF_SW }
+ { PEN_IETF, PA_SUBTYPE_IETF_SWIMA }
};
/**
@@ -175,7 +175,7 @@ static TNC_Result receive_msg(private_imv_swima_agent_t *this,
reader->destroy(reader);
continue;
}
- if (error_code.type == PA_ERROR_SW_RESPONSE_TOO_LARGE)
+ if (error_code.type == PA_ERROR_SWIMA_RESPONSE_TOO_LARGE)
{
if (!reader->read_uint32(reader, &max_attr_size))
{
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index 8a6b9ed15..b583a32c2 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -243,9 +243,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index d771d07ed..09ffd7160 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -762,7 +762,7 @@ METHOD(pts_t, verify_quote_signature, bool,
return FALSE;
}
- if (!aik_pubkey->verify(aik_pubkey, scheme, digest, signature))
+ if (!aik_pubkey->verify(aik_pubkey, scheme, NULL, digest, signature))
{
DBG1(DBG_PTS, "signature verification failed for TPM Quote Info");
DESTROY_IF(aik_pubkey);
diff --git a/src/libimcv/pts/pts_database.c b/src/libimcv/pts/pts_database.c
index 4a47b06f0..8b99d689b 100644
--- a/src/libimcv/pts/pts_database.c
+++ b/src/libimcv/pts/pts_database.c
@@ -121,15 +121,69 @@ METHOD(pts_database_t, create_file_hash_enumerator, enumerator_t*,
return e;
}
-METHOD(pts_database_t, add_file_measurement, status_t,
- private_pts_database_t *this, int pid, pts_meas_algorithms_t algo,
+
+METHOD(pts_database_t, get_product_version, bool,
+ private_pts_database_t *this, int pid, int *vid)
+{
+ enumerator_t *e;
+ int pkg_id;
+
+ /* does empty package name already exist? */
+ e = this->db->query(this->db,
+ "SELECT id FROM packages WHERE name = ''", DB_INT);
+ if (!e)
+ {
+ return FALSE;
+ }
+ if (!e->enumerate(e, &pkg_id))
+ {
+ /* create generic product version entry */
+ if (this->db->execute(this->db, &pkg_id,
+ "INSERT INTO packages (name) VALUES ('')") != 1)
+ {
+ DBG1(DBG_PTS, "could not insert package into database");
+ e->destroy(e);
+ return FALSE;
+ }
+ }
+ e->destroy(e);
+
+ /* does generic product version already exist? */
+ e = this->db->query(this->db,
+ "SELECT id FROM versions WHERE product = ? AND package = ?",
+ DB_INT, pid, DB_INT, pkg_id);
+ if (!e)
+ {
+ return FALSE;
+ }
+ if (!e->enumerate(e, vid))
+ {
+ /* create generic product version entry */
+ if (this->db->execute(this->db, vid,
+ "INSERT INTO versions (product, package) VALUES (?, ?)",
+ DB_INT, pid, DB_INT, pkg_id) != 1)
+ {
+ DBG1(DBG_PTS, "could not insert version into database");
+ e->destroy(e);
+ return FALSE;
+ }
+ }
+ e->destroy(e);
+
+ return TRUE;
+}
+
+METHOD(pts_database_t, add_file_measurement, bool,
+ private_pts_database_t *this, int vid, pts_meas_algorithms_t algo,
chunk_t measurement, char *filename, bool is_dir, int id)
{
enumerator_t *e;
char *name;
- chunk_t hash_value;
+ uint8_t hash_buf[HASH_SIZE_SHA512];
+ uint8_t hex_meas_buf[2*HASH_SIZE_SHA512+1], *hex_hash_buf;
+ chunk_t hash, hex_hash, hex_meas;
int hash_id, fid;
- status_t status = SUCCESS;
+ bool success = TRUE;
if (is_dir)
{
@@ -139,7 +193,7 @@ METHOD(pts_database_t, add_file_measurement, status_t,
DB_TEXT, filename, DB_INT, id, DB_INT);
if (!e)
{
- return FAILED;
+ return FALSE;
}
if (!e->enumerate(e, &fid))
{
@@ -149,7 +203,7 @@ METHOD(pts_database_t, add_file_measurement, status_t,
DB_TEXT, filename, DB_INT, id) != 1)
{
DBG1(DBG_PTS, "could not insert filename into database");
- status = FAILED;
+ success = FALSE;
}
}
e->destroy(e);
@@ -163,58 +217,63 @@ METHOD(pts_database_t, add_file_measurement, status_t,
"SELECT name FROM files WHERE id = ?", DB_INT, fid, DB_TEXT);
if (!e)
{
- return FAILED;
+ return FALSE;
}
if (!e->enumerate(e, &name) || !streq(name, filename))
{
DBG1(DBG_PTS, "filename of reference measurement does not match");
- status = FAILED;
+ success = FALSE;
}
e->destroy(e);
}
- if (status != SUCCESS)
+ if (!success)
{
- return status;
+ return FALSE;
}
/* does hash measurement value already exist? */
e = this->db->query(this->db,
- "SELECT fh.id, fh.hash FROM file_hashes AS fh "
- "JOIN versions AS v ON v.id = fh.version "
- "WHERE v.product = ? AND fh.algo = ? AND fh.file = ?",
- DB_INT, pid, DB_INT, algo, DB_INT, fid, DB_INT, DB_BLOB);
+ "SELECT id, hash FROM file_hashes "
+ "WHERE algo = ? AND file = ? AND version = ?",
+ DB_INT, algo, DB_INT, fid, DB_INT, vid, DB_INT, DB_TEXT);
if (!e)
{
- return FAILED;
+ return FALSE;
}
- if (e->enumerate(e, &hash_id, &hash_value))
+ if (e->enumerate(e, &hash_id, &hex_hash_buf))
{
- if (!chunk_equals_const(measurement, hash_value))
+ hex_hash = chunk_from_str(hex_hash_buf);
+ hash = chunk_from_hex(hex_hash, hash_buf);
+
+ if (!chunk_equals(measurement, hash))
{
/* update hash measurement value */
if (this->db->execute(this->db, &hash_id,
"UPDATE file_hashes SET hash = ? WHERE id = ?",
DB_BLOB, measurement, DB_INT, hash_id) != 1)
{
- status = FAILED;
+ success = FALSE;
}
}
}
else
{
+ hex_meas = chunk_to_hex(measurement, hex_meas_buf, FALSE);
+ hex_meas_buf[hex_meas.len] = '\0';
+
/* insert hash measurement value */
if (this->db->execute(this->db, &hash_id,
- "INSERT INTO file_hashes (file, product, algo, hash) "
- "VALUES (?, ?, ?, ?)", DB_INT, fid, DB_INT, pid,
- DB_INT, algo, DB_BLOB, measurement) != 1)
+ "INSERT INTO file_hashes (file, version, algo, hash) "
+ "VALUES (?, ?, ?, ?)", DB_INT, fid, DB_INT, vid,
+ DB_INT, algo, DB_TEXT, hex_meas_buf) != 1)
{
- status = FAILED;
+ success = FALSE;
}
}
e->destroy(e);
- return status;
+ return success;
}
METHOD(pts_database_t, create_file_meas_enumerator, enumerator_t*,
@@ -296,7 +355,7 @@ METHOD(pts_database_t, check_comp_measurement, status_t,
while (e->enumerate(e, &hash))
{
- if (chunk_equals_const(hash, measurement))
+ if (chunk_equals(hash, measurement))
{
status = SUCCESS;
break;
@@ -424,6 +483,7 @@ pts_database_t *pts_database_create(imv_database_t *imv_db)
.public = {
.get_pathname = _get_pathname,
.create_file_hash_enumerator = _create_file_hash_enumerator,
+ .get_product_version = _get_product_version,
.add_file_measurement = _add_file_measurement,
.create_file_meas_enumerator = _create_file_meas_enumerator,
.check_comp_measurement = _check_comp_measurement,
diff --git a/src/libimcv/pts/pts_database.h b/src/libimcv/pts/pts_database.h
index a6c9fb3b6..3a5ff5992 100644
--- a/src/libimcv/pts/pts_database.h
+++ b/src/libimcv/pts/pts_database.h
@@ -60,18 +60,27 @@ struct pts_database_t {
/**
* Add PTS file measurement reference value
*
- * @param pid Primary key of software product in database
+ * @param pid Primary key of platform product
+ * @param vid Primary key of generic product version
+ * @return TRUE if successful
+ */
+ bool (*get_product_version)(pts_database_t *this, int pid, int *vid);
+
+ /**
+ * Add PTS file measurement reference value
+ *
+ * @param vid Primary key of generic product version
* @param algo File measurement hash algorithm used
* @param measurement File measurement hash
* @param filename Optional name of the file to be checked
* @param is_dir TRUE if part of directory measurement
* @param id Primary key into direcories/files table
- * @return Status
+ * @return TRUE if successful
*/
- status_t (*add_file_measurement)(pts_database_t *this, int pid,
- pts_meas_algorithms_t algo,
- chunk_t measurement, char *filename,
- bool is_dir, int id);
+ bool (*add_file_measurement)(pts_database_t *this, int vid,
+ pts_meas_algorithms_t algo,
+ chunk_t measurement, char *filename,
+ bool is_dir, int id);
/**
* Get PTS measurement[s] for a given filename stored in database
diff --git a/src/libimcv/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c
index 92f513a2d..2f8935a87 100644
--- a/src/libimcv/pts/pts_file_meas.c
+++ b/src/libimcv/pts/pts_file_meas.c
@@ -140,7 +140,7 @@ METHOD(pts_file_meas_t, check, bool,
{
while (e->enumerate(e, &hash))
{
- if (chunk_equals_const(entry->measurement, hash))
+ if (chunk_equals(entry->measurement, hash))
{
status = SUCCESS;
break;
@@ -193,12 +193,13 @@ METHOD(pts_file_meas_t, verify, bool,
{
int fid, fid_last = 0;
char *filename;
- chunk_t measurement;
+ uint8_t measurement_buf[HASH_SIZE_SHA512], *hex_meas_buf;
+ chunk_t measurement, hex_meas;
entry_t *entry;
enumerator_t *enumerator = NULL;
bool found = FALSE, match = FALSE, success = TRUE;
- while (e_hash->enumerate(e_hash, &fid, &filename, &measurement))
+ while (e_hash->enumerate(e_hash, &fid, &filename, &hex_meas_buf))
{
if (fid != fid_last)
{
@@ -241,7 +242,10 @@ METHOD(pts_file_meas_t, verify, bool,
if (found && !match)
{
- if (chunk_equals_const(measurement, entry->measurement))
+ hex_meas = chunk_from_str(hex_meas_buf);
+ measurement = chunk_from_hex(hex_meas, measurement_buf);
+
+ if (chunk_equals(measurement, entry->measurement))
{
match = TRUE;
DBG2(DBG_PTS, " %#B for '%s' is ok",
diff --git a/src/libimcv/suites/test_imcv_seg.c b/src/libimcv/suites/test_imcv_seg.c
index 5245be9fa..fdb03b8ae 100644
--- a/src/libimcv/suites/test_imcv_seg.c
+++ b/src/libimcv/suites/test_imcv_seg.c
@@ -88,7 +88,7 @@ START_TEST(test_imcv_seg_env)
{
/* create first segment */
attr = seg_env->first_segment(seg_env, 0);
-
+
seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
segment = seg_env_attr->get_segment(seg_env_attr, &flags);
if (max_seg_size > 12)
@@ -108,8 +108,8 @@ START_TEST(test_imcv_seg_env)
segment = seg_env_attr->get_segment(seg_env_attr, &flags);
seg = chunk_create(command + n * max_seg_size - 12, seg_size);
ck_assert(chunk_equals(seg, segment));
- ck_assert(flags == last_seg ? SEG_ENV_FLAG_NONE :
- SEG_ENV_FLAG_MORE);
+ ck_assert(flags == (last_seg ? SEG_ENV_FLAG_NONE :
+ SEG_ENV_FLAG_MORE));
}
/* check built segment envelope attribute */
@@ -137,8 +137,8 @@ START_TEST(test_imcv_seg_env)
}
else
{
- ck_assert(flags == last_seg ? SEG_ENV_FLAG_NONE :
- SEG_ENV_FLAG_MORE);
+ ck_assert(flags == (last_seg ? SEG_ENV_FLAG_NONE :
+ SEG_ENV_FLAG_MORE));
seg_env1->add_segment(seg_env1, segment, &error);
}
attr1->destroy(attr1);
@@ -341,7 +341,7 @@ START_TEST(test_imcv_seg_contract)
ita_attr = (ita_attr_command_t*)base_attr_i;
ck_assert(streq(ita_attr->get_command(ita_attr), command));
base_attr_i->destroy(base_attr_i);
- }
+ }
contract_i->destroy(contract_i);
contract_r->destroy(contract_r);
base_attr_r->destroy(base_attr_r);
@@ -389,7 +389,7 @@ START_TEST(test_imcv_seg_contract_special)
contract_i->get_info_string(contract_i, info, sizeof(info), TRUE);
ck_assert(max_attr_size == 1000 && max_seg_size == 47);
ck_assert(!contract_i->is_null(contract_i));
-
+
/* create a null responder contract*/
contract_r = seg_contract_create(msg_type, SEG_CONTRACT_MAX_SIZE_VALUE,
SEG_CONTRACT_MAX_SIZE_VALUE,
@@ -594,7 +594,7 @@ START_TEST(test_imcv_seg_contract_invalid)
TRUE, issuer_id, FALSE);
base_attr = contract->add_segment(contract, attr_f, &error, &more);
ck_assert(base_attr == NULL);
-
+
if (contract_invalid_tests[_i].err_f)
{
ck_assert(error);
@@ -641,18 +641,18 @@ START_TEST(test_imcv_seg_contract_mgr)
contracts = seg_contract_manager_create();
/* add contract template as issuer */
- c1 = seg_contract_create(msg_type1, max_attr_size, max_seg_size,
+ c1 = seg_contract_create(msg_type1, max_attr_size, max_seg_size,
TRUE, 1, FALSE);
c1->get_info_string(c1, buf, BUF_LEN, TRUE);
contracts->add_contract(contracts, c1);
-
+
/* received contract request for msg_type1 as responder */
cx = contracts->get_contract(contracts, msg_type1, FALSE, 2);
ck_assert(cx == NULL);
/* add directed contract as responder */
- c2 = seg_contract_create(msg_type1, max_attr_size, max_seg_size,
+ c2 = seg_contract_create(msg_type1, max_attr_size, max_seg_size,
FALSE, 2, FALSE);
c2->set_responder(c2, 1);
c2->get_info_string(c2, buf, BUF_LEN, TRUE);
@@ -685,7 +685,7 @@ START_TEST(test_imcv_seg_contract_mgr)
ck_assert(cx == NULL);
/* add directed contract as responder */
- c4 = seg_contract_create(msg_type2, max_attr_size, max_seg_size,
+ c4 = seg_contract_create(msg_type2, max_attr_size, max_seg_size,
FALSE, 2, FALSE);
c4->set_responder(c4, 1);
contracts->add_contract(contracts, c4);
diff --git a/src/libimcv/suites/test_imcv_swima.c b/src/libimcv/suites/test_imcv_swima.c
index c54669d1d..a579f7378 100644
--- a/src/libimcv/suites/test_imcv_swima.c
+++ b/src/libimcv/suites/test_imcv_swima.c
@@ -124,7 +124,7 @@ static req_data_t req_data[] = {
START_TEST(test_imcv_swima_sw_req)
{
pen_type_t type;
- pen_type_t pen_type = { PEN_IETF, IETF_ATTR_SW_REQUEST };
+ pen_type_t pen_type = { PEN_IETF, IETF_ATTR_SWIMA_REQUEST };
pa_tnc_attr_t *attr, *attr1, *attr2;
ietf_swima_attr_req_t *c_attr;
swima_record_t *target;
diff --git a/src/libimcv/swid_gen/swid_gen.h b/src/libimcv/swid_gen/swid_gen.h
index c143f292d..3a69b984a 100644
--- a/src/libimcv/swid_gen/swid_gen.h
+++ b/src/libimcv/swid_gen/swid_gen.h
@@ -44,7 +44,7 @@ struct swid_gen_t {
char *version, bool full, bool pretty);
/**
- * Generate a SWID tag
+ * Generate SWID tags or software identifiers for all installed packages
*
* @param sw_id_only Return software identifier only
* @param full Generate full SWID tags with file information
diff --git a/src/libimcv/swima/swima_error.c b/src/libimcv/swima/swima_error.c
index 2aed2966b..bce4645f0 100644
--- a/src/libimcv/swima/swima_error.c
+++ b/src/libimcv/swima/swima_error.c
@@ -59,7 +59,7 @@ pa_tnc_attr_t* swima_error_create(pa_tnc_error_code_t code, uint32_t request_id,
writer = bio_writer_create(4);
writer->write_uint32(writer, request_id);
- if (code == PA_ERROR_SW_RESPONSE_TOO_LARGE)
+ if (code == PA_ERROR_SWIMA_RESPONSE_TOO_LARGE)
{
writer->write_uint32(writer, max_attr_size);
}
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index e4f0c4411..834be0eeb 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -287,9 +287,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 78b4c407a..904f118fd 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -52,7 +52,15 @@ struct ip6_hdr {
uint8_t ip6_hlim;
struct in6_addr ip6_src, ip6_dst;
} __attribute__((packed));
-#define HAVE_NETINET_IP6_H /* not really, but we only need the struct above */
+struct ip6_ext {
+ uint8_t ip6e_nxt;
+ uint8_t ip6e_len;
+} __attribute__((packed));
+#define HAVE_NETINET_IP6_H /* not really, but we only need the structs above */
+#endif
+
+#ifndef IP_OFFMASK
+#define IP_OFFMASK 0x1fff
#endif
/**
@@ -219,6 +227,56 @@ static bool parse_transport_header(chunk_t packet, uint8_t proto,
return TRUE;
}
+#ifdef HAVE_NETINET_IP6_H
+/**
+ * Skip to the actual payload and parse the transport header.
+ */
+static bool parse_transport_header_v6(struct ip6_hdr *ip, chunk_t packet,
+ chunk_t *payload, uint8_t *proto,
+ uint16_t *sport, uint16_t *dport)
+{
+ struct ip6_ext *ext;
+ bool fragment = FALSE;
+
+ *proto = ip->ip6_nxt;
+ *payload = chunk_skip(packet, 40);
+ while (payload->len >= sizeof(struct ip6_ext))
+ {
+ switch (*proto)
+ {
+ case 44: /* Fragment Header */
+ fragment = TRUE;
+ /* skip the header */
+ case 0: /* Hop-by-Hop Options Header */
+ case 43: /* Routing Header */
+ case 60: /* Destination Options Header */
+ case 135: /* Mobility Header */
+ case 139: /* HIP */
+ case 140: /* Shim6 */
+ /* simply skip over these headers for now */
+ ext = (struct ip6_ext*)payload->ptr;
+ *proto = ext->ip6e_nxt;
+ *payload = chunk_skip(*payload, 8 * (ext->ip6e_len + 1));
+ continue;
+ default:
+ /* assume anything else is an upper layer protocol but only
+ * attempt to parse the transport header for non-fragmented
+ * packets as there is no guarantee that initial fragments
+ * contain the transport header, depending on the number and
+ * type of extension headers */
+ if (!fragment &&
+ !parse_transport_header(*payload, *proto, sport, dport))
+ {
+ return FALSE;
+ }
+ break;
+ }
+ break;
+ }
+ return TRUE;
+}
+#endif /* HAVE_NETINET_IP6_H */
+
/**
* Described in header.
*/
@@ -253,7 +311,8 @@ ip_packet_t *ip_packet_create(chunk_t packet)
/* remove any RFC 4303 TFC extra padding */
packet.len = min(packet.len, untoh16(&ip->ip_len));
payload = chunk_skip(packet, ip->ip_hl * 4);
- if (!parse_transport_header(payload, ip->ip_p, &sport, &dport))
+ if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
+ !parse_transport_header(payload, ip->ip_p, &sport, &dport))
{
goto failed;
}
@@ -277,10 +336,8 @@ ip_packet_t *ip_packet_create(chunk_t packet)
ip = (struct ip6_hdr*)packet.ptr;
/* remove any RFC 4303 TFC extra padding */
packet.len = min(packet.len, 40 + untoh16(&ip->ip6_plen));
- /* we only handle packets without extension headers, just skip the
- * basic IPv6 header */
- payload = chunk_skip(packet, 40);
- if (!parse_transport_header(payload, ip->ip6_nxt, &sport, &dport))
+ if (!parse_transport_header_v6(ip, packet, &payload, &next_header,
+ &sport, &dport))
{
goto failed;
}
@@ -288,7 +345,6 @@ ip_packet_t *ip_packet_create(chunk_t packet)
chunk_from_thing(ip->ip6_src), sport);
dst = host_create_from_chunk(AF_INET6,
chunk_from_thing(ip->ip6_dst), dport);
- next_header = ip->ip6_nxt;
break;
}
#endif /* HAVE_NETINET_IP6_H */
diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c
index 957d930f2..44d35244a 100644
--- a/src/libipsec/ipsec_sa_mgr.c
+++ b/src/libipsec/ipsec_sa_mgr.c
@@ -107,6 +107,11 @@ typedef struct {
ipsec_sa_entry_t *entry;
/**
+ * SPI of the expired entry
+ */
+ uint32_t spi;
+
+ /**
* 0 if this is a hard expire, otherwise the offset in s (soft->hard)
*/
uint32_t hard_offset;
@@ -314,8 +319,9 @@ static job_requeue_t sa_expired(ipsec_sa_expired_t *expired)
private_ipsec_sa_mgr_t *this = expired->manager;
this->mutex->lock(this->mutex);
- if (this->sas->find_first(this->sas, NULL, (void**)&expired->entry))
- {
+ if (this->sas->find_first(this->sas, NULL, (void**)&expired->entry) &&
+ expired->spi == expired->entry->sa->get_spi(expired->entry->sa))
+ { /* only if we find the right SA at this pointer location */
uint32_t hard_offset;
hard_offset = expired->hard_offset;
@@ -355,6 +361,7 @@ static void schedule_expiration(private_ipsec_sa_mgr_t *this,
INIT(expired,
.manager = this,
.entry = entry,
+ .spi = entry->sa->get_spi(entry->sa),
);
/* schedule a rekey first, a hard timeout will be scheduled then, if any */
diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in
index 5b6c53075..ab5af4634 100644
--- a/src/libipsec/tests/Makefile.in
+++ b/src/libipsec/tests/Makefile.in
@@ -240,9 +240,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index 0185a3961..c0119f12b 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 794b4b447..4e5936ffc 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -240,9 +240,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index df1da70f4..edd978d78 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -243,9 +243,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index afca13428..0247add96 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -20,6 +20,7 @@ crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
+credentials/keys/signature_params.c \
credentials/certificates/certificate.c credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c credentials/certificates/x509.c \
credentials/certificates/certificate_printer.c \
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index b4d8452f1..a9759aeee 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -18,6 +18,7 @@ crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
+credentials/keys/signature_params.c \
credentials/certificates/certificate.c credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c credentials/certificates/x509.c \
credentials/certificates/certificate_printer.c \
@@ -79,6 +80,7 @@ crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
credentials/credential_factory.h credentials/builder.h \
credentials/cred_encoding.h credentials/keys/private_key.h \
credentials/keys/public_key.h credentials/keys/shared_key.h \
+credentials/keys/signature_params.h \
credentials/certificates/certificate.h credentials/certificates/x509.h \
credentials/certificates/ac.h credentials/certificates/crl.h \
credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \
@@ -96,6 +98,7 @@ fetcher/fetcher_manager.h eap/eap.h pen/pen.h ipsec/ipsec_types.h \
networking/host.h networking/host_resolver.h networking/packet.h \
networking/tun_device.h networking/streams/stream.h \
networking/streams/stream_unix.h networking/streams/stream_service_unix.h \
+networking/streams/stream_service_systemd.h \
networking/streams/stream_tcp.h networking/streams/stream_service_tcp.h \
networking/streams/stream_service.h networking/streams/stream_manager.h \
resolver/resolver.h resolver/resolver_response.h resolver/rr_set.h \
@@ -192,19 +195,28 @@ if USE_LIBCAP
libstrongswan_la_LIBADD += -lcap
endif
+if USE_SYSTEMD
+ AM_CPPFLAGS += $(systemd_CFLAGS) -DUSE_SYSTEMD
+ libstrongswan_la_SOURCES += networking/streams/stream_service_systemd.c
+ libstrongswan_la_LIBADD += $(systemd_LIBS)
+endif
+
EXTRA_DIST = \
asn1/oid.txt asn1/oid.pl \
crypto/proposal/proposal_keywords_static.txt \
+crypto/proposal/proposal_keywords_static.h.in \
plugins/plugin_constructors.py \
Android.mk
BUILT_SOURCES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords_static.h \
$(srcdir)/crypto/proposal/proposal_keywords_static.c \
settings/settings_parser.h
MAINTAINERCLEANFILES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords_static.h \
$(srcdir)/crypto/proposal/proposal_keywords_static.c
$(srcdir)/asn1/oid.c : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
@@ -215,6 +227,12 @@ $(srcdir)/asn1/oid.h : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
$(AM_V_GEN) \
(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
+$(srcdir)/crypto/proposal/proposal_keywords_static.h: $(srcdir)/crypto/proposal/proposal_keywords_static.h.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:\@GPERF_LEN_TYPE\@:$(GPERF_LEN_TYPE):" \
+ $< > $@
+
$(srcdir)/crypto/proposal/proposal_keywords_static.c: $(srcdir)/crypto/proposal/proposal_keywords_static.txt \
$(srcdir)/crypto/proposal/proposal_keywords_static.h
$(AM_V_GEN) \
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 16e585654..356670dad 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -123,129 +123,132 @@ host_triplet = @host@
@USE_BUILTIN_PRINTF_TRUE@am__append_15 = -lm
@USE_BUILTIN_PRINTF_FALSE@@USE_VSTR_FALSE@am__append_16 = utils/printf_hook/printf_hook_glibc.c
@USE_LIBCAP_TRUE@am__append_17 = -lcap
-@STATIC_PLUGIN_CONSTRUCTORS_TRUE@am__append_18 = $(srcdir)/plugin_constructors.c
+@USE_SYSTEMD_TRUE@am__append_18 = $(systemd_CFLAGS) -DUSE_SYSTEMD
+@USE_SYSTEMD_TRUE@am__append_19 = networking/streams/stream_service_systemd.c
+@USE_SYSTEMD_TRUE@am__append_20 = $(systemd_LIBS)
+@STATIC_PLUGIN_CONSTRUCTORS_TRUE@am__append_21 = $(srcdir)/plugin_constructors.c
# build libnttfft used by some plugins
######################################
-@USE_LIBNTTFFT_TRUE@am__append_19 = math/libnttfft
+@USE_LIBNTTFFT_TRUE@am__append_22 = math/libnttfft
# build plugins with their own Makefile
#######################################
-@USE_AF_ALG_TRUE@am__append_20 = plugins/af_alg
-@MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_21 = plugins/af_alg/libstrongswan-af-alg.la
-@USE_AES_TRUE@am__append_22 = plugins/aes
-@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_23 = plugins/aes/libstrongswan-aes.la
-@USE_DES_TRUE@am__append_24 = plugins/des
-@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_25 = plugins/des/libstrongswan-des.la
-@USE_BLOWFISH_TRUE@am__append_26 = plugins/blowfish
-@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_27 = plugins/blowfish/libstrongswan-blowfish.la
-@USE_RC2_TRUE@am__append_28 = plugins/rc2
-@MONOLITHIC_TRUE@@USE_RC2_TRUE@am__append_29 = plugins/rc2/libstrongswan-rc2.la
-@USE_MD4_TRUE@am__append_30 = plugins/md4
-@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_31 = plugins/md4/libstrongswan-md4.la
-@USE_MD5_TRUE@am__append_32 = plugins/md5
-@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_33 = plugins/md5/libstrongswan-md5.la
-@USE_SHA1_TRUE@am__append_34 = plugins/sha1
-@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_35 = plugins/sha1/libstrongswan-sha1.la
-@USE_SHA2_TRUE@am__append_36 = plugins/sha2
-@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_37 = plugins/sha2/libstrongswan-sha2.la
-@USE_SHA3_TRUE@am__append_38 = plugins/sha3
-@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_39 = plugins/sha3/libstrongswan-sha3.la
-@USE_GMP_TRUE@am__append_40 = plugins/gmp
-@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_41 = plugins/gmp/libstrongswan-gmp.la
-@USE_CURVE25519_TRUE@am__append_42 = plugins/curve25519
-@MONOLITHIC_TRUE@@USE_CURVE25519_TRUE@am__append_43 = plugins/curve25519/libstrongswan-curve25519.la
-@USE_RDRAND_TRUE@am__append_44 = plugins/rdrand
-@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_45 = plugins/rdrand/libstrongswan-rdrand.la
-@USE_AESNI_TRUE@am__append_46 = plugins/aesni
-@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_47 = plugins/aesni/libstrongswan-aesni.la
-@USE_RANDOM_TRUE@am__append_48 = plugins/random
-@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_49 = plugins/random/libstrongswan-random.la
-@USE_NONCE_TRUE@am__append_50 = plugins/nonce
-@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_51 = plugins/nonce/libstrongswan-nonce.la
-@USE_HMAC_TRUE@am__append_52 = plugins/hmac
-@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_53 = plugins/hmac/libstrongswan-hmac.la
-@USE_CMAC_TRUE@am__append_54 = plugins/cmac
-@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_55 = plugins/cmac/libstrongswan-cmac.la
-@USE_XCBC_TRUE@am__append_56 = plugins/xcbc
-@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_57 = plugins/xcbc/libstrongswan-xcbc.la
-@USE_X509_TRUE@am__append_58 = plugins/x509
-@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_59 = plugins/x509/libstrongswan-x509.la
-@USE_REVOCATION_TRUE@am__append_60 = plugins/revocation
-@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_61 = plugins/revocation/libstrongswan-revocation.la
-@USE_CONSTRAINTS_TRUE@am__append_62 = plugins/constraints
-@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_63 = plugins/constraints/libstrongswan-constraints.la
-@USE_ACERT_TRUE@am__append_64 = plugins/acert
-@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_65 = plugins/acert/libstrongswan-acert.la
-@USE_PUBKEY_TRUE@am__append_66 = plugins/pubkey
-@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_67 = plugins/pubkey/libstrongswan-pubkey.la
-@USE_PKCS1_TRUE@am__append_68 = plugins/pkcs1
-@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_69 = plugins/pkcs1/libstrongswan-pkcs1.la
-@USE_PKCS7_TRUE@am__append_70 = plugins/pkcs7
-@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_71 = plugins/pkcs7/libstrongswan-pkcs7.la
-@USE_PKCS8_TRUE@am__append_72 = plugins/pkcs8
-@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_73 = plugins/pkcs8/libstrongswan-pkcs8.la
-@USE_PKCS12_TRUE@am__append_74 = plugins/pkcs12
-@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_75 = plugins/pkcs12/libstrongswan-pkcs12.la
-@USE_PGP_TRUE@am__append_76 = plugins/pgp
-@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_77 = plugins/pgp/libstrongswan-pgp.la
-@USE_DNSKEY_TRUE@am__append_78 = plugins/dnskey
-@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_79 = plugins/dnskey/libstrongswan-dnskey.la
-@USE_SSHKEY_TRUE@am__append_80 = plugins/sshkey
-@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_81 = plugins/sshkey/libstrongswan-sshkey.la
-@USE_PEM_TRUE@am__append_82 = plugins/pem
-@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_83 = plugins/pem/libstrongswan-pem.la
-@USE_CURL_TRUE@am__append_84 = plugins/curl
-@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_85 = plugins/curl/libstrongswan-curl.la
-@USE_FILES_TRUE@am__append_86 = plugins/files
-@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_87 = plugins/files/libstrongswan-files.la
-@USE_WINHTTP_TRUE@am__append_88 = plugins/winhttp
-@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_89 = plugins/winhttp/libstrongswan-winhttp.la
-@USE_UNBOUND_TRUE@am__append_90 = plugins/unbound
-@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_91 = plugins/unbound/libstrongswan-unbound.la
-@USE_SOUP_TRUE@am__append_92 = plugins/soup
-@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_93 = plugins/soup/libstrongswan-soup.la
-@USE_LDAP_TRUE@am__append_94 = plugins/ldap
-@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_95 = plugins/ldap/libstrongswan-ldap.la
-@USE_MYSQL_TRUE@am__append_96 = plugins/mysql
-@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_97 = plugins/mysql/libstrongswan-mysql.la
-@USE_SQLITE_TRUE@am__append_98 = plugins/sqlite
-@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_99 = plugins/sqlite/libstrongswan-sqlite.la
-@USE_PADLOCK_TRUE@am__append_100 = plugins/padlock
-@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_101 = plugins/padlock/libstrongswan-padlock.la
-@USE_OPENSSL_TRUE@am__append_102 = plugins/openssl
-@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_103 = plugins/openssl/libstrongswan-openssl.la
-@USE_GCRYPT_TRUE@am__append_104 = plugins/gcrypt
-@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_105 = plugins/gcrypt/libstrongswan-gcrypt.la
-@USE_FIPS_PRF_TRUE@am__append_106 = plugins/fips_prf
-@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_107 = plugins/fips_prf/libstrongswan-fips-prf.la
-@USE_AGENT_TRUE@am__append_108 = plugins/agent
-@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_109 = plugins/agent/libstrongswan-agent.la
-@USE_KEYCHAIN_TRUE@am__append_110 = plugins/keychain
-@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_111 = plugins/keychain/libstrongswan-keychain.la
-@USE_PKCS11_TRUE@am__append_112 = plugins/pkcs11
-@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_113 = plugins/pkcs11/libstrongswan-pkcs11.la
-@USE_CHAPOLY_TRUE@am__append_114 = plugins/chapoly
-@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_115 = plugins/chapoly/libstrongswan-chapoly.la
-@USE_CTR_TRUE@am__append_116 = plugins/ctr
-@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_117 = plugins/ctr/libstrongswan-ctr.la
-@USE_CCM_TRUE@am__append_118 = plugins/ccm
-@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_119 = plugins/ccm/libstrongswan-ccm.la
-@USE_GCM_TRUE@am__append_120 = plugins/gcm
-@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_121 = plugins/gcm/libstrongswan-gcm.la
-@USE_MGF1_TRUE@am__append_122 = plugins/mgf1
-@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_123 = plugins/mgf1/libstrongswan-mgf1.la
-@USE_NTRU_TRUE@am__append_124 = plugins/ntru
-@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_125 = plugins/ntru/libstrongswan-ntru.la
-@USE_BLISS_TRUE@am__append_126 = plugins/bliss
-@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_127 = plugins/bliss/libstrongswan-bliss.la
-@USE_NEWHOPE_TRUE@am__append_128 = plugins/newhope
-@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_129 = plugins/newhope/libstrongswan-newhope.la
-@USE_TEST_VECTORS_TRUE@am__append_130 = plugins/test_vectors
-@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_131 = plugins/test_vectors/libstrongswan-test-vectors.la
-@USE_LIBNTTFFT_TRUE@am__append_132 = math/libnttfft/tests
-@USE_BLISS_TRUE@am__append_133 = plugins/bliss/tests
-@USE_NEWHOPE_TRUE@am__append_134 = plugins/newhope/tests
+@USE_AF_ALG_TRUE@am__append_23 = plugins/af_alg
+@MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_24 = plugins/af_alg/libstrongswan-af-alg.la
+@USE_AES_TRUE@am__append_25 = plugins/aes
+@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_26 = plugins/aes/libstrongswan-aes.la
+@USE_DES_TRUE@am__append_27 = plugins/des
+@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_28 = plugins/des/libstrongswan-des.la
+@USE_BLOWFISH_TRUE@am__append_29 = plugins/blowfish
+@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_30 = plugins/blowfish/libstrongswan-blowfish.la
+@USE_RC2_TRUE@am__append_31 = plugins/rc2
+@MONOLITHIC_TRUE@@USE_RC2_TRUE@am__append_32 = plugins/rc2/libstrongswan-rc2.la
+@USE_MD4_TRUE@am__append_33 = plugins/md4
+@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_34 = plugins/md4/libstrongswan-md4.la
+@USE_MD5_TRUE@am__append_35 = plugins/md5
+@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_36 = plugins/md5/libstrongswan-md5.la
+@USE_SHA1_TRUE@am__append_37 = plugins/sha1
+@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_38 = plugins/sha1/libstrongswan-sha1.la
+@USE_SHA2_TRUE@am__append_39 = plugins/sha2
+@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_40 = plugins/sha2/libstrongswan-sha2.la
+@USE_SHA3_TRUE@am__append_41 = plugins/sha3
+@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_42 = plugins/sha3/libstrongswan-sha3.la
+@USE_GMP_TRUE@am__append_43 = plugins/gmp
+@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_44 = plugins/gmp/libstrongswan-gmp.la
+@USE_CURVE25519_TRUE@am__append_45 = plugins/curve25519
+@MONOLITHIC_TRUE@@USE_CURVE25519_TRUE@am__append_46 = plugins/curve25519/libstrongswan-curve25519.la
+@USE_RDRAND_TRUE@am__append_47 = plugins/rdrand
+@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_48 = plugins/rdrand/libstrongswan-rdrand.la
+@USE_AESNI_TRUE@am__append_49 = plugins/aesni
+@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_50 = plugins/aesni/libstrongswan-aesni.la
+@USE_RANDOM_TRUE@am__append_51 = plugins/random
+@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_52 = plugins/random/libstrongswan-random.la
+@USE_NONCE_TRUE@am__append_53 = plugins/nonce
+@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_54 = plugins/nonce/libstrongswan-nonce.la
+@USE_HMAC_TRUE@am__append_55 = plugins/hmac
+@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_56 = plugins/hmac/libstrongswan-hmac.la
+@USE_CMAC_TRUE@am__append_57 = plugins/cmac
+@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_58 = plugins/cmac/libstrongswan-cmac.la
+@USE_XCBC_TRUE@am__append_59 = plugins/xcbc
+@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_60 = plugins/xcbc/libstrongswan-xcbc.la
+@USE_X509_TRUE@am__append_61 = plugins/x509
+@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_62 = plugins/x509/libstrongswan-x509.la
+@USE_REVOCATION_TRUE@am__append_63 = plugins/revocation
+@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_64 = plugins/revocation/libstrongswan-revocation.la
+@USE_CONSTRAINTS_TRUE@am__append_65 = plugins/constraints
+@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_66 = plugins/constraints/libstrongswan-constraints.la
+@USE_ACERT_TRUE@am__append_67 = plugins/acert
+@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_68 = plugins/acert/libstrongswan-acert.la
+@USE_PUBKEY_TRUE@am__append_69 = plugins/pubkey
+@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_70 = plugins/pubkey/libstrongswan-pubkey.la
+@USE_PKCS1_TRUE@am__append_71 = plugins/pkcs1
+@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_72 = plugins/pkcs1/libstrongswan-pkcs1.la
+@USE_PKCS7_TRUE@am__append_73 = plugins/pkcs7
+@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_74 = plugins/pkcs7/libstrongswan-pkcs7.la
+@USE_PKCS8_TRUE@am__append_75 = plugins/pkcs8
+@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_76 = plugins/pkcs8/libstrongswan-pkcs8.la
+@USE_PKCS12_TRUE@am__append_77 = plugins/pkcs12
+@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_78 = plugins/pkcs12/libstrongswan-pkcs12.la
+@USE_PGP_TRUE@am__append_79 = plugins/pgp
+@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_80 = plugins/pgp/libstrongswan-pgp.la
+@USE_DNSKEY_TRUE@am__append_81 = plugins/dnskey
+@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_82 = plugins/dnskey/libstrongswan-dnskey.la
+@USE_SSHKEY_TRUE@am__append_83 = plugins/sshkey
+@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_84 = plugins/sshkey/libstrongswan-sshkey.la
+@USE_PEM_TRUE@am__append_85 = plugins/pem
+@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_86 = plugins/pem/libstrongswan-pem.la
+@USE_CURL_TRUE@am__append_87 = plugins/curl
+@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_88 = plugins/curl/libstrongswan-curl.la
+@USE_FILES_TRUE@am__append_89 = plugins/files
+@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_90 = plugins/files/libstrongswan-files.la
+@USE_WINHTTP_TRUE@am__append_91 = plugins/winhttp
+@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_92 = plugins/winhttp/libstrongswan-winhttp.la
+@USE_UNBOUND_TRUE@am__append_93 = plugins/unbound
+@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_94 = plugins/unbound/libstrongswan-unbound.la
+@USE_SOUP_TRUE@am__append_95 = plugins/soup
+@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_96 = plugins/soup/libstrongswan-soup.la
+@USE_LDAP_TRUE@am__append_97 = plugins/ldap
+@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_98 = plugins/ldap/libstrongswan-ldap.la
+@USE_MYSQL_TRUE@am__append_99 = plugins/mysql
+@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_100 = plugins/mysql/libstrongswan-mysql.la
+@USE_SQLITE_TRUE@am__append_101 = plugins/sqlite
+@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_102 = plugins/sqlite/libstrongswan-sqlite.la
+@USE_PADLOCK_TRUE@am__append_103 = plugins/padlock
+@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_104 = plugins/padlock/libstrongswan-padlock.la
+@USE_OPENSSL_TRUE@am__append_105 = plugins/openssl
+@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_106 = plugins/openssl/libstrongswan-openssl.la
+@USE_GCRYPT_TRUE@am__append_107 = plugins/gcrypt
+@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_108 = plugins/gcrypt/libstrongswan-gcrypt.la
+@USE_FIPS_PRF_TRUE@am__append_109 = plugins/fips_prf
+@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_110 = plugins/fips_prf/libstrongswan-fips-prf.la
+@USE_AGENT_TRUE@am__append_111 = plugins/agent
+@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_112 = plugins/agent/libstrongswan-agent.la
+@USE_KEYCHAIN_TRUE@am__append_113 = plugins/keychain
+@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_114 = plugins/keychain/libstrongswan-keychain.la
+@USE_PKCS11_TRUE@am__append_115 = plugins/pkcs11
+@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_116 = plugins/pkcs11/libstrongswan-pkcs11.la
+@USE_CHAPOLY_TRUE@am__append_117 = plugins/chapoly
+@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_118 = plugins/chapoly/libstrongswan-chapoly.la
+@USE_CTR_TRUE@am__append_119 = plugins/ctr
+@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_120 = plugins/ctr/libstrongswan-ctr.la
+@USE_CCM_TRUE@am__append_121 = plugins/ccm
+@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_122 = plugins/ccm/libstrongswan-ccm.la
+@USE_GCM_TRUE@am__append_123 = plugins/gcm
+@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_124 = plugins/gcm/libstrongswan-gcm.la
+@USE_MGF1_TRUE@am__append_125 = plugins/mgf1
+@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_126 = plugins/mgf1/libstrongswan-mgf1.la
+@USE_NTRU_TRUE@am__append_127 = plugins/ntru
+@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_128 = plugins/ntru/libstrongswan-ntru.la
+@USE_BLISS_TRUE@am__append_129 = plugins/bliss
+@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_130 = plugins/bliss/libstrongswan-bliss.la
+@USE_NEWHOPE_TRUE@am__append_131 = plugins/newhope
+@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_132 = plugins/newhope/libstrongswan-newhope.la
+@USE_TEST_VECTORS_TRUE@am__append_133 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_134 = plugins/test_vectors/libstrongswan-test-vectors.la
+@USE_LIBNTTFFT_TRUE@am__append_135 = math/libnttfft/tests
+@USE_BLISS_TRUE@am__append_136 = plugins/bliss/tests
+@USE_NEWHOPE_TRUE@am__append_137 = plugins/newhope/tests
subdir = src/libstrongswan
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -299,32 +302,33 @@ am__installdirs = "$(DESTDIR)$(ipseclibdir)" \
LTLIBRARIES = $(ipseclib_LTLIBRARIES)
am__DEPENDENCIES_1 =
@USE_WINDOWS_FALSE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
+@USE_SYSTEMD_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1)
libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_21) \
- $(am__append_23) $(am__append_25) $(am__append_27) \
- $(am__append_29) $(am__append_31) $(am__append_33) \
- $(am__append_35) $(am__append_37) $(am__append_39) \
- $(am__append_41) $(am__append_43) $(am__append_45) \
- $(am__append_47) $(am__append_49) $(am__append_51) \
- $(am__append_53) $(am__append_55) $(am__append_57) \
- $(am__append_59) $(am__append_61) $(am__append_63) \
- $(am__append_65) $(am__append_67) $(am__append_69) \
- $(am__append_71) $(am__append_73) $(am__append_75) \
- $(am__append_77) $(am__append_79) $(am__append_81) \
- $(am__append_83) $(am__append_85) $(am__append_87) \
- $(am__append_89) $(am__append_91) $(am__append_93) \
- $(am__append_95) $(am__append_97) $(am__append_99) \
- $(am__append_101) $(am__append_103) $(am__append_105) \
- $(am__append_107) $(am__append_109) $(am__append_111) \
- $(am__append_113) $(am__append_115) $(am__append_117) \
- $(am__append_119) $(am__append_121) $(am__append_123) \
- $(am__append_125) $(am__append_127) $(am__append_129) \
- $(am__append_131)
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_3) $(am__append_24) $(am__append_26) \
+ $(am__append_28) $(am__append_30) $(am__append_32) \
+ $(am__append_34) $(am__append_36) $(am__append_38) \
+ $(am__append_40) $(am__append_42) $(am__append_44) \
+ $(am__append_46) $(am__append_48) $(am__append_50) \
+ $(am__append_52) $(am__append_54) $(am__append_56) \
+ $(am__append_58) $(am__append_60) $(am__append_62) \
+ $(am__append_64) $(am__append_66) $(am__append_68) \
+ $(am__append_70) $(am__append_72) $(am__append_74) \
+ $(am__append_76) $(am__append_78) $(am__append_80) \
+ $(am__append_82) $(am__append_84) $(am__append_86) \
+ $(am__append_88) $(am__append_90) $(am__append_92) \
+ $(am__append_94) $(am__append_96) $(am__append_98) \
+ $(am__append_100) $(am__append_102) $(am__append_104) \
+ $(am__append_106) $(am__append_108) $(am__append_110) \
+ $(am__append_112) $(am__append_114) $(am__append_116) \
+ $(am__append_118) $(am__append_120) $(am__append_122) \
+ $(am__append_124) $(am__append_126) $(am__append_128) \
+ $(am__append_130) $(am__append_132) $(am__append_134)
am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
bio/bio_writer.c collections/blocking_queue.c \
@@ -344,6 +348,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
+ credentials/keys/signature_params.c \
credentials/certificates/certificate.c \
credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c \
@@ -390,7 +395,8 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
utils/compat/windows.c utils/leak_detective.c \
utils/integrity_checker.c utils/printf_hook/printf_hook_vstr.c \
utils/printf_hook/printf_hook_builtin.c \
- utils/printf_hook/printf_hook_glibc.c
+ utils/printf_hook/printf_hook_glibc.c \
+ networking/streams/stream_service_systemd.c
am__dirstamp = $(am__leading_dot)dirstamp
@USE_WINDOWS_FALSE@am__objects_1 = threading/thread.lo \
@USE_WINDOWS_FALSE@ threading/thread_value.lo \
@@ -411,6 +417,7 @@ am__dirstamp = $(am__leading_dot)dirstamp
@USE_VSTR_TRUE@am__objects_5 = utils/printf_hook/printf_hook_vstr.lo
@USE_BUILTIN_PRINTF_TRUE@am__objects_6 = utils/printf_hook/printf_hook_builtin.lo
@USE_BUILTIN_PRINTF_FALSE@@USE_VSTR_FALSE@am__objects_7 = utils/printf_hook/printf_hook_glibc.lo
+@USE_SYSTEMD_TRUE@am__objects_8 = networking/streams/stream_service_systemd.lo
am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
asn1/asn1_parser.lo asn1/oid.lo bio/bio_reader.lo \
bio/bio_writer.lo collections/blocking_queue.lo \
@@ -431,6 +438,7 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
credentials/credential_factory.lo credentials/builder.lo \
credentials/cred_encoding.lo credentials/keys/private_key.lo \
credentials/keys/public_key.lo credentials/keys/shared_key.lo \
+ credentials/keys/signature_params.lo \
credentials/certificates/certificate.lo \
credentials/certificates/crl.lo \
credentials/certificates/ocsp_response.lo \
@@ -469,7 +477,7 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
utils/utils/status.lo utils/utils/time.lo utils/utils/align.lo \
$(am__objects_1) $(am__objects_2) $(am__objects_3) \
$(am__objects_4) $(am__objects_5) $(am__objects_6) \
- $(am__objects_7)
+ $(am__objects_7) $(am__objects_8)
libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -561,6 +569,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
credentials/credential_factory.h credentials/builder.h \
credentials/cred_encoding.h credentials/keys/private_key.h \
credentials/keys/public_key.h credentials/keys/shared_key.h \
+ credentials/keys/signature_params.h \
credentials/certificates/certificate.h \
credentials/certificates/x509.h credentials/certificates/ac.h \
credentials/certificates/crl.h \
@@ -584,6 +593,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
networking/tun_device.h networking/streams/stream.h \
networking/streams/stream_unix.h \
networking/streams/stream_service_unix.h \
+ networking/streams/stream_service_systemd.h \
networking/streams/stream_tcp.h \
networking/streams/stream_service_tcp.h \
networking/streams/stream_service.h \
@@ -720,9 +730,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -942,6 +954,7 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
+ credentials/keys/signature_params.c \
credentials/certificates/certificate.c \
credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c \
@@ -979,7 +992,7 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
utils/utils/path.c utils/utils/status.c utils/utils/time.c \
utils/utils/align.c $(am__append_1) $(am__append_3) \
$(am__append_8) $(am__append_11) $(am__append_12) \
- $(am__append_14) $(am__append_16)
+ $(am__append_14) $(am__append_16) $(am__append_19)
# private header files
noinst_HEADERS = \
@@ -1003,6 +1016,7 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE@credentials/credential_factory.h credentials/builder.h \
@USE_DEV_HEADERS_TRUE@credentials/cred_encoding.h credentials/keys/private_key.h \
@USE_DEV_HEADERS_TRUE@credentials/keys/public_key.h credentials/keys/shared_key.h \
+@USE_DEV_HEADERS_TRUE@credentials/keys/signature_params.h \
@USE_DEV_HEADERS_TRUE@credentials/certificates/certificate.h credentials/certificates/x509.h \
@USE_DEV_HEADERS_TRUE@credentials/certificates/ac.h credentials/certificates/crl.h \
@USE_DEV_HEADERS_TRUE@credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \
@@ -1020,6 +1034,7 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE@networking/host.h networking/host_resolver.h networking/packet.h \
@USE_DEV_HEADERS_TRUE@networking/tun_device.h networking/streams/stream.h \
@USE_DEV_HEADERS_TRUE@networking/streams/stream_unix.h networking/streams/stream_service_unix.h \
+@USE_DEV_HEADERS_TRUE@networking/streams/stream_service_systemd.h \
@USE_DEV_HEADERS_TRUE@networking/streams/stream_tcp.h networking/streams/stream_service_tcp.h \
@USE_DEV_HEADERS_TRUE@networking/streams/stream_service.h networking/streams/stream_manager.h \
@USE_DEV_HEADERS_TRUE@resolver/resolver.h resolver/resolver_response.h resolver/rr_set.h \
@@ -1044,31 +1059,32 @@ settings/settings_types.h
libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \
$(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_2) \
$(am__append_4) $(am__append_5) $(am__append_13) \
- $(am__append_15) $(am__append_17) $(am__append_21) \
- $(am__append_23) $(am__append_25) $(am__append_27) \
- $(am__append_29) $(am__append_31) $(am__append_33) \
- $(am__append_35) $(am__append_37) $(am__append_39) \
- $(am__append_41) $(am__append_43) $(am__append_45) \
- $(am__append_47) $(am__append_49) $(am__append_51) \
- $(am__append_53) $(am__append_55) $(am__append_57) \
- $(am__append_59) $(am__append_61) $(am__append_63) \
- $(am__append_65) $(am__append_67) $(am__append_69) \
- $(am__append_71) $(am__append_73) $(am__append_75) \
- $(am__append_77) $(am__append_79) $(am__append_81) \
- $(am__append_83) $(am__append_85) $(am__append_87) \
- $(am__append_89) $(am__append_91) $(am__append_93) \
- $(am__append_95) $(am__append_97) $(am__append_99) \
- $(am__append_101) $(am__append_103) $(am__append_105) \
- $(am__append_107) $(am__append_109) $(am__append_111) \
- $(am__append_113) $(am__append_115) $(am__append_117) \
- $(am__append_119) $(am__append_121) $(am__append_123) \
- $(am__append_125) $(am__append_127) $(am__append_129) \
- $(am__append_131)
+ $(am__append_15) $(am__append_17) $(am__append_20) \
+ $(am__append_24) $(am__append_26) $(am__append_28) \
+ $(am__append_30) $(am__append_32) $(am__append_34) \
+ $(am__append_36) $(am__append_38) $(am__append_40) \
+ $(am__append_42) $(am__append_44) $(am__append_46) \
+ $(am__append_48) $(am__append_50) $(am__append_52) \
+ $(am__append_54) $(am__append_56) $(am__append_58) \
+ $(am__append_60) $(am__append_62) $(am__append_64) \
+ $(am__append_66) $(am__append_68) $(am__append_70) \
+ $(am__append_72) $(am__append_74) $(am__append_76) \
+ $(am__append_78) $(am__append_80) $(am__append_82) \
+ $(am__append_84) $(am__append_86) $(am__append_88) \
+ $(am__append_90) $(am__append_92) $(am__append_94) \
+ $(am__append_96) $(am__append_98) $(am__append_100) \
+ $(am__append_102) $(am__append_104) $(am__append_106) \
+ $(am__append_108) $(am__append_110) $(am__append_112) \
+ $(am__append_114) $(am__append_116) $(am__append_118) \
+ $(am__append_120) $(am__append_122) $(am__append_124) \
+ $(am__append_126) $(am__append_128) $(am__append_130) \
+ $(am__append_132) $(am__append_134)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
-DPLUGINDIR=\"${plugindir}\" \
-DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_6) \
- $(am__append_7) $(am__append_9) $(am__append_10)
+ $(am__append_7) $(am__append_9) $(am__append_10) \
+ $(am__append_18)
AM_CFLAGS = \
@COVERAGE_CFLAGS@
@@ -1079,83 +1095,86 @@ AM_YFLAGS = -v -d
EXTRA_DIST = \
asn1/oid.txt asn1/oid.pl \
crypto/proposal/proposal_keywords_static.txt \
+crypto/proposal/proposal_keywords_static.h.in \
plugins/plugin_constructors.py \
Android.mk
BUILT_SOURCES = $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+ $(srcdir)/crypto/proposal/proposal_keywords_static.h \
$(srcdir)/crypto/proposal/proposal_keywords_static.c \
- settings/settings_parser.h $(am__append_18)
+ settings/settings_parser.h $(am__append_21)
MAINTAINERCLEANFILES = \
$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords_static.h \
$(srcdir)/crypto/proposal/proposal_keywords_static.c
@STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c
# build unit tests
##################
-@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_19) $(am__append_20) \
-@MONOLITHIC_FALSE@ $(am__append_22) $(am__append_24) \
-@MONOLITHIC_FALSE@ $(am__append_26) $(am__append_28) \
-@MONOLITHIC_FALSE@ $(am__append_30) $(am__append_32) \
-@MONOLITHIC_FALSE@ $(am__append_34) $(am__append_36) \
-@MONOLITHIC_FALSE@ $(am__append_38) $(am__append_40) \
-@MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \
-@MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \
-@MONOLITHIC_FALSE@ $(am__append_50) $(am__append_52) \
-@MONOLITHIC_FALSE@ $(am__append_54) $(am__append_56) \
-@MONOLITHIC_FALSE@ $(am__append_58) $(am__append_60) \
-@MONOLITHIC_FALSE@ $(am__append_62) $(am__append_64) \
-@MONOLITHIC_FALSE@ $(am__append_66) $(am__append_68) \
-@MONOLITHIC_FALSE@ $(am__append_70) $(am__append_72) \
-@MONOLITHIC_FALSE@ $(am__append_74) $(am__append_76) \
-@MONOLITHIC_FALSE@ $(am__append_78) $(am__append_80) \
-@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \
-@MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \
-@MONOLITHIC_FALSE@ $(am__append_90) $(am__append_92) \
-@MONOLITHIC_FALSE@ $(am__append_94) $(am__append_96) \
-@MONOLITHIC_FALSE@ $(am__append_98) $(am__append_100) \
-@MONOLITHIC_FALSE@ $(am__append_102) $(am__append_104) \
-@MONOLITHIC_FALSE@ $(am__append_106) $(am__append_108) \
-@MONOLITHIC_FALSE@ $(am__append_110) $(am__append_112) \
-@MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \
-@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \
-@MONOLITHIC_FALSE@ $(am__append_122) $(am__append_124) \
-@MONOLITHIC_FALSE@ $(am__append_126) $(am__append_128) \
-@MONOLITHIC_FALSE@ $(am__append_130) tests $(am__append_132) \
-@MONOLITHIC_FALSE@ $(am__append_133) $(am__append_134)
+@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_22) $(am__append_23) \
+@MONOLITHIC_FALSE@ $(am__append_25) $(am__append_27) \
+@MONOLITHIC_FALSE@ $(am__append_29) $(am__append_31) \
+@MONOLITHIC_FALSE@ $(am__append_33) $(am__append_35) \
+@MONOLITHIC_FALSE@ $(am__append_37) $(am__append_39) \
+@MONOLITHIC_FALSE@ $(am__append_41) $(am__append_43) \
+@MONOLITHIC_FALSE@ $(am__append_45) $(am__append_47) \
+@MONOLITHIC_FALSE@ $(am__append_49) $(am__append_51) \
+@MONOLITHIC_FALSE@ $(am__append_53) $(am__append_55) \
+@MONOLITHIC_FALSE@ $(am__append_57) $(am__append_59) \
+@MONOLITHIC_FALSE@ $(am__append_61) $(am__append_63) \
+@MONOLITHIC_FALSE@ $(am__append_65) $(am__append_67) \
+@MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \
+@MONOLITHIC_FALSE@ $(am__append_73) $(am__append_75) \
+@MONOLITHIC_FALSE@ $(am__append_77) $(am__append_79) \
+@MONOLITHIC_FALSE@ $(am__append_81) $(am__append_83) \
+@MONOLITHIC_FALSE@ $(am__append_85) $(am__append_87) \
+@MONOLITHIC_FALSE@ $(am__append_89) $(am__append_91) \
+@MONOLITHIC_FALSE@ $(am__append_93) $(am__append_95) \
+@MONOLITHIC_FALSE@ $(am__append_97) $(am__append_99) \
+@MONOLITHIC_FALSE@ $(am__append_101) $(am__append_103) \
+@MONOLITHIC_FALSE@ $(am__append_105) $(am__append_107) \
+@MONOLITHIC_FALSE@ $(am__append_109) $(am__append_111) \
+@MONOLITHIC_FALSE@ $(am__append_113) $(am__append_115) \
+@MONOLITHIC_FALSE@ $(am__append_117) $(am__append_119) \
+@MONOLITHIC_FALSE@ $(am__append_121) $(am__append_123) \
+@MONOLITHIC_FALSE@ $(am__append_125) $(am__append_127) \
+@MONOLITHIC_FALSE@ $(am__append_129) $(am__append_131) \
+@MONOLITHIC_FALSE@ $(am__append_133) tests $(am__append_135) \
+@MONOLITHIC_FALSE@ $(am__append_136) $(am__append_137)
# build unit tests
##################
-@MONOLITHIC_TRUE@SUBDIRS = $(am__append_19) $(am__append_20) \
-@MONOLITHIC_TRUE@ $(am__append_22) $(am__append_24) \
-@MONOLITHIC_TRUE@ $(am__append_26) $(am__append_28) \
-@MONOLITHIC_TRUE@ $(am__append_30) $(am__append_32) \
-@MONOLITHIC_TRUE@ $(am__append_34) $(am__append_36) \
-@MONOLITHIC_TRUE@ $(am__append_38) $(am__append_40) \
-@MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \
-@MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \
-@MONOLITHIC_TRUE@ $(am__append_50) $(am__append_52) \
-@MONOLITHIC_TRUE@ $(am__append_54) $(am__append_56) \
-@MONOLITHIC_TRUE@ $(am__append_58) $(am__append_60) \
-@MONOLITHIC_TRUE@ $(am__append_62) $(am__append_64) \
-@MONOLITHIC_TRUE@ $(am__append_66) $(am__append_68) \
-@MONOLITHIC_TRUE@ $(am__append_70) $(am__append_72) \
-@MONOLITHIC_TRUE@ $(am__append_74) $(am__append_76) \
-@MONOLITHIC_TRUE@ $(am__append_78) $(am__append_80) \
-@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \
-@MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \
-@MONOLITHIC_TRUE@ $(am__append_90) $(am__append_92) \
-@MONOLITHIC_TRUE@ $(am__append_94) $(am__append_96) \
-@MONOLITHIC_TRUE@ $(am__append_98) $(am__append_100) \
-@MONOLITHIC_TRUE@ $(am__append_102) $(am__append_104) \
-@MONOLITHIC_TRUE@ $(am__append_106) $(am__append_108) \
-@MONOLITHIC_TRUE@ $(am__append_110) $(am__append_112) \
-@MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \
-@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \
-@MONOLITHIC_TRUE@ $(am__append_122) $(am__append_124) \
-@MONOLITHIC_TRUE@ $(am__append_126) $(am__append_128) \
-@MONOLITHIC_TRUE@ $(am__append_130) . tests $(am__append_132) \
-@MONOLITHIC_TRUE@ $(am__append_133) $(am__append_134)
+@MONOLITHIC_TRUE@SUBDIRS = $(am__append_22) $(am__append_23) \
+@MONOLITHIC_TRUE@ $(am__append_25) $(am__append_27) \
+@MONOLITHIC_TRUE@ $(am__append_29) $(am__append_31) \
+@MONOLITHIC_TRUE@ $(am__append_33) $(am__append_35) \
+@MONOLITHIC_TRUE@ $(am__append_37) $(am__append_39) \
+@MONOLITHIC_TRUE@ $(am__append_41) $(am__append_43) \
+@MONOLITHIC_TRUE@ $(am__append_45) $(am__append_47) \
+@MONOLITHIC_TRUE@ $(am__append_49) $(am__append_51) \
+@MONOLITHIC_TRUE@ $(am__append_53) $(am__append_55) \
+@MONOLITHIC_TRUE@ $(am__append_57) $(am__append_59) \
+@MONOLITHIC_TRUE@ $(am__append_61) $(am__append_63) \
+@MONOLITHIC_TRUE@ $(am__append_65) $(am__append_67) \
+@MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \
+@MONOLITHIC_TRUE@ $(am__append_73) $(am__append_75) \
+@MONOLITHIC_TRUE@ $(am__append_77) $(am__append_79) \
+@MONOLITHIC_TRUE@ $(am__append_81) $(am__append_83) \
+@MONOLITHIC_TRUE@ $(am__append_85) $(am__append_87) \
+@MONOLITHIC_TRUE@ $(am__append_89) $(am__append_91) \
+@MONOLITHIC_TRUE@ $(am__append_93) $(am__append_95) \
+@MONOLITHIC_TRUE@ $(am__append_97) $(am__append_99) \
+@MONOLITHIC_TRUE@ $(am__append_101) $(am__append_103) \
+@MONOLITHIC_TRUE@ $(am__append_105) $(am__append_107) \
+@MONOLITHIC_TRUE@ $(am__append_109) $(am__append_111) \
+@MONOLITHIC_TRUE@ $(am__append_113) $(am__append_115) \
+@MONOLITHIC_TRUE@ $(am__append_117) $(am__append_119) \
+@MONOLITHIC_TRUE@ $(am__append_121) $(am__append_123) \
+@MONOLITHIC_TRUE@ $(am__append_125) $(am__append_127) \
+@MONOLITHIC_TRUE@ $(am__append_129) $(am__append_131) \
+@MONOLITHIC_TRUE@ $(am__append_133) . tests $(am__append_135) \
+@MONOLITHIC_TRUE@ $(am__append_136) $(am__append_137)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -1384,6 +1403,9 @@ credentials/keys/public_key.lo: credentials/keys/$(am__dirstamp) \
credentials/keys/$(DEPDIR)/$(am__dirstamp)
credentials/keys/shared_key.lo: credentials/keys/$(am__dirstamp) \
credentials/keys/$(DEPDIR)/$(am__dirstamp)
+credentials/keys/signature_params.lo: \
+ credentials/keys/$(am__dirstamp) \
+ credentials/keys/$(DEPDIR)/$(am__dirstamp)
credentials/certificates/$(am__dirstamp):
@$(MKDIR_P) credentials/certificates
@: > credentials/certificates/$(am__dirstamp)
@@ -1700,6 +1722,9 @@ utils/printf_hook/printf_hook_builtin.lo: \
utils/printf_hook/printf_hook_glibc.lo: \
utils/printf_hook/$(am__dirstamp) \
utils/printf_hook/$(DEPDIR)/$(am__dirstamp)
+networking/streams/stream_service_systemd.lo: \
+ networking/streams/$(am__dirstamp) \
+ networking/streams/$(DEPDIR)/$(am__dirstamp)
libstrongswan.la: $(libstrongswan_la_OBJECTS) $(libstrongswan_la_DEPENDENCIES) $(EXTRA_libstrongswan_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libstrongswan_la_OBJECTS) $(libstrongswan_la_LIBADD) $(LIBS)
@@ -1808,6 +1833,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@credentials/keys/$(DEPDIR)/private_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/keys/$(DEPDIR)/public_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/keys/$(DEPDIR)/shared_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@credentials/keys/$(DEPDIR)/signature_params.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/sets/$(DEPDIR)/auth_cfg_wrapper.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/sets/$(DEPDIR)/callback_cred.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/sets/$(DEPDIR)/cert_cache.Plo@am__quote@
@@ -1849,6 +1875,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@networking/streams/$(DEPDIR)/stream.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@networking/streams/$(DEPDIR)/stream_manager.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@networking/streams/$(DEPDIR)/stream_service.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@networking/streams/$(DEPDIR)/stream_service_systemd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@networking/streams/$(DEPDIR)/stream_service_tcp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@networking/streams/$(DEPDIR)/stream_service_unix.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@networking/streams/$(DEPDIR)/stream_tcp.Plo@am__quote@
@@ -2384,6 +2411,12 @@ $(srcdir)/asn1/oid.h : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
$(AM_V_GEN) \
(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
+$(srcdir)/crypto/proposal/proposal_keywords_static.h: $(srcdir)/crypto/proposal/proposal_keywords_static.h.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:\@GPERF_LEN_TYPE\@:$(GPERF_LEN_TYPE):" \
+ $< > $@
+
$(srcdir)/crypto/proposal/proposal_keywords_static.c: $(srcdir)/crypto/proposal/proposal_keywords_static.txt \
$(srcdir)/crypto/proposal/proposal_keywords_static.h
$(AM_V_GEN) \
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 8b9dc1c48..3f3a5c587 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -33,7 +33,15 @@ const chunk_t ASN1_INTEGER_1 = chunk_from_chars(0x02, 0x01, 0x01);
const chunk_t ASN1_INTEGER_2 = chunk_from_chars(0x02, 0x01, 0x02);
/*
- * Defined in header.
+ * Described in header
+ */
+chunk_t asn1_algorithmIdentifier_params(int oid, chunk_t params)
+{
+ return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(oid), params);
+}
+
+/*
+ * Described in header
*/
chunk_t asn1_algorithmIdentifier(int oid)
{
@@ -55,7 +63,7 @@ chunk_t asn1_algorithmIdentifier(int oid)
parameters = asn1_simple_object(ASN1_NULL, chunk_empty);
break;
}
- return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(oid), parameters);
+ return asn1_algorithmIdentifier_params(oid, parameters);
}
/*
@@ -609,6 +617,26 @@ uint64_t asn1_parse_integer_uint64(chunk_t blob)
return val;
}
+/*
+ * Described in header
+ */
+chunk_t asn1_integer_from_uint64(uint64_t val)
+{
+ u_char buf[sizeof(val)];
+ chunk_t enc = chunk_empty;
+
+ if (val < 0x100)
+ {
+ buf[0] = (u_char)val;
+ return chunk_clone(chunk_create(buf, 1));
+ }
+ for (enc.ptr = buf + sizeof(val); val; enc.len++, val >>= 8)
+ { /* fill the buffer from the end */
+ *(--enc.ptr) = val & 0xff;
+ }
+ return chunk_clone(enc);
+}
+
/**
* ASN.1 definition of an algorithmIdentifier
*/
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index f0b3e17e8..3c7389e5c 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -1,8 +1,8 @@
/*
+ * Copyright (C) 2011-2017 Tobias Brunner
* Copyright (C) 2006 Martin Will
* Copyright (C) 2000-2008 Andreas Steffen
- *
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -92,14 +92,23 @@ extern const chunk_t ASN1_INTEGER_2;
/** Some ASN.1 analysis functions */
/**
- * Build an algorithmIdentifier from a known OID.
+ * Build an algorithmIdentifier from a known OID with empty parameters.
*
* @param oid known OID index
- * @return body of the corresponding OID, allocated
+ * @return body of the corresponding ASN.1 structure, allocated
*/
chunk_t asn1_algorithmIdentifier(int oid);
/**
+ * Build an algorithmIdentifier from a known OID and the given prameters.
+ *
+ * @param oid known OID index
+ * @param params parameters to encode in the algorithmIdentifier (adopted)
+ * @return body of the corresponding ASN.1 structure, allocated
+ */
+chunk_t asn1_algorithmIdentifier_params(int oid, chunk_t params);
+
+/**
* Converts an ASN.1 OID into a known OID index
*
* @param object body of an OID
@@ -181,6 +190,14 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level0,
uint64_t asn1_parse_integer_uint64(chunk_t blob);
/**
+ * Converts an uint64_t to an ASN.1 INTEGER object.
+ *
+ * @param val integer to convert
+ * @return body of an ASN.1 coded integer object
+ */
+chunk_t asn1_integer_from_uint64(uint64_t val);
+
+/**
* Print the value of an ASN.1 simple object
*
* @param object ASN.1 object to be printed
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index bb423dcac..6d9f98ee4 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -28,478 +28,482 @@ const oid_t oid_names[] = {
{ 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */
{ 0x01, 17, 0, 9, "UID" }, /* 16 */
{ 0x19, 0, 0, 9, "DC" }, /* 17 */
- {0x55, 67, 1, 0, "X.500" }, /* 18 */
- { 0x04, 39, 1, 1, "X.509" }, /* 19 */
+ {0x55, 70, 1, 0, "X.500" }, /* 18 */
+ { 0x04, 42, 1, 1, "X.509" }, /* 19 */
{ 0x03, 21, 0, 2, "CN" }, /* 20 */
{ 0x04, 22, 0, 2, "S" }, /* 21 */
{ 0x05, 23, 0, 2, "SN" }, /* 22 */
{ 0x06, 24, 0, 2, "C" }, /* 23 */
{ 0x07, 25, 0, 2, "L" }, /* 24 */
{ 0x08, 26, 0, 2, "ST" }, /* 25 */
- { 0x0A, 27, 0, 2, "O" }, /* 26 */
- { 0x0B, 28, 0, 2, "OU" }, /* 27 */
- { 0x0C, 29, 0, 2, "T" }, /* 28 */
- { 0x0D, 30, 0, 2, "D" }, /* 29 */
- { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */
- { 0x29, 32, 0, 2, "N" }, /* 31 */
- { 0x2A, 33, 0, 2, "G" }, /* 32 */
- { 0x2B, 34, 0, 2, "I" }, /* 33 */
- { 0x2D, 35, 0, 2, "ID" }, /* 34 */
- { 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */
- { 0x36, 37, 0, 2, "dmdName" }, /* 36 */
- { 0x41, 38, 0, 2, "pseudonym" }, /* 37 */
- { 0x48, 0, 0, 2, "role" }, /* 38 */
- { 0x1D, 0, 1, 1, "id-ce" }, /* 39 */
- { 0x09, 41, 0, 2, "subjectDirectoryAttrs" }, /* 40 */
- { 0x0E, 42, 0, 2, "subjectKeyIdentifier" }, /* 41 */
- { 0x0F, 43, 0, 2, "keyUsage" }, /* 42 */
- { 0x10, 44, 0, 2, "privateKeyUsagePeriod" }, /* 43 */
- { 0x11, 45, 0, 2, "subjectAltName" }, /* 44 */
- { 0x12, 46, 0, 2, "issuerAltName" }, /* 45 */
- { 0x13, 47, 0, 2, "basicConstraints" }, /* 46 */
- { 0x14, 48, 0, 2, "crlNumber" }, /* 47 */
- { 0x15, 49, 0, 2, "reasonCode" }, /* 48 */
- { 0x17, 50, 0, 2, "holdInstructionCode" }, /* 49 */
- { 0x18, 51, 0, 2, "invalidityDate" }, /* 50 */
- { 0x1B, 52, 0, 2, "deltaCrlIndicator" }, /* 51 */
- { 0x1C, 53, 0, 2, "issuingDistributionPoint" }, /* 52 */
- { 0x1D, 54, 0, 2, "certificateIssuer" }, /* 53 */
- { 0x1E, 55, 0, 2, "nameConstraints" }, /* 54 */
- { 0x1F, 56, 0, 2, "crlDistributionPoints" }, /* 55 */
- { 0x20, 58, 1, 2, "certificatePolicies" }, /* 56 */
- { 0x00, 0, 0, 3, "anyPolicy" }, /* 57 */
- { 0x21, 59, 0, 2, "policyMappings" }, /* 58 */
- { 0x23, 60, 0, 2, "authorityKeyIdentifier" }, /* 59 */
- { 0x24, 61, 0, 2, "policyConstraints" }, /* 60 */
- { 0x25, 63, 1, 2, "extendedKeyUsage" }, /* 61 */
- { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 62 */
- { 0x2E, 64, 0, 2, "freshestCRL" }, /* 63 */
- { 0x36, 65, 0, 2, "inhibitAnyPolicy" }, /* 64 */
- { 0x37, 66, 0, 2, "targetInformation" }, /* 65 */
- { 0x38, 0, 0, 2, "noRevAvail" }, /* 66 */
- {0x2A, 191, 1, 0, "" }, /* 67 */
- { 0x83, 80, 1, 1, "" }, /* 68 */
- { 0x08, 0, 1, 2, "jp" }, /* 69 */
- { 0x8C, 0, 1, 3, "" }, /* 70 */
- { 0x9A, 0, 1, 4, "" }, /* 71 */
- { 0x4B, 0, 1, 5, "" }, /* 72 */
- { 0x3D, 0, 1, 6, "" }, /* 73 */
- { 0x01, 0, 1, 7, "security" }, /* 74 */
- { 0x01, 0, 1, 8, "algorithm" }, /* 75 */
- { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 76 */
- { 0x02, 78, 0, 10, "camellia128-cbc" }, /* 77 */
- { 0x03, 79, 0, 10, "camellia192-cbc" }, /* 78 */
- { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 79 */
- { 0x86, 0, 1, 1, "" }, /* 80 */
- { 0x48, 0, 1, 2, "us" }, /* 81 */
- { 0x86, 150, 1, 3, "" }, /* 82 */
- { 0xF6, 88, 1, 4, "" }, /* 83 */
- { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 84 */
- { 0x07, 0, 1, 6, "Entrust" }, /* 85 */
- { 0x41, 0, 1, 7, "nsn-ce" }, /* 86 */
- { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 87 */
- { 0xF7, 0, 1, 4, "" }, /* 88 */
- { 0x0D, 0, 1, 5, "RSADSI" }, /* 89 */
- { 0x01, 145, 1, 6, "PKCS" }, /* 90 */
- { 0x01, 103, 1, 7, "PKCS-1" }, /* 91 */
- { 0x01, 93, 0, 8, "rsaEncryption" }, /* 92 */
- { 0x02, 94, 0, 8, "md2WithRSAEncryption" }, /* 93 */
- { 0x04, 95, 0, 8, "md5WithRSAEncryption" }, /* 94 */
- { 0x05, 96, 0, 8, "sha-1WithRSAEncryption" }, /* 95 */
- { 0x07, 97, 0, 8, "id-RSAES-OAEP" }, /* 96 */
- { 0x08, 98, 0, 8, "id-mgf1" }, /* 97 */
- { 0x09, 99, 0, 8, "id-pSpecified" }, /* 98 */
- { 0x0B, 100, 0, 8, "sha256WithRSAEncryption" }, /* 99 */
- { 0x0C, 101, 0, 8, "sha384WithRSAEncryption" }, /* 100 */
- { 0x0D, 102, 0, 8, "sha512WithRSAEncryption" }, /* 101 */
- { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 102 */
- { 0x05, 108, 1, 7, "PKCS-5" }, /* 103 */
- { 0x03, 105, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 104 */
- { 0x0A, 106, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 105 */
- { 0x0C, 107, 0, 8, "id-PBKDF2" }, /* 106 */
- { 0x0D, 0, 0, 8, "id-PBES2" }, /* 107 */
- { 0x07, 115, 1, 7, "PKCS-7" }, /* 108 */
- { 0x01, 110, 0, 8, "data" }, /* 109 */
- { 0x02, 111, 0, 8, "signedData" }, /* 110 */
- { 0x03, 112, 0, 8, "envelopedData" }, /* 111 */
- { 0x04, 113, 0, 8, "signedAndEnvelopedData" }, /* 112 */
- { 0x05, 114, 0, 8, "digestedData" }, /* 113 */
- { 0x06, 0, 0, 8, "encryptedData" }, /* 114 */
- { 0x09, 129, 1, 7, "PKCS-9" }, /* 115 */
- { 0x01, 117, 0, 8, "E" }, /* 116 */
- { 0x02, 118, 0, 8, "unstructuredName" }, /* 117 */
- { 0x03, 119, 0, 8, "contentType" }, /* 118 */
- { 0x04, 120, 0, 8, "messageDigest" }, /* 119 */
- { 0x05, 121, 0, 8, "signingTime" }, /* 120 */
- { 0x06, 122, 0, 8, "counterSignature" }, /* 121 */
- { 0x07, 123, 0, 8, "challengePassword" }, /* 122 */
- { 0x08, 124, 0, 8, "unstructuredAddress" }, /* 123 */
- { 0x0E, 125, 0, 8, "extensionRequest" }, /* 124 */
- { 0x0F, 126, 0, 8, "S/MIME Capabilities" }, /* 125 */
- { 0x16, 0, 1, 8, "certTypes" }, /* 126 */
- { 0x01, 128, 0, 9, "X.509" }, /* 127 */
- { 0x02, 0, 0, 9, "SDSI" }, /* 128 */
- { 0x0c, 0, 1, 7, "PKCS-12" }, /* 129 */
- { 0x01, 137, 1, 8, "pbeIds" }, /* 130 */
- { 0x01, 132, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 131 */
- { 0x02, 133, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 132 */
- { 0x03, 134, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC" }, /* 133 */
- { 0x04, 135, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC" }, /* 134 */
- { 0x05, 136, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 135 */
- { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 136 */
- { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 137 */
- { 0x01, 0, 1, 9, "bagIds" }, /* 138 */
- { 0x01, 140, 0, 10, "keyBag" }, /* 139 */
- { 0x02, 141, 0, 10, "pkcs8ShroudedKeyBag" }, /* 140 */
- { 0x03, 142, 0, 10, "certBag" }, /* 141 */
- { 0x04, 143, 0, 10, "crlBag" }, /* 142 */
- { 0x05, 144, 0, 10, "secretBag" }, /* 143 */
- { 0x06, 0, 0, 10, "safeContentsBag" }, /* 144 */
- { 0x02, 148, 1, 6, "digestAlgorithm" }, /* 145 */
- { 0x02, 147, 0, 7, "md2" }, /* 146 */
- { 0x05, 0, 0, 7, "md5" }, /* 147 */
- { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 148 */
- { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 149 */
- { 0xCE, 0, 1, 3, "" }, /* 150 */
- { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 151 */
- { 0x02, 154, 1, 5, "id-publicKeyType" }, /* 152 */
- { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 153 */
- { 0x03, 184, 1, 5, "ellipticCurve" }, /* 154 */
- { 0x00, 176, 1, 6, "c-TwoCurve" }, /* 155 */
- { 0x01, 157, 0, 7, "c2pnb163v1" }, /* 156 */
- { 0x02, 158, 0, 7, "c2pnb163v2" }, /* 157 */
- { 0x03, 159, 0, 7, "c2pnb163v3" }, /* 158 */
- { 0x04, 160, 0, 7, "c2pnb176w1" }, /* 159 */
- { 0x05, 161, 0, 7, "c2tnb191v1" }, /* 160 */
- { 0x06, 162, 0, 7, "c2tnb191v2" }, /* 161 */
- { 0x07, 163, 0, 7, "c2tnb191v3" }, /* 162 */
- { 0x08, 164, 0, 7, "c2onb191v4" }, /* 163 */
- { 0x09, 165, 0, 7, "c2onb191v5" }, /* 164 */
- { 0x0A, 166, 0, 7, "c2pnb208w1" }, /* 165 */
- { 0x0B, 167, 0, 7, "c2tnb239v1" }, /* 166 */
- { 0x0C, 168, 0, 7, "c2tnb239v2" }, /* 167 */
- { 0x0D, 169, 0, 7, "c2tnb239v3" }, /* 168 */
- { 0x0E, 170, 0, 7, "c2onb239v4" }, /* 169 */
- { 0x0F, 171, 0, 7, "c2onb239v5" }, /* 170 */
- { 0x10, 172, 0, 7, "c2pnb272w1" }, /* 171 */
- { 0x11, 173, 0, 7, "c2pnb304w1" }, /* 172 */
- { 0x12, 174, 0, 7, "c2tnb359v1" }, /* 173 */
- { 0x13, 175, 0, 7, "c2pnb368w1" }, /* 174 */
- { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 175 */
- { 0x01, 0, 1, 6, "primeCurve" }, /* 176 */
- { 0x01, 178, 0, 7, "prime192v1" }, /* 177 */
- { 0x02, 179, 0, 7, "prime192v2" }, /* 178 */
- { 0x03, 180, 0, 7, "prime192v3" }, /* 179 */
- { 0x04, 181, 0, 7, "prime239v1" }, /* 180 */
- { 0x05, 182, 0, 7, "prime239v2" }, /* 181 */
- { 0x06, 183, 0, 7, "prime239v3" }, /* 182 */
- { 0x07, 0, 0, 7, "prime256v1" }, /* 183 */
- { 0x04, 0, 1, 5, "id-ecSigType" }, /* 184 */
- { 0x01, 186, 0, 6, "ecdsa-with-SHA1" }, /* 185 */
- { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 186 */
- { 0x01, 188, 0, 7, "ecdsa-with-SHA224" }, /* 187 */
- { 0x02, 189, 0, 7, "ecdsa-with-SHA256" }, /* 188 */
- { 0x03, 190, 0, 7, "ecdsa-with-SHA384" }, /* 189 */
- { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 190 */
- {0x2B, 421, 1, 0, "" }, /* 191 */
- { 0x06, 332, 1, 1, "dod" }, /* 192 */
- { 0x01, 0, 1, 2, "internet" }, /* 193 */
- { 0x04, 283, 1, 3, "private" }, /* 194 */
- { 0x01, 0, 1, 4, "enterprise" }, /* 195 */
- { 0x82, 233, 1, 5, "" }, /* 196 */
- { 0x37, 209, 1, 6, "Microsoft" }, /* 197 */
- { 0x0A, 202, 1, 7, "" }, /* 198 */
- { 0x03, 0, 1, 8, "" }, /* 199 */
- { 0x03, 201, 0, 9, "msSGC" }, /* 200 */
- { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 201 */
- { 0x14, 206, 1, 7, "msEnrollmentInfrastructure" }, /* 202 */
- { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 203 */
- { 0x02, 205, 0, 9, "msSmartcardLogon" }, /* 204 */
- { 0x03, 0, 0, 9, "msUPN" }, /* 205 */
- { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 206 */
- { 0x07, 208, 0, 8, "msCertTemplate" }, /* 207 */
- { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 208 */
- { 0xA0, 0, 1, 6, "" }, /* 209 */
- { 0x2A, 0, 1, 7, "ITA" }, /* 210 */
- { 0x01, 212, 0, 8, "strongSwan" }, /* 211 */
- { 0x02, 213, 0, 8, "cps" }, /* 212 */
- { 0x03, 214, 0, 8, "e-voting" }, /* 213 */
- { 0x05, 0, 1, 8, "BLISS" }, /* 214 */
- { 0x01, 217, 1, 9, "keyType" }, /* 215 */
- { 0x01, 0, 0, 10, "blissPublicKey" }, /* 216 */
- { 0x02, 226, 1, 9, "parameters" }, /* 217 */
- { 0x01, 219, 0, 10, "BLISS-I" }, /* 218 */
- { 0x02, 220, 0, 10, "BLISS-II" }, /* 219 */
- { 0x03, 221, 0, 10, "BLISS-III" }, /* 220 */
- { 0x04, 222, 0, 10, "BLISS-IV" }, /* 221 */
- { 0x05, 223, 0, 10, "BLISS-B-I" }, /* 222 */
- { 0x06, 224, 0, 10, "BLISS-B-II" }, /* 223 */
- { 0x07, 225, 0, 10, "BLISS-B-III" }, /* 224 */
- { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 225 */
- { 0x03, 0, 1, 9, "blissSigType" }, /* 226 */
- { 0x01, 228, 0, 10, "BLISS-with-SHA2-512" }, /* 227 */
- { 0x02, 229, 0, 10, "BLISS-with-SHA2-384" }, /* 228 */
- { 0x03, 230, 0, 10, "BLISS-with-SHA2-256" }, /* 229 */
- { 0x04, 231, 0, 10, "BLISS-with-SHA3-512" }, /* 230 */
- { 0x05, 232, 0, 10, "BLISS-with-SHA3-384" }, /* 231 */
- { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 232 */
- { 0x89, 240, 1, 5, "" }, /* 233 */
- { 0x31, 0, 1, 6, "" }, /* 234 */
- { 0x01, 0, 1, 7, "" }, /* 235 */
- { 0x01, 0, 1, 8, "" }, /* 236 */
- { 0x02, 0, 1, 9, "" }, /* 237 */
- { 0x02, 0, 1, 10, "" }, /* 238 */
- { 0x4B, 0, 0, 11, "TCGID" }, /* 239 */
- { 0x97, 244, 1, 5, "" }, /* 240 */
- { 0x55, 0, 1, 6, "" }, /* 241 */
- { 0x01, 0, 1, 7, "" }, /* 242 */
- { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 243 */
- { 0xC1, 0, 1, 5, "" }, /* 244 */
- { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 245 */
- { 0x01, 0, 1, 7, "eess" }, /* 246 */
- { 0x01, 0, 1, 8, "eess1" }, /* 247 */
- { 0x01, 252, 1, 9, "eess1-algs" }, /* 248 */
- { 0x01, 250, 0, 10, "ntru-EESS1v1-SVES" }, /* 249 */
- { 0x02, 251, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 250 */
- { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 251 */
- { 0x02, 282, 1, 9, "eess1-params" }, /* 252 */
- { 0x01, 254, 0, 10, "ees251ep1" }, /* 253 */
- { 0x02, 255, 0, 10, "ees347ep1" }, /* 254 */
- { 0x03, 256, 0, 10, "ees503ep1" }, /* 255 */
- { 0x07, 257, 0, 10, "ees251sp2" }, /* 256 */
- { 0x0C, 258, 0, 10, "ees251ep4" }, /* 257 */
- { 0x0D, 259, 0, 10, "ees251ep5" }, /* 258 */
- { 0x0E, 260, 0, 10, "ees251sp3" }, /* 259 */
- { 0x0F, 261, 0, 10, "ees251sp4" }, /* 260 */
- { 0x10, 262, 0, 10, "ees251sp5" }, /* 261 */
- { 0x11, 263, 0, 10, "ees251sp6" }, /* 262 */
- { 0x12, 264, 0, 10, "ees251sp7" }, /* 263 */
- { 0x13, 265, 0, 10, "ees251sp8" }, /* 264 */
- { 0x14, 266, 0, 10, "ees251sp9" }, /* 265 */
- { 0x22, 267, 0, 10, "ees401ep1" }, /* 266 */
- { 0x23, 268, 0, 10, "ees449ep1" }, /* 267 */
- { 0x24, 269, 0, 10, "ees677ep1" }, /* 268 */
- { 0x25, 270, 0, 10, "ees1087ep2" }, /* 269 */
- { 0x26, 271, 0, 10, "ees541ep1" }, /* 270 */
- { 0x27, 272, 0, 10, "ees613ep1" }, /* 271 */
- { 0x28, 273, 0, 10, "ees887ep1" }, /* 272 */
- { 0x29, 274, 0, 10, "ees1171ep1" }, /* 273 */
- { 0x2A, 275, 0, 10, "ees659ep1" }, /* 274 */
- { 0x2B, 276, 0, 10, "ees761ep1" }, /* 275 */
- { 0x2C, 277, 0, 10, "ees1087ep1" }, /* 276 */
- { 0x2D, 278, 0, 10, "ees1499ep1" }, /* 277 */
- { 0x2E, 279, 0, 10, "ees401ep2" }, /* 278 */
- { 0x2F, 280, 0, 10, "ees439ep1" }, /* 279 */
- { 0x30, 281, 0, 10, "ees593ep1" }, /* 280 */
- { 0x31, 0, 0, 10, "ees743ep1" }, /* 281 */
- { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 282 */
- { 0x05, 0, 1, 3, "security" }, /* 283 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 284 */
- { 0x07, 329, 1, 5, "id-pkix" }, /* 285 */
- { 0x01, 290, 1, 6, "id-pe" }, /* 286 */
- { 0x01, 288, 0, 7, "authorityInfoAccess" }, /* 287 */
- { 0x03, 289, 0, 7, "qcStatements" }, /* 288 */
- { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 289 */
- { 0x02, 293, 1, 6, "id-qt" }, /* 290 */
- { 0x01, 292, 0, 7, "cps" }, /* 291 */
- { 0x02, 0, 0, 7, "unotice" }, /* 292 */
- { 0x03, 303, 1, 6, "id-kp" }, /* 293 */
- { 0x01, 295, 0, 7, "serverAuth" }, /* 294 */
- { 0x02, 296, 0, 7, "clientAuth" }, /* 295 */
- { 0x03, 297, 0, 7, "codeSigning" }, /* 296 */
- { 0x04, 298, 0, 7, "emailProtection" }, /* 297 */
- { 0x05, 299, 0, 7, "ipsecEndSystem" }, /* 298 */
- { 0x06, 300, 0, 7, "ipsecTunnel" }, /* 299 */
- { 0x07, 301, 0, 7, "ipsecUser" }, /* 300 */
- { 0x08, 302, 0, 7, "timeStamping" }, /* 301 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 302 */
- { 0x08, 311, 1, 6, "id-otherNames" }, /* 303 */
- { 0x01, 305, 0, 7, "personalData" }, /* 304 */
- { 0x02, 306, 0, 7, "userGroup" }, /* 305 */
- { 0x03, 307, 0, 7, "id-on-permanentIdentifier" }, /* 306 */
- { 0x04, 308, 0, 7, "id-on-hardwareModuleName" }, /* 307 */
- { 0x05, 309, 0, 7, "xmppAddr" }, /* 308 */
- { 0x06, 310, 0, 7, "id-on-SIM" }, /* 309 */
- { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 310 */
- { 0x0A, 316, 1, 6, "id-aca" }, /* 311 */
- { 0x01, 313, 0, 7, "authenticationInfo" }, /* 312 */
- { 0x02, 314, 0, 7, "accessIdentity" }, /* 313 */
- { 0x03, 315, 0, 7, "chargingIdentity" }, /* 314 */
- { 0x04, 0, 0, 7, "group" }, /* 315 */
- { 0x0B, 317, 0, 6, "subjectInfoAccess" }, /* 316 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 317 */
- { 0x01, 326, 1, 7, "ocsp" }, /* 318 */
- { 0x01, 320, 0, 8, "basic" }, /* 319 */
- { 0x02, 321, 0, 8, "nonce" }, /* 320 */
- { 0x03, 322, 0, 8, "crl" }, /* 321 */
- { 0x04, 323, 0, 8, "response" }, /* 322 */
- { 0x05, 324, 0, 8, "noCheck" }, /* 323 */
- { 0x06, 325, 0, 8, "archiveCutoff" }, /* 324 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 325 */
- { 0x02, 327, 0, 7, "caIssuers" }, /* 326 */
- { 0x03, 328, 0, 7, "timeStamping" }, /* 327 */
- { 0x05, 0, 0, 7, "caRepository" }, /* 328 */
- { 0x08, 0, 1, 5, "ipsec" }, /* 329 */
- { 0x02, 0, 1, 6, "certificate" }, /* 330 */
- { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 331 */
- { 0x0E, 338, 1, 1, "oiw" }, /* 332 */
- { 0x03, 0, 1, 2, "secsig" }, /* 333 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 334 */
- { 0x07, 336, 0, 4, "des-cbc" }, /* 335 */
- { 0x1A, 337, 0, 4, "sha-1" }, /* 336 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 337 */
- { 0x24, 384, 1, 1, "TeleTrusT" }, /* 338 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 339 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 340 */
- { 0x01, 345, 1, 4, "rsaSignature" }, /* 341 */
- { 0x02, 343, 0, 5, "rsaSigWithripemd160" }, /* 342 */
- { 0x03, 344, 0, 5, "rsaSigWithripemd128" }, /* 343 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 344 */
- { 0x02, 0, 1, 4, "ecSign" }, /* 345 */
- { 0x01, 347, 0, 5, "ecSignWithsha1" }, /* 346 */
- { 0x02, 348, 0, 5, "ecSignWithripemd160" }, /* 347 */
- { 0x03, 349, 0, 5, "ecSignWithmd2" }, /* 348 */
- { 0x04, 350, 0, 5, "ecSignWithmd5" }, /* 349 */
- { 0x05, 367, 1, 5, "ttt-ecg" }, /* 350 */
- { 0x01, 355, 1, 6, "fieldType" }, /* 351 */
- { 0x01, 0, 1, 7, "characteristictwoField" }, /* 352 */
- { 0x01, 0, 1, 8, "basisType" }, /* 353 */
- { 0x01, 0, 0, 9, "ipBasis" }, /* 354 */
- { 0x02, 357, 1, 6, "keyType" }, /* 355 */
- { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 356 */
- { 0x03, 358, 0, 6, "curve" }, /* 357 */
- { 0x04, 365, 1, 6, "signatures" }, /* 358 */
- { 0x01, 360, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 359 */
- { 0x02, 361, 0, 7, "ecgdsa-with-SHA1" }, /* 360 */
- { 0x03, 362, 0, 7, "ecgdsa-with-SHA224" }, /* 361 */
- { 0x04, 363, 0, 7, "ecgdsa-with-SHA256" }, /* 362 */
- { 0x05, 364, 0, 7, "ecgdsa-with-SHA384" }, /* 363 */
- { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 364 */
- { 0x05, 0, 1, 6, "module" }, /* 365 */
- { 0x01, 0, 0, 7, "1" }, /* 366 */
- { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 367 */
- { 0x01, 0, 1, 6, "ellipticCurve" }, /* 368 */
- { 0x01, 0, 1, 7, "versionOne" }, /* 369 */
- { 0x01, 371, 0, 8, "brainpoolP160r1" }, /* 370 */
- { 0x02, 372, 0, 8, "brainpoolP160t1" }, /* 371 */
- { 0x03, 373, 0, 8, "brainpoolP192r1" }, /* 372 */
- { 0x04, 374, 0, 8, "brainpoolP192t1" }, /* 373 */
- { 0x05, 375, 0, 8, "brainpoolP224r1" }, /* 374 */
- { 0x06, 376, 0, 8, "brainpoolP224t1" }, /* 375 */
- { 0x07, 377, 0, 8, "brainpoolP256r1" }, /* 376 */
- { 0x08, 378, 0, 8, "brainpoolP256t1" }, /* 377 */
- { 0x09, 379, 0, 8, "brainpoolP320r1" }, /* 378 */
- { 0x0A, 380, 0, 8, "brainpoolP320t1" }, /* 379 */
- { 0x0B, 381, 0, 8, "brainpoolP384r1" }, /* 380 */
- { 0x0C, 382, 0, 8, "brainpoolP384t1" }, /* 381 */
- { 0x0D, 383, 0, 8, "brainpoolP512r1" }, /* 382 */
- { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 383 */
- { 0x65, 387, 1, 1, "Thawte" }, /* 384 */
- { 0x70, 386, 0, 2, "id-Ed25519" }, /* 385 */
- { 0x71, 0, 0, 2, "id-Ed448" }, /* 386 */
- { 0x81, 0, 1, 1, "" }, /* 387 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 388 */
- { 0x00, 0, 1, 3, "curve" }, /* 389 */
- { 0x01, 391, 0, 4, "sect163k1" }, /* 390 */
- { 0x02, 392, 0, 4, "sect163r1" }, /* 391 */
- { 0x03, 393, 0, 4, "sect239k1" }, /* 392 */
- { 0x04, 394, 0, 4, "sect113r1" }, /* 393 */
- { 0x05, 395, 0, 4, "sect113r2" }, /* 394 */
- { 0x06, 396, 0, 4, "secp112r1" }, /* 395 */
- { 0x07, 397, 0, 4, "secp112r2" }, /* 396 */
- { 0x08, 398, 0, 4, "secp160r1" }, /* 397 */
- { 0x09, 399, 0, 4, "secp160k1" }, /* 398 */
- { 0x0A, 400, 0, 4, "secp256k1" }, /* 399 */
- { 0x0F, 401, 0, 4, "sect163r2" }, /* 400 */
- { 0x10, 402, 0, 4, "sect283k1" }, /* 401 */
- { 0x11, 403, 0, 4, "sect283r1" }, /* 402 */
- { 0x16, 404, 0, 4, "sect131r1" }, /* 403 */
- { 0x17, 405, 0, 4, "sect131r2" }, /* 404 */
- { 0x18, 406, 0, 4, "sect193r1" }, /* 405 */
- { 0x19, 407, 0, 4, "sect193r2" }, /* 406 */
- { 0x1A, 408, 0, 4, "sect233k1" }, /* 407 */
- { 0x1B, 409, 0, 4, "sect233r1" }, /* 408 */
- { 0x1C, 410, 0, 4, "secp128r1" }, /* 409 */
- { 0x1D, 411, 0, 4, "secp128r2" }, /* 410 */
- { 0x1E, 412, 0, 4, "secp160r2" }, /* 411 */
- { 0x1F, 413, 0, 4, "secp192k1" }, /* 412 */
- { 0x20, 414, 0, 4, "secp224k1" }, /* 413 */
- { 0x21, 415, 0, 4, "secp224r1" }, /* 414 */
- { 0x22, 416, 0, 4, "secp384r1" }, /* 415 */
- { 0x23, 417, 0, 4, "secp521r1" }, /* 416 */
- { 0x24, 418, 0, 4, "sect409k1" }, /* 417 */
- { 0x25, 419, 0, 4, "sect409r1" }, /* 418 */
- { 0x26, 420, 0, 4, "sect571k1" }, /* 419 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 420 */
- {0x60, 484, 1, 0, "" }, /* 421 */
- { 0x86, 0, 1, 1, "" }, /* 422 */
- { 0x48, 0, 1, 2, "" }, /* 423 */
- { 0x01, 0, 1, 3, "organization" }, /* 424 */
- { 0x65, 460, 1, 4, "gov" }, /* 425 */
- { 0x03, 0, 1, 5, "csor" }, /* 426 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 427 */
- { 0x01, 438, 1, 7, "aes" }, /* 428 */
- { 0x02, 430, 0, 8, "id-aes128-CBC" }, /* 429 */
- { 0x06, 431, 0, 8, "id-aes128-GCM" }, /* 430 */
- { 0x07, 432, 0, 8, "id-aes128-CCM" }, /* 431 */
- { 0x16, 433, 0, 8, "id-aes192-CBC" }, /* 432 */
- { 0x1A, 434, 0, 8, "id-aes192-GCM" }, /* 433 */
- { 0x1B, 435, 0, 8, "id-aes192-CCM" }, /* 434 */
- { 0x2A, 436, 0, 8, "id-aes256-CBC" }, /* 435 */
- { 0x2E, 437, 0, 8, "id-aes256-GCM" }, /* 436 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 437 */
- { 0x02, 451, 1, 7, "hashAlgs" }, /* 438 */
- { 0x01, 440, 0, 8, "id-sha256" }, /* 439 */
- { 0x02, 441, 0, 8, "id-sha384" }, /* 440 */
- { 0x03, 442, 0, 8, "id-sha512" }, /* 441 */
- { 0x04, 443, 0, 8, "id-sha224" }, /* 442 */
- { 0x05, 444, 0, 8, "id-sha512-224" }, /* 443 */
- { 0x06, 445, 0, 8, "id-sha512-256" }, /* 444 */
- { 0x07, 446, 0, 8, "id-sha3-224" }, /* 445 */
- { 0x08, 447, 0, 8, "id-sha3-256" }, /* 446 */
- { 0x09, 448, 0, 8, "id-sha3-384" }, /* 447 */
- { 0x0A, 449, 0, 8, "id-sha3-512" }, /* 448 */
- { 0x0B, 450, 0, 8, "id-shake128" }, /* 449 */
- { 0x0C, 0, 0, 8, "id-shake256" }, /* 450 */
- { 0x03, 0, 1, 7, "sigAlgs" }, /* 451 */
- { 0x09, 453, 0, 8, "id-ecdsa-with-sha3-224" }, /* 452 */
- { 0x0A, 454, 0, 8, "id-ecdsa-with-sha3-256" }, /* 453 */
- { 0x0B, 455, 0, 8, "id-ecdsa-with-sha3-384" }, /* 454 */
- { 0x0C, 456, 0, 8, "id-ecdsa-with-sha3-512" }, /* 455 */
- { 0x0D, 457, 0, 8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 456 */
- { 0x0E, 458, 0, 8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 457 */
- { 0x0F, 459, 0, 8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 458 */
- { 0x10, 0, 0, 8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 459 */
- { 0x86, 0, 1, 4, "" }, /* 460 */
- { 0xf8, 0, 1, 5, "" }, /* 461 */
- { 0x42, 474, 1, 6, "netscape" }, /* 462 */
- { 0x01, 469, 1, 7, "" }, /* 463 */
- { 0x01, 465, 0, 8, "nsCertType" }, /* 464 */
- { 0x03, 466, 0, 8, "nsRevocationUrl" }, /* 465 */
- { 0x04, 467, 0, 8, "nsCaRevocationUrl" }, /* 466 */
- { 0x08, 468, 0, 8, "nsCaPolicyUrl" }, /* 467 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 468 */
- { 0x03, 472, 1, 7, "directory" }, /* 469 */
- { 0x01, 0, 1, 8, "" }, /* 470 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 471 */
- { 0x04, 0, 1, 7, "policy" }, /* 472 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 473 */
- { 0x45, 0, 1, 6, "verisign" }, /* 474 */
- { 0x01, 0, 1, 7, "pki" }, /* 475 */
- { 0x09, 0, 1, 8, "attributes" }, /* 476 */
- { 0x02, 478, 0, 9, "messageType" }, /* 477 */
- { 0x03, 479, 0, 9, "pkiStatus" }, /* 478 */
- { 0x04, 480, 0, 9, "failInfo" }, /* 479 */
- { 0x05, 481, 0, 9, "senderNonce" }, /* 480 */
- { 0x06, 482, 0, 9, "recipientNonce" }, /* 481 */
- { 0x07, 483, 0, 9, "transID" }, /* 482 */
- { 0x08, 0, 0, 9, "extensionReq" }, /* 483 */
- {0x67, 0, 1, 0, "" }, /* 484 */
- { 0x81, 0, 1, 1, "" }, /* 485 */
- { 0x05, 0, 1, 2, "" }, /* 486 */
- { 0x02, 0, 1, 3, "tcg-attribute" }, /* 487 */
- { 0x01, 489, 0, 4, "tcg-at-tpmManufacturer" }, /* 488 */
- { 0x02, 490, 0, 4, "tcg-at-tpmModel" }, /* 489 */
- { 0x03, 491, 0, 4, "tcg-at-tpmVersion" }, /* 490 */
- { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 491 */
+ { 0x09, 27, 0, 2, "STREET" }, /* 26 */
+ { 0x0A, 28, 0, 2, "O" }, /* 27 */
+ { 0x0B, 29, 0, 2, "OU" }, /* 28 */
+ { 0x0C, 30, 0, 2, "T" }, /* 29 */
+ { 0x0D, 31, 0, 2, "D" }, /* 30 */
+ { 0x10, 32, 0, 2, "postalAddress" }, /* 31 */
+ { 0x11, 33, 0, 2, "postalCode" }, /* 32 */
+ { 0x24, 34, 0, 2, "userCertificate" }, /* 33 */
+ { 0x29, 35, 0, 2, "N" }, /* 34 */
+ { 0x2A, 36, 0, 2, "G" }, /* 35 */
+ { 0x2B, 37, 0, 2, "I" }, /* 36 */
+ { 0x2D, 38, 0, 2, "ID" }, /* 37 */
+ { 0x2E, 39, 0, 2, "dnQualifier" }, /* 38 */
+ { 0x36, 40, 0, 2, "dmdName" }, /* 39 */
+ { 0x41, 41, 0, 2, "pseudonym" }, /* 40 */
+ { 0x48, 0, 0, 2, "role" }, /* 41 */
+ { 0x1D, 0, 1, 1, "id-ce" }, /* 42 */
+ { 0x09, 44, 0, 2, "subjectDirectoryAttrs" }, /* 43 */
+ { 0x0E, 45, 0, 2, "subjectKeyIdentifier" }, /* 44 */
+ { 0x0F, 46, 0, 2, "keyUsage" }, /* 45 */
+ { 0x10, 47, 0, 2, "privateKeyUsagePeriod" }, /* 46 */
+ { 0x11, 48, 0, 2, "subjectAltName" }, /* 47 */
+ { 0x12, 49, 0, 2, "issuerAltName" }, /* 48 */
+ { 0x13, 50, 0, 2, "basicConstraints" }, /* 49 */
+ { 0x14, 51, 0, 2, "crlNumber" }, /* 50 */
+ { 0x15, 52, 0, 2, "reasonCode" }, /* 51 */
+ { 0x17, 53, 0, 2, "holdInstructionCode" }, /* 52 */
+ { 0x18, 54, 0, 2, "invalidityDate" }, /* 53 */
+ { 0x1B, 55, 0, 2, "deltaCrlIndicator" }, /* 54 */
+ { 0x1C, 56, 0, 2, "issuingDistributionPoint" }, /* 55 */
+ { 0x1D, 57, 0, 2, "certificateIssuer" }, /* 56 */
+ { 0x1E, 58, 0, 2, "nameConstraints" }, /* 57 */
+ { 0x1F, 59, 0, 2, "crlDistributionPoints" }, /* 58 */
+ { 0x20, 61, 1, 2, "certificatePolicies" }, /* 59 */
+ { 0x00, 0, 0, 3, "anyPolicy" }, /* 60 */
+ { 0x21, 62, 0, 2, "policyMappings" }, /* 61 */
+ { 0x23, 63, 0, 2, "authorityKeyIdentifier" }, /* 62 */
+ { 0x24, 64, 0, 2, "policyConstraints" }, /* 63 */
+ { 0x25, 66, 1, 2, "extendedKeyUsage" }, /* 64 */
+ { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 65 */
+ { 0x2E, 67, 0, 2, "freshestCRL" }, /* 66 */
+ { 0x36, 68, 0, 2, "inhibitAnyPolicy" }, /* 67 */
+ { 0x37, 69, 0, 2, "targetInformation" }, /* 68 */
+ { 0x38, 0, 0, 2, "noRevAvail" }, /* 69 */
+ {0x2A, 195, 1, 0, "" }, /* 70 */
+ { 0x83, 83, 1, 1, "" }, /* 71 */
+ { 0x08, 0, 1, 2, "jp" }, /* 72 */
+ { 0x8C, 0, 1, 3, "" }, /* 73 */
+ { 0x9A, 0, 1, 4, "" }, /* 74 */
+ { 0x4B, 0, 1, 5, "" }, /* 75 */
+ { 0x3D, 0, 1, 6, "" }, /* 76 */
+ { 0x01, 0, 1, 7, "security" }, /* 77 */
+ { 0x01, 0, 1, 8, "algorithm" }, /* 78 */
+ { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 79 */
+ { 0x02, 81, 0, 10, "camellia128-cbc" }, /* 80 */
+ { 0x03, 82, 0, 10, "camellia192-cbc" }, /* 81 */
+ { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 82 */
+ { 0x86, 0, 1, 1, "" }, /* 83 */
+ { 0x48, 0, 1, 2, "us" }, /* 84 */
+ { 0x86, 154, 1, 3, "" }, /* 85 */
+ { 0xF6, 91, 1, 4, "" }, /* 86 */
+ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 87 */
+ { 0x07, 0, 1, 6, "Entrust" }, /* 88 */
+ { 0x41, 0, 1, 7, "nsn-ce" }, /* 89 */
+ { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 90 */
+ { 0xF7, 0, 1, 4, "" }, /* 91 */
+ { 0x0D, 0, 1, 5, "RSADSI" }, /* 92 */
+ { 0x01, 149, 1, 6, "PKCS" }, /* 93 */
+ { 0x01, 107, 1, 7, "PKCS-1" }, /* 94 */
+ { 0x01, 96, 0, 8, "rsaEncryption" }, /* 95 */
+ { 0x02, 97, 0, 8, "md2WithRSAEncryption" }, /* 96 */
+ { 0x04, 98, 0, 8, "md5WithRSAEncryption" }, /* 97 */
+ { 0x05, 99, 0, 8, "sha-1WithRSAEncryption" }, /* 98 */
+ { 0x07, 100, 0, 8, "id-RSAES-OAEP" }, /* 99 */
+ { 0x08, 101, 0, 8, "id-mgf1" }, /* 100 */
+ { 0x09, 102, 0, 8, "id-pSpecified" }, /* 101 */
+ { 0x0A, 103, 0, 8, "RSASSA-PSS" }, /* 102 */
+ { 0x0B, 104, 0, 8, "sha256WithRSAEncryption" }, /* 103 */
+ { 0x0C, 105, 0, 8, "sha384WithRSAEncryption" }, /* 104 */
+ { 0x0D, 106, 0, 8, "sha512WithRSAEncryption" }, /* 105 */
+ { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 106 */
+ { 0x05, 112, 1, 7, "PKCS-5" }, /* 107 */
+ { 0x03, 109, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 108 */
+ { 0x0A, 110, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 109 */
+ { 0x0C, 111, 0, 8, "id-PBKDF2" }, /* 110 */
+ { 0x0D, 0, 0, 8, "id-PBES2" }, /* 111 */
+ { 0x07, 119, 1, 7, "PKCS-7" }, /* 112 */
+ { 0x01, 114, 0, 8, "data" }, /* 113 */
+ { 0x02, 115, 0, 8, "signedData" }, /* 114 */
+ { 0x03, 116, 0, 8, "envelopedData" }, /* 115 */
+ { 0x04, 117, 0, 8, "signedAndEnvelopedData" }, /* 116 */
+ { 0x05, 118, 0, 8, "digestedData" }, /* 117 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 118 */
+ { 0x09, 133, 1, 7, "PKCS-9" }, /* 119 */
+ { 0x01, 121, 0, 8, "E" }, /* 120 */
+ { 0x02, 122, 0, 8, "unstructuredName" }, /* 121 */
+ { 0x03, 123, 0, 8, "contentType" }, /* 122 */
+ { 0x04, 124, 0, 8, "messageDigest" }, /* 123 */
+ { 0x05, 125, 0, 8, "signingTime" }, /* 124 */
+ { 0x06, 126, 0, 8, "counterSignature" }, /* 125 */
+ { 0x07, 127, 0, 8, "challengePassword" }, /* 126 */
+ { 0x08, 128, 0, 8, "unstructuredAddress" }, /* 127 */
+ { 0x0E, 129, 0, 8, "extensionRequest" }, /* 128 */
+ { 0x0F, 130, 0, 8, "S/MIME Capabilities" }, /* 129 */
+ { 0x16, 0, 1, 8, "certTypes" }, /* 130 */
+ { 0x01, 132, 0, 9, "X.509" }, /* 131 */
+ { 0x02, 0, 0, 9, "SDSI" }, /* 132 */
+ { 0x0c, 0, 1, 7, "PKCS-12" }, /* 133 */
+ { 0x01, 141, 1, 8, "pbeIds" }, /* 134 */
+ { 0x01, 136, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 135 */
+ { 0x02, 137, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 136 */
+ { 0x03, 138, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC" }, /* 137 */
+ { 0x04, 139, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC" }, /* 138 */
+ { 0x05, 140, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 139 */
+ { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 140 */
+ { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 141 */
+ { 0x01, 0, 1, 9, "bagIds" }, /* 142 */
+ { 0x01, 144, 0, 10, "keyBag" }, /* 143 */
+ { 0x02, 145, 0, 10, "pkcs8ShroudedKeyBag" }, /* 144 */
+ { 0x03, 146, 0, 10, "certBag" }, /* 145 */
+ { 0x04, 147, 0, 10, "crlBag" }, /* 146 */
+ { 0x05, 148, 0, 10, "secretBag" }, /* 147 */
+ { 0x06, 0, 0, 10, "safeContentsBag" }, /* 148 */
+ { 0x02, 152, 1, 6, "digestAlgorithm" }, /* 149 */
+ { 0x02, 151, 0, 7, "md2" }, /* 150 */
+ { 0x05, 0, 0, 7, "md5" }, /* 151 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 152 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 153 */
+ { 0xCE, 0, 1, 3, "" }, /* 154 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 155 */
+ { 0x02, 158, 1, 5, "id-publicKeyType" }, /* 156 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 157 */
+ { 0x03, 188, 1, 5, "ellipticCurve" }, /* 158 */
+ { 0x00, 180, 1, 6, "c-TwoCurve" }, /* 159 */
+ { 0x01, 161, 0, 7, "c2pnb163v1" }, /* 160 */
+ { 0x02, 162, 0, 7, "c2pnb163v2" }, /* 161 */
+ { 0x03, 163, 0, 7, "c2pnb163v3" }, /* 162 */
+ { 0x04, 164, 0, 7, "c2pnb176w1" }, /* 163 */
+ { 0x05, 165, 0, 7, "c2tnb191v1" }, /* 164 */
+ { 0x06, 166, 0, 7, "c2tnb191v2" }, /* 165 */
+ { 0x07, 167, 0, 7, "c2tnb191v3" }, /* 166 */
+ { 0x08, 168, 0, 7, "c2onb191v4" }, /* 167 */
+ { 0x09, 169, 0, 7, "c2onb191v5" }, /* 168 */
+ { 0x0A, 170, 0, 7, "c2pnb208w1" }, /* 169 */
+ { 0x0B, 171, 0, 7, "c2tnb239v1" }, /* 170 */
+ { 0x0C, 172, 0, 7, "c2tnb239v2" }, /* 171 */
+ { 0x0D, 173, 0, 7, "c2tnb239v3" }, /* 172 */
+ { 0x0E, 174, 0, 7, "c2onb239v4" }, /* 173 */
+ { 0x0F, 175, 0, 7, "c2onb239v5" }, /* 174 */
+ { 0x10, 176, 0, 7, "c2pnb272w1" }, /* 175 */
+ { 0x11, 177, 0, 7, "c2pnb304w1" }, /* 176 */
+ { 0x12, 178, 0, 7, "c2tnb359v1" }, /* 177 */
+ { 0x13, 179, 0, 7, "c2pnb368w1" }, /* 178 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 179 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 180 */
+ { 0x01, 182, 0, 7, "prime192v1" }, /* 181 */
+ { 0x02, 183, 0, 7, "prime192v2" }, /* 182 */
+ { 0x03, 184, 0, 7, "prime192v3" }, /* 183 */
+ { 0x04, 185, 0, 7, "prime239v1" }, /* 184 */
+ { 0x05, 186, 0, 7, "prime239v2" }, /* 185 */
+ { 0x06, 187, 0, 7, "prime239v3" }, /* 186 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 187 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 188 */
+ { 0x01, 190, 0, 6, "ecdsa-with-SHA1" }, /* 189 */
+ { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 190 */
+ { 0x01, 192, 0, 7, "ecdsa-with-SHA224" }, /* 191 */
+ { 0x02, 193, 0, 7, "ecdsa-with-SHA256" }, /* 192 */
+ { 0x03, 194, 0, 7, "ecdsa-with-SHA384" }, /* 193 */
+ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 194 */
+ {0x2B, 425, 1, 0, "" }, /* 195 */
+ { 0x06, 336, 1, 1, "dod" }, /* 196 */
+ { 0x01, 0, 1, 2, "internet" }, /* 197 */
+ { 0x04, 287, 1, 3, "private" }, /* 198 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 199 */
+ { 0x82, 237, 1, 5, "" }, /* 200 */
+ { 0x37, 213, 1, 6, "Microsoft" }, /* 201 */
+ { 0x0A, 206, 1, 7, "" }, /* 202 */
+ { 0x03, 0, 1, 8, "" }, /* 203 */
+ { 0x03, 205, 0, 9, "msSGC" }, /* 204 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 205 */
+ { 0x14, 210, 1, 7, "msEnrollmentInfrastructure" }, /* 206 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 207 */
+ { 0x02, 209, 0, 9, "msSmartcardLogon" }, /* 208 */
+ { 0x03, 0, 0, 9, "msUPN" }, /* 209 */
+ { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 210 */
+ { 0x07, 212, 0, 8, "msCertTemplate" }, /* 211 */
+ { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 212 */
+ { 0xA0, 0, 1, 6, "" }, /* 213 */
+ { 0x2A, 0, 1, 7, "ITA" }, /* 214 */
+ { 0x01, 216, 0, 8, "strongSwan" }, /* 215 */
+ { 0x02, 217, 0, 8, "cps" }, /* 216 */
+ { 0x03, 218, 0, 8, "e-voting" }, /* 217 */
+ { 0x05, 0, 1, 8, "BLISS" }, /* 218 */
+ { 0x01, 221, 1, 9, "keyType" }, /* 219 */
+ { 0x01, 0, 0, 10, "blissPublicKey" }, /* 220 */
+ { 0x02, 230, 1, 9, "parameters" }, /* 221 */
+ { 0x01, 223, 0, 10, "BLISS-I" }, /* 222 */
+ { 0x02, 224, 0, 10, "BLISS-II" }, /* 223 */
+ { 0x03, 225, 0, 10, "BLISS-III" }, /* 224 */
+ { 0x04, 226, 0, 10, "BLISS-IV" }, /* 225 */
+ { 0x05, 227, 0, 10, "BLISS-B-I" }, /* 226 */
+ { 0x06, 228, 0, 10, "BLISS-B-II" }, /* 227 */
+ { 0x07, 229, 0, 10, "BLISS-B-III" }, /* 228 */
+ { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 229 */
+ { 0x03, 0, 1, 9, "blissSigType" }, /* 230 */
+ { 0x01, 232, 0, 10, "BLISS-with-SHA2-512" }, /* 231 */
+ { 0x02, 233, 0, 10, "BLISS-with-SHA2-384" }, /* 232 */
+ { 0x03, 234, 0, 10, "BLISS-with-SHA2-256" }, /* 233 */
+ { 0x04, 235, 0, 10, "BLISS-with-SHA3-512" }, /* 234 */
+ { 0x05, 236, 0, 10, "BLISS-with-SHA3-384" }, /* 235 */
+ { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 236 */
+ { 0x89, 244, 1, 5, "" }, /* 237 */
+ { 0x31, 0, 1, 6, "" }, /* 238 */
+ { 0x01, 0, 1, 7, "" }, /* 239 */
+ { 0x01, 0, 1, 8, "" }, /* 240 */
+ { 0x02, 0, 1, 9, "" }, /* 241 */
+ { 0x02, 0, 1, 10, "" }, /* 242 */
+ { 0x4B, 0, 0, 11, "TCGID" }, /* 243 */
+ { 0x97, 248, 1, 5, "" }, /* 244 */
+ { 0x55, 0, 1, 6, "" }, /* 245 */
+ { 0x01, 0, 1, 7, "" }, /* 246 */
+ { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 247 */
+ { 0xC1, 0, 1, 5, "" }, /* 248 */
+ { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 249 */
+ { 0x01, 0, 1, 7, "eess" }, /* 250 */
+ { 0x01, 0, 1, 8, "eess1" }, /* 251 */
+ { 0x01, 256, 1, 9, "eess1-algs" }, /* 252 */
+ { 0x01, 254, 0, 10, "ntru-EESS1v1-SVES" }, /* 253 */
+ { 0x02, 255, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 254 */
+ { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 255 */
+ { 0x02, 286, 1, 9, "eess1-params" }, /* 256 */
+ { 0x01, 258, 0, 10, "ees251ep1" }, /* 257 */
+ { 0x02, 259, 0, 10, "ees347ep1" }, /* 258 */
+ { 0x03, 260, 0, 10, "ees503ep1" }, /* 259 */
+ { 0x07, 261, 0, 10, "ees251sp2" }, /* 260 */
+ { 0x0C, 262, 0, 10, "ees251ep4" }, /* 261 */
+ { 0x0D, 263, 0, 10, "ees251ep5" }, /* 262 */
+ { 0x0E, 264, 0, 10, "ees251sp3" }, /* 263 */
+ { 0x0F, 265, 0, 10, "ees251sp4" }, /* 264 */
+ { 0x10, 266, 0, 10, "ees251sp5" }, /* 265 */
+ { 0x11, 267, 0, 10, "ees251sp6" }, /* 266 */
+ { 0x12, 268, 0, 10, "ees251sp7" }, /* 267 */
+ { 0x13, 269, 0, 10, "ees251sp8" }, /* 268 */
+ { 0x14, 270, 0, 10, "ees251sp9" }, /* 269 */
+ { 0x22, 271, 0, 10, "ees401ep1" }, /* 270 */
+ { 0x23, 272, 0, 10, "ees449ep1" }, /* 271 */
+ { 0x24, 273, 0, 10, "ees677ep1" }, /* 272 */
+ { 0x25, 274, 0, 10, "ees1087ep2" }, /* 273 */
+ { 0x26, 275, 0, 10, "ees541ep1" }, /* 274 */
+ { 0x27, 276, 0, 10, "ees613ep1" }, /* 275 */
+ { 0x28, 277, 0, 10, "ees887ep1" }, /* 276 */
+ { 0x29, 278, 0, 10, "ees1171ep1" }, /* 277 */
+ { 0x2A, 279, 0, 10, "ees659ep1" }, /* 278 */
+ { 0x2B, 280, 0, 10, "ees761ep1" }, /* 279 */
+ { 0x2C, 281, 0, 10, "ees1087ep1" }, /* 280 */
+ { 0x2D, 282, 0, 10, "ees1499ep1" }, /* 281 */
+ { 0x2E, 283, 0, 10, "ees401ep2" }, /* 282 */
+ { 0x2F, 284, 0, 10, "ees439ep1" }, /* 283 */
+ { 0x30, 285, 0, 10, "ees593ep1" }, /* 284 */
+ { 0x31, 0, 0, 10, "ees743ep1" }, /* 285 */
+ { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 286 */
+ { 0x05, 0, 1, 3, "security" }, /* 287 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 288 */
+ { 0x07, 333, 1, 5, "id-pkix" }, /* 289 */
+ { 0x01, 294, 1, 6, "id-pe" }, /* 290 */
+ { 0x01, 292, 0, 7, "authorityInfoAccess" }, /* 291 */
+ { 0x03, 293, 0, 7, "qcStatements" }, /* 292 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 293 */
+ { 0x02, 297, 1, 6, "id-qt" }, /* 294 */
+ { 0x01, 296, 0, 7, "cps" }, /* 295 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 296 */
+ { 0x03, 307, 1, 6, "id-kp" }, /* 297 */
+ { 0x01, 299, 0, 7, "serverAuth" }, /* 298 */
+ { 0x02, 300, 0, 7, "clientAuth" }, /* 299 */
+ { 0x03, 301, 0, 7, "codeSigning" }, /* 300 */
+ { 0x04, 302, 0, 7, "emailProtection" }, /* 301 */
+ { 0x05, 303, 0, 7, "ipsecEndSystem" }, /* 302 */
+ { 0x06, 304, 0, 7, "ipsecTunnel" }, /* 303 */
+ { 0x07, 305, 0, 7, "ipsecUser" }, /* 304 */
+ { 0x08, 306, 0, 7, "timeStamping" }, /* 305 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 306 */
+ { 0x08, 315, 1, 6, "id-otherNames" }, /* 307 */
+ { 0x01, 309, 0, 7, "personalData" }, /* 308 */
+ { 0x02, 310, 0, 7, "userGroup" }, /* 309 */
+ { 0x03, 311, 0, 7, "id-on-permanentIdentifier" }, /* 310 */
+ { 0x04, 312, 0, 7, "id-on-hardwareModuleName" }, /* 311 */
+ { 0x05, 313, 0, 7, "xmppAddr" }, /* 312 */
+ { 0x06, 314, 0, 7, "id-on-SIM" }, /* 313 */
+ { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 314 */
+ { 0x0A, 320, 1, 6, "id-aca" }, /* 315 */
+ { 0x01, 317, 0, 7, "authenticationInfo" }, /* 316 */
+ { 0x02, 318, 0, 7, "accessIdentity" }, /* 317 */
+ { 0x03, 319, 0, 7, "chargingIdentity" }, /* 318 */
+ { 0x04, 0, 0, 7, "group" }, /* 319 */
+ { 0x0B, 321, 0, 6, "subjectInfoAccess" }, /* 320 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 321 */
+ { 0x01, 330, 1, 7, "ocsp" }, /* 322 */
+ { 0x01, 324, 0, 8, "basic" }, /* 323 */
+ { 0x02, 325, 0, 8, "nonce" }, /* 324 */
+ { 0x03, 326, 0, 8, "crl" }, /* 325 */
+ { 0x04, 327, 0, 8, "response" }, /* 326 */
+ { 0x05, 328, 0, 8, "noCheck" }, /* 327 */
+ { 0x06, 329, 0, 8, "archiveCutoff" }, /* 328 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 329 */
+ { 0x02, 331, 0, 7, "caIssuers" }, /* 330 */
+ { 0x03, 332, 0, 7, "timeStamping" }, /* 331 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 332 */
+ { 0x08, 0, 1, 5, "ipsec" }, /* 333 */
+ { 0x02, 0, 1, 6, "certificate" }, /* 334 */
+ { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 335 */
+ { 0x0E, 342, 1, 1, "oiw" }, /* 336 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 337 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 338 */
+ { 0x07, 340, 0, 4, "des-cbc" }, /* 339 */
+ { 0x1A, 341, 0, 4, "sha-1" }, /* 340 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 341 */
+ { 0x24, 388, 1, 1, "TeleTrusT" }, /* 342 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 343 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 344 */
+ { 0x01, 349, 1, 4, "rsaSignature" }, /* 345 */
+ { 0x02, 347, 0, 5, "rsaSigWithripemd160" }, /* 346 */
+ { 0x03, 348, 0, 5, "rsaSigWithripemd128" }, /* 347 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 348 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 349 */
+ { 0x01, 351, 0, 5, "ecSignWithsha1" }, /* 350 */
+ { 0x02, 352, 0, 5, "ecSignWithripemd160" }, /* 351 */
+ { 0x03, 353, 0, 5, "ecSignWithmd2" }, /* 352 */
+ { 0x04, 354, 0, 5, "ecSignWithmd5" }, /* 353 */
+ { 0x05, 371, 1, 5, "ttt-ecg" }, /* 354 */
+ { 0x01, 359, 1, 6, "fieldType" }, /* 355 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 356 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 357 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 358 */
+ { 0x02, 361, 1, 6, "keyType" }, /* 359 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 360 */
+ { 0x03, 362, 0, 6, "curve" }, /* 361 */
+ { 0x04, 369, 1, 6, "signatures" }, /* 362 */
+ { 0x01, 364, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 363 */
+ { 0x02, 365, 0, 7, "ecgdsa-with-SHA1" }, /* 364 */
+ { 0x03, 366, 0, 7, "ecgdsa-with-SHA224" }, /* 365 */
+ { 0x04, 367, 0, 7, "ecgdsa-with-SHA256" }, /* 366 */
+ { 0x05, 368, 0, 7, "ecgdsa-with-SHA384" }, /* 367 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 368 */
+ { 0x05, 0, 1, 6, "module" }, /* 369 */
+ { 0x01, 0, 0, 7, "1" }, /* 370 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 371 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 372 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 373 */
+ { 0x01, 375, 0, 8, "brainpoolP160r1" }, /* 374 */
+ { 0x02, 376, 0, 8, "brainpoolP160t1" }, /* 375 */
+ { 0x03, 377, 0, 8, "brainpoolP192r1" }, /* 376 */
+ { 0x04, 378, 0, 8, "brainpoolP192t1" }, /* 377 */
+ { 0x05, 379, 0, 8, "brainpoolP224r1" }, /* 378 */
+ { 0x06, 380, 0, 8, "brainpoolP224t1" }, /* 379 */
+ { 0x07, 381, 0, 8, "brainpoolP256r1" }, /* 380 */
+ { 0x08, 382, 0, 8, "brainpoolP256t1" }, /* 381 */
+ { 0x09, 383, 0, 8, "brainpoolP320r1" }, /* 382 */
+ { 0x0A, 384, 0, 8, "brainpoolP320t1" }, /* 383 */
+ { 0x0B, 385, 0, 8, "brainpoolP384r1" }, /* 384 */
+ { 0x0C, 386, 0, 8, "brainpoolP384t1" }, /* 385 */
+ { 0x0D, 387, 0, 8, "brainpoolP512r1" }, /* 386 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 387 */
+ { 0x65, 391, 1, 1, "Thawte" }, /* 388 */
+ { 0x70, 390, 0, 2, "id-Ed25519" }, /* 389 */
+ { 0x71, 0, 0, 2, "id-Ed448" }, /* 390 */
+ { 0x81, 0, 1, 1, "" }, /* 391 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 392 */
+ { 0x00, 0, 1, 3, "curve" }, /* 393 */
+ { 0x01, 395, 0, 4, "sect163k1" }, /* 394 */
+ { 0x02, 396, 0, 4, "sect163r1" }, /* 395 */
+ { 0x03, 397, 0, 4, "sect239k1" }, /* 396 */
+ { 0x04, 398, 0, 4, "sect113r1" }, /* 397 */
+ { 0x05, 399, 0, 4, "sect113r2" }, /* 398 */
+ { 0x06, 400, 0, 4, "secp112r1" }, /* 399 */
+ { 0x07, 401, 0, 4, "secp112r2" }, /* 400 */
+ { 0x08, 402, 0, 4, "secp160r1" }, /* 401 */
+ { 0x09, 403, 0, 4, "secp160k1" }, /* 402 */
+ { 0x0A, 404, 0, 4, "secp256k1" }, /* 403 */
+ { 0x0F, 405, 0, 4, "sect163r2" }, /* 404 */
+ { 0x10, 406, 0, 4, "sect283k1" }, /* 405 */
+ { 0x11, 407, 0, 4, "sect283r1" }, /* 406 */
+ { 0x16, 408, 0, 4, "sect131r1" }, /* 407 */
+ { 0x17, 409, 0, 4, "sect131r2" }, /* 408 */
+ { 0x18, 410, 0, 4, "sect193r1" }, /* 409 */
+ { 0x19, 411, 0, 4, "sect193r2" }, /* 410 */
+ { 0x1A, 412, 0, 4, "sect233k1" }, /* 411 */
+ { 0x1B, 413, 0, 4, "sect233r1" }, /* 412 */
+ { 0x1C, 414, 0, 4, "secp128r1" }, /* 413 */
+ { 0x1D, 415, 0, 4, "secp128r2" }, /* 414 */
+ { 0x1E, 416, 0, 4, "secp160r2" }, /* 415 */
+ { 0x1F, 417, 0, 4, "secp192k1" }, /* 416 */
+ { 0x20, 418, 0, 4, "secp224k1" }, /* 417 */
+ { 0x21, 419, 0, 4, "secp224r1" }, /* 418 */
+ { 0x22, 420, 0, 4, "secp384r1" }, /* 419 */
+ { 0x23, 421, 0, 4, "secp521r1" }, /* 420 */
+ { 0x24, 422, 0, 4, "sect409k1" }, /* 421 */
+ { 0x25, 423, 0, 4, "sect409r1" }, /* 422 */
+ { 0x26, 424, 0, 4, "sect571k1" }, /* 423 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 424 */
+ {0x60, 488, 1, 0, "" }, /* 425 */
+ { 0x86, 0, 1, 1, "" }, /* 426 */
+ { 0x48, 0, 1, 2, "" }, /* 427 */
+ { 0x01, 0, 1, 3, "organization" }, /* 428 */
+ { 0x65, 464, 1, 4, "gov" }, /* 429 */
+ { 0x03, 0, 1, 5, "csor" }, /* 430 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 431 */
+ { 0x01, 442, 1, 7, "aes" }, /* 432 */
+ { 0x02, 434, 0, 8, "id-aes128-CBC" }, /* 433 */
+ { 0x06, 435, 0, 8, "id-aes128-GCM" }, /* 434 */
+ { 0x07, 436, 0, 8, "id-aes128-CCM" }, /* 435 */
+ { 0x16, 437, 0, 8, "id-aes192-CBC" }, /* 436 */
+ { 0x1A, 438, 0, 8, "id-aes192-GCM" }, /* 437 */
+ { 0x1B, 439, 0, 8, "id-aes192-CCM" }, /* 438 */
+ { 0x2A, 440, 0, 8, "id-aes256-CBC" }, /* 439 */
+ { 0x2E, 441, 0, 8, "id-aes256-GCM" }, /* 440 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 441 */
+ { 0x02, 455, 1, 7, "hashAlgs" }, /* 442 */
+ { 0x01, 444, 0, 8, "id-sha256" }, /* 443 */
+ { 0x02, 445, 0, 8, "id-sha384" }, /* 444 */
+ { 0x03, 446, 0, 8, "id-sha512" }, /* 445 */
+ { 0x04, 447, 0, 8, "id-sha224" }, /* 446 */
+ { 0x05, 448, 0, 8, "id-sha512-224" }, /* 447 */
+ { 0x06, 449, 0, 8, "id-sha512-256" }, /* 448 */
+ { 0x07, 450, 0, 8, "id-sha3-224" }, /* 449 */
+ { 0x08, 451, 0, 8, "id-sha3-256" }, /* 450 */
+ { 0x09, 452, 0, 8, "id-sha3-384" }, /* 451 */
+ { 0x0A, 453, 0, 8, "id-sha3-512" }, /* 452 */
+ { 0x0B, 454, 0, 8, "id-shake128" }, /* 453 */
+ { 0x0C, 0, 0, 8, "id-shake256" }, /* 454 */
+ { 0x03, 0, 1, 7, "sigAlgs" }, /* 455 */
+ { 0x09, 457, 0, 8, "id-ecdsa-with-sha3-224" }, /* 456 */
+ { 0x0A, 458, 0, 8, "id-ecdsa-with-sha3-256" }, /* 457 */
+ { 0x0B, 459, 0, 8, "id-ecdsa-with-sha3-384" }, /* 458 */
+ { 0x0C, 460, 0, 8, "id-ecdsa-with-sha3-512" }, /* 459 */
+ { 0x0D, 461, 0, 8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 460 */
+ { 0x0E, 462, 0, 8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 461 */
+ { 0x0F, 463, 0, 8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 462 */
+ { 0x10, 0, 0, 8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 463 */
+ { 0x86, 0, 1, 4, "" }, /* 464 */
+ { 0xf8, 0, 1, 5, "" }, /* 465 */
+ { 0x42, 478, 1, 6, "netscape" }, /* 466 */
+ { 0x01, 473, 1, 7, "" }, /* 467 */
+ { 0x01, 469, 0, 8, "nsCertType" }, /* 468 */
+ { 0x03, 470, 0, 8, "nsRevocationUrl" }, /* 469 */
+ { 0x04, 471, 0, 8, "nsCaRevocationUrl" }, /* 470 */
+ { 0x08, 472, 0, 8, "nsCaPolicyUrl" }, /* 471 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 472 */
+ { 0x03, 476, 1, 7, "directory" }, /* 473 */
+ { 0x01, 0, 1, 8, "" }, /* 474 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 475 */
+ { 0x04, 0, 1, 7, "policy" }, /* 476 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 477 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 478 */
+ { 0x01, 0, 1, 7, "pki" }, /* 479 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 480 */
+ { 0x02, 482, 0, 9, "messageType" }, /* 481 */
+ { 0x03, 483, 0, 9, "pkiStatus" }, /* 482 */
+ { 0x04, 484, 0, 9, "failInfo" }, /* 483 */
+ { 0x05, 485, 0, 9, "senderNonce" }, /* 484 */
+ { 0x06, 486, 0, 9, "recipientNonce" }, /* 485 */
+ { 0x07, 487, 0, 9, "transID" }, /* 486 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 487 */
+ {0x67, 0, 1, 0, "" }, /* 488 */
+ { 0x81, 0, 1, 1, "" }, /* 489 */
+ { 0x05, 0, 1, 2, "" }, /* 490 */
+ { 0x02, 0, 1, 3, "tcg-attribute" }, /* 491 */
+ { 0x01, 493, 0, 4, "tcg-at-tpmManufacturer" }, /* 492 */
+ { 0x02, 494, 0, 4, "tcg-at-tpmModel" }, /* 493 */
+ { 0x03, 495, 0, 4, "tcg-at-tpmVersion" }, /* 494 */
+ { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 495 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index f316c0c78..0e9b7ea24 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -30,242 +30,247 @@ extern const oid_t oid_names[];
#define OID_COUNTRY 23
#define OID_LOCALITY 24
#define OID_STATE_OR_PROVINCE 25
-#define OID_ORGANIZATION 26
-#define OID_ORGANIZATION_UNIT 27
-#define OID_TITLE 28
-#define OID_DESCRIPTION 29
-#define OID_USER_CERTIFICATE 30
-#define OID_NAME 31
-#define OID_GIVEN_NAME 32
-#define OID_INITIALS 33
-#define OID_UNIQUE_IDENTIFIER 34
-#define OID_DN_QUALIFIER 35
-#define OID_DMD_NAME 36
-#define OID_PSEUDONYM 37
-#define OID_ROLE 38
-#define OID_SUBJECT_KEY_ID 41
-#define OID_KEY_USAGE 42
-#define OID_SUBJECT_ALT_NAME 44
-#define OID_BASIC_CONSTRAINTS 46
-#define OID_CRL_NUMBER 47
-#define OID_CRL_REASON_CODE 48
-#define OID_DELTA_CRL_INDICATOR 51
-#define OID_ISSUING_DIST_POINT 52
-#define OID_NAME_CONSTRAINTS 54
-#define OID_CRL_DISTRIBUTION_POINTS 55
-#define OID_CERTIFICATE_POLICIES 56
-#define OID_ANY_POLICY 57
-#define OID_POLICY_MAPPINGS 58
-#define OID_AUTHORITY_KEY_ID 59
-#define OID_POLICY_CONSTRAINTS 60
-#define OID_EXTENDED_KEY_USAGE 61
-#define OID_FRESHEST_CRL 63
-#define OID_INHIBIT_ANY_POLICY 64
-#define OID_TARGET_INFORMATION 65
-#define OID_NO_REV_AVAIL 66
-#define OID_CAMELLIA128_CBC 77
-#define OID_CAMELLIA192_CBC 78
-#define OID_CAMELLIA256_CBC 79
-#define OID_RSA_ENCRYPTION 92
-#define OID_MD2_WITH_RSA 93
-#define OID_MD5_WITH_RSA 94
-#define OID_SHA1_WITH_RSA 95
-#define OID_RSAES_OAEP 96
-#define OID_SHA256_WITH_RSA 99
-#define OID_SHA384_WITH_RSA 100
-#define OID_SHA512_WITH_RSA 101
-#define OID_SHA224_WITH_RSA 102
-#define OID_PBE_MD5_DES_CBC 104
-#define OID_PBE_SHA1_DES_CBC 105
-#define OID_PBKDF2 106
-#define OID_PBES2 107
-#define OID_PKCS7_DATA 109
-#define OID_PKCS7_SIGNED_DATA 110
-#define OID_PKCS7_ENVELOPED_DATA 111
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 112
-#define OID_PKCS7_DIGESTED_DATA 113
-#define OID_PKCS7_ENCRYPTED_DATA 114
-#define OID_EMAIL_ADDRESS 116
-#define OID_UNSTRUCTURED_NAME 117
-#define OID_PKCS9_CONTENT_TYPE 118
-#define OID_PKCS9_MESSAGE_DIGEST 119
-#define OID_PKCS9_SIGNING_TIME 120
-#define OID_CHALLENGE_PASSWORD 122
-#define OID_UNSTRUCTURED_ADDRESS 123
-#define OID_EXTENSION_REQUEST 124
-#define OID_X509_CERTIFICATE 127
-#define OID_PBE_SHA1_RC4_128 131
-#define OID_PBE_SHA1_RC4_40 132
-#define OID_PBE_SHA1_3DES_CBC 133
-#define OID_PBE_SHA1_3DES_2KEY_CBC 134
-#define OID_PBE_SHA1_RC2_CBC_128 135
-#define OID_PBE_SHA1_RC2_CBC_40 136
-#define OID_P12_KEY_BAG 139
-#define OID_P12_PKCS8_KEY_BAG 140
-#define OID_P12_CERT_BAG 141
-#define OID_P12_CRL_BAG 142
-#define OID_MD2 146
-#define OID_MD5 147
-#define OID_3DES_EDE_CBC 149
-#define OID_EC_PUBLICKEY 153
-#define OID_C2PNB163V1 156
-#define OID_C2PNB163V2 157
-#define OID_C2PNB163V3 158
-#define OID_C2PNB176W1 159
-#define OID_C2PNB191V1 160
-#define OID_C2PNB191V2 161
-#define OID_C2PNB191V3 162
-#define OID_C2PNB191V4 163
-#define OID_C2PNB191V5 164
-#define OID_C2PNB208W1 165
-#define OID_C2PNB239V1 166
-#define OID_C2PNB239V2 167
-#define OID_C2PNB239V3 168
-#define OID_C2PNB239V4 169
-#define OID_C2PNB239V5 170
-#define OID_C2PNB272W1 171
-#define OID_C2PNB304W1 172
-#define OID_C2PNB359V1 173
-#define OID_C2PNB368W1 174
-#define OID_C2PNB431R1 175
-#define OID_PRIME192V1 177
-#define OID_PRIME192V2 178
-#define OID_PRIME192V3 179
-#define OID_PRIME239V1 180
-#define OID_PRIME239V2 181
-#define OID_PRIME239V3 182
-#define OID_PRIME256V1 183
-#define OID_ECDSA_WITH_SHA1 185
-#define OID_ECDSA_WITH_SHA224 187
-#define OID_ECDSA_WITH_SHA256 188
-#define OID_ECDSA_WITH_SHA384 189
-#define OID_ECDSA_WITH_SHA512 190
-#define OID_MS_SMARTCARD_LOGON 204
-#define OID_USER_PRINCIPAL_NAME 205
-#define OID_STRONGSWAN 211
-#define OID_BLISS_PUBLICKEY 216
-#define OID_BLISS_I 218
-#define OID_BLISS_II 219
-#define OID_BLISS_III 220
-#define OID_BLISS_IV 221
-#define OID_BLISS_B_I 222
-#define OID_BLISS_B_II 223
-#define OID_BLISS_B_III 224
-#define OID_BLISS_B_IV 225
-#define OID_BLISS_WITH_SHA2_512 227
-#define OID_BLISS_WITH_SHA2_384 228
-#define OID_BLISS_WITH_SHA2_256 229
-#define OID_BLISS_WITH_SHA3_512 230
-#define OID_BLISS_WITH_SHA3_384 231
-#define OID_BLISS_WITH_SHA3_256 232
-#define OID_TCGID 239
-#define OID_BLOWFISH_CBC 243
-#define OID_AUTHORITY_INFO_ACCESS 287
-#define OID_IP_ADDR_BLOCKS 289
-#define OID_POLICY_QUALIFIER_CPS 291
-#define OID_POLICY_QUALIFIER_UNOTICE 292
-#define OID_SERVER_AUTH 294
-#define OID_CLIENT_AUTH 295
-#define OID_OCSP_SIGNING 302
-#define OID_XMPP_ADDR 308
-#define OID_AUTHENTICATION_INFO 312
-#define OID_ACCESS_IDENTITY 313
-#define OID_CHARGING_IDENTITY 314
-#define OID_GROUP 315
-#define OID_OCSP 318
-#define OID_BASIC 319
-#define OID_NONCE 320
-#define OID_CRL 321
-#define OID_RESPONSE 322
-#define OID_NO_CHECK 323
-#define OID_ARCHIVE_CUTOFF 324
-#define OID_SERVICE_LOCATOR 325
-#define OID_CA_ISSUERS 326
-#define OID_IKE_INTERMEDIATE 331
-#define OID_DES_CBC 335
-#define OID_SHA1 336
-#define OID_SHA1_WITH_RSA_OIW 337
-#define OID_ECGDSA_PUBKEY 356
-#define OID_ECGDSA_SIG_WITH_RIPEMD160 359
-#define OID_ECGDSA_SIG_WITH_SHA1 360
-#define OID_ECGDSA_SIG_WITH_SHA224 361
-#define OID_ECGDSA_SIG_WITH_SHA256 362
-#define OID_ECGDSA_SIG_WITH_SHA384 363
-#define OID_ECGDSA_SIG_WITH_SHA512 364
-#define OID_ED25519 385
-#define OID_ED448 386
-#define OID_SECT163K1 390
-#define OID_SECT163R1 391
-#define OID_SECT239K1 392
-#define OID_SECT113R1 393
-#define OID_SECT113R2 394
-#define OID_SECT112R1 395
-#define OID_SECT112R2 396
-#define OID_SECT160R1 397
-#define OID_SECT160K1 398
-#define OID_SECT256K1 399
-#define OID_SECT163R2 400
-#define OID_SECT283K1 401
-#define OID_SECT283R1 402
-#define OID_SECT131R1 403
-#define OID_SECT131R2 404
-#define OID_SECT193R1 405
-#define OID_SECT193R2 406
-#define OID_SECT233K1 407
-#define OID_SECT233R1 408
-#define OID_SECT128R1 409
-#define OID_SECT128R2 410
-#define OID_SECT160R2 411
-#define OID_SECT192K1 412
-#define OID_SECT224K1 413
-#define OID_SECT224R1 414
-#define OID_SECT384R1 415
-#define OID_SECT521R1 416
-#define OID_SECT409K1 417
-#define OID_SECT409R1 418
-#define OID_SECT571K1 419
-#define OID_SECT571R1 420
-#define OID_AES128_CBC 429
-#define OID_AES128_GCM 430
-#define OID_AES128_CCM 431
-#define OID_AES192_CBC 432
-#define OID_AES192_GCM 433
-#define OID_AES192_CCM 434
-#define OID_AES256_CBC 435
-#define OID_AES256_GCM 436
-#define OID_AES256_CCM 437
-#define OID_SHA256 439
-#define OID_SHA384 440
-#define OID_SHA512 441
-#define OID_SHA224 442
-#define OID_SHA3_224 445
-#define OID_SHA3_256 446
-#define OID_SHA3_384 447
-#define OID_SHA3_512 448
-#define OID_ECDSA_WITH_SHA3_224 452
-#define OID_ECDSA_WITH_SHA3_256 453
-#define OID_ECDSA_WITH_SHA3_384 454
-#define OID_ECDSA_WITH_SHA3_512 455
-#define OID_RSASSA_PKCS1V15_WITH_SHA3_224 456
-#define OID_RSASSA_PKCS1V15_WITH_SHA3_256 457
-#define OID_RSASSA_PKCS1V15_WITH_SHA3_384 458
-#define OID_RSASSA_PKCS1V15_WITH_SHA3_512 459
-#define OID_NS_REVOCATION_URL 465
-#define OID_NS_CA_REVOCATION_URL 466
-#define OID_NS_CA_POLICY_URL 467
-#define OID_NS_COMMENT 468
-#define OID_EMPLOYEE_NUMBER 471
-#define OID_PKI_MESSAGE_TYPE 477
-#define OID_PKI_STATUS 478
-#define OID_PKI_FAIL_INFO 479
-#define OID_PKI_SENDER_NONCE 480
-#define OID_PKI_RECIPIENT_NONCE 481
-#define OID_PKI_TRANS_ID 482
-#define OID_TPM_MANUFACTURER 488
-#define OID_TPM_MODEL 489
-#define OID_TPM_VERSION 490
-#define OID_TPM_ID_LABEL 491
+#define OID_STREET_ADDRESS 26
+#define OID_ORGANIZATION 27
+#define OID_ORGANIZATION_UNIT 28
+#define OID_TITLE 29
+#define OID_DESCRIPTION 30
+#define OID_POSTAL_ADDRESS 31
+#define OID_POSTAL_CODE 32
+#define OID_USER_CERTIFICATE 33
+#define OID_NAME 34
+#define OID_GIVEN_NAME 35
+#define OID_INITIALS 36
+#define OID_UNIQUE_IDENTIFIER 37
+#define OID_DN_QUALIFIER 38
+#define OID_DMD_NAME 39
+#define OID_PSEUDONYM 40
+#define OID_ROLE 41
+#define OID_SUBJECT_KEY_ID 44
+#define OID_KEY_USAGE 45
+#define OID_SUBJECT_ALT_NAME 47
+#define OID_BASIC_CONSTRAINTS 49
+#define OID_CRL_NUMBER 50
+#define OID_CRL_REASON_CODE 51
+#define OID_DELTA_CRL_INDICATOR 54
+#define OID_ISSUING_DIST_POINT 55
+#define OID_NAME_CONSTRAINTS 57
+#define OID_CRL_DISTRIBUTION_POINTS 58
+#define OID_CERTIFICATE_POLICIES 59
+#define OID_ANY_POLICY 60
+#define OID_POLICY_MAPPINGS 61
+#define OID_AUTHORITY_KEY_ID 62
+#define OID_POLICY_CONSTRAINTS 63
+#define OID_EXTENDED_KEY_USAGE 64
+#define OID_FRESHEST_CRL 66
+#define OID_INHIBIT_ANY_POLICY 67
+#define OID_TARGET_INFORMATION 68
+#define OID_NO_REV_AVAIL 69
+#define OID_CAMELLIA128_CBC 80
+#define OID_CAMELLIA192_CBC 81
+#define OID_CAMELLIA256_CBC 82
+#define OID_RSA_ENCRYPTION 95
+#define OID_MD2_WITH_RSA 96
+#define OID_MD5_WITH_RSA 97
+#define OID_SHA1_WITH_RSA 98
+#define OID_RSAES_OAEP 99
+#define OID_MGF1 100
+#define OID_RSASSA_PSS 102
+#define OID_SHA256_WITH_RSA 103
+#define OID_SHA384_WITH_RSA 104
+#define OID_SHA512_WITH_RSA 105
+#define OID_SHA224_WITH_RSA 106
+#define OID_PBE_MD5_DES_CBC 108
+#define OID_PBE_SHA1_DES_CBC 109
+#define OID_PBKDF2 110
+#define OID_PBES2 111
+#define OID_PKCS7_DATA 113
+#define OID_PKCS7_SIGNED_DATA 114
+#define OID_PKCS7_ENVELOPED_DATA 115
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 116
+#define OID_PKCS7_DIGESTED_DATA 117
+#define OID_PKCS7_ENCRYPTED_DATA 118
+#define OID_EMAIL_ADDRESS 120
+#define OID_UNSTRUCTURED_NAME 121
+#define OID_PKCS9_CONTENT_TYPE 122
+#define OID_PKCS9_MESSAGE_DIGEST 123
+#define OID_PKCS9_SIGNING_TIME 124
+#define OID_CHALLENGE_PASSWORD 126
+#define OID_UNSTRUCTURED_ADDRESS 127
+#define OID_EXTENSION_REQUEST 128
+#define OID_X509_CERTIFICATE 131
+#define OID_PBE_SHA1_RC4_128 135
+#define OID_PBE_SHA1_RC4_40 136
+#define OID_PBE_SHA1_3DES_CBC 137
+#define OID_PBE_SHA1_3DES_2KEY_CBC 138
+#define OID_PBE_SHA1_RC2_CBC_128 139
+#define OID_PBE_SHA1_RC2_CBC_40 140
+#define OID_P12_KEY_BAG 143
+#define OID_P12_PKCS8_KEY_BAG 144
+#define OID_P12_CERT_BAG 145
+#define OID_P12_CRL_BAG 146
+#define OID_MD2 150
+#define OID_MD5 151
+#define OID_3DES_EDE_CBC 153
+#define OID_EC_PUBLICKEY 157
+#define OID_C2PNB163V1 160
+#define OID_C2PNB163V2 161
+#define OID_C2PNB163V3 162
+#define OID_C2PNB176W1 163
+#define OID_C2PNB191V1 164
+#define OID_C2PNB191V2 165
+#define OID_C2PNB191V3 166
+#define OID_C2PNB191V4 167
+#define OID_C2PNB191V5 168
+#define OID_C2PNB208W1 169
+#define OID_C2PNB239V1 170
+#define OID_C2PNB239V2 171
+#define OID_C2PNB239V3 172
+#define OID_C2PNB239V4 173
+#define OID_C2PNB239V5 174
+#define OID_C2PNB272W1 175
+#define OID_C2PNB304W1 176
+#define OID_C2PNB359V1 177
+#define OID_C2PNB368W1 178
+#define OID_C2PNB431R1 179
+#define OID_PRIME192V1 181
+#define OID_PRIME192V2 182
+#define OID_PRIME192V3 183
+#define OID_PRIME239V1 184
+#define OID_PRIME239V2 185
+#define OID_PRIME239V3 186
+#define OID_PRIME256V1 187
+#define OID_ECDSA_WITH_SHA1 189
+#define OID_ECDSA_WITH_SHA224 191
+#define OID_ECDSA_WITH_SHA256 192
+#define OID_ECDSA_WITH_SHA384 193
+#define OID_ECDSA_WITH_SHA512 194
+#define OID_MS_SMARTCARD_LOGON 208
+#define OID_USER_PRINCIPAL_NAME 209
+#define OID_STRONGSWAN 215
+#define OID_BLISS_PUBLICKEY 220
+#define OID_BLISS_I 222
+#define OID_BLISS_II 223
+#define OID_BLISS_III 224
+#define OID_BLISS_IV 225
+#define OID_BLISS_B_I 226
+#define OID_BLISS_B_II 227
+#define OID_BLISS_B_III 228
+#define OID_BLISS_B_IV 229
+#define OID_BLISS_WITH_SHA2_512 231
+#define OID_BLISS_WITH_SHA2_384 232
+#define OID_BLISS_WITH_SHA2_256 233
+#define OID_BLISS_WITH_SHA3_512 234
+#define OID_BLISS_WITH_SHA3_384 235
+#define OID_BLISS_WITH_SHA3_256 236
+#define OID_TCGID 243
+#define OID_BLOWFISH_CBC 247
+#define OID_AUTHORITY_INFO_ACCESS 291
+#define OID_IP_ADDR_BLOCKS 293
+#define OID_POLICY_QUALIFIER_CPS 295
+#define OID_POLICY_QUALIFIER_UNOTICE 296
+#define OID_SERVER_AUTH 298
+#define OID_CLIENT_AUTH 299
+#define OID_OCSP_SIGNING 306
+#define OID_XMPP_ADDR 312
+#define OID_AUTHENTICATION_INFO 316
+#define OID_ACCESS_IDENTITY 317
+#define OID_CHARGING_IDENTITY 318
+#define OID_GROUP 319
+#define OID_OCSP 322
+#define OID_BASIC 323
+#define OID_NONCE 324
+#define OID_CRL 325
+#define OID_RESPONSE 326
+#define OID_NO_CHECK 327
+#define OID_ARCHIVE_CUTOFF 328
+#define OID_SERVICE_LOCATOR 329
+#define OID_CA_ISSUERS 330
+#define OID_IKE_INTERMEDIATE 335
+#define OID_DES_CBC 339
+#define OID_SHA1 340
+#define OID_SHA1_WITH_RSA_OIW 341
+#define OID_ECGDSA_PUBKEY 360
+#define OID_ECGDSA_SIG_WITH_RIPEMD160 363
+#define OID_ECGDSA_SIG_WITH_SHA1 364
+#define OID_ECGDSA_SIG_WITH_SHA224 365
+#define OID_ECGDSA_SIG_WITH_SHA256 366
+#define OID_ECGDSA_SIG_WITH_SHA384 367
+#define OID_ECGDSA_SIG_WITH_SHA512 368
+#define OID_ED25519 389
+#define OID_ED448 390
+#define OID_SECT163K1 394
+#define OID_SECT163R1 395
+#define OID_SECT239K1 396
+#define OID_SECT113R1 397
+#define OID_SECT113R2 398
+#define OID_SECT112R1 399
+#define OID_SECT112R2 400
+#define OID_SECT160R1 401
+#define OID_SECT160K1 402
+#define OID_SECT256K1 403
+#define OID_SECT163R2 404
+#define OID_SECT283K1 405
+#define OID_SECT283R1 406
+#define OID_SECT131R1 407
+#define OID_SECT131R2 408
+#define OID_SECT193R1 409
+#define OID_SECT193R2 410
+#define OID_SECT233K1 411
+#define OID_SECT233R1 412
+#define OID_SECT128R1 413
+#define OID_SECT128R2 414
+#define OID_SECT160R2 415
+#define OID_SECT192K1 416
+#define OID_SECT224K1 417
+#define OID_SECT224R1 418
+#define OID_SECT384R1 419
+#define OID_SECT521R1 420
+#define OID_SECT409K1 421
+#define OID_SECT409R1 422
+#define OID_SECT571K1 423
+#define OID_SECT571R1 424
+#define OID_AES128_CBC 433
+#define OID_AES128_GCM 434
+#define OID_AES128_CCM 435
+#define OID_AES192_CBC 436
+#define OID_AES192_GCM 437
+#define OID_AES192_CCM 438
+#define OID_AES256_CBC 439
+#define OID_AES256_GCM 440
+#define OID_AES256_CCM 441
+#define OID_SHA256 443
+#define OID_SHA384 444
+#define OID_SHA512 445
+#define OID_SHA224 446
+#define OID_SHA3_224 449
+#define OID_SHA3_256 450
+#define OID_SHA3_384 451
+#define OID_SHA3_512 452
+#define OID_ECDSA_WITH_SHA3_224 456
+#define OID_ECDSA_WITH_SHA3_256 457
+#define OID_ECDSA_WITH_SHA3_384 458
+#define OID_ECDSA_WITH_SHA3_512 459
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_224 460
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_256 461
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_384 462
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_512 463
+#define OID_NS_REVOCATION_URL 469
+#define OID_NS_CA_REVOCATION_URL 470
+#define OID_NS_CA_POLICY_URL 471
+#define OID_NS_COMMENT 472
+#define OID_EMPLOYEE_NUMBER 475
+#define OID_PKI_MESSAGE_TYPE 481
+#define OID_PKI_STATUS 482
+#define OID_PKI_FAIL_INFO 483
+#define OID_PKI_SENDER_NONCE 484
+#define OID_PKI_RECIPIENT_NONCE 485
+#define OID_PKI_TRANS_ID 486
+#define OID_TPM_MANUFACTURER 492
+#define OID_TPM_MODEL 493
+#define OID_TPM_VERSION 494
+#define OID_TPM_ID_LABEL 495
-#define OID_MAX 492
+#define OID_MAX 496
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index a0c2aada3..9583baa5e 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -24,10 +24,13 @@
0x06 "C" OID_COUNTRY
0x07 "L" OID_LOCALITY
0x08 "ST" OID_STATE_OR_PROVINCE
+ 0x09 "STREET" OID_STREET_ADDRESS
0x0A "O" OID_ORGANIZATION
0x0B "OU" OID_ORGANIZATION_UNIT
0x0C "T" OID_TITLE
0x0D "D" OID_DESCRIPTION
+ 0x10 "postalAddress" OID_POSTAL_ADDRESS
+ 0x11 "postalCode" OID_POSTAL_CODE
0x24 "userCertificate" OID_USER_CERTIFICATE
0x29 "N" OID_NAME
0x2A "G" OID_GIVEN_NAME
@@ -95,8 +98,9 @@
0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA
0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA
0x07 "id-RSAES-OAEP" OID_RSAES_OAEP
- 0x08 "id-mgf1"
+ 0x08 "id-mgf1" OID_MGF1
0x09 "id-pSpecified"
+ 0x0A "RSASSA-PSS" OID_RSASSA_PSS
0x0B "sha256WithRSAEncryption" OID_SHA256_WITH_RSA
0x0C "sha384WithRSAEncryption" OID_SHA384_WITH_RSA
0x0D "sha512WithRSAEncryption" OID_SHA512_WITH_RSA
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 07da596e4..d1be7b401 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2016 Tobias Brunner
+ * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
@@ -216,8 +216,6 @@ static void init_entry(entry_t *this, auth_rule_t type, va_list args)
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
- case AUTH_RULE_SIGNATURE_SCHEME:
- case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
/* integer type */
this->value = (void*)(uintptr_t)va_arg(args, u_int);
@@ -232,6 +230,8 @@ static void init_entry(entry_t *this, auth_rule_t type, va_list args)
case AUTH_RULE_IM_CERT:
case AUTH_RULE_SUBJECT_CERT:
case AUTH_RULE_CERT_POLICY:
+ case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_HELPER_IM_CERT:
case AUTH_HELPER_SUBJECT_CERT:
case AUTH_HELPER_IM_HASH_URL:
@@ -267,8 +267,6 @@ static bool entry_equals(entry_t *e1, entry_t *e2)
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
- case AUTH_RULE_SIGNATURE_SCHEME:
- case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
{
return e1->value == e2->value;
@@ -301,6 +299,11 @@ static bool entry_equals(entry_t *e1, entry_t *e2)
return id1->equals(id1, id2);
}
+ case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ {
+ return signature_params_equal(e1->value, e2->value);
+ }
case AUTH_RULE_CERT_POLICY:
case AUTH_RULE_XAUTH_BACKEND:
case AUTH_HELPER_IM_HASH_URL:
@@ -351,6 +354,12 @@ static void destroy_entry_value(entry_t *entry)
free(entry->value);
break;
}
+ case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ {
+ signature_params_destroy(entry->value);
+ break;
+ }
case AUTH_RULE_IDENTITY_LOOSE:
case AUTH_RULE_AUTH_CLASS:
case AUTH_RULE_EAP_TYPE:
@@ -360,8 +369,6 @@ static void destroy_entry_value(entry_t *entry)
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
- case AUTH_RULE_SIGNATURE_SCHEME:
- case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
case AUTH_RULE_MAX:
break;
@@ -394,8 +401,6 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
- case AUTH_RULE_SIGNATURE_SCHEME:
- case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
/* integer type */
entry->value = (void*)(uintptr_t)va_arg(args, u_int);
@@ -410,6 +415,8 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
case AUTH_RULE_IM_CERT:
case AUTH_RULE_SUBJECT_CERT:
case AUTH_RULE_CERT_POLICY:
+ case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_HELPER_IM_CERT:
case AUTH_HELPER_SUBJECT_CERT:
case AUTH_HELPER_IM_HASH_URL:
@@ -472,9 +479,6 @@ METHOD(auth_cfg_t, get, void*,
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
return (void*)0;
- case AUTH_RULE_SIGNATURE_SCHEME:
- case AUTH_RULE_IKE_SIGNATURE_SCHEME:
- return (void*)HASH_UNKNOWN;
case AUTH_RULE_CRL_VALIDATION:
case AUTH_RULE_OCSP_VALIDATION:
return (void*)VALIDATION_FAILED;
@@ -491,6 +495,8 @@ METHOD(auth_cfg_t, get, void*,
case AUTH_RULE_IM_CERT:
case AUTH_RULE_SUBJECT_CERT:
case AUTH_RULE_CERT_POLICY:
+ case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_HELPER_IM_CERT:
case AUTH_HELPER_SUBJECT_CERT:
case AUTH_HELPER_IM_HASH_URL:
@@ -526,18 +532,46 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
}
}
+/**
+ * Create a constraint for RSA/PSS signatures
+ */
+static signature_params_t *create_rsa_pss_constraint(char *token)
+{
+ signature_params_t *params = NULL;
+ hash_algorithm_t hash;
+
+ if (enum_from_name(hash_algorithm_short_names, token, &hash))
+ {
+ rsa_pss_params_t pss = {
+ .hash = hash,
+ .mgf1_hash = hash,
+ .salt_len = RSA_PSS_SALT_LEN_DEFAULT,
+ };
+ signature_params_t pss_params = {
+ .scheme = SIGN_RSA_EMSA_PSS,
+ .params = &pss,
+ };
+ params = signature_params_clone(&pss_params);
+ }
+ return params;
+}
+
METHOD(auth_cfg_t, add_pubkey_constraints, void,
private_auth_cfg_t *this, char* constraints, bool ike)
{
enumerator_t *enumerator;
- bool is_ike = FALSE, ike_added = FALSE;
+ bool ike_added = FALSE, rsa_pss;
key_type_t expected_type = -1;
auth_rule_t expected_strength = AUTH_RULE_MAX;
+ signature_params_t *params;
int strength;
- char *token;
+ char *token, *key_token = NULL;
auth_rule_t type;
void *value;
+ rsa_pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+ lib->ns);
+
enumerator = enumerator_create_token(constraints, "-", "");
while (enumerator->enumerate(enumerator, &token))
{
@@ -583,67 +617,117 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
}
if (streq(token, "rsa") || streq(token, "ike:rsa"))
{
+ key_token = token;
+ expected_type = KEY_RSA;
+ expected_strength = AUTH_RULE_RSA_STRENGTH;
+ continue;
+ }
+ if (streq(token, "rsa/pss") || streq(token, "ike:rsa/pss"))
+ {
+ key_token = token;
expected_type = KEY_RSA;
expected_strength = AUTH_RULE_RSA_STRENGTH;
- is_ike = strpfx(token, "ike:");
continue;
}
if (streq(token, "ecdsa") || streq(token, "ike:ecdsa"))
{
+ key_token = token;
expected_type = KEY_ECDSA;
expected_strength = AUTH_RULE_ECDSA_STRENGTH;
- is_ike = strpfx(token, "ike:");
continue;
}
if (streq(token, "ed25519") || streq(token, "ike:ed25519"))
{
+ key_token = token;
expected_type = KEY_ED25519;
- is_ike = strpfx(token, "ike:");
continue;
}
if (streq(token, "ed448") || streq(token, "ike:ed448"))
{
+ key_token = token;
expected_type = KEY_ED448;
- is_ike = strpfx(token, "ike:");
continue;
}
if (streq(token, "bliss") || streq(token, "ike:bliss"))
{
+ key_token = token;
expected_type = KEY_BLISS;
expected_strength = AUTH_RULE_BLISS_STRENGTH;
- is_ike = strpfx(token, "ike:");
continue;
}
if (streq(token, "pubkey") || streq(token, "ike:pubkey"))
{
+ key_token = token;
expected_type = KEY_ANY;
- is_ike = strpfx(token, "ike:");
continue;
}
- if (is_ike && !ike)
+ if (key_token && strpfx(key_token, "ike:") && !ike)
{
continue;
}
- for (i = 0; i < countof(schemes); i++)
+ if (key_token && streq(key_token + strlen(key_token) - 3, "pss"))
+ {
+ params = create_rsa_pss_constraint(token);
+ if (params)
+ {
+ if (strpfx(key_token, "ike:"))
+ {
+ add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params);
+ ike_added = TRUE;
+ }
+ else
+ {
+ add(this, AUTH_RULE_SIGNATURE_SCHEME, params);
+ }
+ found = TRUE;
+ }
+ }
+ else
{
- if (streq(schemes[i].name, token))
+ if (rsa_pss)
{
- if (expected_type == KEY_ANY || expected_type == schemes[i].key)
+ if (expected_type == KEY_ANY ||
+ expected_type == KEY_RSA)
{
- if (is_ike)
+ params = create_rsa_pss_constraint(token);
+ if (params)
{
- add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME,
- (uintptr_t)schemes[i].scheme);
- ike_added = TRUE;
+ if (strpfx(key_token, "ike:"))
+ {
+ add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params);
+ ike_added = TRUE;
+ }
+ else
+ {
+ add(this, AUTH_RULE_SIGNATURE_SCHEME, params);
+ }
+ found = TRUE;
}
- else
+ }
+ }
+ for (i = 0; i < countof(schemes); i++)
+ {
+ if (streq(schemes[i].name, token))
+ {
+ if (expected_type == KEY_ANY ||
+ expected_type == schemes[i].key)
{
- add(this, AUTH_RULE_SIGNATURE_SCHEME,
- (uintptr_t)schemes[i].scheme);
+ INIT(params,
+ .scheme = schemes[i].scheme,
+ );
+ if (strpfx(key_token, "ike:"))
+ {
+ add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params);
+ ike_added = TRUE;
+ }
+ else
+ {
+ add(this, AUTH_RULE_SIGNATURE_SCHEME, params);
+ }
}
+ found = TRUE;
}
- found = TRUE;
}
}
if (!found)
@@ -666,7 +750,7 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
if (type == AUTH_RULE_SIGNATURE_SCHEME)
{
add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME,
- (uintptr_t)value);
+ signature_params_clone(value));
}
}
enumerator->destroy(enumerator);
@@ -681,20 +765,20 @@ static bool complies_scheme(private_auth_cfg_t *this, auth_cfg_t *constraints,
{
enumerator_t *e1, *e2;
auth_rule_t t1, t2;
- signature_scheme_t scheme;
- void *value;
+ signature_params_t *params, *constraint;
bool success = TRUE;
e2 = create_enumerator(this);
- while (e2->enumerate(e2, &t2, &scheme))
+ while (e2->enumerate(e2, &t2, &params))
{
if (t2 == type)
{
success = FALSE;
e1 = constraints->create_enumerator(constraints);
- while (e1->enumerate(e1, &t1, &value))
+ while (e1->enumerate(e1, &t1, &constraint))
{
- if (t1 == type && (uintptr_t)value == scheme)
+ if (t1 == type &&
+ signature_params_comply(constraint, params))
{
success = TRUE;
break;
@@ -707,7 +791,7 @@ static bool complies_scheme(private_auth_cfg_t *this, auth_cfg_t *constraints,
{
DBG1(DBG_CFG, "%s signature scheme %N not acceptable",
AUTH_RULE_SIGNATURE_SCHEME == type ? "X.509" : "IKE",
- signature_scheme_names, (int)scheme);
+ signature_scheme_names, params->scheme);
}
break;
}
@@ -725,7 +809,7 @@ METHOD(auth_cfg_t, complies, bool,
bool ca_match = FALSE, cert_match = FALSE;
identification_t *require_group = NULL;
certificate_t *require_ca = NULL, *require_cert = NULL;
- signature_scheme_t ike_scheme = SIGN_UNKNOWN, scheme = SIGN_UNKNOWN;
+ signature_params_t *ike_scheme = NULL, *scheme = NULL;
u_int strength = 0;
auth_rule_t t1, t2;
char *key_type;
@@ -928,12 +1012,12 @@ METHOD(auth_cfg_t, complies, bool,
}
case AUTH_RULE_IKE_SIGNATURE_SCHEME:
{
- ike_scheme = (uintptr_t)value;
+ ike_scheme = value;
break;
}
case AUTH_RULE_SIGNATURE_SCHEME:
{
- scheme = (uintptr_t)value;
+ scheme = value;
break;
}
case AUTH_RULE_CERT_POLICY:
@@ -983,12 +1067,12 @@ METHOD(auth_cfg_t, complies, bool,
/* Check if we have a matching constraint (or none at all) for used
* signature schemes. */
- if (success && scheme != SIGN_UNKNOWN)
+ if (success && scheme)
{
success = complies_scheme(this, constraints,
AUTH_RULE_SIGNATURE_SCHEME, log_error);
}
- if (success && ike_scheme != SIGN_UNKNOWN)
+ if (success && ike_scheme)
{
success = complies_scheme(this, constraints,
AUTH_RULE_IKE_SIGNATURE_SCHEME, log_error);
@@ -1114,8 +1198,6 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
- case AUTH_RULE_SIGNATURE_SCHEME:
- case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
{
add(this, type, (uintptr_t)value);
@@ -1132,6 +1214,12 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
add(this, type, id->clone(id));
break;
}
+ case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ {
+ add(this, type, signature_params_clone(value));
+ break;
+ }
case AUTH_RULE_XAUTH_BACKEND:
case AUTH_RULE_CERT_POLICY:
case AUTH_HELPER_IM_HASH_URL:
@@ -1286,11 +1374,15 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*,
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
- case AUTH_RULE_SIGNATURE_SCHEME:
- case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
clone->add(clone, type, (uintptr_t)value);
break;
+ case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ {
+ clone->add(clone, type, signature_params_clone(value));
+ break;
+ }
case AUTH_RULE_MAX:
break;
}
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index 7191dc1bc..2eb448546 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -106,9 +106,9 @@ enum auth_rule_t {
AUTH_RULE_ECDSA_STRENGTH,
/** required BLISS public key strength, u_int in bits */
AUTH_RULE_BLISS_STRENGTH,
- /** required signature scheme, signature_scheme_t */
+ /** required signature scheme, signature_params_t* */
AUTH_RULE_SIGNATURE_SCHEME,
- /** required signature scheme for IKE authentication, signature_scheme_t */
+ /** required signature scheme for IKE authentication, signature_params_t* */
AUTH_RULE_IKE_SIGNATURE_SCHEME,
/** certificatePolicy constraint, numerical OID as char* */
AUTH_RULE_CERT_POLICY,
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index baa17c47d..0239ee17e 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -37,6 +37,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_NOT_BEFORE_TIME",
"BUILD_NOT_AFTER_TIME",
"BUILD_SERIAL",
+ "BUILD_SIGNATURE_SCHEME",
"BUILD_DIGEST_ALG",
"BUILD_ENCRYPTION_ALG",
"BUILD_AC_GROUP_STRINGS",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 1c6f5001b..7928ef487 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -56,7 +56,7 @@ enum builder_part_t {
BUILD_BLOB_PEM,
/** OpenPGP key blob, chunk_t */
BUILD_BLOB_PGP,
- /** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */
+ /** DNS public key blob (RFC 4034, RSA specific RFC 3110), chunk_t */
BUILD_BLOB_DNSKEY,
/** SSH public key blob (RFC 4253), chunk_t */
BUILD_BLOB_SSHKEY,
@@ -84,6 +84,8 @@ enum builder_part_t {
BUILD_NOT_AFTER_TIME,
/** a serial number in binary form, chunk_t */
BUILD_SERIAL,
+ /** signature scheme and parameters for signature, signature_params_t* */
+ BUILD_SIGNATURE_SCHEME,
/** digest algorithm to be used for signature, hash_algorithm_t */
BUILD_DIGEST_ALG,
/** encryption algorithm to use, encryption_algorithm_t */
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index d59126bd5..6dc5c7694 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -25,9 +25,9 @@ typedef struct certificate_t certificate_t;
typedef enum certificate_type_t certificate_type_t;
typedef enum cert_validation_t cert_validation_t;
-#include <library.h>
#include <utils/identification.h>
#include <credentials/keys/public_key.h>
+#include <credentials/keys/signature_params.h>
#include <credentials/cred_encoding.h>
/**
@@ -139,11 +139,12 @@ struct certificate_t {
* Check if this certificate is issued and signed by a specific issuer.
*
* @param issuer issuer's certificate
- * @param scheme receives signature scheme used during verification
+ * @param scheme receives used signature scheme and parameters, if
+ * given (allocated)
* @return TRUE if certificate issued by issuer and trusted
*/
bool (*issued_by)(certificate_t *this, certificate_t *issuer,
- signature_scheme_t *scheme);
+ signature_params_t **scheme);
/**
* Get the public key associated to this certificate.
diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c
index 5eefa0bb4..d39ba1997 100644
--- a/src/libstrongswan/credentials/certificates/x509.c
+++ b/src/libstrongswan/credentials/certificates/x509.c
@@ -25,3 +25,12 @@ ENUM_NEXT(x509_flag_names, X509_ANY, X509_ANY, X509_OCSP_SIGNER,
"ANY");
ENUM_END(x509_flag_names, X509_ANY);
+/*
+ * Described in header
+ */
+void x509_cdp_destroy(x509_cdp_t *this)
+{
+ free(this->uri);
+ DESTROY_IF(this->issuer);
+ free(this);
+}
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 601c034ef..2c640e2da 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -210,8 +210,11 @@ struct x509_t {
* @return enumerator over x509_policy_mapping
*/
enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this);
-
-
};
+/**
+ * Destroy an x509_cdp_t instance.
+ */
+void x509_cdp_destroy(x509_cdp_t *this);
+
#endif /** X509_H_ @}*/
diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c
index 9e7815d04..8cc6a6c63 100644
--- a/src/libstrongswan/credentials/containers/pkcs12.c
+++ b/src/libstrongswan/credentials/containers/pkcs12.c
@@ -15,6 +15,7 @@
#include "pkcs12.h"
+#include <library.h>
#include <utils/debug.h>
/**
diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h
index 0b6536430..1129357ba 100644
--- a/src/libstrongswan/credentials/cred_encoding.h
+++ b/src/libstrongswan/credentials/cred_encoding.h
@@ -25,7 +25,7 @@ typedef struct cred_encoding_t cred_encoding_t;
typedef enum cred_encoding_type_t cred_encoding_type_t;
typedef enum cred_encoding_part_t cred_encoding_part_t;
-#include <library.h>
+#include <utils/chunk.h>
/**
* Credential encoder function implementing encoding/fingerprinting.
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 9be7407ef..21b23f543 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -488,7 +488,7 @@ METHOD(credential_manager_t, remove_local_set, void,
METHOD(credential_manager_t, issued_by, bool,
private_credential_manager_t *this, certificate_t *subject,
- certificate_t *issuer, signature_scheme_t *scheme)
+ certificate_t *issuer, signature_params_t **scheme)
{
if (this->cache)
{
@@ -661,7 +661,7 @@ static certificate_t *get_pretrusted_cert(private_credential_manager_t *this,
*/
static certificate_t *get_issuer_cert(private_credential_manager_t *this,
certificate_t *subject, bool trusted,
- signature_scheme_t *scheme)
+ signature_params_t **scheme)
{
enumerator_t *enumerator;
certificate_t *issuer = NULL, *candidate;
@@ -723,7 +723,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
{
certificate_t *current, *issuer;
auth_cfg_t *auth;
- signature_scheme_t scheme;
+ signature_params_t *scheme;
int pathlen;
auth = auth_cfg_create();
diff --git a/src/libstrongswan/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h
index 022ca566c..d99f29b85 100644
--- a/src/libstrongswan/credentials/credential_manager.h
+++ b/src/libstrongswan/credentials/credential_manager.h
@@ -241,12 +241,13 @@ struct credential_manager_t {
*
* @param subject subject certificate to check
* @param issuer issuer certificate that potentially has signed subject
- * @param scheme receives used signature scheme, if given
+ * @param scheme receives used signature scheme and parameters, if
+ * given (allocated)
* @return TRUE if issuer signed subject
*/
bool (*issued_by)(credential_manager_t *this,
certificate_t *subject, certificate_t *issuer,
- signature_scheme_t *scheme);
+ signature_params_t **scheme);
/**
* Register a credential set to the manager.
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index b9f7dad55..d7cfdd74d 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -42,11 +43,12 @@ struct private_key_t {
* Create a signature over a chunk of data.
*
* @param scheme signature scheme to use
+ * @param params optional parameters required by the specified scheme
* @param data chunk of data to sign
* @param signature where to allocate created signature
* @return TRUE if signature created
*/
- bool (*sign)(private_key_t *this, signature_scheme_t scheme,
+ bool (*sign)(private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature);
/**
* Decrypt a chunk of data.
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 87f7e6664..89fa9b348 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2015 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
+ * Copyright (C) 2015-2017 Tobias Brunner
* Copyright (C) 2014-2016 Andreas Steffen
+ * Copyright (C) 2007 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -18,6 +18,7 @@
#include <asn1/oid.h>
#include "public_key.h"
+#include "signature_params.h"
ENUM(key_type_names, KEY_ANY, KEY_BLISS,
"ANY",
@@ -42,6 +43,7 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
"RSA_EMSA_PKCS1_SHA3_256",
"RSA_EMSA_PKCS1_SHA3_384",
"RSA_EMSA_PKCS1_SHA3_512",
+ "RSA_EMSA_PSS",
"ECDSA_WITH_SHA1_DER",
"ECDSA_WITH_SHA256_DER",
"ECDSA_WITH_SHA384_DER",
@@ -146,6 +148,8 @@ signature_scheme_t signature_scheme_from_oid(int oid)
return SIGN_RSA_EMSA_PKCS1_SHA3_384;
case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
return SIGN_RSA_EMSA_PKCS1_SHA3_512;
+ case OID_RSASSA_PSS:
+ return SIGN_RSA_EMSA_PSS;
case OID_ECDSA_WITH_SHA1:
case OID_EC_PUBLICKEY:
return SIGN_ECDSA_WITH_SHA1_DER;
@@ -210,6 +214,8 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
case SIGN_RSA_EMSA_PKCS1_SHA3_512:
return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+ case SIGN_RSA_EMSA_PSS:
+ return OID_RSASSA_PSS;
case SIGN_ECDSA_WITH_SHA1_DER:
return OID_ECDSA_WITH_SHA1;
case SIGN_ECDSA_WITH_SHA256_DER:
@@ -239,26 +245,42 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
}
/**
+ * Parameters for RSA/PSS signature schemes
+ */
+#define PSS_PARAMS(bits) static rsa_pss_params_t pss_params_sha##bits = { \
+ .hash = HASH_SHA##bits, \
+ .mgf1_hash = HASH_SHA##bits, \
+ .salt_len = RSA_PSS_SALT_LEN_DEFAULT, \
+}
+
+PSS_PARAMS(256);
+PSS_PARAMS(384);
+PSS_PARAMS(512);
+
+/**
* Map for signature schemes to the key type and maximum key size allowed.
* We only cover schemes with hash algorithms supported by IKEv2 signature
* authentication.
*/
static struct {
- signature_scheme_t scheme;
key_type_t type;
int max_keysize;
+ signature_params_t params;
} scheme_map[] = {
- { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
- { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
- { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
- { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
- { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
- { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
- { SIGN_ED25519, KEY_ED25519, 0 },
- { SIGN_ED448, KEY_ED448, 0 },
- { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
- { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
- { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
+ { KEY_RSA, 3072, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha256, }},
+ { KEY_RSA, 7680, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha384, }},
+ { KEY_RSA, 0, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha512, }},
+ { KEY_RSA, 3072, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256 }},
+ { KEY_RSA, 7680, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384 }},
+ { KEY_RSA, 0, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512 }},
+ { KEY_ECDSA, 256, { .scheme = SIGN_ECDSA_WITH_SHA256_DER }},
+ { KEY_ECDSA, 384, { .scheme = SIGN_ECDSA_WITH_SHA384_DER }},
+ { KEY_ECDSA, 0, { .scheme = SIGN_ECDSA_WITH_SHA512_DER }},
+ { KEY_ED25519, 0, { .scheme = SIGN_ED25519 }},
+ { KEY_ED448, 0, { .scheme = SIGN_ED448 }},
+ { KEY_BLISS, 128, { .scheme = SIGN_BLISS_WITH_SHA2_256 }},
+ { KEY_BLISS, 192, { .scheme = SIGN_BLISS_WITH_SHA2_384 }},
+ { KEY_BLISS, 0, { .scheme = SIGN_BLISS_WITH_SHA2_512 }},
};
/**
@@ -274,9 +296,9 @@ typedef struct {
METHOD(enumerator_t, signature_schemes_enumerate, bool,
private_enumerator_t *this, va_list args)
{
- signature_scheme_t *scheme;
+ signature_params_t **params;
- VA_ARGS_VGET(args, scheme);
+ VA_ARGS_VGET(args, params);
while (++this->index < countof(scheme_map))
{
@@ -284,7 +306,7 @@ METHOD(enumerator_t, signature_schemes_enumerate, bool,
(this->size <= scheme_map[this->index].max_keysize ||
!scheme_map[this->index].max_keysize))
{
- *scheme = scheme_map[this->index].scheme;
+ *params = &scheme_map[this->index].params;
return TRUE;
}
}
@@ -332,6 +354,7 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
case SIGN_RSA_EMSA_PKCS1_SHA3_256:
case SIGN_RSA_EMSA_PKCS1_SHA3_384:
case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+ case SIGN_RSA_EMSA_PSS:
return KEY_RSA;
case SIGN_ECDSA_WITH_SHA1_DER:
case SIGN_ECDSA_WITH_SHA256_DER:
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 06c1aa488..877ed20a2 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2015 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
+ * Copyright (C) 2015-2017 Tobias Brunner
* Copyright (C) 2014-2017 Andreas Steffen
+ * Copyright (C) 2007 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@ typedef enum key_type_t key_type_t;
typedef enum signature_scheme_t signature_scheme_t;
typedef enum encryption_scheme_t encryption_scheme_t;
-#include <library.h>
#include <utils/identification.h>
#include <credentials/cred_encoding.h>
@@ -89,6 +88,8 @@ enum signature_scheme_t {
SIGN_RSA_EMSA_PKCS1_SHA3_384,
/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
SIGN_RSA_EMSA_PKCS1_SHA3_512,
+ /** EMSA-PSS signature as in PKCS#1 using RSA */
+ SIGN_RSA_EMSA_PSS,
/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
SIGN_ECDSA_WITH_SHA1_DER,
/** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
@@ -168,12 +169,13 @@ struct public_key_t {
/**
* Verifies a signature against a chunk of data.
*
- * @param scheme signature scheme to use for verification, may be default
+ * @param scheme signature scheme to use for verification
+ * @param params optional parameters required by the specified scheme
* @param data data to check signature against
* @param signature signature to check
* @return TRUE if signature matches
*/
- bool (*verify)(public_key_t *this, signature_scheme_t scheme,
+ bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature);
/**
@@ -279,11 +281,11 @@ int signature_scheme_to_oid(signature_scheme_t scheme);
/**
* Enumerate signature schemes that are appropriate for a key of the given type
- * and size|strength.
+ * and size|strength ordered by increasing strength.
*
* @param type type of the key
* @param size size or strength of the key
- * @return enumerator over signature_scheme_t (increasing strength)
+ * @return enumerator over signature_params_t* (by strength)
*/
enumerator_t *signature_schemes_for_key(key_type_t type, int size);
diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
new file mode 100644
index 000000000..6b4d22e7b
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "signature_params.h"
+
+#include <asn1/oid.h>
+#include <asn1/asn1_parser.h>
+
+/**
+ * Determine the salt length in case it is not configured
+ */
+static ssize_t rsa_pss_salt_length(rsa_pss_params_t *pss)
+{
+ ssize_t salt_len = pss->salt_len;
+
+ if (salt_len <= RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ salt_len = hasher_hash_size(pss->hash);
+ if (!salt_len)
+ {
+ return -1;
+ }
+ }
+ return salt_len;
+}
+
+/**
+ * Compare two signature schemes and their parameters
+ */
+static bool compare_params(signature_params_t *a, signature_params_t *b,
+ bool strict)
+{
+ if (!a && !b)
+ {
+ return TRUE;
+ }
+ if (!a || !b)
+ {
+ return FALSE;
+ }
+ if (a->scheme != b->scheme)
+ {
+ return FALSE;
+ }
+ if (!a->params && !b->params)
+ {
+ return TRUE;
+ }
+ if (a->params && b->params)
+ {
+ switch (a->scheme)
+ {
+ case SIGN_RSA_EMSA_PSS:
+ {
+ rsa_pss_params_t *pss_a = a->params, *pss_b = b->params;
+
+ return pss_a->hash == pss_b->hash &&
+ pss_a->mgf1_hash == pss_b->mgf1_hash &&
+ (!strict ||
+ rsa_pss_salt_length(pss_a) == rsa_pss_salt_length(pss_b));
+ }
+ default:
+ break;
+ }
+ }
+ return FALSE;
+}
+
+/*
+ * Described in header
+ */
+bool signature_params_equal(signature_params_t *a, signature_params_t *b)
+{
+ return compare_params(a, b, TRUE);
+}
+
+/*
+ * Described in header
+ */
+bool signature_params_comply(signature_params_t *c, signature_params_t *s)
+{ /* the salt is variable, so it does not necessarily have to be the same */
+ return compare_params(c, s, FALSE);
+}
+
+/*
+ * Described in header
+ */
+signature_params_t *signature_params_clone(signature_params_t *this)
+{
+ signature_params_t *clone;
+
+ if (!this)
+ {
+ return NULL;
+ }
+
+ INIT(clone,
+ .scheme = this->scheme,
+ );
+ if (this->params)
+ {
+ switch (this->scheme)
+ {
+ case SIGN_RSA_EMSA_PSS:
+ {
+ rsa_pss_params_t *pss, *pss_clone;
+
+ pss = this->params;
+ INIT(pss_clone,
+ .hash = pss->hash,
+ .mgf1_hash = pss->mgf1_hash,
+ .salt_len = pss->salt_len,
+ /* ignore salt as only used for unit tests */
+ );
+ clone->params = pss_clone;
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ return clone;
+}
+
+/*
+ * Described in header
+ */
+void signature_params_destroy(signature_params_t *this)
+{
+ if (this)
+ {
+ free(this->params);
+ free(this);
+ }
+}
+
+/*
+ * Described in header
+ */
+void signature_params_clear(signature_params_t *this)
+{
+ if (this)
+ {
+ free(this->params);
+ this->params = NULL;
+ this->scheme = SIGN_UNKNOWN;
+ }
+}
+
+/*
+ * Described in header
+ */
+bool signature_params_parse(chunk_t asn1, int level0,
+ signature_params_t *params)
+{
+ chunk_t parameters = chunk_empty;
+ int oid;
+
+ oid = asn1_parse_algorithmIdentifier(asn1, level0, &parameters);
+ params->scheme = signature_scheme_from_oid(oid);
+ switch (params->scheme)
+ {
+ case SIGN_UNKNOWN:
+ return FALSE;
+ case SIGN_RSA_EMSA_PSS:
+ {
+ rsa_pss_params_t *pss = malloc_thing(rsa_pss_params_t);
+
+ if (!rsa_pss_params_parse(parameters, level0+1, pss))
+ {
+ DBG1(DBG_IKE, "failed parsing RSASSA-PSS parameters");
+ free(pss);
+ return FALSE;
+ }
+ params->params = pss;
+ break;
+ }
+ default:
+ params->params = NULL;
+ break;
+ }
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool signature_params_build(signature_params_t *params, chunk_t *asn1)
+{
+ chunk_t parameters = chunk_empty;
+ int oid;
+
+ oid = signature_scheme_to_oid(params->scheme);
+ if (oid == OID_UNKNOWN)
+ {
+ return FALSE;
+ }
+ if (params->scheme == SIGN_RSA_EMSA_PSS &&
+ !rsa_pss_params_build(params->params, &parameters))
+ {
+ return FALSE;
+ }
+ if (parameters.len)
+ {
+ *asn1 = asn1_algorithmIdentifier_params(oid, parameters);
+ }
+ else
+ {
+ *asn1 = asn1_algorithmIdentifier(oid);
+ }
+ return TRUE;
+}
+
+/**
+ * ASN.1 definition of RSASSA-PSS-params
+ */
+static const asn1Object_t RSASSAPSSParamsObjects[] = {
+ { 0, "RSASSA-PSS-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "DEFAULT SHA-1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 1 */
+ { 2, "hashAlgorithm", ASN1_EOC, ASN1_RAW }, /* 2 */
+ { 1, "DEFAULT MGF1SHA1", ASN1_CONTEXT_C_1, ASN1_DEF }, /* 3 */
+ { 2, "maskGenAlgorithm",ASN1_EOC, ASN1_RAW }, /* 4 */
+ { 1, "DEFAULT 20", ASN1_CONTEXT_C_2, ASN1_DEF }, /* 5 */
+ { 2, "saltLength", ASN1_INTEGER, ASN1_BODY }, /* 6 */
+ { 1, "DEFAULT 1", ASN1_CONTEXT_C_3, ASN1_DEF }, /* 7 */
+ { 2, "trailerField", ASN1_INTEGER, ASN1_BODY }, /* 8 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define RSASSA_PSS_PARAMS_HASH_ALG 2
+#define RSASSA_PSS_PARAMS_MGF_ALG 4
+#define RSASSA_PSS_PARAMS_SALT_LEN 6
+#define RSASSA_PSS_PARAMS_TRAILER 8
+
+/*
+ * Described in header
+ */
+bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID, alg;
+ bool success = FALSE;
+
+ params->hash = HASH_SHA1;
+ params->mgf1_hash = HASH_SHA1;
+ params->salt_len = HASH_SIZE_SHA1;
+
+ parser = asn1_parser_create(RSASSAPSSParamsObjects, asn1);
+ parser->set_top_level(parser, level0);
+
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ u_int level = parser->get_level(parser)+1;
+
+ switch (objectID)
+ {
+ case RSASSA_PSS_PARAMS_HASH_ALG:
+ if (object.len)
+ {
+ alg = asn1_parse_algorithmIdentifier(object, level, NULL);
+ params->hash = hasher_algorithm_from_oid(alg);
+ if (params->hash == HASH_UNKNOWN)
+ {
+ goto end;
+ }
+ }
+ break;
+ case RSASSA_PSS_PARAMS_MGF_ALG:
+ if (object.len)
+ {
+ chunk_t hash;
+
+ alg = asn1_parse_algorithmIdentifier(object, level, &hash);
+ if (alg != OID_MGF1)
+ {
+ goto end;
+ }
+ alg = asn1_parse_algorithmIdentifier(hash, level+1, NULL);
+ params->mgf1_hash = hasher_algorithm_from_oid(alg);
+ if (params->mgf1_hash == HASH_UNKNOWN)
+ {
+ goto end;
+ }
+ }
+ break;
+ case RSASSA_PSS_PARAMS_SALT_LEN:
+ if (object.len)
+ {
+ params->salt_len = (size_t)asn1_parse_integer_uint64(object);
+ }
+ break;
+ case RSASSA_PSS_PARAMS_TRAILER:
+ if (object.len && (object.len != 1 || *object.ptr != 1))
+ {
+ goto end;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ success = parser->success(parser);
+
+end:
+ parser->destroy(parser);
+ return success;
+}
+
+/*
+ * Described in header
+ */
+bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1)
+{
+ chunk_t hash = chunk_empty, mgf = chunk_empty, slen = chunk_empty;
+ ssize_t salt_len;
+ int alg;
+
+ if (params->hash != HASH_SHA1)
+ { /* with SHA-1 we MUST omit the field */
+ alg = hasher_algorithm_to_oid(params->hash);
+ if (alg == OID_UNKNOWN)
+ {
+ return FALSE;
+ }
+ hash = asn1_algorithmIdentifier(alg);
+ }
+ if (params->mgf1_hash != HASH_SHA1)
+ { /* with MGF1-SHA1 we MUST omit the field */
+ alg = hasher_algorithm_to_oid(params->mgf1_hash);
+ if (alg == OID_UNKNOWN)
+ {
+ chunk_free(&hash);
+ return FALSE;
+ }
+ mgf = asn1_algorithmIdentifier_params(OID_MGF1,
+ asn1_algorithmIdentifier(alg));
+ }
+ salt_len = rsa_pss_salt_length(params);
+ if (salt_len < 0)
+ {
+ chunk_free(&hash);
+ chunk_free(&mgf);
+ return FALSE;
+ }
+ else if (salt_len != HASH_SIZE_SHA1)
+ {
+ slen = asn1_integer("m", asn1_integer_from_uint64(salt_len));
+ }
+ *asn1 = asn1_wrap(ASN1_SEQUENCE, "mmm",
+ hash.len ? asn1_wrap(ASN1_CONTEXT_C_0, "m", hash) : chunk_empty,
+ mgf.len ? asn1_wrap(ASN1_CONTEXT_C_1, "m", mgf) : chunk_empty,
+ slen.len ? asn1_wrap(ASN1_CONTEXT_C_2, "m", slen) : chunk_empty);
+ return TRUE;
+}
diff --git a/src/libstrongswan/credentials/keys/signature_params.h b/src/libstrongswan/credentials/keys/signature_params.h
new file mode 100644
index 000000000..6934c5e88
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/signature_params.h
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup signature_params signature_params
+ * @{ @ingroup keys
+ */
+
+#ifndef SIGNATURE_PARAMS_H_
+#define SIGNATURE_PARAMS_H_
+
+typedef struct signature_params_t signature_params_t;
+typedef struct rsa_pss_params_t rsa_pss_params_t;
+
+#include <crypto/hashers/hasher.h>
+
+/**
+ * Signature scheme with parameters
+ */
+struct signature_params_t {
+ /** Signature scheme */
+ signature_scheme_t scheme;
+ /** Parameters, depending on scheme */
+ void *params;
+};
+
+/**
+ * Compare two signature schemes and their parameters
+ *
+ * @param a first scheme
+ * @param b second scheme
+ * @return TRUE if schemes and parameters are equal
+ */
+bool signature_params_equal(signature_params_t *a, signature_params_t *b);
+
+/**
+ * Compare two signature schemes and their parameters
+ *
+ * @param c constraint
+ * @param s scheme
+ * @return TRUE if scheme complies to constraint
+ */
+bool signature_params_comply(signature_params_t *c, signature_params_t *s);
+
+/**
+ * Clone the given scheme and parameters, if any
+ *
+ * @return cloned object
+ */
+signature_params_t *signature_params_clone(signature_params_t *this);
+
+/**
+ * Destroy the given scheme and parameters, if any
+ */
+void signature_params_destroy(signature_params_t *this);
+
+/**
+ * Clear the given parameters, if any, sets the scheme to SIGN_UNKNOWN
+ */
+void signature_params_clear(signature_params_t *this);
+
+/**
+ * Parse an ASN.1 algorithmIdentifier with parameters denoting a signature
+ * scheme.
+ *
+ * @param asn1 ASN.1 encoded RSASSA-PSS-params
+ * @param level0 current level of the ASN.1 parser
+ * @param params parsed parameters
+ * @return TRUE if successfully parsed
+ */
+bool signature_params_parse(chunk_t asn1, int level0,
+ signature_params_t *params);
+
+/**
+ * Build ASN.1 algorithmIdentifier with parameters denoting a signature scheme.
+ *
+ * @param params signature scheme and parameters to encode
+ * @param asn1 ASN.1 encoded algorithmIdentifier (allocated)
+ * @return TRUE if successfully built
+ */
+bool signature_params_build(signature_params_t *params, chunk_t *asn1);
+
+/**
+ * Parameters for SIGN_RSA_EMSA_PSS signature scheme
+ */
+struct rsa_pss_params_t {
+ /** Hash algorithm */
+ hash_algorithm_t hash;
+ /** Hash for the MGF1 function */
+ hash_algorithm_t mgf1_hash;
+ /** Salt length, use RSA_PSS_SALT_LEN_DEFAULT for length equal to hash */
+ ssize_t salt_len;
+ /** Salt value, for unit tests (not all implementations support this) */
+ chunk_t salt;
+#define RSA_PSS_SALT_LEN_DEFAULT -1
+};
+
+/**
+ * Parse the given ASN.1 algorithm identifier params
+ *
+ * @param asn1 ASN.1 encoded RSASSA-PSS-params
+ * @param level0 current level of the ASN.1 parser
+ * @param params parsed parameters
+ * @return TRUE if successfully parsed
+ */
+bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params);
+
+/**
+ * Build ASN.1 algorithm identifier params
+ *
+ * @param params parameters to encode
+ * @param asn1 ASN.1 encoded RSASSA-PSS-params (allocated)
+ * @return TRUE if successfully built
+ */
+bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1);
+
+#endif /** SIGNATURE_PARAMS_H_ @}*/
diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c
index 92d5efdc6..0e64f0350 100644
--- a/src/libstrongswan/credentials/sets/cert_cache.c
+++ b/src/libstrongswan/credentials/sets/cert_cache.c
@@ -48,9 +48,9 @@ struct relation_t {
certificate_t *issuer;
/**
- * Signature scheme used to sign this relation
+ * Signature scheme and parameters used to sign this relation
*/
- signature_scheme_t scheme;
+ signature_params_t *scheme;
/**
* Cache hits
@@ -84,7 +84,7 @@ struct private_cert_cache_t {
*/
static void cache(private_cert_cache_t *this,
certificate_t *subject, certificate_t *issuer,
- signature_scheme_t scheme)
+ signature_params_t *scheme)
{
relation_t *rel;
int i, offset, try;
@@ -118,7 +118,8 @@ static void cache(private_cert_cache_t *this,
{
rel->subject->destroy(rel->subject);
rel->subject = subject->get_ref(subject);
- rel->scheme = scheme;
+ signature_params_destroy(rel->scheme);
+ rel->scheme = signature_params_clone(scheme);
return rel->lock->unlock(rel->lock);
}
}
@@ -139,7 +140,7 @@ static void cache(private_cert_cache_t *this,
{
rel->subject = subject->get_ref(subject);
rel->issuer = issuer->get_ref(issuer);
- rel->scheme = scheme;
+ rel->scheme = signature_params_clone(scheme);
return rel->lock->unlock(rel->lock);
}
rel->lock->unlock(rel->lock);
@@ -165,10 +166,11 @@ static void cache(private_cert_cache_t *this,
{
rel->subject->destroy(rel->subject);
rel->issuer->destroy(rel->issuer);
+ signature_params_destroy(rel->scheme);
}
rel->subject = subject->get_ref(subject);
rel->issuer = issuer->get_ref(issuer);
- rel->scheme = scheme;
+ rel->scheme = signature_params_clone(scheme);
rel->hits = 0;
return rel->lock->unlock(rel->lock);
}
@@ -180,11 +182,11 @@ static void cache(private_cert_cache_t *this,
METHOD(cert_cache_t, issued_by, bool,
private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer,
- signature_scheme_t *schemep)
+ signature_params_t **schemep)
{
certificate_t *cached_issuer = NULL;
relation_t *found = NULL, *current;
- signature_scheme_t scheme;
+ signature_params_t *scheme;
int i;
for (i = 0; i < CACHE_SIZE; i++)
@@ -202,7 +204,7 @@ METHOD(cert_cache_t, issued_by, bool,
found = current;
if (schemep)
{
- *schemep = current->scheme;
+ *schemep = signature_params_clone(current->scheme);
}
}
else if (!cached_issuer)
@@ -225,6 +227,10 @@ METHOD(cert_cache_t, issued_by, bool,
{
*schemep = scheme;
}
+ else
+ {
+ signature_params_destroy(scheme);
+ }
DESTROY_IF(cached_issuer);
return TRUE;
}
@@ -383,8 +389,10 @@ METHOD(cert_cache_t, flush, void,
{
rel->subject->destroy(rel->subject);
rel->issuer->destroy(rel->issuer);
+ signature_params_destroy(rel->scheme);
rel->subject = NULL;
rel->issuer = NULL;
+ rel->scheme = NULL;
rel->hits = 0;
}
}
@@ -405,6 +413,7 @@ METHOD(cert_cache_t, destroy, void,
{
rel->subject->destroy(rel->subject);
rel->issuer->destroy(rel->issuer);
+ signature_params_destroy(rel->scheme);
}
rel->lock->destroy(rel->lock);
}
@@ -438,6 +447,7 @@ cert_cache_t *cert_cache_create()
{
this->relations[i].subject = NULL;
this->relations[i].issuer = NULL;
+ this->relations[i].scheme = NULL;
this->relations[i].hits = 0;
this->relations[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
}
diff --git a/src/libstrongswan/credentials/sets/cert_cache.h b/src/libstrongswan/credentials/sets/cert_cache.h
index 2bcdbe464..2235bc30d 100644
--- a/src/libstrongswan/credentials/sets/cert_cache.h
+++ b/src/libstrongswan/credentials/sets/cert_cache.h
@@ -45,12 +45,13 @@ struct cert_cache_t {
*
* @param subject certificate to verify
* @param issuer issuing certificate to verify subject
- * @param scheme receives used signature scheme, if given
+ * @param scheme receives used signature scheme and parameters, if
+ * given (allocated)
* @return TRUE if subject issued by issuer
*/
bool (*issued_by)(cert_cache_t *this,
certificate_t *subject, certificate_t *issuer,
- signature_scheme_t *scheme);
+ signature_params_t **scheme);
/**
* Flush the certificate cache.
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 26aab0ccc..2bd55ad2e 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -19,19 +19,20 @@
#include "hasher.h"
#include <asn1/oid.h>
+#include <credentials/keys/signature_params.h>
ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY,
"HASH_SHA1",
- "HASH_SHA256",
- "HASH_SHA384",
- "HASH_SHA512",
+ "HASH_SHA2_256",
+ "HASH_SHA2_384",
+ "HASH_SHA2_512",
"HASH_IDENTITY");
ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
"HASH_UNKNOWN",
"HASH_MD2",
"HASH_MD4",
"HASH_MD5",
- "HASH_SHA224",
+ "HASH_SHA2_224",
"HASH_SHA3_224",
"HASH_SHA3_256",
"HASH_SHA3_384",
@@ -56,6 +57,62 @@ ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY
"sha3_512");
ENUM_END(hash_algorithm_short_names, HASH_SHA3_512);
+ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY,
+ "SHA1",
+ "SHA2_256",
+ "SHA2_384",
+ "SHA2_512",
+ "IDENTITY");
+ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
+ "UNKNOWN",
+ "MD2",
+ "MD4",
+ "MD5",
+ "SHA2_224",
+ "SHA3_224",
+ "SHA3_256",
+ "SHA3_384",
+ "SHA3_512");
+ENUM_END(hash_algorithm_short_names_upper, HASH_SHA3_512);
+
+/*
+ * Described in header
+ */
+size_t hasher_hash_size(hash_algorithm_t alg)
+{
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return HASH_SIZE_SHA1;
+ case HASH_SHA256:
+ return HASH_SIZE_SHA256;
+ case HASH_SHA384:
+ return HASH_SIZE_SHA384;
+ case HASH_SHA512:
+ return HASH_SIZE_SHA512;
+ case HASH_MD2:
+ return HASH_SIZE_MD2;
+ case HASH_MD4:
+ return HASH_SIZE_MD4;
+ case HASH_MD5:
+ return HASH_SIZE_MD5;
+ case HASH_SHA224:
+ return HASH_SIZE_SHA224;
+ case HASH_SHA3_224:
+ return HASH_SIZE_SHA224;
+ case HASH_SHA3_256:
+ return HASH_SIZE_SHA256;
+ case HASH_SHA3_384:
+ return HASH_SIZE_SHA384;
+ case HASH_SHA3_512:
+ return HASH_SIZE_SHA512;
+ case HASH_IDENTITY:
+ case HASH_UNKNOWN:
+ break;
+ }
+ return 0;
+}
+
/*
* Described in header.
*/
@@ -287,7 +344,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
switch (alg)
{
case HASH_IDENTITY:
- case HASH_SHA1:
case HASH_SHA256:
case HASH_SHA384:
case HASH_SHA512:
@@ -296,6 +352,7 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
case HASH_MD2:
case HASH_MD4:
case HASH_MD5:
+ case HASH_SHA1:
case HASH_SHA224:
case HASH_SHA3_224:
case HASH_SHA3_256:
@@ -445,7 +502,8 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
/*
* Defined in header.
*/
-hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
+hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
+ void *params)
{
switch (scheme)
{
@@ -453,6 +511,13 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
case SIGN_RSA_EMSA_PKCS1_NULL:
case SIGN_ECDSA_WITH_NULL:
break;
+ case SIGN_RSA_EMSA_PSS:
+ if (params)
+ {
+ rsa_pss_params_t *pss = params;
+ return pss->hash;
+ }
+ break;
case SIGN_ED25519:
case SIGN_ED448:
return HASH_IDENTITY;
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index ec0c6320b..41654553d 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -27,7 +27,6 @@
typedef enum hash_algorithm_t hash_algorithm_t;
typedef struct hasher_t hasher_t;
-#include <library.h>
#include <crypto/prfs/prf.h>
#include <crypto/signers/signer.h>
#include <credentials/keys/public_key.h>
@@ -75,6 +74,11 @@ extern enum_name_t *hash_algorithm_names;
extern enum_name_t *hash_algorithm_short_names;
/**
+ * Uppercase short names for hash_algorithm_names
+ */
+extern enum_name_t *hash_algorithm_short_names_upper;
+
+/**
* Generic interface for all hash functions.
*/
struct hasher_t {
@@ -131,6 +135,14 @@ struct hasher_t {
};
/**
+ * Returns the size of the hash for the given algorithm.
+ *
+ * @param alg hash algorithm
+ * @return size of hash or 0 if unknown
+ */
+size_t hasher_hash_size(hash_algorithm_t alg);
+
+/**
* Conversion of ASN.1 OID to hash algorithm.
*
* @param oid ASN.1 OID
@@ -199,8 +211,10 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key);
* Determine the hash algorithm associated with a given signature scheme.
*
* @param scheme signature scheme
+ * @param params optional parameters
* @return hash algorithm (could be HASH_UNKNOWN)
*/
-hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme);
+hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
+ void *params);
#endif /** HASHER_H_ @}*/
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index bf443e5f4..fe9ffc2dd 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -25,7 +25,8 @@
typedef enum pseudo_random_function_t pseudo_random_function_t;
typedef struct prf_t prf_t;
-#include <library.h>
+#include <utils/utils.h>
+#include <utils/chunk.h>
/**
* Pseudo random function, as in IKEv2 RFC 3.3.2.
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
index bc421dcc5..e28f46513 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
@@ -19,7 +19,7 @@
#include "proposal_keywords.h"
const proposal_token_t* proposal_get_token_static(register const char *str,
- register unsigned int len);
+ register unsigned len);
#endif /* PROPOSAL_KEYWORDS_STATIC_H_ */
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
new file mode 100644
index 000000000..ee9f7b9da
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef PROPOSAL_KEYWORDS_STATIC_H_
+#define PROPOSAL_KEYWORDS_STATIC_H_
+
+#include "proposal_keywords.h"
+
+const proposal_token_t* proposal_get_token_static(register const char *str,
+ register @GPERF_LEN_TYPE@ len);
+
+#endif /* PROPOSAL_KEYWORDS_STATIC_H_ */
+
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 01b702da1..8958e66e9 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -25,7 +25,8 @@
typedef enum integrity_algorithm_t integrity_algorithm_t;
typedef struct signer_t signer_t;
-#include <library.h>
+#include <utils/utils.h>
+#include <utils/chunk.h>
/**
* Integrity algorithm, as in IKEv2 RFC 3.3.2.
diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c
index 1e9c2834b..2b866ae5b 100644
--- a/src/libstrongswan/crypto/xofs/xof.c
+++ b/src/libstrongswan/crypto/xofs/xof.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
@@ -18,10 +19,42 @@
ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
"XOF_UNDEFINED",
"XOF_MGF1_SHA1",
+ "XOF_MGF1_SHA224",
"XOF_MGF1_SHA256",
+ "XOF_MGF1_SHA384",
"XOF_MGF1_SHA512",
"XOF_SHAKE128",
"XOF_SHAKE256",
"XOF_CHACHA20"
);
+/*
+ * Described in header
+ */
+ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg)
+{
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return XOF_MGF1_SHA1;
+ case HASH_SHA224:
+ return XOF_MGF1_SHA224;
+ case HASH_SHA256:
+ return XOF_MGF1_SHA256;
+ case HASH_SHA384:
+ return XOF_MGF1_SHA384;
+ case HASH_SHA512:
+ return XOF_MGF1_SHA512;
+ case HASH_IDENTITY:
+ case HASH_UNKNOWN:
+ case HASH_MD2:
+ case HASH_MD4:
+ case HASH_MD5:
+ case HASH_SHA3_224:
+ case HASH_SHA3_256:
+ case HASH_SHA3_384:
+ case HASH_SHA3_512:
+ break;
+ }
+ return XOF_UNDEFINED;
+}
diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h
index 8c9ae0131..934a1ee35 100644
--- a/src/libstrongswan/crypto/xofs/xof.h
+++ b/src/libstrongswan/crypto/xofs/xof.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
@@ -31,11 +32,15 @@ typedef struct xof_t xof_t;
*/
enum ext_out_function_t {
XOF_UNDEFINED,
- /** RFC 2437 PKCS#1 */
+ /** RFC 8017 PKCS#1 */
XOF_MGF1_SHA1,
- /** RFC 2437 PKCS#1 */
+ /** RFC 8017 PKCS#1 */
+ XOF_MGF1_SHA224,
+ /** RFC 8017 PKCS#1 */
XOF_MGF1_SHA256,
- /** RFC 2437 PKCS#1 */
+ /** RFC 8017 PKCS#1 */
+ XOF_MGF1_SHA384,
+ /** RFC 8017 PKCS#1 */
XOF_MGF1_SHA512,
/** FIPS 202 */
XOF_SHAKE_128,
@@ -111,4 +116,12 @@ struct xof_t {
void (*destroy)(xof_t *this);
};
+/**
+ * Determine an MGF1 XOF type for the given hash algorithm.
+ *
+ * @param alg hash algorithm to map
+ * @return MGF1 XOF type if available, XOF_UNDEFINED otherwise
+ */
+ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg);
+
#endif /** XOF_H_ @}*/
diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in
index 439c0f32d..02175a926 100644
--- a/src/libstrongswan/math/libnttfft/Makefile.in
+++ b/src/libstrongswan/math/libnttfft/Makefile.in
@@ -238,9 +238,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in
index 1f3ee6d60..8d0e02bb6 100644
--- a/src/libstrongswan/math/libnttfft/tests/Makefile.in
+++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in
@@ -242,9 +242,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/networking/streams/stream_manager.c b/src/libstrongswan/networking/streams/stream_manager.c
index 8de243daa..32856dee8 100644
--- a/src/libstrongswan/networking/streams/stream_manager.c
+++ b/src/libstrongswan/networking/streams/stream_manager.c
@@ -21,6 +21,9 @@
# include "stream_unix.h"
# include "stream_service_unix.h"
#endif
+#ifdef USE_SYSTEMD
+# include "stream_service_systemd.h"
+#endif
#include <threading/rwlock.h>
@@ -206,6 +209,9 @@ METHOD(stream_manager_t, destroy, void,
remove_stream(this, stream_create_unix);
remove_service(this, stream_service_create_unix);
#endif
+#ifdef USE_SYSTEMD
+ remove_service(this, stream_service_create_systemd);
+#endif
this->streams->destroy(this->streams);
this->services->destroy(this->services);
@@ -241,6 +247,9 @@ stream_manager_t *stream_manager_create()
add_stream(this, "unix://", stream_create_unix);
add_service(this, "unix://", stream_service_create_unix);
#endif
+#ifdef USE_SYSTEMD
+ add_service(this, "systemd://", stream_service_create_systemd);
+#endif
return &this->public;
}
diff --git a/src/libstrongswan/networking/streams/stream_service_systemd.c b/src/libstrongswan/networking/streams/stream_service_systemd.c
new file mode 100644
index 000000000..5c6b3f690
--- /dev/null
+++ b/src/libstrongswan/networking/streams/stream_service_systemd.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2017 aszlig
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#include <systemd/sd-daemon.h>
+
+#include <library.h>
+
+/**
+ * See header
+ */
+stream_service_t *stream_service_create_systemd(char *uri, int backlog)
+{
+#ifndef HAVE_SD_LISTEN_FDS_WITH_NAMES
+ DBG1(DBG_NET, "unable to open stream URI '%s': named systemd sockets not "
+ "supported", uri);
+ return NULL;
+#else
+ int i, num_fds, fd;
+ char **fdmap;
+
+ if (!strpfx(uri, "systemd://"))
+ {
+ DBG1(DBG_NET, "invalid stream URI: '%s'", uri);
+ return NULL;
+ }
+ uri += strlen("systemd://");
+
+ num_fds = sd_listen_fds_with_names(0, &fdmap);
+ if (num_fds <= 0)
+ {
+ DBG1(DBG_NET, "no systemd sockets for '%s'", uri);
+ return NULL;
+ }
+
+ for (i = 0, fd = -1; i < num_fds; i++)
+ {
+ if (fd == -1 && streq(fdmap[i], uri))
+ {
+ fd = SD_LISTEN_FDS_START + i;
+ }
+ free(fdmap[i]);
+ }
+ free(fdmap);
+
+ if (fd == -1)
+ {
+ DBG1(DBG_NET, "unable to find systemd FD for '%s'", uri);
+ return NULL;
+ }
+ return stream_service_create_from_fd(fd);
+#endif
+}
diff --git a/src/libstrongswan/networking/streams/stream_service_systemd.h b/src/libstrongswan/networking/streams/stream_service_systemd.h
new file mode 100644
index 000000000..e61e54f5b
--- /dev/null
+++ b/src/libstrongswan/networking/streams/stream_service_systemd.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2017 aszlig
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+/**
+ * @defgroup stream_service_systemd stream_service_systemd
+ * @{ @ingroup stream
+ */
+
+#ifndef STREAM_SERVICE_SYSTEMD_H_
+#define STREAM_SERVICE_SYSTEMD_H_
+
+/**
+ * Create a service instance for systemd sockets.
+ *
+ * @param uri URI with FD identifier, must start with "systemd://"
+ * @param backlog size of the backlog queue (ignored)
+ * @return stream_service instance, NULL on failure
+ */
+stream_service_t *stream_service_create_systemd(char *uri, int backlog);
+
+#endif /** STREAM_SERVICE_SYSTEMD_H_ @}*/
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index 10e6fa460..36067a3ff 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 08f965596..d3817e12a 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in
index fbc7d9230..fdcfc099e 100644
--- a/src/libstrongswan/plugins/aesni/Makefile.in
+++ b/src/libstrongswan/plugins/aesni/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index 2c45ce5ba..6b4a7fe5f 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 8183de939..12a44870c 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index bb55c45c0..cf2c5ea85 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -233,7 +233,7 @@ static bool scheme_supported(private_agent_private_key_t *this,
}
METHOD(private_key_t, sign, bool,
- private_agent_private_key_t *this, signature_scheme_t scheme,
+ private_agent_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
uint32_t len, flags;
diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in
index eb8eaecb0..b98d367f1 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/Makefile.in
@@ -269,9 +269,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index 25253ed37..964edcd93 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -512,7 +512,7 @@ end:
}
METHOD(private_key_t, sign, bool,
- private_bliss_private_key_t *this, signature_scheme_t scheme,
+ private_bliss_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
switch (scheme)
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
index f7ddbbfd2..945840cdc 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c
@@ -194,7 +194,7 @@ end:
}
METHOD(public_key_t, verify, bool,
- private_bliss_public_key_t *this, signature_scheme_t scheme,
+ private_bliss_public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature)
{
switch (scheme)
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in
index a2d56cdd1..015f40a00 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
index a3e4420a9..908ea910d 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
@@ -118,9 +118,9 @@ START_TEST(test_bliss_sign_all)
/* generate and verify 1000 BLISS signatures */
while (verify_count--)
{
- ck_assert(privkey->sign(privkey, signature_scheme, msg,
+ ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg,
&signature));
- ck_assert(pubkey->verify(pubkey, signature_scheme, msg,
+ ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg,
signature));
free(signature.ptr);
}
@@ -134,7 +134,7 @@ START_TEST(test_bliss_sign_fail)
{
private_key_t *privkey;
public_key_t *pubkey;
- chunk_t msg, signature, encoding, fp;
+ chunk_t msg = chunk_empty, signature, encoding, fp;
/* generate non-supported BLISS-II private key */
privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
@@ -172,18 +172,18 @@ START_TEST(test_bliss_sign_fail)
ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, chunk_empty, NULL));
/* sign with invalid signature scheme */
- ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, msg, &signature));
+ ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature));
/* generate valid signature */
msg = chunk_from_str("Hello Dolly!");
- ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
+ ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature));
/* verify with invalid signature scheme */
- ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
+ ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature));
/* corrupt signature */
signature.ptr[signature.len - 1] ^= 0x80;
- ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
+ ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature));
free(signature.ptr);
privkey->destroy(privkey);
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 0d091d196..2f122b5a8 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index 008407097..07eb457d5 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in
index 0b2998c95..09cbddee7 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.in
+++ b/src/libstrongswan/plugins/chapoly/Makefile.in
@@ -259,9 +259,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index 2586d77c4..234a54cc2 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 25632d745..82f82ca2d 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 275a76273..7c3012301 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index 0dbcca895..0928dee1c 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/curve25519/Makefile.in b/src/libstrongswan/plugins/curve25519/Makefile.in
index 21b0e75f7..cb8bb3405 100644
--- a/src/libstrongswan/plugins/curve25519/Makefile.in
+++ b/src/libstrongswan/plugins/curve25519/Makefile.in
@@ -251,9 +251,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/curve25519/curve25519_private_key.c b/src/libstrongswan/plugins/curve25519/curve25519_private_key.c
index 2a7303c4b..878be4ca5 100644
--- a/src/libstrongswan/plugins/curve25519/curve25519_private_key.c
+++ b/src/libstrongswan/plugins/curve25519/curve25519_private_key.c
@@ -63,7 +63,7 @@ METHOD(private_key_t, get_type, key_type_t,
METHOD(private_key_t, sign, bool,
private_curve25519_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+ void *params, chunk_t data, chunk_t *signature)
{
uint8_t r[HASH_SIZE_SHA512], k[HASH_SIZE_SHA512], sig[HASH_SIZE_SHA512];
hasher_t *hasher;
diff --git a/src/libstrongswan/plugins/curve25519/curve25519_public_key.c b/src/libstrongswan/plugins/curve25519/curve25519_public_key.c
index d07776354..1d4dec565 100644
--- a/src/libstrongswan/plugins/curve25519/curve25519_public_key.c
+++ b/src/libstrongswan/plugins/curve25519/curve25519_public_key.c
@@ -50,7 +50,7 @@ METHOD(public_key_t, get_type, key_type_t,
METHOD(public_key_t, verify, bool,
private_curve25519_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+ void *params, chunk_t data, chunk_t signature)
{
hasher_t *hasher;
uint8_t d = 0, k[HASH_SIZE_SHA512], r[32], *sig;
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 89b279875..5ffa778cd 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 385749a11..37799583a 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in
index 7708f9551..87b66df04 100644
--- a/src/libstrongswan/plugins/files/Makefile.in
+++ b/src/libstrongswan/plugins/files/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 478ae818e..aa0bd5fa8 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index 91ea7c673..da118ce57 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 2212be0e2..3ed4a910f 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index cee25ea74..5519125ba 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -289,11 +289,13 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
/*
* Described in header.
*/
-gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group,
- chunk_t g, chunk_t p)
+gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group, ...)
{
if (group == MODP_CUSTOM)
{
+ chunk_t g, p;
+
+ VA_ARGS_GET(group, g, p);
return create_generic(group, p.len, g, p);
}
return NULL;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
index a70958dc4..c6259f7ac 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
@@ -48,12 +48,10 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group);
* Creates a new gcrypt_dh_t object for MODP_CUSTOM.
*
* @param group MODP_CUSTOM
- * @param g generator
- * @param p prime
+ * @param ... expects generator and prime as chunk_t
* @return gcrypt_dh_t object, NULL if not supported
*/
-gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group,
- chunk_t g, chunk_t p);
+gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group, ...);
#endif /** GCRYPT_DH_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 7ecba8fa9..8a3de1e01 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -118,6 +118,28 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
PLUGIN_REGISTER(PRIVKEY_GEN, gcrypt_rsa_private_key_gen, FALSE),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
+ /* signature schemes, private */
+#if GCRYPT_VERSION_NUMBER >= 0x010700
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
+#endif
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
+ /* signature verification schemes */
+#if GCRYPT_VERSION_NUMBER >= 0x010700
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
+#endif
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
/* random numbers */
PLUGIN_REGISTER(RNG, gcrypt_rng_create),
PLUGIN_PROVIDE(RNG, RNG_WEAK),
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index 15b876b3f..c06f43348 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -21,6 +22,7 @@
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
+#include <credentials/keys/signature_params.h>
typedef struct private_gcrypt_rsa_private_key_t private_gcrypt_rsa_private_key_t;
@@ -147,51 +149,100 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this,
}
/**
- * Sign a chunk of data using hashing and PKCS#1 encoding
+ * Sign a chunk of data using hashing and PKCS#1v1.5/EMSA-PSS encoding
*/
static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
- hash_algorithm_t hash_algorithm, char *hash_name,
+ hash_algorithm_t hash_algorithm, rsa_pss_params_t *pss,
chunk_t data, chunk_t *signature)
{
hasher_t *hasher;
chunk_t hash;
gcry_error_t err;
gcry_sexp_t in, out;
- int hash_oid;
+ char *hash_name = enum_to_name(hash_algorithm_short_names, hash_algorithm);
- hash_oid = hasher_algorithm_to_oid(hash_algorithm);
- if (hash_oid == OID_UNKNOWN)
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
+ if (!hasher)
{
+ DBG1(DBG_LIB, "hash algorithm %N not supported",
+ hash_algorithm_names, hash_algorithm);
return FALSE;
}
- hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
- if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
+ if (!hasher->allocate_hash(hasher, data, &hash))
{
- DESTROY_IF(hasher);
+ hasher->destroy(hasher);
return FALSE;
}
hasher->destroy(hasher);
- err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
- hash_name, hash.len, hash.ptr);
+ if (pss)
+ {
+ if (pss->salt.len)
+ {
+ err = gcry_sexp_build(&in, NULL,
+ "(data(flags pss)(salt-length %u)"
+ "(random-override %b)(hash %s %b))",
+ pss->salt.len, pss->salt.len, pss->salt.ptr,
+ hash_name, hash.len, hash.ptr);
+ }
+ else
+ {
+ u_int slen = hasher_hash_size(hash_algorithm);
+ if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ slen = pss->salt_len;
+ }
+ err = gcry_sexp_build(&in, NULL,
+ "(data(flags pss)(salt-length %u)(hash %s %b))",
+ slen, hash_name, hash.len, hash.ptr);
+ }
+ }
+ else
+ {
+ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
+ hash_name, hash.len, hash.ptr);
+ }
chunk_free(&hash);
if (err)
{
- DBG1(DBG_LIB, "building signature S-expression failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "building signature S-expression failed: %s",
+ gpg_strerror(err));
return FALSE;
}
err = gcry_pk_sign(&out, in, this->key);
gcry_sexp_release(in);
if (err)
{
- DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", gpg_strerror(err));
+ DBG1(DBG_LIB, "creating pkcs1 signature failed: %s",
+ gpg_strerror(err));
return FALSE;
}
+
*signature = gcrypt_rsa_find_token(out, "s", this->key);
gcry_sexp_release(out);
return !!signature->len;
}
+#if GCRYPT_VERSION_NUMBER >= 0x010700
+/**
+ * Sign a chunk of data using hashing and EMSA-PSS encoding
+ */
+static bool sign_pss(private_gcrypt_rsa_private_key_t *this,
+ rsa_pss_params_t *params, chunk_t data, chunk_t *signature)
+{
+ if (!params)
+ {
+ return FALSE;
+ }
+ if (params->mgf1_hash != params->hash)
+ {
+ DBG1(DBG_LIB, "unable to use a different MGF1 hash for RSA-PSS");
+ return FALSE;
+ }
+ return sign_pkcs1(this, params->hash, params, data, signature);
+}
+#endif
+
METHOD(private_key_t, get_type, key_type_t,
private_gcrypt_rsa_private_key_t *this)
{
@@ -200,24 +251,28 @@ METHOD(private_key_t, get_type, key_type_t,
METHOD(private_key_t, sign, bool,
private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *sig)
+ void *params, chunk_t data, chunk_t *sig)
{
switch (scheme)
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return sign_raw(this, data, sig);
case SIGN_RSA_EMSA_PKCS1_SHA2_224:
- return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig);
+ return sign_pkcs1(this, HASH_SHA224, NULL, data, sig);
case SIGN_RSA_EMSA_PKCS1_SHA2_256:
- return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
+ return sign_pkcs1(this, HASH_SHA256, NULL, data, sig);
case SIGN_RSA_EMSA_PKCS1_SHA2_384:
- return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig);
+ return sign_pkcs1(this, HASH_SHA384, NULL, data, sig);
case SIGN_RSA_EMSA_PKCS1_SHA2_512:
- return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig);
+ return sign_pkcs1(this, HASH_SHA512, NULL, data, sig);
case SIGN_RSA_EMSA_PKCS1_SHA1:
- return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
+ return sign_pkcs1(this, HASH_SHA1, NULL, data, sig);
case SIGN_RSA_EMSA_PKCS1_MD5:
- return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
+ return sign_pkcs1(this, HASH_MD5, NULL, data, sig);
+#if GCRYPT_VERSION_NUMBER >= 0x010700
+ case SIGN_RSA_EMSA_PSS:
+ return sign_pss(this, params, data, sig);
+#endif
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
@@ -498,16 +553,131 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type,
}
/**
+ * Recover the primes from n, e and d using the algorithm described in
+ * Appendix C of NIST SP 800-56B.
+ */
+static bool calculate_pqu(chunk_t cn, chunk_t ce, chunk_t cd, chunk_t *cp,
+ chunk_t *cq, chunk_t *cu)
+{
+ gcry_mpi_t n, e, d, p, q, u, k, r, g, y, n1, x, two;
+ int i, t, j;
+ gcry_error_t err;
+ bool success = FALSE;
+
+ n = e = d = p = q = u = k = r = g = y = n1 = x = two = NULL;
+ err = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, cn.ptr, cn.len, NULL)
+ | gcry_mpi_scan(&e, GCRYMPI_FMT_USG, ce.ptr, ce.len, NULL)
+ | gcry_mpi_scan(&d, GCRYMPI_FMT_USG, cd.ptr, cd.len, NULL);
+ if (err)
+ {
+ goto error;
+ }
+ /* k = (d * e) - 1 */
+ k = gcry_mpi_new(gcry_mpi_get_nbits(n));
+ gcry_mpi_mul(k, d, e);
+ gcry_mpi_sub_ui(k, k, 1);
+ if (gcry_mpi_test_bit(k, 0))
+ {
+ goto error;
+ }
+ /* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */
+ r = gcry_mpi_copy(k);
+ for (t = 0; !gcry_mpi_test_bit(r, 0); t++)
+ { /* r = r/2 */
+ gcry_mpi_rshift(r, r, 1);
+ }
+ /* we need n-1 below */
+ n1 = gcry_mpi_new(gcry_mpi_get_nbits(n));
+ gcry_mpi_sub_ui(n1, n, 1);
+ y = gcry_mpi_new(gcry_mpi_get_nbits(n));
+ g = gcry_mpi_new(gcry_mpi_get_nbits(n));
+ x = gcry_mpi_new(gcry_mpi_get_nbits(n));
+ two = gcry_mpi_set_ui(NULL, 2);
+ for (i = 0; i < 100; i++)
+ { /* generate random integer g in [0, n-1] */
+ do
+ {
+ gcry_mpi_randomize(g, gcry_mpi_get_nbits(n), GCRY_WEAK_RANDOM);
+ }
+ while (gcry_mpi_cmp(n, g) <= 0);
+ /* y = g^r mod n */
+ gcry_mpi_powm(y, g, r, n);
+ /* try again if y == 1 or y == n-1 */
+ if (gcry_mpi_cmp_ui(y, 1) == 0 || gcry_mpi_cmp(y, n1) == 0)
+ {
+ continue;
+ }
+ for (j = 0; j < t; j++)
+ { /* x = y^2 mod n */
+ gcry_mpi_powm(x, y, two, n);
+ /* stop if x == 1 */
+ if (gcry_mpi_cmp_ui(x, 1) == 0)
+ {
+ goto done;
+ }
+ /* retry with new g if x = n-1 */
+ if (gcry_mpi_cmp(x, n1) == 0)
+ {
+ break;
+ }
+ /* y = x */
+ gcry_mpi_set(y, x);
+ }
+ }
+ goto error;
+
+done:
+ /* p = gcd(y-1, n) */
+ gcry_mpi_sub_ui(y, y, 1);
+ p = gcry_mpi_new(gcry_mpi_get_nbits(n));
+ gcry_mpi_gcd(p, y, n);
+ /* q = n/p */
+ q = gcry_mpi_new(gcry_mpi_get_nbits(n));
+ gcry_mpi_div(q, NULL, n, p, 0);
+ if (gcry_mpi_cmp(p, q) > 0)
+ { /* gcrypt expects q < p */
+ gcry_mpi_swap(p, q);
+ }
+ /* u = q^-1 mod p */
+ u = gcry_mpi_new(gcry_mpi_get_nbits(n));
+ gcry_mpi_invm(u, p, q);
+ err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cp->ptr, &cp->len, p)
+ | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cq->ptr, &cq->len, q)
+ | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cu->ptr, &cu->len, u);
+ if (err)
+ {
+ goto error;
+ }
+ success = TRUE;
+
+error:
+ gcry_mpi_release(n);
+ gcry_mpi_release(e);
+ gcry_mpi_release(d);
+ gcry_mpi_release(p);
+ gcry_mpi_release(q);
+ gcry_mpi_release(u);
+ gcry_mpi_release(k);
+ gcry_mpi_release(r);
+ gcry_mpi_release(g);
+ gcry_mpi_release(y);
+ gcry_mpi_release(n1);
+ gcry_mpi_release(x);
+ gcry_mpi_release(two);
+ return success;
+}
+
+/**
* See header.
*/
gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
va_list args)
{
private_gcrypt_rsa_private_key_t *this;
- chunk_t n, e, d, p, q, u;
+ chunk_t n, e, d, p, q, u, np, nq, nu;
gcry_error_t err;
- n = e = d = p = q = u = chunk_empty;
+ n = e = d = p = q = u = np = nq = nu = chunk_empty;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
@@ -543,12 +713,25 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
}
break;
}
-
+ if (!p.len || !q.len || !u.len)
+ {
+ if (!calculate_pqu(n, e, d, &np, &nq, &nu))
+ {
+ return NULL;
+ }
+ p = np;
+ q = nq;
+ u = nu;
+ }
this = create_empty();
err = gcry_sexp_build(&this->key, NULL,
"(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
n.len, n.ptr, e.len, e.ptr, d.len, d.ptr,
p.len, p.ptr, q.len, q.ptr, u.len, u.ptr);
+
+ chunk_clear(&np);
+ chunk_clear(&nq);
+ chunk_clear(&nu);
if (err)
{
DBG1(DBG_LIB, "loading private key failed: %s", gpg_strerror(err));
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 90829e052..9e2ac1287 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -22,6 +23,7 @@
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
#include <crypto/hashers/hasher.h>
+#include <credentials/keys/signature_params.h>
typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t;
@@ -109,27 +111,48 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this,
}
/**
- * Verification of an EMSA PKCS1 signature described in PKCS#1
+ * Verification of an EMSA PKCS1v1.5 / EMSA-PSS signature described in PKCS#1
*/
static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
- hash_algorithm_t algorithm, char *hash_name,
+ hash_algorithm_t algorithm, rsa_pss_params_t *pss,
chunk_t data, chunk_t signature)
{
hasher_t *hasher;
chunk_t hash;
gcry_error_t err;
gcry_sexp_t in, sig;
+ char *hash_name = enum_to_name(hash_algorithm_short_names, algorithm);
hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
- if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
+ if (!hasher)
{
- DESTROY_IF(hasher);
+ DBG1(DBG_LIB, "hash algorithm %N not supported",
+ hash_algorithm_names, algorithm);
+ return FALSE;
+ }
+ if (!hasher->allocate_hash(hasher, data, &hash))
+ {
+ hasher->destroy(hasher);
return FALSE;
}
hasher->destroy(hasher);
- err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
- hash_name, hash.len, hash.ptr);
+ if (pss)
+ {
+ u_int slen = hasher_hash_size(algorithm);
+ if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ slen = pss->salt_len;
+ }
+ err = gcry_sexp_build(&in, NULL,
+ "(data(flags pss)(salt-length %u)(hash %s %b))",
+ slen, hash_name, hash.len, hash.ptr);
+ }
+ else
+ {
+ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
+ hash_name, hash.len, hash.ptr);
+ }
chunk_free(&hash);
if (err)
{
@@ -159,6 +182,26 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
return TRUE;
}
+#if GCRYPT_VERSION_NUMBER >= 0x010700
+/**
+ * Verification of an EMSA-PSS signature described in PKCS#1
+ */
+static bool verify_pss(private_gcrypt_rsa_public_key_t *this,
+ rsa_pss_params_t *params, chunk_t data, chunk_t sig)
+{
+ if (!params)
+ {
+ return FALSE;
+ }
+ if (params->mgf1_hash != params->hash)
+ {
+ DBG1(DBG_LIB, "unable to use a different MGF1 hash for RSA-PSS");
+ return FALSE;
+ }
+ return verify_pkcs1(this, params->hash, params, data, sig);
+}
+#endif
+
METHOD(public_key_t, get_type, key_type_t,
private_gcrypt_rsa_public_key_t *this)
{
@@ -167,24 +210,28 @@ METHOD(public_key_t, get_type, key_type_t,
METHOD(public_key_t, verify, bool,
private_gcrypt_rsa_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+ void *params, chunk_t data, chunk_t signature)
{
switch (scheme)
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_raw(this, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA2_224:
- return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature);
+ return verify_pkcs1(this, HASH_SHA224, NULL, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA2_256:
- return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature);
+ return verify_pkcs1(this, HASH_SHA256, NULL, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA2_384:
- return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature);
+ return verify_pkcs1(this, HASH_SHA384, NULL, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA2_512:
- return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
+ return verify_pkcs1(this, HASH_SHA512, NULL, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA1:
- return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
+ return verify_pkcs1(this, HASH_SHA1, NULL, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
- return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
+ return verify_pkcs1(this, HASH_MD5, NULL, data, signature);
+#if GCRYPT_VERSION_NUMBER >= 0x010700
+ case SIGN_RSA_EMSA_PSS:
+ return verify_pss(this, params, data, signature);
+#endif
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 39a2bcabb..11aef42f0 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index b7ee94ee0..b01adfe01 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -272,7 +272,7 @@ static gmp_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
}
/*
- * Described in header.
+ * Described in header
*/
gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
{
@@ -287,12 +287,17 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
params->generator, params->prime);
}
-
+/*
+ * Described in header
+ */
gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom(
- diffie_hellman_group_t group, chunk_t g, chunk_t p)
+ diffie_hellman_group_t group, ...)
{
if (group == MODP_CUSTOM)
{
+ chunk_t g, p;
+
+ VA_ARGS_GET(group, g, p);
return create_generic(MODP_CUSTOM, p.len, g, p);
}
return NULL;
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
index 6d73c0863..a8cde7bca 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
@@ -49,12 +49,11 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group);
* Creates a new gmp_diffie_hellman_t object for MODP_CUSTOM.
*
* @param group MODP_CUSTOM
- * @param g generator
- * @param p prime
+ * @param ... expects generator and prime as chunk_t
* @return gmp_diffie_hellman_t object, NULL if not supported
*/
gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom(
- diffie_hellman_group_t group, chunk_t g, chunk_t p);
+ diffie_hellman_group_t group, ...);
#endif /** GMP_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index c75975301..700e29bf6 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -79,6 +79,14 @@ METHOD(plugin_t, get_features, int,
PLUGIN_REGISTER(PUBKEY, gmp_rsa_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
/* signature schemes, private */
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA1),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA256),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA512),
+ PLUGIN_SDEPEND(RNG, RNG_STRONG),
+ PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1),
+ PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256),
+ PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
PLUGIN_DEPENDS(HASHER, HASH_SHA224),
@@ -101,6 +109,13 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
PLUGIN_DEPENDS(HASHER, HASH_MD5),
/* signature verification schemes */
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA1),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA256),
+ PLUGIN_SDEPEND(HASHER, HASH_SHA512),
+ PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1),
+ PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256),
+ PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA512),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
PLUGIN_DEPENDS(HASHER, HASH_SHA224),
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 21b420866..aca232c86 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2005 Jan Hutter
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2012 Andreas Steffen
@@ -27,6 +28,7 @@
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
+#include <credentials/keys/signature_params.h>
#ifdef HAVE_MPZ_POWM_SEC
# undef mpz_powm
@@ -333,6 +335,120 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
return TRUE;
}
+/**
+ * Build a signature using the PKCS#1 EMSA PSS scheme
+ */
+static bool build_emsa_pss_signature(private_gmp_rsa_private_key_t *this,
+ rsa_pss_params_t *params, chunk_t data,
+ chunk_t *signature)
+{
+ ext_out_function_t xof;
+ hasher_t *hasher = NULL;
+ rng_t *rng = NULL;
+ xof_t *mgf = NULL;
+ chunk_t hash, salt = chunk_empty, m, ps, db, dbmask, em;
+ size_t embits, emlen, maskbits;
+ bool success = FALSE;
+
+ if (!params)
+ {
+ return FALSE;
+ }
+ xof = xof_mgf1_from_hash_algorithm(params->mgf1_hash);
+ if (xof == XOF_UNDEFINED)
+ {
+ DBG1(DBG_LIB, "%N is not supported for MGF1", hash_algorithm_names,
+ params->mgf1_hash);
+ return FALSE;
+ }
+ /* emBits = modBits - 1 */
+ embits = mpz_sizeinbase(this->n, 2) - 1;
+ /* emLen = ceil(emBits/8) */
+ emlen = (embits + 7) / BITS_PER_BYTE;
+ /* mHash = Hash(M) */
+ hasher = lib->crypto->create_hasher(lib->crypto, params->hash);
+ if (!hasher)
+ {
+ DBG1(DBG_LIB, "hash algorithm %N not supported",
+ hash_algorithm_names, params->hash);
+ return FALSE;
+ }
+ hash = chunk_alloca(hasher->get_hash_size(hasher));
+ if (!hasher->get_hash(hasher, data, hash.ptr))
+ {
+ goto error;
+ }
+
+ salt.len = hash.len;
+ if (params->salt.len)
+ {
+ salt = params->salt;
+ }
+ else if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ salt.len = params->salt_len;
+ }
+ if (emlen < (hash.len + salt.len + 2))
+ { /* too long */
+ goto error;
+ }
+ if (salt.len && !params->salt.len)
+ {
+ salt = chunk_alloca(salt.len);
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng || !rng->get_bytes(rng, salt.len, salt.ptr))
+ {
+ goto error;
+ }
+ }
+ /* M' = 0x0000000000000000 | mHash | salt */
+ m = chunk_cata("ccc",
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ hash, salt);
+ /* H = Hash(M') */
+ if (!hasher->get_hash(hasher, m, hash.ptr))
+ {
+ goto error;
+ }
+ /* PS = 00...<padding depending on hash and salt length> */
+ ps = chunk_alloca(emlen - salt.len - hash.len - 2);
+ memset(ps.ptr, 0, ps.len);
+ /* DB = PS | 0x01 | salt */
+ db = chunk_cata("ccc", ps, chunk_from_chars(0x01), salt);
+ /* dbMask = MGF(H, emLen - hLen - 1) */
+ mgf = lib->crypto->create_xof(lib->crypto, xof);
+ dbmask = chunk_alloca(db.len);
+ if (!mgf)
+ {
+ DBG1(DBG_LIB, "%N not supported", ext_out_function_names, xof);
+ goto error;
+ }
+ if (!mgf->set_seed(mgf, hash) ||
+ !mgf->get_bytes(mgf, dbmask.len, dbmask.ptr))
+ {
+ goto error;
+ }
+ /* maskedDB = DB xor dbMask */
+ memxor(db.ptr, dbmask.ptr, db.len);
+ /* zero out unused bits */
+ maskbits = (8 * emlen) - embits;
+ if (maskbits)
+ {
+ db.ptr[0] &= (0xff >> maskbits);
+ }
+ /* EM = maskedDB | H | 0xbc */
+ em = chunk_cata("ccc", db, hash, chunk_from_chars(0xbc));
+ /* S = RSASP1(K, EM) */
+ *signature = rsasp1(this, em);
+ success = TRUE;
+
+error:
+ DESTROY_IF(hasher);
+ DESTROY_IF(rng);
+ DESTROY_IF(mgf);
+ return success;
+}
+
METHOD(private_key_t, get_type, key_type_t,
private_gmp_rsa_private_key_t *this)
{
@@ -341,7 +457,7 @@ METHOD(private_key_t, get_type, key_type_t,
METHOD(private_key_t, sign, bool,
private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+ void *params, chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -367,6 +483,8 @@ METHOD(private_key_t, sign, bool,
return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
+ case SIGN_RSA_EMSA_PSS:
+ return build_emsa_pss_signature(this, params, data, signature);
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
@@ -807,6 +925,82 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
}
/**
+ * Recover the primes from n, e and d using the algorithm described in
+ * Appendix C of NIST SP 800-56B.
+ */
+static bool calculate_pq(private_gmp_rsa_private_key_t *this)
+{
+ gmp_randstate_t rstate;
+ mpz_t k, r, g, y, n1, x;
+ int i, t, j;
+ bool success = FALSE;
+
+ gmp_randinit_default(rstate);
+ mpz_inits(k, r, g, y, n1, x, NULL);
+ /* k = (d * e) - 1 */
+ mpz_mul(k, *this->d, this->e);
+ mpz_sub_ui(k, k, 1);
+ if (mpz_odd_p(k))
+ {
+ goto error;
+ }
+ /* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */
+ mpz_set(r, k);
+ for (t = 0; !mpz_odd_p(r); t++)
+ { /* r = r/2 */
+ mpz_divexact_ui(r, r, 2);
+ }
+ /* we need n-1 below */
+ mpz_sub_ui(n1, this->n, 1);
+ for (i = 0; i < 100; i++)
+ { /* generate random integer g in [0, n-1] */
+ mpz_urandomm(g, rstate, this->n);
+ /* y = g^r mod n */
+ mpz_powm_sec(y, g, r, this->n);
+ /* try again if y == 1 or y == n-1 */
+ if (mpz_cmp_ui(y, 1) == 0 || mpz_cmp(y, n1) == 0)
+ {
+ continue;
+ }
+ for (j = 0; j < t; j++)
+ { /* x = y^2 mod n */
+ mpz_powm_ui(x, y, 2, this->n);
+ /* stop if x == 1 */
+ if (mpz_cmp_ui(x, 1) == 0)
+ {
+ goto done;
+ }
+ /* retry with new g if x = n-1 */
+ if (mpz_cmp(x, n1) == 0)
+ {
+ break;
+ }
+ /* y = x */
+ mpz_set(y, x);
+ }
+ }
+ goto error;
+
+done:
+ /* p = gcd(y-1, n) */
+ mpz_sub_ui(y, y, 1);
+ mpz_gcd(this->p, y, this->n);
+ /* q = n/p */
+ mpz_divexact(this->q, this->n, this->p);
+ success = TRUE;
+
+error:
+ mpz_clear_sensitive(k);
+ mpz_clear_sensitive(r);
+ mpz_clear_sensitive(g);
+ mpz_clear_sensitive(y);
+ mpz_clear_sensitive(x);
+ mpz_clear(n1);
+ gmp_randclear(rstate);
+ return success;
+}
+
+/**
* See header.
*/
gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args)
@@ -868,9 +1062,30 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args)
mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr);
mpz_import(this->e, e.len, 1, 1, 1, 0, e.ptr);
mpz_import(*this->d, d.len, 1, 1, 1, 0, d.ptr);
- mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr);
- mpz_import(this->q, q.len, 1, 1, 1, 0, q.ptr);
- mpz_import(this->coeff, coeff.len, 1, 1, 1, 0, coeff.ptr);
+ if (p.len)
+ {
+ mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr);
+ }
+ if (q.len)
+ {
+ mpz_import(this->q, q.len, 1, 1, 1, 0, q.ptr);
+ }
+ if (!p.len && !q.len)
+ { /* p and q missing in key, recalculate from n, e and d */
+ if (!calculate_pq(this))
+ {
+ destroy(this);
+ return NULL;
+ }
+ }
+ else if (!p.len)
+ { /* p missing in key, recalculate: p = n / q */
+ mpz_divexact(this->p, this->n, this->q);
+ }
+ else if (!q.len)
+ { /* q missing in key, recalculate: q = n / p */
+ mpz_divexact(this->q, this->n, this->p);
+ }
if (!exp1.len)
{ /* exp1 missing in key, recalculate: exp1 = d mod (p-1) */
mpz_sub_ui(this->exp1, this->p, 1);
@@ -889,6 +1104,14 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args)
{
mpz_import(this->exp2, exp2.len, 1, 1, 1, 0, exp2.ptr);
}
+ if (!coeff.len)
+ { /* coeff missing in key, recalculate: coeff = q^-1 mod p */
+ mpz_invert(this->coeff, this->q, this->p);
+ }
+ else
+ {
+ mpz_import(this->coeff, coeff.len, 1, 1, 1, 0, coeff.ptr);
+ }
this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
if (check(this) != SUCCESS)
{
@@ -897,4 +1120,3 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args)
}
return &this->public;
}
-
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 065c88903..52bc9fb38 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -1,7 +1,8 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -27,6 +28,7 @@
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
#include <crypto/hashers/hasher.h>
+#include <credentials/keys/signature_params.h>
#ifdef HAVE_MPZ_POWM_SEC
# undef mpz_powm
@@ -126,7 +128,7 @@ static const asn1Object_t digestInfoObjects[] = {
#define DIGEST_INFO_DIGEST 2
/**
- * Verification of an EMPSA PKCS1 signature described in PKCS#1
+ * Verification of an EMSA PKCS1 signature described in PKCS#1
*/
static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
hash_algorithm_t algorithm,
@@ -283,6 +285,124 @@ end:
return success;
}
+/**
+ * Verification of an EMSA PSS signature described in PKCS#1
+ */
+static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this,
+ rsa_pss_params_t *params, chunk_t data,
+ chunk_t signature)
+{
+ ext_out_function_t xof;
+ hasher_t *hasher = NULL;
+ xof_t *mgf = NULL;
+ chunk_t em, hash, salt, db, h, dbmask, m;
+ size_t embits, maskbits;
+ int i;
+ bool success = FALSE;
+
+ if (!params)
+ {
+ return FALSE;
+ }
+ xof = xof_mgf1_from_hash_algorithm(params->mgf1_hash);
+ if (xof == XOF_UNDEFINED)
+ {
+ DBG1(DBG_LIB, "%N is not supported for MGF1", hash_algorithm_names,
+ params->mgf1_hash);
+ return FALSE;
+ }
+ chunk_skip_zero(signature);
+ if (signature.len == 0 || signature.len > this->k)
+ {
+ return FALSE;
+ }
+ /* EM = RSAVP1((n, e), S) */
+ em = rsavp1(this, signature);
+ if (!em.len)
+ {
+ goto error;
+ }
+ /* emBits = modBits - 1 */
+ embits = mpz_sizeinbase(this->n, 2) - 1;
+ /* mHash = Hash(M) */
+ hasher = lib->crypto->create_hasher(lib->crypto, params->hash);
+ if (!hasher)
+ {
+ DBG1(DBG_LIB, "hash algorithm %N not supported",
+ hash_algorithm_names, params->hash);
+ goto error;
+ }
+ hash = chunk_alloca(hasher->get_hash_size(hasher));
+ if (!hasher->get_hash(hasher, data, hash.ptr))
+ {
+ goto error;
+ }
+ /* determine salt length */
+ salt.len = hash.len;
+ if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ salt.len = params->salt_len;
+ }
+ /* verify general structure of EM */
+ maskbits = (8 * em.len) - embits;
+ if (em.len < (hash.len + salt.len + 2) || em.ptr[em.len-1] != 0xbc ||
+ (em.ptr[0] & (0xff << (8-maskbits))))
+ { /* inconsistent */
+ goto error;
+ }
+ /* split EM in maskedDB and H */
+ db = chunk_create(em.ptr, em.len - hash.len - 1);
+ h = chunk_create(em.ptr + db.len, hash.len);
+ /* dbMask = MGF(H, emLen - hLen - 1) */
+ mgf = lib->crypto->create_xof(lib->crypto, xof);
+ if (!mgf)
+ {
+ DBG1(DBG_LIB, "%N not supported", ext_out_function_names, xof);
+ goto error;
+ }
+ dbmask = chunk_alloca(db.len);
+ if (!mgf->set_seed(mgf, h) ||
+ !mgf->get_bytes(mgf, dbmask.len, dbmask.ptr))
+ {
+ DBG1(DBG_LIB, "%N not supported or failed", ext_out_function_names, xof);
+ goto error;
+ }
+ /* DB = maskedDB xor dbMask */
+ memxor(db.ptr, dbmask.ptr, db.len);
+ if (maskbits)
+ {
+ db.ptr[0] &= (0xff >> maskbits);
+ }
+ /* check DB = PS | 0x01 | salt */
+ for (i = 0; i < (db.len - salt.len - 1); i++)
+ {
+ if (db.ptr[i])
+ { /* padding not 0 */
+ goto error;
+ }
+ }
+ if (db.ptr[i++] != 0x01)
+ { /* 0x01 not found */
+ goto error;
+ }
+ salt.ptr = &db.ptr[i];
+ /* M' = 0x0000000000000000 | mHash | salt */
+ m = chunk_cata("ccc",
+ chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+ hash, salt);
+ if (!hasher->get_hash(hasher, m, hash.ptr))
+ {
+ goto error;
+ }
+ success = memeq_const(h.ptr, hash.ptr, hash.len);
+
+error:
+ DESTROY_IF(hasher);
+ DESTROY_IF(mgf);
+ free(em.ptr);
+ return success;
+}
+
METHOD(public_key_t, get_type, key_type_t,
private_gmp_rsa_public_key_t *this)
{
@@ -290,7 +410,7 @@ METHOD(public_key_t, get_type, key_type_t,
}
METHOD(public_key_t, verify, bool,
- private_gmp_rsa_public_key_t *this, signature_scheme_t scheme,
+ private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature)
{
switch (scheme)
@@ -317,6 +437,8 @@ METHOD(public_key_t, verify, bool,
return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
+ case SIGN_RSA_EMSA_PSS:
+ return verify_emsa_pss_signature(this, params, data, signature);
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index cddeace7f..8de79663e 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index e072c9225..6573b311d 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 229a0cad0..324157bc0 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index d135c291f..111f53239 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index e81213c2a..1a41f73ea 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in
index 8a2788319..fd69f4042 100644
--- a/src/libstrongswan/plugins/mgf1/Makefile.in
+++ b/src/libstrongswan/plugins/mgf1/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/mgf1/mgf1_plugin.c b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c
index 8df3ac261..a78d2f254 100644
--- a/src/libstrongswan/plugins/mgf1/mgf1_plugin.c
+++ b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c
@@ -44,8 +44,12 @@ METHOD(plugin_t, get_features, int,
PLUGIN_REGISTER(XOF, mgf1_xof_create),
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA1),
PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA224),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA224),
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA384),
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
};
diff --git a/src/libstrongswan/plugins/mgf1/mgf1_xof.c b/src/libstrongswan/plugins/mgf1/mgf1_xof.c
index 0f5fda952..8f5a18f87 100644
--- a/src/libstrongswan/plugins/mgf1/mgf1_xof.c
+++ b/src/libstrongswan/plugins/mgf1/mgf1_xof.c
@@ -244,9 +244,15 @@ mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm)
case XOF_MGF1_SHA1:
hash_alg = HASH_SHA1;
break;
+ case XOF_MGF1_SHA224:
+ hash_alg = HASH_SHA224;
+ break;
case XOF_MGF1_SHA256:
hash_alg = HASH_SHA256;
break;
+ case XOF_MGF1_SHA384:
+ hash_alg = HASH_SHA384;
+ break;
case XOF_MGF1_SHA512:
hash_alg = HASH_SHA512;
break;
@@ -261,7 +267,7 @@ mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm)
hash_algorithm_names, hash_alg);
return NULL;
}
-
+
INIT(this,
.public = {
.mgf1_interface = {
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index c99e4f806..114507eeb 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in
index 786337420..81c10d5c9 100644
--- a/src/libstrongswan/plugins/newhope/Makefile.in
+++ b/src/libstrongswan/plugins/newhope/Makefile.in
@@ -253,9 +253,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in
index be6ffef28..114035a4a 100644
--- a/src/libstrongswan/plugins/newhope/tests/Makefile.in
+++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index fca8309e5..0e24d4861 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index 2ef9aa8dc..cdfee525b 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index dcf4c2c8a..856055c6a 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -254,9 +254,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 61cf3e884..88f7a67c2 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -47,14 +50,13 @@
#include <credentials/certificates/x509.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L
-static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) {
+static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING **psig, X509_ALGOR **palg) {
if (psig) { *psig = crl->signature; }
if (palg) { *palg = crl->sig_alg; }
}
#define X509_REVOKED_get0_serialNumber(r) ({ (r)->serialNumber; })
#define X509_REVOKED_get0_revocationDate(r) ({ (r)->revocationDate; })
#define X509_CRL_get0_extensions(c) ({ (c)->crl->extensions; })
-#define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; })
#endif
typedef struct private_openssl_crl_t private_openssl_crl_t;
@@ -85,6 +87,16 @@ struct private_openssl_crl_t {
chunk_t serial;
/**
+ * Number of base CRL (deltaCrlIndicator), if a delta CRL
+ */
+ chunk_t base;
+
+ /**
+ * List of Freshest CRL distribution points
+ */
+ linked_list_t *crl_uris;
+
+ /**
* AuthorityKeyIdentifier of the issuing CA
*/
chunk_t authKeyIdentifier;
@@ -107,7 +119,7 @@ struct private_openssl_crl_t {
/**
* Signature scheme used in this CRL
*/
- signature_scheme_t scheme;
+ signature_params_t *scheme;
/**
* References to this CRL
@@ -140,6 +152,11 @@ typedef struct {
int i;
} crl_enumerator_t;
+/**
+ * from openssl_x509
+ */
+bool openssl_parse_crlDistributionPoints(X509_EXTENSION *ext,
+ linked_list_t *list);
METHOD(enumerator_t, crl_enumerate, bool,
crl_enumerator_t *this, va_list args)
@@ -215,6 +232,26 @@ METHOD(crl_t, get_serial, chunk_t,
return this->serial;
}
+METHOD(crl_t, is_delta_crl, bool,
+ private_openssl_crl_t *this, chunk_t *base_crl)
+{
+ if (this->base.len)
+ {
+ if (base_crl)
+ {
+ *base_crl = this->base;
+ }
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(crl_t, create_delta_crl_uri_enumerator, enumerator_t*,
+ private_openssl_crl_t *this)
+{
+ return this->crl_uris->create_enumerator(this->crl_uris);
+}
+
METHOD(crl_t, get_authKeyIdentifier, chunk_t,
private_openssl_crl_t *this)
{
@@ -246,7 +283,7 @@ METHOD(certificate_t, has_subject_or_issuer, id_match_t,
METHOD(certificate_t, issued_by, bool,
private_openssl_crl_t *this, certificate_t *issuer,
- signature_scheme_t *scheme)
+ signature_params_t **scheme)
{
chunk_t fingerprint, tbs;
public_key_t *key;
@@ -283,23 +320,20 @@ METHOD(certificate_t, issued_by, bool,
return FALSE;
}
}
- if (this->scheme == SIGN_UNKNOWN)
- {
- return FALSE;
- }
/* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
#else
tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
#endif
- X509_CRL_get0_signature(&sig, NULL, this->crl);
- valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
+ X509_CRL_get0_signature(this->crl, &sig, NULL);
+ valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs,
+ openssl_asn1_str2chunk(sig));
free(tbs.ptr);
key->destroy(key);
if (valid && scheme)
{
- *scheme = this->scheme;
+ *scheme = signature_params_clone(this->scheme);
}
return valid;
}
@@ -379,8 +413,12 @@ METHOD(certificate_t, destroy, void,
{
X509_CRL_free(this->crl);
}
+ signature_params_destroy(this->scheme);
+ this->crl_uris->destroy_function(this->crl_uris,
+ (void*)x509_cdp_destroy);
DESTROY_IF(this->issuer);
free(this->authKeyIdentifier.ptr);
+ free(this->base.ptr);
free(this->serial.ptr);
free(this->encoding.ptr);
free(this);
@@ -413,11 +451,12 @@ static private_openssl_crl_t *create_empty()
},
.get_serial = _get_serial,
.get_authKeyIdentifier = _get_authKeyIdentifier,
- .is_delta_crl = (void*)return_false,
- .create_delta_crl_uri_enumerator = (void*)enumerator_create_empty,
+ .is_delta_crl = _is_delta_crl,
+ .create_delta_crl_uri_enumerator = _create_delta_crl_uri_enumerator,
.create_enumerator = _create_enumerator,
},
},
+ .crl_uris = linked_list_create(),
.ref = 1,
);
return this;
@@ -444,21 +483,19 @@ static bool parse_authKeyIdentifier_ext(private_openssl_crl_t *this,
}
/**
- * Parse the crlNumber extension
+ * Quick and dirty INTEGER unwrap for crlNumber/deltaCrlIndicator extensions
*/
-static bool parse_crlNumber_ext(private_openssl_crl_t *this,
- X509_EXTENSION *ext)
+static bool parse_integer_ext(X509_EXTENSION *ext, chunk_t *out)
{
chunk_t chunk;
chunk = openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext));
- /* quick and dirty INTEGER unwrap */
if (chunk.len > 1 && chunk.ptr[0] == V_ASN1_INTEGER &&
chunk.ptr[1] == chunk.len - 2)
{
chunk = chunk_skip(chunk, 2);
- free(this->serial.ptr);
- this->serial = chunk_clone(chunk);
+ free(out->ptr);
+ *out = chunk_clone(chunk);
return TRUE;
}
return FALSE;
@@ -488,7 +525,13 @@ static bool parse_extensions(private_openssl_crl_t *this)
ok = parse_authKeyIdentifier_ext(this, ext);
break;
case NID_crl_number:
- ok = parse_crlNumber_ext(this, ext);
+ ok = parse_integer_ext(ext, &this->serial);
+ break;
+ case NID_delta_crl:
+ ok = parse_integer_ext(ext, &this->base);
+ break;
+ case NID_freshest_crl:
+ ok = openssl_parse_crlDistributionPoints(ext, this->crl_uris);
break;
case NID_issuing_distribution_point:
/* TODO support of IssuingDistributionPoints */
@@ -520,7 +563,7 @@ static bool parse_extensions(private_openssl_crl_t *this)
static bool parse_crl(private_openssl_crl_t *this)
{
const unsigned char *ptr = this->encoding.ptr;
- ASN1_OBJECT *oid;
+ chunk_t sig_scheme;
X509_ALGOR *alg;
this->crl = d2i_X509_CRL(NULL, &ptr, this->encoding.len);
@@ -529,28 +572,16 @@ static bool parse_crl(private_openssl_crl_t *this)
return FALSE;
}
- X509_CRL_get0_signature(NULL, &alg, this->crl);
- X509_ALGOR_get0(&oid, NULL, NULL, alg);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- if (!chunk_equals(
- openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm),
- openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm)))
+ X509_CRL_get0_signature(this->crl, NULL, &alg);
+ sig_scheme = openssl_i2chunk(X509_ALGOR, alg);
+ INIT(this->scheme);
+ if (!signature_params_parse(sig_scheme, 0, this->scheme))
{
+ DBG1(DBG_ASN, "unable to parse signature algorithm");
+ free(sig_scheme.ptr);
return FALSE;
}
-#elif 0
- /* FIXME: we currently can't do this if X509_CRL is opaque (>= 1.1.0) as
- * X509_CRL_get0_tbs_sigalg() does not exist and there does not seem to be
- * another easy way to get the algorithm from the tbsCertList of the CRL */
- alg = X509_CRL_get0_tbs_sigalg(this->crl);
- X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg);
- if (!chunk_equals(openssl_asn1_obj2chunk(oid),
- openssl_asn1_obj2chunk(oid_tbs)))
- {
- return FALSE;
- }
-#endif
- this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid));
+ free(sig_scheme.ptr);
this->issuer = openssl_x509_name2id(X509_CRL_get_issuer(this->crl));
if (!this->issuer)
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index f08dfff7e..8e9c1183f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -193,7 +193,7 @@ METHOD(diffie_hellman_t, destroy, void,
* Described in header.
*/
openssl_diffie_hellman_t *openssl_diffie_hellman_create(
- diffie_hellman_group_t group, chunk_t g, chunk_t p)
+ diffie_hellman_group_t group, ...)
{
private_openssl_diffie_hellman_t *this;
const BIGNUM *privkey;
@@ -225,6 +225,9 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(
if (group == MODP_CUSTOM)
{
+ chunk_t g, p;
+
+ VA_ARGS_GET(group, g, p);
if (!DH_set0_pqg(this->dh, BN_bin2bn(p.ptr, p.len, NULL), NULL,
BN_bin2bn(g.ptr, g.len, NULL)))
{
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
index 53dc59c78..5de5520b5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
@@ -40,12 +40,11 @@ struct openssl_diffie_hellman_t {
* Creates a new openssl_diffie_hellman_t object.
*
* @param group Diffie Hellman group number to use
- * @param g custom generator, if MODP_CUSTOM
- * @param p custom prime, if MODP_CUSTOM
+ * @param ... expects generator and prime as chunk_t if MODP_CUSTOM
* @return openssl_diffie_hellman_t object, NULL if not supported
*/
openssl_diffie_hellman_t *openssl_diffie_hellman_create(
- diffie_hellman_group_t group, chunk_t g, chunk_t p);
+ diffie_hellman_group_t group, ...);
#endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 22bbf6dc7..364190758 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -49,6 +49,11 @@ struct private_openssl_ec_private_key_t {
EC_KEY *ec;
/**
+ * TRUE if the key is from an OpenSSL ENGINE and might not be readable
+ */
+ bool engine;
+
+ /**
* reference count
*/
refcount_t ref;
@@ -146,7 +151,7 @@ static bool build_der_signature(private_openssl_ec_private_key_t *this,
METHOD(private_key_t, sign, bool,
private_openssl_ec_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+ void *params, chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -226,6 +231,11 @@ METHOD(private_key_t, get_encoding, bool,
{
u_char *p;
+ if (this->engine)
+ {
+ return FALSE;
+ }
+
switch (type)
{
case PRIVKEY_ASN1_DER:
@@ -307,7 +317,7 @@ static private_openssl_ec_private_key_t *create_empty(void)
/*
* See header.
*/
-private_key_t *openssl_ec_private_key_create(EVP_PKEY *key)
+private_key_t *openssl_ec_private_key_create(EVP_PKEY *key, bool engine)
{
private_openssl_ec_private_key_t *this;
EC_KEY *ec;
@@ -320,6 +330,7 @@ private_key_t *openssl_ec_private_key_create(EVP_PKEY *key)
}
this = create_empty();
this->ec = ec;
+ this->engine = engine;
return &this->public.key;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
index 84314f671..56c59cfc8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
@@ -67,8 +67,9 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
* Wrap an EVP_PKEY object of type EVP_PKEY_EC
*
* @param key EVP_PKEY_EC key object (adopted)
+ * @param engine whether the key was loaded via an engine
* @return loaded key, NULL on failure
*/
-private_key_t *openssl_ec_private_key_create(EVP_PKEY *key);
+private_key_t *openssl_ec_private_key_create(EVP_PKEY *key, bool engine);
#endif /** OPENSSL_EC_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index a1e56fc5e..faa940839 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -151,7 +151,7 @@ METHOD(public_key_t, get_type, key_type_t,
METHOD(public_key_t, verify, bool,
private_openssl_ec_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+ void *params, chunk_t data, chunk_t signature)
{
switch (scheme)
{
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c
index 96ee230c9..eb6c50508 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2008-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -91,16 +91,24 @@ METHOD(hasher_t, destroy, void,
/*
* Described in header
*/
-openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo)
+const EVP_MD *openssl_get_md(hash_algorithm_t hash)
{
- private_openssl_hasher_t *this;
- char* name;
+ char *name;
- name = enum_to_name(hash_algorithm_short_names, algo);
+ name = enum_to_name(hash_algorithm_short_names, hash);
if (!name)
{
return NULL;
}
+ return EVP_get_digestbyname(name);
+}
+
+/*
+ * Described in header
+ */
+openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo)
+{
+ private_openssl_hasher_t *this;
INIT(this,
.public = {
@@ -114,7 +122,7 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo)
},
);
- this->hasher = EVP_get_digestbyname(name);
+ this->hasher = openssl_get_md(algo);
if (!this->hasher)
{
/* OpenSSL does not support the requested algo */
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h
index b03f6891b..66b9b505e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.h
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2008-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -25,6 +25,8 @@ typedef struct openssl_hasher_t openssl_hasher_t;
#include <crypto/hashers/hasher.h>
+#include <openssl/evp.h>
+
/**
* Implementation of hashers using OpenSSL.
*/
@@ -37,6 +39,14 @@ struct openssl_hasher_t {
};
/**
+ * Determine EVP_MD for the given hash algorithm
+ *
+ * @param hash hash algorithm
+ * @return EVP_MD or NULL if not found/supported
+ */
+const EVP_MD *openssl_get_md(hash_algorithm_t hash);
+
+/**
* Constructor to create openssl_hasher_t.
*
* @param algo algorithm
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
index 83ac8df5b..f94767cf5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
@@ -256,7 +256,7 @@ static auth_cfg_t *verify_signature(CMS_SignerInfo *si, int hash_oid)
key = cert->get_public_key(cert);
if (key)
{
- if (key->verify(key, signature_scheme_from_oid(hash_oid),
+ if (key->verify(key, signature_scheme_from_oid(hash_oid), NULL,
attrs, sig))
{
found = auth->clone(auth);
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index ab73d718f..8b0a7c5c7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -301,11 +301,11 @@ static private_key_t *openssl_private_key_load(key_type_t type, va_list args)
{
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
- return openssl_rsa_private_key_create(key);
+ return openssl_rsa_private_key_create(key, FALSE);
#endif
#ifndef OPENSSL_NO_ECDSA
case EVP_PKEY_EC:
- return openssl_ec_private_key_create(key);
+ return openssl_ec_private_key_create(key, FALSE);
#endif
default:
EVP_PKEY_free(key);
@@ -316,6 +316,152 @@ static private_key_t *openssl_private_key_load(key_type_t type, va_list args)
return NULL;
}
+#ifndef OPENSSL_NO_ENGINE
+/**
+ * Login to engine with a PIN specified for a keyid
+ */
+static bool login(ENGINE *engine, chunk_t keyid)
+{
+ enumerator_t *enumerator;
+ shared_key_t *shared;
+ identification_t *id;
+ chunk_t key;
+ char pin[64];
+ bool found = FALSE, success = FALSE;
+
+ id = identification_create_from_encoding(ID_KEY_ID, keyid);
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PIN, id, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
+ {
+ found = TRUE;
+ key = shared->get_key(shared);
+ if (snprintf(pin, sizeof(pin),
+ "%.*s", (int)key.len, key.ptr) >= sizeof(pin))
+ {
+ continue;
+ }
+ if (ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
+ {
+ success = TRUE;
+ break;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "setting PIN on engine failed");
+ }
+ }
+ enumerator->destroy(enumerator);
+ id->destroy(id);
+ if (!found)
+ {
+ DBG1(DBG_CFG, "no PIN found for %#B", &keyid);
+ }
+ return success;
+}
+#endif /* OPENSSL_NO_ENGINE */
+
+/**
+ * Load private key via engine
+ */
+static private_key_t *openssl_private_key_connect(key_type_t type,
+ va_list args)
+{
+#ifndef OPENSSL_NO_ENGINE
+ char *engine_id = NULL;
+ char keyname[BUF_LEN];
+ chunk_t keyid = chunk_empty;;
+ EVP_PKEY *key;
+ ENGINE *engine;
+ int slot = -1;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_PKCS11_KEYID:
+ keyid = va_arg(args, chunk_t);
+ continue;
+ case BUILD_PKCS11_SLOT:
+ slot = va_arg(args, int);
+ continue;
+ case BUILD_PKCS11_MODULE:
+ engine_id = va_arg(args, char*);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+ if (!keyid.len || keyid.len > 40)
+ {
+ return NULL;
+ }
+
+ memset(keyname, 0, sizeof(keyname));
+ if (slot != -1)
+ {
+ snprintf(keyname, sizeof(keyname), "%d:", slot);
+ }
+ if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
+ {
+ return NULL;
+ }
+ chunk_to_hex(keyid, keyname + strlen(keyname), FALSE);
+
+ if (!engine_id)
+ {
+ engine_id = lib->settings->get_str(lib->settings,
+ "%s.plugins.openssl.engine_id", "pkcs11", lib->ns);
+ }
+ engine = ENGINE_by_id(engine_id);
+ if (!engine)
+ {
+ DBG2(DBG_LIB, "engine '%s' is not available", engine_id);
+ return NULL;
+ }
+ if (!ENGINE_init(engine))
+ {
+ DBG1(DBG_LIB, "failed to initialize engine '%s'", engine_id);
+ ENGINE_free(engine);
+ return NULL;
+ }
+ if (!login(engine, keyid))
+ {
+ DBG1(DBG_LIB, "login to engine '%s' failed", engine_id);
+ ENGINE_free(engine);
+ return NULL;
+ }
+ key = ENGINE_load_private_key(engine, keyname, NULL, NULL);
+ if (!key)
+ {
+ DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
+ "engine '%s'", keyname, engine_id);
+ ENGINE_free(engine);
+ return NULL;
+ }
+ ENGINE_free(engine);
+
+ switch (EVP_PKEY_base_id(key))
+ {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ return openssl_rsa_private_key_create(key, TRUE);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ case EVP_PKEY_EC:
+ return openssl_ec_private_key_create(key, TRUE);
+#endif
+ default:
+ EVP_PKEY_free(key);
+ break;
+ }
+#endif /* OPENSSL_NO_ENGINE */
+ return NULL;
+}
+
METHOD(plugin_t, get_name, char*,
private_openssl_plugin_t *this)
{
@@ -469,8 +615,6 @@ METHOD(plugin_t, get_features, int,
/* RSA private/public key loading */
PLUGIN_REGISTER(PRIVKEY, openssl_rsa_private_key_load, TRUE),
PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
- PLUGIN_REGISTER(PRIVKEY, openssl_rsa_private_key_connect, FALSE),
- PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
PLUGIN_REGISTER(PRIVKEY_GEN, openssl_rsa_private_key_gen, FALSE),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
PLUGIN_REGISTER(PUBKEY, openssl_rsa_public_key_load, TRUE),
@@ -480,6 +624,10 @@ METHOD(plugin_t, get_features, int,
/* signature/encryption schemes */
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
+#endif
#ifndef OPENSSL_NO_SHA1
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
@@ -554,6 +702,8 @@ METHOD(plugin_t, get_features, int,
/* generic key loader */
PLUGIN_REGISTER(PRIVKEY, openssl_private_key_load, TRUE),
PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_REGISTER(PRIVKEY, openssl_private_key_connect, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
PLUGIN_REGISTER(RNG, openssl_rng_create),
PLUGIN_PROVIDE(RNG, RNG_STRONG),
PLUGIN_PROVIDE(RNG, RNG_WEAK),
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 54ecf2542..401a51a0b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2016 Tobias Brunner
+ * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -20,16 +20,15 @@
#include "openssl_rsa_private_key.h"
#include "openssl_rsa_public_key.h"
+#include "openssl_hasher.h"
#include "openssl_util.h"
#include <utils/debug.h>
+#include <credentials/keys/signature_params.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif /* OPENSSL_NO_ENGINE */
/**
* Public exponent to use for key generation.
@@ -40,6 +39,7 @@
OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
+#define BN_secure_new() BN_new()
#endif
typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
@@ -72,8 +72,126 @@ struct private_openssl_rsa_private_key_t {
/* implemented in rsa public key */
bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp);
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+
/**
- * Build an EMPSA PKCS1 signature described in PKCS#1
+ * Build RSA signature
+ */
+static bool build_signature(private_openssl_rsa_private_key_t *this,
+ const EVP_MD *md, rsa_pss_params_t *pss,
+ chunk_t data, chunk_t *sig)
+{
+ EVP_PKEY_CTX *pctx = NULL;
+ EVP_MD_CTX *mctx = NULL;
+ EVP_PKEY *key;
+ bool success = FALSE;
+
+ mctx = EVP_MD_CTX_create();
+ key = EVP_PKEY_new();
+ if (!mctx || !key)
+ {
+ goto error;
+ }
+ if (!EVP_PKEY_set1_RSA(key, this->rsa))
+ {
+ goto error;
+ }
+ if (EVP_DigestSignInit(mctx, &pctx, md, NULL, key) <= 0)
+ {
+ goto error;
+ }
+ if (pss)
+ {
+ const EVP_MD *mgf1md = openssl_get_md(pss->mgf1_hash);
+ int slen = EVP_MD_size(md);
+ if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ slen = pss->salt_len;
+ }
+ if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 ||
+ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, slen) <= 0 ||
+ EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md) <= 0)
+ {
+ goto error;
+ }
+ }
+ if (EVP_DigestSignUpdate(mctx, data.ptr, data.len) <= 0)
+ {
+ goto error;
+ }
+ success = (EVP_DigestSignFinal(mctx, sig->ptr, &sig->len) == 1);
+
+error:
+ if (key)
+ {
+ EVP_PKEY_free(key);
+ }
+ if (mctx)
+ {
+ EVP_MD_CTX_destroy(mctx);
+ }
+ return success;
+}
+
+/**
+ * Build an EMSA PKCS1 signature described in PKCS#1
+ */
+static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
+ int type, chunk_t data, chunk_t *sig)
+{
+ const EVP_MD *md;
+
+ *sig = chunk_alloc(RSA_size(this->rsa));
+
+ if (type == NID_undef)
+ {
+ if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa,
+ RSA_PKCS1_PADDING) == sig->len)
+ {
+ return TRUE;
+ }
+ }
+ else
+ {
+ md = EVP_get_digestbynid(type);
+ if (md && build_signature(this, md, NULL, data, sig))
+ {
+ return TRUE;
+ }
+ }
+ chunk_free(sig);
+ return FALSE;
+}
+
+/**
+ * Build an EMSA PSS signature described in PKCS#1
+ */
+static bool build_emsa_pss_signature(private_openssl_rsa_private_key_t *this,
+ rsa_pss_params_t *params, chunk_t data,
+ chunk_t *sig)
+{
+ const EVP_MD *md;
+
+ if (!params)
+ {
+ return FALSE;
+ }
+
+ *sig = chunk_alloc(RSA_size(this->rsa));
+
+ md = openssl_get_md(params->hash);
+ if (md && build_signature(this, md, params, data, sig))
+ {
+ return TRUE;
+ }
+ chunk_free(sig);
+ return FALSE;
+}
+
+#else /* OPENSSL_VERSION_NUMBER < 1.0 */
+
+/**
+ * Build an EMSA PKCS1 signature described in PKCS#1
*/
static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
int type, chunk_t data, chunk_t *sig)
@@ -92,15 +210,15 @@ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
}
else
{
- EVP_MD_CTX *ctx;
- EVP_PKEY *key;
+ EVP_MD_CTX *ctx = NULL;
+ EVP_PKEY *key = NULL;
const EVP_MD *hasher;
u_int len;
hasher = EVP_get_digestbynid(type);
if (!hasher)
{
- return FALSE;
+ goto error;
}
ctx = EVP_MD_CTX_create();
@@ -142,7 +260,7 @@ error:
}
return success;
}
-
+#endif /* OPENSSL_VERSION_NUMBER < 1.0 */
METHOD(private_key_t, get_type, key_type_t,
private_openssl_rsa_private_key_t *this)
@@ -152,7 +270,7 @@ METHOD(private_key_t, get_type, key_type_t,
METHOD(private_key_t, sign, bool,
private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+ void *params, chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -170,6 +288,10 @@ METHOD(private_key_t, sign, bool,
return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ case SIGN_RSA_EMSA_PSS:
+ return build_emsa_pss_signature(this, params, data, signature);
+#endif
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
@@ -386,7 +508,7 @@ error:
/*
* See header
*/
-private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key)
+private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key, bool engine)
{
private_openssl_rsa_private_key_t *this;
RSA *rsa;
@@ -399,9 +521,199 @@ private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key)
}
this = create_empty();
this->rsa = rsa;
+ this->engine = engine;
return &this->public.key;
}
+/**
+ * Recover the primes from n, e and d using the algorithm described in
+ * Appendix C of NIST SP 800-56B.
+ */
+static bool calculate_pq(BIGNUM *n, BIGNUM *e, BIGNUM *d,
+ BIGNUM **p, BIGNUM **q)
+{
+ BN_CTX *ctx;
+ BIGNUM *k, *r, *g, *y, *n1, *x;
+ int i, t, j;
+ bool success = FALSE;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ {
+ return FALSE;
+ }
+ BN_CTX_start(ctx);
+ k = BN_CTX_get(ctx);
+ r = BN_CTX_get(ctx);
+ g = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ n1 = BN_CTX_get(ctx);
+ x = BN_CTX_get(ctx);
+ if (!x)
+ {
+ goto error;
+ }
+ /* k = (d * e) - 1 */
+ if (!BN_mul(k, d, e, ctx) || !BN_sub(k, k, BN_value_one()))
+ {
+ goto error;
+ }
+ /* k must be even */
+ if (BN_is_odd(k))
+ {
+ goto error;
+ }
+ /* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */
+ if (!BN_copy(r, k))
+ {
+ goto error;
+ }
+ for (t = 0; !BN_is_odd(r); t++)
+ { /* r = r/2 */
+ if (!BN_rshift(r, r, 1))
+ {
+ goto error;
+ }
+ }
+ /* we need n-1 below */
+ if (!BN_sub(n1, n, BN_value_one()))
+ {
+ goto error;
+ }
+ for (i = 0; i < 100; i++)
+ { /* generate random integer g in [0, n-1] */
+ if (!BN_pseudo_rand_range(g, n))
+ {
+ goto error;
+ }
+ /* y = g^r mod n */
+ if (!BN_mod_exp(y, g, r, n, ctx))
+ {
+ goto error;
+ }
+ /* try again if y == 1 or y == n-1 */
+ if (BN_is_one(y) || BN_cmp(y, n1) == 0)
+ {
+ continue;
+ }
+ for (j = 0; j < t; j++)
+ { /* x = y^2 mod n */
+ if (!BN_mod_sqr(x, y, n, ctx))
+ {
+ goto error;
+ }
+ /* stop if x == 1 */
+ if (BN_is_one(x))
+ {
+ goto done;
+ }
+ /* retry with new g if x = n-1 */
+ if (BN_cmp(x, n1) == 0)
+ {
+ break;
+ }
+ /* y = x */
+ if (!BN_copy(y, x))
+ {
+ goto error;
+ }
+ }
+ }
+ goto error;
+
+done:
+ /* p = gcd(y-1, n) */
+ if (!BN_sub(y, y, BN_value_one()))
+ {
+ goto error;
+ }
+ *p = BN_secure_new();
+ if (!BN_gcd(*p, y, n, ctx))
+ {
+ BN_clear_free(*p);
+ goto error;
+ }
+ /* q = n/p */
+ *q = BN_secure_new();
+ if (!BN_div(*q, NULL, n, *p, ctx))
+ {
+ BN_clear_free(*p);
+ BN_clear_free(*q);
+ goto error;
+ }
+ success = TRUE;
+
+error:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return success;
+}
+
+/**
+ * Calculates dp = d (mod p-1) or dq = d (mod q-1) for the Chinese remainder
+ * algorithm.
+ */
+static BIGNUM *dmodpq1(BIGNUM *d, BIGNUM *pq)
+{
+ BN_CTX *ctx;
+ BIGNUM *res = NULL, *pq1;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ {
+ return NULL;
+ }
+ BN_CTX_start(ctx);
+ pq1 = BN_CTX_get(ctx);
+ /* p|q - 1 */
+ if (!BN_sub(pq1, pq, BN_value_one()))
+ {
+ goto error;
+ }
+ /* d (mod p|q -1) */
+ res = BN_secure_new();
+ if (!BN_mod(res, d, pq1, ctx))
+ {
+ BN_clear_free(res);
+ res = NULL;
+ goto error;
+ }
+
+error:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return res;
+}
+
+/**
+ * Calculates qinv = q^-1 (mod p) for the Chinese remainder algorithm.
+ */
+static BIGNUM *qinv(BIGNUM *q, BIGNUM *p)
+{
+ BN_CTX *ctx;
+ BIGNUM *res = NULL;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ {
+ return NULL;
+ }
+ BN_CTX_start(ctx);
+ /* q^-1 (mod p) */
+ res = BN_secure_new();
+ if (!BN_mod_inverse(res, q, p, ctx))
+ {
+ BN_clear_free(res);
+ res = NULL;
+ goto error;
+ }
+
+error:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return res;
+}
+
/*
* See header
*/
@@ -460,7 +772,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
return &this->public;
}
}
- else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr)
+ else if (n.ptr && e.ptr && d.ptr)
{
BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q;
BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
@@ -472,178 +784,58 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d))
{
- destroy(this);
- return NULL;
+ goto error;
}
- bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
- bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
+ if (p.ptr && q.ptr)
+ {
+ bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
+ bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
+ }
+ else
+ {
+ if (!calculate_pq(bn_n, bn_e, bn_d, &bn_p, &bn_q))
+ {
+ goto error;
+ }
+ }
if (!RSA_set0_factors(this->rsa, bn_p, bn_q))
{
- destroy(this);
- return NULL;
+ goto error;
}
if (exp1.ptr)
{
dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
}
- if (exp2.ptr)
+ else
{
- dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
+ dmp1 = dmodpq1(bn_d, bn_p);
}
- iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
- if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) &&
- RSA_check_key(this->rsa) == 1)
+ if (exp2.ptr)
{
- return &this->public;
+ dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
}
- }
- destroy(this);
- return NULL;
-}
-
-#ifndef OPENSSL_NO_ENGINE
-/**
- * Login to engine with a PIN specified for a keyid
- */
-static bool login(ENGINE *engine, chunk_t keyid)
-{
- enumerator_t *enumerator;
- shared_key_t *shared;
- identification_t *id;
- chunk_t key;
- char pin[64];
- bool found = FALSE, success = FALSE;
-
- id = identification_create_from_encoding(ID_KEY_ID, keyid);
- enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PIN, id, NULL);
- while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
- {
- found = TRUE;
- key = shared->get_key(shared);
- if (snprintf(pin, sizeof(pin),
- "%.*s", (int)key.len, key.ptr) >= sizeof(pin))
+ else
{
- continue;
+ dmq1 = dmodpq1(bn_d, bn_q);
}
- if (ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
+ if (coeff.ptr)
{
- success = TRUE;
- break;
+ iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
}
else
{
- DBG1(DBG_CFG, "setting PIN on engine failed");
+ iqmp = qinv(bn_q, bn_p);
}
- }
- enumerator->destroy(enumerator);
- id->destroy(id);
- if (!found)
- {
- DBG1(DBG_CFG, "no PIN found for %#B", &keyid);
- }
- return success;
-}
-#endif /* OPENSSL_NO_ENGINE */
-
-/*
- * See header.
- */
-openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
- va_list args)
-{
-#ifndef OPENSSL_NO_ENGINE
- private_openssl_rsa_private_key_t *this;
- char *engine_id = NULL;
- char keyname[64];
- chunk_t keyid = chunk_empty;;
- EVP_PKEY *key;
- ENGINE *engine;
- int slot = -1;
-
- while (TRUE)
- {
- switch (va_arg(args, builder_part_t))
+ if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) &&
+ RSA_check_key(this->rsa) == 1)
{
- case BUILD_PKCS11_KEYID:
- keyid = va_arg(args, chunk_t);
- continue;
- case BUILD_PKCS11_SLOT:
- slot = va_arg(args, int);
- continue;
- case BUILD_PKCS11_MODULE:
- engine_id = va_arg(args, char*);
- continue;
- case BUILD_END:
- break;
- default:
- return NULL;
+ return &this->public;
}
- break;
- }
- if (!keyid.len || keyid.len > 40)
- {
- return NULL;
- }
-
- memset(keyname, 0, sizeof(keyname));
- if (slot != -1)
- {
- snprintf(keyname, sizeof(keyname), "%d:", slot);
- }
- if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
- {
- return NULL;
- }
- chunk_to_hex(keyid, keyname + strlen(keyname), FALSE);
-
- if (!engine_id)
- {
- engine_id = lib->settings->get_str(lib->settings,
- "%s.plugins.openssl.engine_id", "pkcs11", lib->ns);
- }
- engine = ENGINE_by_id(engine_id);
- if (!engine)
- {
- DBG2(DBG_LIB, "engine '%s' is not available", engine_id);
- return NULL;
- }
- if (!ENGINE_init(engine))
- {
- DBG1(DBG_LIB, "failed to initialize engine '%s'", engine_id);
- ENGINE_free(engine);
- return NULL;
- }
- if (!login(engine, keyid))
- {
- DBG1(DBG_LIB, "login to engine '%s' failed", engine_id);
- ENGINE_free(engine);
- return NULL;
- }
- key = ENGINE_load_private_key(engine, keyname, NULL, NULL);
- if (!key)
- {
- DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
- "engine '%s'", keyname, engine_id);
- ENGINE_free(engine);
- return NULL;
- }
- ENGINE_free(engine);
-
- this = create_empty();
- this->rsa = EVP_PKEY_get1_RSA(key);
- this->engine = TRUE;
- if (!this->rsa)
- {
- destroy(this);
- return NULL;
}
-
- return &this->public;
-#else /* OPENSSL_NO_ENGINE */
+error:
+ destroy(this);
return NULL;
-#endif /* OPENSSL_NO_ENGINE */
}
#endif /* OPENSSL_NO_RSA */
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
index 34ce4c776..783181c1d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
@@ -67,9 +67,10 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
* Wrap an EVP_PKEY object of type EVP_PKEY_RSA
*
* @param key EVP_PKEY_RSA key object (adopted)
+ * @param engine whether the key was loaded via an engine
* @return loaded key, NULL on failure
*/
-private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key);
+private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key, bool engine);
/**
* Connect to a RSA private key on a smartcard.
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index d3a644f72..20bf30ae9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -1,7 +1,7 @@
/*
+ * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -19,9 +19,11 @@
#ifndef OPENSSL_NO_RSA
#include "openssl_rsa_public_key.h"
+#include "openssl_hasher.h"
#include "openssl_util.h"
#include <utils/debug.h>
+#include <credentials/keys/signature_params.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
@@ -54,8 +56,138 @@ struct private_openssl_rsa_public_key_t {
refcount_t ref;
};
+
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+
+/**
+ * Verify RSA signature
+ */
+static bool verify_signature(private_openssl_rsa_public_key_t *this,
+ const EVP_MD *md, rsa_pss_params_t *pss,
+ chunk_t data, chunk_t signature)
+{
+ EVP_PKEY_CTX *pctx = NULL;
+ EVP_MD_CTX *mctx = NULL;
+ EVP_PKEY *key;
+ int rsa_size = RSA_size(this->rsa);
+ bool valid = FALSE;
+
+ /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
+ if (signature.len > rsa_size)
+ {
+ signature = chunk_skip(signature, signature.len - rsa_size);
+ }
+
+ mctx = EVP_MD_CTX_create();
+ key = EVP_PKEY_new();
+ if (!mctx || !key)
+ {
+ goto error;
+ }
+ if (!EVP_PKEY_set1_RSA(key, this->rsa))
+ {
+ goto error;
+ }
+ if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, key) <= 0)
+ {
+ goto error;
+ }
+ if (pss)
+ {
+ const EVP_MD *mgf1md = openssl_get_md(pss->mgf1_hash);
+ int slen = EVP_MD_size(md);
+ if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ slen = pss->salt_len;
+ }
+ if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 ||
+ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, slen) <= 0 ||
+ EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md) <= 0)
+ {
+ goto error;
+ }
+ }
+ if (EVP_DigestVerifyUpdate(mctx, data.ptr, data.len) <= 0)
+ {
+ goto error;
+ }
+ valid = (EVP_DigestVerifyFinal(mctx, signature.ptr, signature.len) == 1);
+
+error:
+ if (key)
+ {
+ EVP_PKEY_free(key);
+ }
+ if (mctx)
+ {
+ EVP_MD_CTX_destroy(mctx);
+ }
+ return valid;
+}
+
/**
- * Verification of an EMPSA PKCS1 signature described in PKCS#1
+ * Verification of a signature without hashing
+ */
+static bool verify_plain_signature(private_openssl_rsa_public_key_t *this,
+ chunk_t data, chunk_t signature)
+{
+ char *buf;
+ int len, rsa_size = RSA_size(this->rsa);
+ bool valid = FALSE;
+
+ /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
+ if (signature.len > rsa_size)
+ {
+ signature = chunk_skip(signature, signature.len - rsa_size);
+ }
+ buf = malloc(rsa_size);
+ len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa,
+ RSA_PKCS1_PADDING);
+ if (len != -1)
+ {
+ valid = chunk_equals_const(data, chunk_create(buf, len));
+ }
+ free(buf);
+ return valid;
+}
+
+/**
+ * Verification of an EMSA PKCS1 signature described in PKCS#1
+ */
+static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
+ int type, chunk_t data, chunk_t signature)
+{
+ const EVP_MD *md;
+
+ if (type == NID_undef)
+ {
+ return verify_plain_signature(this, data, signature);
+ }
+ md = EVP_get_digestbynid(type);
+ return md && verify_signature(this, md, NULL, data, signature);
+}
+
+/**
+ * Verification of an EMSA PSS signature described in PKCS#1
+ */
+static bool verify_emsa_pss_signature(private_openssl_rsa_public_key_t *this,
+ rsa_pss_params_t *params, chunk_t data,
+ chunk_t signature)
+{
+ const EVP_MD *md;
+
+ if (!params)
+ {
+ return FALSE;
+ }
+ md = openssl_get_md(params->hash);
+ return md && verify_signature(this, md, params, data, signature);
+}
+
+#else /* OPENSSL_VERSION_NUMBER < 1.0 */
+
+/**
+ * Verification of an EMSA PKCS1 signature described in PKCS#1
*/
static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
int type, chunk_t data, chunk_t signature)
@@ -129,6 +261,8 @@ error:
return valid;
}
+#endif /* OPENSSL_VERSION_NUMBER < 1.0 */
+
METHOD(public_key_t, get_type, key_type_t,
private_openssl_rsa_public_key_t *this)
{
@@ -137,7 +271,7 @@ METHOD(public_key_t, get_type, key_type_t,
METHOD(public_key_t, verify, bool,
private_openssl_rsa_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+ void *params, chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -155,6 +289,10 @@ METHOD(public_key_t, verify, bool,
return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ case SIGN_RSA_EMSA_PSS:
+ return verify_emsa_pss_signature(this, params, data, signature);
+#endif
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
index f6df03f12..3a6d2f193 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -20,6 +20,7 @@
#include "openssl_sha1_prf.h"
#include <openssl/sha.h>
+#include <crypto/hashers/hasher.h>
typedef struct private_openssl_sha1_prf_t private_openssl_sha1_prf_t;
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index e03a4255d..60c08770b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
@@ -154,7 +154,7 @@ struct private_openssl_x509_t {
/**
* Signature scheme of the certificate
*/
- signature_scheme_t scheme;
+ signature_params_t *scheme;
/**
* subjectAltNames
@@ -189,16 +189,6 @@ struct private_openssl_x509_t {
};
/**
- * Destroy a CRL URI struct
- */
-static void crl_uri_destroy(x509_cdp_t *this)
-{
- free(this->uri);
- DESTROY_IF(this->issuer);
- free(this);
-}
-
-/**
* Convert a GeneralName to an identification_t.
*/
static identification_t *general_name2id(GENERAL_NAME *name)
@@ -394,7 +384,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
METHOD(certificate_t, issued_by, bool,
private_openssl_x509_t *this, certificate_t *issuer,
- signature_scheme_t *scheme)
+ signature_params_t **scheme)
{
public_key_t *key;
bool valid;
@@ -406,7 +396,8 @@ METHOD(certificate_t, issued_by, bool,
{
if (this->flags & X509_SELF_SIGNED)
{
- return TRUE;
+ valid = TRUE;
+ goto out;
}
}
else
@@ -424,10 +415,6 @@ METHOD(certificate_t, issued_by, bool,
return FALSE;
}
}
- if (this->scheme == SIGN_UNKNOWN)
- {
- return FALSE;
- }
key = issuer->get_public_key(issuer);
if (!key)
{
@@ -440,12 +427,15 @@ METHOD(certificate_t, issued_by, bool,
tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);
#endif
X509_get0_signature(&sig, NULL, this->x509);
- valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
+ valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs,
+ openssl_asn1_str2chunk(sig));
free(tbs.ptr);
key->destroy(key);
+
+out:
if (valid && scheme)
{
- *scheme = this->scheme;
+ *scheme = signature_params_clone(this->scheme);
}
return valid;
}
@@ -538,6 +528,7 @@ METHOD(certificate_t, destroy, void,
{
X509_free(this->x509);
}
+ signature_params_destroy(this->scheme);
DESTROY_IF(this->subject);
DESTROY_IF(this->issuer);
DESTROY_IF(this->pubkey);
@@ -549,7 +540,8 @@ METHOD(certificate_t, destroy, void,
offsetof(identification_t, destroy));
this->issuerAltNames->destroy_offset(this->issuerAltNames,
offsetof(identification_t, destroy));
- this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy);
+ this->crl_uris->destroy_function(this->crl_uris,
+ (void*)x509_cdp_destroy);
this->ocsp_uris->destroy_function(this->ocsp_uris, free);
this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks,
offsetof(traffic_selector_t, destroy));
@@ -739,15 +731,15 @@ static bool parse_extKeyUsage_ext(private_openssl_x509_t *this,
/**
* Parse CRL distribution points
*/
-static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this,
- X509_EXTENSION *ext)
+bool openssl_parse_crlDistributionPoints(X509_EXTENSION *ext,
+ linked_list_t *list)
{
CRL_DIST_POINTS *cdps;
DIST_POINT *cdp;
identification_t *id, *issuer;
x509_cdp_t *entry;
char *uri;
- int i, j, k, point_num, name_num, issuer_num;
+ int i, j, k, point_num, name_num, issuer_num, len;
cdps = X509V3_EXT_d2i(ext);
if (!cdps)
@@ -770,7 +762,12 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this,
cdp->distpoint->name.fullname, j));
if (id)
{
- if (asprintf(&uri, "%Y", id) > 0)
+ len = asprintf(&uri, "%Y", id);
+ if (!len)
+ {
+ free(uri);
+ }
+ else if (len > 0)
{
if (cdp->CRLissuer)
{
@@ -785,8 +782,7 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this,
.uri = strdup(uri),
.issuer = issuer,
);
- this->crl_uris->insert_last(
- this->crl_uris, entry);
+ list->insert_last(list, entry);
}
}
free(uri);
@@ -796,7 +792,7 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this,
INIT(entry,
.uri = uri,
);
- this->crl_uris->insert_last(this->crl_uris, entry);
+ list->insert_last(list, entry);
}
}
id->destroy(id);
@@ -820,7 +816,7 @@ static bool parse_authorityInfoAccess_ext(private_openssl_x509_t *this,
AUTHORITY_INFO_ACCESS *infos;
ACCESS_DESCRIPTION *desc;
identification_t *id;
- int i, num;
+ int i, num, len;
char *uri;
infos = X509V3_EXT_d2i(ext);
@@ -839,7 +835,12 @@ static bool parse_authorityInfoAccess_ext(private_openssl_x509_t *this,
id = general_name2id(desc->location);
if (id)
{
- if (asprintf(&uri, "%Y", id) > 0)
+ len = asprintf(&uri, "%Y", id);
+ if (!len)
+ {
+ free(uri);
+ }
+ else if (len > 0)
{
this->ocsp_uris->insert_last(this->ocsp_uris, uri);
}
@@ -1025,7 +1026,7 @@ static bool parse_extensions(private_openssl_x509_t *this)
ok = parse_extKeyUsage_ext(this, ext);
break;
case NID_crl_distribution_points:
- ok = parse_crlDistributionPoints_ext(this, ext);
+ ok = openssl_parse_crlDistributionPoints(ext, this->crl_uris);
break;
#ifndef OPENSSL_NO_RFC3779
case NID_sbgp_ipAddrBlock:
@@ -1063,8 +1064,8 @@ static bool parse_certificate(private_openssl_x509_t *this)
{
const unsigned char *ptr = this->encoding.ptr;
hasher_t *hasher;
- chunk_t chunk;
- ASN1_OBJECT *oid, *oid_tbs;
+ chunk_t chunk, sig_scheme, sig_scheme_tbs;
+ ASN1_OBJECT *oid;
X509_ALGOR *alg;
this->x509 = d2i_X509(NULL, &ptr, this->encoding.len);
@@ -1089,6 +1090,10 @@ static bool parse_certificate(private_openssl_x509_t *this)
}
switch (openssl_asn1_known_oid(oid))
{
+ case OID_RSASSA_PSS:
+ /* TODO: we should treat such keys special and use the params as
+ * restrictions regarding the use of this key (or rather the
+ * associated private key) */
case OID_RSA_ENCRYPTION:
this->pubkey = lib->creds->create(lib->creds,
CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER,
@@ -1119,15 +1124,25 @@ static bool parse_certificate(private_openssl_x509_t *this)
/* while X509_ALGOR_cmp() is declared in the headers of older OpenSSL
* versions, at least on Ubuntu 14.04 it is not actually defined */
X509_get0_signature(NULL, &alg, this->x509);
- X509_ALGOR_get0(&oid, NULL, NULL, alg);
+ sig_scheme = openssl_i2chunk(X509_ALGOR, alg);
alg = X509_get0_tbs_sigalg(this->x509);
- X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg);
- if (!chunk_equals(openssl_asn1_obj2chunk(oid),
- openssl_asn1_obj2chunk(oid_tbs)))
+ sig_scheme_tbs = openssl_i2chunk(X509_ALGOR, alg);
+ if (!chunk_equals(sig_scheme, sig_scheme_tbs))
+ {
+ free(sig_scheme_tbs.ptr);
+ free(sig_scheme.ptr);
+ return FALSE;
+ }
+ free(sig_scheme_tbs.ptr);
+
+ INIT(this->scheme);
+ if (!signature_params_parse(sig_scheme, 0, this->scheme))
{
+ DBG1(DBG_ASN, "unable to parse signature algorithm");
+ free(sig_scheme.ptr);
return FALSE;
}
- this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid));
+ free(sig_scheme.ptr);
if (!parse_extensions(this))
{
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 101119300..02a022d03 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 4b69f9f49..37917d441 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c
index 76b0b7b40..8c6c5dae7 100644
--- a/src/libstrongswan/plugins/pem/pem_encoder.c
+++ b/src/libstrongswan/plugins/pem/pem_encoder.c
@@ -15,6 +15,8 @@
#include "pem_encoder.h"
+#include <library.h>
+
#define BYTES_PER_LINE 48
/**
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 8104a2a94..10eb82619 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index fe0be45d9..e8f5c5ddf 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -116,21 +116,17 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
BUILD_END);
}
-/**
- * Implementation of private_key_t.sign for encryption-only keys
- */
-static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign_not_allowed, bool,
+ private_key_t *this, signature_scheme_t scheme, void *params,
+ chunk_t data, chunk_t *signature)
{
DBG1(DBG_LIB, "signing failed - decryption only key");
return FALSE;
}
-/**
- * Implementation of private_key_t.decrypt for signature-only keys
- */
-static bool decrypt_not_allowed(private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+METHOD(private_key_t, decrypt_not_allowed, bool,
+ private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "decryption failed - signature only key");
return FALSE;
@@ -186,7 +182,7 @@ static private_key_t *parse_private_key(chunk_t blob)
BUILD_BLOB_PGP, packet, BUILD_END);
if (key)
{
- key->sign = sign_not_allowed;
+ key->sign = _sign_not_allowed;
}
return key;
case PGP_PUBKEY_ALG_RSA_SIGN_ONLY:
@@ -194,7 +190,7 @@ static private_key_t *parse_private_key(chunk_t blob)
BUILD_BLOB_PGP, packet, BUILD_END);
if (key)
{
- key->decrypt = decrypt_not_allowed;
+ key->decrypt = _decrypt_not_allowed;
}
return key;
case PGP_PUBKEY_ALG_ECDSA:
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index 0ffce4cfc..392ef5440 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -114,7 +114,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by,bool,
- private_pgp_cert_t *this, certificate_t *issuer, signature_scheme_t *scheme)
+ private_pgp_cert_t *this, certificate_t *issuer, signature_params_t **scheme)
{
/* TODO: check signature blobs for a valid signature */
return FALSE;
diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c
index 100f3ef33..eba936b83 100644
--- a/src/libstrongswan/plugins/pgp/pgp_encoder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c
@@ -15,6 +15,7 @@
#include "pgp_encoder.h"
+#include <library.h>
#include <utils/debug.h>
/**
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 6f6c6237f..ae24d4085 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index f64294783..967e501d1 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -57,8 +57,13 @@ static public_key_t *parse_public_key(chunk_t blob)
int oid = asn1_parse_algorithmIdentifier(object,
parser->get_level(parser)+1, NULL);
- if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP)
+ if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP ||
+ oid == OID_RSASSA_PSS)
{
+ /* TODO: we should parse parameters for PSS and pass them
+ * (and the type), or the complete subjectPublicKeyInfo,
+ * along so we can treat these as restrictions when
+ * generating signatures with the associated private key */
type = KEY_RSA;
}
else if (oid == OID_EC_PUBLICKEY)
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 7bf33d967..00d5a6a5d 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
index c0033bd8e..b0fa41b6a 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -415,13 +415,15 @@ static chunk_t ecparams_lookup(diffie_hellman_group_t group)
/**
* Described in header.
*/
-pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group,
- chunk_t g, chunk_t p)
+pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group, ...)
{
switch (group)
{
case MODP_CUSTOM:
{
+ chunk_t g, p;
+
+ VA_ARGS_GET(group, g, p);
return create_modp(group, p.len, g, p);
}
case ECP_192_BIT:
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h
index 2654130c0..1ad58e7a1 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h
@@ -40,12 +40,10 @@ struct pkcs11_dh_t {
* Creates a new pkcs11_dh_t object.
*
* @param group Diffie Hellman group number to use
- * @param g generator in case group is MODP_CUSTOM
- * @param p prime in case group is MODP_CUSTOM
+ * @param ... expects generator and prime as chunk_t if MODP_CUSTOM
* @return pkcs11_dh_t object, NULL if not supported
*/
-pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group,
- chunk_t g, chunk_t p);
+pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group, ...);
#endif /** PKCS11_DH_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
index 31bcb0d25..c7dfe69d7 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
@@ -164,18 +164,13 @@ static void handle_slot(lib_entry_t *entry, CK_SLOT_ID slot, bool hot)
}
}
-/**
- * Dispatch slot events
- */
-static job_requeue_t dispatch_slot_events(lib_entry_t *entry)
+CALLBACK(dispatch_slot_events, job_requeue_t,
+ lib_entry_t *entry)
{
CK_SLOT_ID slot;
CK_RV rv;
- bool old;
- old = thread_cancelability(TRUE);
rv = entry->lib->f->C_WaitForSlotEvent(0, &slot, NULL);
- thread_cancelability(old);
if (rv == CKR_FUNCTION_NOT_SUPPORTED || rv == CKR_NO_EVENT)
{
DBG1(DBG_CFG, "module '%s' does not support hot-plugging, cancelled",
@@ -195,6 +190,16 @@ static job_requeue_t dispatch_slot_events(lib_entry_t *entry)
return JOB_REQUEUE_DIRECT;
}
+CALLBACK(cancel_events, bool,
+ lib_entry_t *entry)
+{
+ /* it's possible other threads still use the API after this call, but we
+ * have no other way to return from C_WaitForSlotEvent() if we can't cancel
+ * the thread because libraries hold locks they don't release */
+ entry->lib->f->C_Finalize(NULL);
+ return TRUE;
+}
+
/**
* Get the slot list of a library
*/
@@ -377,8 +382,8 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
{
query_slots(entry);
lib->processor->queue_job(lib->processor,
- (job_t*)callback_job_create_with_prio((void*)dispatch_slot_events,
- entry, NULL, (void*)return_false, JOB_PRIO_CRITICAL));
+ (job_t*)callback_job_create_with_prio(dispatch_slot_events,
+ entry, NULL, cancel_events, JOB_PRIO_CRITICAL));
}
enumerator->destroy(enumerator);
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index 1d1016911..6158f6d25 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -243,7 +243,7 @@ static bool reauth(private_pkcs11_private_key_t *this,
}
METHOD(private_key_t, sign, bool,
- private_pkcs11_private_key_t *this, signature_scheme_t scheme,
+ private_pkcs11_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
CK_MECHANISM_PTR mechanism;
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
index 384777610..36029fa30 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
@@ -201,7 +201,7 @@ METHOD(public_key_t, get_keysize, int,
}
METHOD(public_key_t, verify, bool,
- private_pkcs11_public_key_t *this, signature_scheme_t scheme,
+ private_pkcs11_public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t sig)
{
CK_MECHANISM_PTR mechanism;
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index d25a1af44..6bb1b9a36 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index e5698a302..f56df39d1 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -248,9 +248,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
index 413c3fff5..9b6d3a808 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
@@ -227,7 +227,8 @@ METHOD(enumerator_t, enumerate, bool,
if (key)
{
chunk = info->attributes->get_encoding(info->attributes);
- if (key->verify(key, scheme, chunk, info->encrypted_digest))
+ if (key->verify(key, scheme, NULL, chunk,
+ info->encrypted_digest))
{
this->auth = auth->clone(auth);
key->destroy(key);
@@ -563,7 +564,7 @@ static bool generate(private_pkcs7_signed_data_t *this, private_key_t *key,
attributes = pkcs9->get_encoding(pkcs9);
- if (!key->sign(key, scheme, attributes, &encryptedDigest))
+ if (!key->sign(key, scheme, NULL, attributes, &encryptedDigest))
{
free(data.ptr);
return FALSE;
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index 3ff09f5f2..9c408c443 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
index beb8866f8..6cd5da4fd 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@@ -63,6 +63,17 @@ static private_key_t *parse_private_key(chunk_t blob)
switch (oid)
{
+ case OID_RSASSA_PSS:
+ /* TODO: parameters associated with such keys should be
+ * treated as restrictions later when signing (the type
+ * itself is already a restriction). However, the
+ * builders currently don't expect any parameters for
+ * RSA keys (we also only pass along the params, not the
+ * exact type, so we'd have to guess that params
+ * indicate RSA/PSS, but they are optional so that won't
+ * work for keys without specific restrictions) */
+ params = chunk_empty;
+ /* fall-through */
case OID_RSA_ENCRYPTION:
type = KEY_RSA;
break;
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index 42d443b7a..7d0cc88ed 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -438,7 +438,7 @@ static plugin_entry_t *load_plugin(private_plugin_loader_t *this, char *name,
}
}
if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now",
- lib->ns, FALSE))
+ FALSE, lib->ns))
{
flag = RTLD_NOW;
}
@@ -698,7 +698,6 @@ static bool load_dependencies(private_plugin_loader_t *this,
int level)
{
registered_feature_t *registered, lookup;
- int indent = level * 2;
int i;
/* first entry is provided feature, followed by dependencies */
@@ -741,6 +740,7 @@ static bool load_dependencies(private_plugin_loader_t *this,
#ifndef USE_FUZZING
char *name, *provide, *depend;
+ int indent = level * 2;
name = provided->entry->plugin->get_name(provided->entry->plugin);
provide = plugin_feature_get_string(&provided->feature[0]);
@@ -828,7 +828,6 @@ static void load_provided(private_plugin_loader_t *this,
provided_feature_t *provided,
int level)
{
- int indent = level * 2;
if (provided->loaded || provided->failed)
{
@@ -837,6 +836,7 @@ static void load_provided(private_plugin_loader_t *this,
#ifndef USE_FUZZING
char *name, *provide;
+ int indent = level * 2;
name = provided->entry->plugin->get_name(provided->entry->plugin);
provide = plugin_feature_get_string(provided->feature);
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index 02607958f..ff7501c00 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
index 0631a6857..81dad65b7 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
@@ -137,13 +137,16 @@ METHOD(certificate_t, equals, bool,
METHOD(certificate_t, issued_by, bool,
private_pubkey_cert_t *this, certificate_t *issuer,
- signature_scheme_t *scheme)
+ signature_params_t **scheme)
{
- if (scheme)
+ bool valid = equals(this, issuer);
+ if (valid && scheme)
{
- *scheme = SIGN_UNKNOWN;
+ INIT(*scheme,
+ .scheme = SIGN_UNKNOWN,
+ );
}
- return equals(this, issuer);
+ return valid;
}
METHOD(certificate_t, get_public_key, public_key_t*,
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 98702d0d3..3a22a6316 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index b874e9081..d37c9834d 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index 40b1d7644..371e34db8 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index 8254c1424..15e91b24a 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 0c68798a9..ff0a30462 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 109726b6a..81284e137 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in
index a1f79740b..3ca2f5e24 100644
--- a/src/libstrongswan/plugins/sha3/Makefile.in
+++ b/src/libstrongswan/plugins/sha3/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index ceccab7f1..47af2c5fd 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 39d705622..f0649b52a 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index ded2bf8f1..ac644ec0b 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index b7332d4a7..45879e841 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -265,9 +265,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index 93159ff17..2a4788ee1 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in
index 91033262d..7cd680095 100644
--- a/src/libstrongswan/plugins/winhttp/Makefile.in
+++ b/src/libstrongswan/plugins/winhttp/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 3596d1f85..0f54f8cf0 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index ba459288b..7a5a31af7 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2002 Ueli Galizzi, Ariane Seiler
* Copyright (C) 2003 Martin Berner, Lukas Suter
* Copyright (C) 2002-2017 Andreas Steffen
@@ -116,9 +117,9 @@ struct private_x509_ac_t {
bool noRevAvail;
/**
- * Signature algorithm
+ * Signature scheme
*/
- int algorithm;
+ signature_params_t *scheme;
/**
* Signature
@@ -425,7 +426,7 @@ static bool parse_certificate(private_x509_ac_t *this)
int objectID;
int type = OID_UNKNOWN;
int extn_oid = OID_UNKNOWN;
- int sig_alg = OID_UNKNOWN;
+ signature_params_t sig_alg = {};
bool success = FALSE;
bool critical;
@@ -476,7 +477,11 @@ static bool parse_certificate(private_x509_ac_t *this)
}
break;
case AC_OBJ_SIG_ALG:
- sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
+ if (!signature_params_parse(object, level, &sig_alg))
+ {
+ DBG1(DBG_ASN, " unable to parse signature algorithm");
+ goto end;
+ }
break;
case AC_OBJ_SERIAL_NUMBER:
this->serialNumber = chunk_clone(object);
@@ -550,12 +555,15 @@ static bool parse_certificate(private_x509_ac_t *this)
break;
}
case AC_OBJ_ALGORITHM:
- this->algorithm = asn1_parse_algorithmIdentifier(object, level,
- NULL);
- if (this->algorithm != sig_alg)
+ INIT(this->scheme);
+ if (!signature_params_parse(object, level, this->scheme))
+ {
+ DBG1(DBG_ASN, " unable to parse signature algorithm");
+ goto end;
+ }
+ if (!signature_params_equal(this->scheme, &sig_alg))
{
DBG1(DBG_ASN, " signature algorithms do not agree");
- success = FALSE;
goto end;
}
break;
@@ -570,6 +578,7 @@ static bool parse_certificate(private_x509_ac_t *this)
end:
parser->destroy(parser);
+ signature_params_clear(&sig_alg);
return success;
}
@@ -742,13 +751,13 @@ static chunk_t build_extensions(private_x509_ac_t *this)
/**
* build attributeCertificateInfo
*/
-static chunk_t build_attr_cert_info(private_x509_ac_t *this)
+static chunk_t build_attr_cert_info(private_x509_ac_t *this, chunk_t sig_scheme)
{
- return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmm",
+ return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm",
ASN1_INTEGER_1,
build_holder(this),
build_v2_form(this),
- asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
+ sig_scheme,
asn1_simple_object(ASN1_INTEGER, this->serialNumber),
build_attr_cert_validity(this),
build_attributes(this),
@@ -758,20 +767,39 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this)
/**
* build an X.509 attribute certificate
*/
-static bool build_ac(private_x509_ac_t *this)
+static bool build_ac(private_x509_ac_t *this, hash_algorithm_t digest_alg)
{
- chunk_t signatureValue, attributeCertificateInfo;
+ chunk_t signatureValue, attributeCertificateInfo, sig_scheme;
+ private_key_t *key = this->signerKey;
- attributeCertificateInfo = build_attr_cert_info(this);
- if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
- attributeCertificateInfo, &signatureValue))
+ if (!this->scheme)
+ {
+ INIT(this->scheme,
+ .scheme = signature_scheme_from_oid(
+ hasher_signature_algorithm_to_oid(digest_alg,
+ key->get_type(key))),
+ );
+ }
+ if (this->scheme->scheme == SIGN_UNKNOWN)
+ {
+ return FALSE;
+ }
+ if (!signature_params_build(this->scheme, &sig_scheme))
+ {
+ return FALSE;
+ }
+
+ attributeCertificateInfo = build_attr_cert_info(this, sig_scheme);
+ if (!key->sign(key, this->scheme->scheme, this->scheme->params,
+ attributeCertificateInfo, &signatureValue))
{
free(attributeCertificateInfo.ptr);
+ free(sig_scheme.ptr);
return FALSE;
}
this->encoding = asn1_wrap(ASN1_SEQUENCE, "mmm",
attributeCertificateInfo,
- asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
+ sig_scheme,
asn1_bitstring("m", signatureValue));
return TRUE;
}
@@ -886,10 +914,10 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_ac_t *this, certificate_t *issuer, signature_scheme_t *schemep)
+ private_x509_ac_t *this, certificate_t *issuer,
+ signature_params_t **scheme)
{
public_key_t *key;
- signature_scheme_t scheme;
bool valid;
x509_t *x509 = (x509_t*)issuer;
@@ -926,18 +954,16 @@ METHOD(certificate_t, issued_by, bool,
}
}
- /* determine signature scheme */
- scheme = signature_scheme_from_oid(this->algorithm);
-
- if (scheme == SIGN_UNKNOWN || key == NULL)
+ if (!key)
{
return FALSE;
}
- valid = key->verify(key, scheme, this->certificateInfo, this->signature);
+ valid = key->verify(key, this->scheme->scheme, this->scheme->params,
+ this->certificateInfo, this->signature);
key->destroy(key);
- if (valid && schemep)
+ if (valid && scheme)
{
- *schemep = scheme;
+ *scheme = signature_params_clone(this->scheme);
}
return valid;
}
@@ -1020,6 +1046,7 @@ METHOD(certificate_t, destroy, void,
DESTROY_IF(this->signerCert);
DESTROY_IF(this->signerKey);
this->groups->destroy_function(this->groups, (void*)group_destroy);
+ signature_params_destroy(this->scheme);
free(this->serialNumber.ptr);
free(this->authKeyIdentifier.ptr);
free(this->encoding.ptr);
@@ -1126,6 +1153,7 @@ static void add_groups_from_list(private_x509_ac_t *this, linked_list_t *list)
*/
x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args)
{
+ hash_algorithm_t digest_alg = HASH_SHA1;
private_x509_ac_t *ac;
ac = create_empty();
@@ -1157,6 +1185,13 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args)
ac->signerKey = va_arg(args, private_key_t*);
ac->signerKey->get_ref(ac->signerKey);
continue;
+ case BUILD_SIGNATURE_SCHEME:
+ ac->scheme = va_arg(args, signature_params_t*);
+ ac->scheme = signature_params_clone(ac->scheme);
+ continue;
+ case BUILD_DIGEST_ALG:
+ digest_alg = va_arg(args, int);
+ continue;
case BUILD_END:
break;
default:
@@ -1170,7 +1205,7 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args)
ac->holderCert->get_type(ac->holderCert) == CERT_X509 &&
ac->signerCert->get_type(ac->signerCert) == CERT_X509)
{
- if (build_ac(ac))
+ if (build_ac(ac, digest_alg))
{
return &ac->public;
}
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 974e687f9..d1f9d9aac 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -4,7 +4,7 @@
* Copyright (C) 2002 Mario Strasser
* Copyright (C) 2000-2017 Andreas Steffen
* Copyright (C) 2006-2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2017 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -197,9 +197,9 @@ struct private_x509_cert_t {
x509_flag_t flags;
/**
- * Signature algorithm
+ * Signature scheme
*/
- int algorithm;
+ signature_params_t *scheme;
/**
* Signature
@@ -241,16 +241,6 @@ static bool gn_to_string(identification_t *id, char **uri)
}
/**
- * Destroy a CertificateDistributionPoint
- */
-static void crl_uri_destroy(x509_cdp_t *this)
-{
- free(this->uri);
- DESTROY_IF(this->issuer);
- free(this);
-}
-
-/**
* Destroy a CertificatePolicy
*/
static void cert_policy_destroy(x509_cert_policy_t *this)
@@ -1385,7 +1375,7 @@ static bool parse_certificate(private_x509_cert_t *this)
chunk_t object;
int objectID;
int extn_oid = OID_UNKNOWN;
- int sig_alg = OID_UNKNOWN;
+ signature_params_t sig_alg = {};
bool success = FALSE;
bool critical = FALSE;
@@ -1416,7 +1406,11 @@ static bool parse_certificate(private_x509_cert_t *this)
this->serialNumber = object;
break;
case X509_OBJ_SIG_ALG:
- sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
+ if (!signature_params_parse(object, level, &sig_alg))
+ {
+ DBG1(DBG_ASN, " unable to parse signature algorithm");
+ goto end;
+ }
break;
case X509_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
@@ -1570,8 +1564,13 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
}
case X509_OBJ_ALGORITHM:
- this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
- if (this->algorithm != sig_alg)
+ INIT(this->scheme);
+ if (!signature_params_parse(object, level, this->scheme))
+ {
+ DBG1(DBG_ASN, " unable to parse signature algorithm");
+ goto end;
+ }
+ if (!signature_params_equal(this->scheme, &sig_alg))
{
DBG1(DBG_ASN, " signature algorithms do not agree");
goto end;
@@ -1588,6 +1587,7 @@ static bool parse_certificate(private_x509_cert_t *this)
end:
parser->destroy(parser);
+ signature_params_clear(&sig_alg);
if (success)
{
hasher_t *hasher;
@@ -1687,10 +1687,9 @@ METHOD(certificate_t, has_issuer, id_match_t,
METHOD(certificate_t, issued_by, bool,
private_x509_cert_t *this, certificate_t *issuer,
- signature_scheme_t *schemep)
+ signature_params_t **scheme)
{
public_key_t *key;
- signature_scheme_t scheme;
bool valid;
x509_t *x509 = (x509_t*)issuer;
@@ -1698,6 +1697,10 @@ METHOD(certificate_t, issued_by, bool,
{
if (this->flags & X509_SELF_SIGNED)
{
+ if (scheme)
+ {
+ *scheme = signature_params_clone(this->scheme);
+ }
return TRUE;
}
}
@@ -1717,23 +1720,18 @@ METHOD(certificate_t, issued_by, bool,
return FALSE;
}
- /* determine signature scheme */
- scheme = signature_scheme_from_oid(this->algorithm);
- if (scheme == SIGN_UNKNOWN)
- {
- return FALSE;
- }
/* get the public key of the issuer */
key = issuer->get_public_key(issuer);
if (!key)
{
return FALSE;
}
- valid = key->verify(key, scheme, this->tbsCertificate, this->signature);
+ valid = key->verify(key, this->scheme->scheme, this->scheme->params,
+ this->tbsCertificate, this->signature);
key->destroy(key);
- if (valid && schemep)
+ if (valid && scheme)
{
- *schemep = scheme;
+ *scheme = signature_params_clone(this->scheme);
}
return valid;
}
@@ -1920,7 +1918,8 @@ METHOD(certificate_t, destroy, void,
{
this->subjectAltNames->destroy_offset(this->subjectAltNames,
offsetof(identification_t, destroy));
- this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy);
+ this->crl_uris->destroy_function(this->crl_uris,
+ (void*)x509_cdp_destroy);
this->ocsp_uris->destroy_function(this->ocsp_uris, free);
this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks,
offsetof(traffic_selector_t, destroy));
@@ -1932,6 +1931,7 @@ METHOD(certificate_t, destroy, void,
(void*)cert_policy_destroy);
this->policy_mappings->destroy_function(this->policy_mappings,
(void*)policy_mapping_destroy);
+ signature_params_destroy(this->scheme);
DESTROY_IF(this->issuer);
DESTROY_IF(this->subject);
DESTROY_IF(this->public_key);
@@ -2187,10 +2187,9 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty;
chunk_t policyConstraints = chunk_empty, inhibitAnyPolicy = chunk_empty;
chunk_t ikeIntermediate = chunk_empty, msSmartcardLogon = chunk_empty;
- chunk_t ipAddrBlocks = chunk_empty;
+ chunk_t ipAddrBlocks = chunk_empty, sig_scheme = chunk_empty;
identification_t *issuer, *subject;
chunk_t key_info;
- signature_scheme_t scheme;
hasher_t *hasher;
enumerator_t *enumerator;
char *uri;
@@ -2223,18 +2222,28 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
cert->notAfter = cert->notBefore + 60 * 60 * 24 * 365;
}
- /* select signature scheme */
- cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg,
- sign_key->get_type(sign_key));
- if (cert->algorithm == OID_UNKNOWN)
+ /* select signature scheme, if not already specified */
+ if (!cert->scheme)
+ {
+ INIT(cert->scheme,
+ .scheme = signature_scheme_from_oid(
+ hasher_signature_algorithm_to_oid(digest_alg,
+ sign_key->get_type(sign_key))),
+ );
+ }
+ if (cert->scheme->scheme == SIGN_UNKNOWN)
+ {
+ return FALSE;
+ }
+ if (!signature_params_build(cert->scheme, &sig_scheme))
{
return FALSE;
}
- scheme = signature_scheme_from_oid(cert->algorithm);
if (!cert->public_key->get_encoding(cert->public_key,
PUBKEY_SPKI_ASN1_DER, &key_info))
{
+ chunk_free(&sig_scheme);
return FALSE;
}
@@ -2559,10 +2568,10 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
ipAddrBlocks));
}
- cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm",
+ cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm",
asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2),
asn1_integer("c", cert->serialNumber),
- asn1_algorithmIdentifier(cert->algorithm),
+ sig_scheme,
issuer->get_encoding(issuer),
asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_from_time(&cert->notBefore, ASN1_UTCTIME),
@@ -2570,12 +2579,14 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
subject->get_encoding(subject),
key_info, extensions);
- if (!sign_key->sign(sign_key, scheme, cert->tbsCertificate, &cert->signature))
+ if (!sign_key->sign(sign_key, cert->scheme->scheme, cert->scheme->params,
+ cert->tbsCertificate, &cert->signature))
{
+ chunk_free(&sig_scheme);
return FALSE;
}
cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm", cert->tbsCertificate,
- asn1_algorithmIdentifier(cert->algorithm),
+ sig_scheme,
asn1_bitstring("c", cert->signature));
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
@@ -2639,7 +2650,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
private_x509_cert_t *cert;
certificate_t *sign_cert = NULL;
private_key_t *sign_key = NULL;
- hash_algorithm_t digest_alg = HASH_SHA1;
+ hash_algorithm_t digest_alg = HASH_SHA256;
u_int constraint;
cert = create_empty();
@@ -2831,6 +2842,10 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
case BUILD_SERIAL:
cert->serialNumber = chunk_clone(va_arg(args, chunk_t));
continue;
+ case BUILD_SIGNATURE_SCHEME:
+ cert->scheme = va_arg(args, signature_params_t*);
+ cert->scheme = signature_params_clone(cert->scheme);
+ continue;
case BUILD_DIGEST_ALG:
digest_alg = va_arg(args, int);
continue;
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index d8913ad73..699ac5a39 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2014-2017 Tobias Brunner
* Copyright (C) 2008-2009 Martin Willi
* Copyright (C) 2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
@@ -121,9 +122,9 @@ struct private_x509_crl_t {
chunk_t baseCrlNumber;
/**
- * Signature algorithm
+ * Signature scheme
*/
- int algorithm;
+ signature_params_t *scheme;
/**
* Signature
@@ -225,7 +226,7 @@ static bool parse(private_x509_crl_t *this)
chunk_t extnID = chunk_empty;
chunk_t userCertificate = chunk_empty;
int objectID;
- int sig_alg = OID_UNKNOWN;
+ signature_params_t sig_alg = {};
bool success = FALSE;
bool critical = FALSE;
revoked_t *revoked = NULL;
@@ -246,7 +247,11 @@ static bool parse(private_x509_crl_t *this)
DBG2(DBG_ASN, " v%d", this->version);
break;
case CRL_OBJ_SIG_ALG:
- sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
+ if (!signature_params_parse(object, level, &sig_alg))
+ {
+ DBG1(DBG_ASN, " unable to parse signature algorithm");
+ goto end;
+ }
break;
case CRL_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
@@ -342,8 +347,13 @@ static bool parse(private_x509_crl_t *this)
}
case CRL_OBJ_ALGORITHM:
{
- this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
- if (this->algorithm != sig_alg)
+ INIT(this->scheme);
+ if (!signature_params_parse(object, level, this->scheme))
+ {
+ DBG1(DBG_ASN, " unable to parse signature algorithm");
+ goto end;
+ }
+ if (!signature_params_equal(this->scheme, &sig_alg))
{
DBG1(DBG_ASN, " signature algorithms do not agree");
goto end;
@@ -361,6 +371,7 @@ static bool parse(private_x509_crl_t *this)
end:
parser->destroy(parser);
+ signature_params_clear(&sig_alg);
return success;
}
@@ -457,10 +468,10 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_crl_t *this, certificate_t *issuer, signature_scheme_t *schemep)
+ private_x509_crl_t *this, certificate_t *issuer,
+ signature_params_t **scheme)
{
public_key_t *key;
- signature_scheme_t scheme;
bool valid;
x509_t *x509 = (x509_t*)issuer;
chunk_t keyid = chunk_empty;
@@ -492,21 +503,17 @@ METHOD(certificate_t, issued_by, bool,
}
}
- scheme = signature_scheme_from_oid(this->algorithm);
- if (scheme == SIGN_UNKNOWN)
- {
- return FALSE;
- }
key = issuer->get_public_key(issuer);
if (!key)
{
return FALSE;
}
- valid = key->verify(key, scheme, this->tbsCertList, this->signature);
+ valid = key->verify(key, this->scheme->scheme, this->scheme->params,
+ this->tbsCertList, this->signature);
key->destroy(key);
- if (valid && schemep)
+ if (valid && scheme)
{
- *schemep = scheme;
+ *scheme = signature_params_clone(this->scheme);
}
return valid;
}
@@ -585,23 +592,15 @@ static void revoked_destroy(revoked_t *revoked)
free(revoked);
}
-/**
- * Destroy a CDP entry
- */
-static void cdp_destroy(x509_cdp_t *this)
-{
- free(this->uri);
- DESTROY_IF(this->issuer);
- free(this);
-}
-
METHOD(certificate_t, destroy, void,
private_x509_crl_t *this)
{
if (ref_put(&this->ref))
{
this->revoked->destroy_function(this->revoked, (void*)revoked_destroy);
- this->crl_uris->destroy_function(this->crl_uris, (void*)cdp_destroy);
+ this->crl_uris->destroy_function(this->crl_uris,
+ (void*)x509_cdp_destroy);
+ signature_params_destroy(this->scheme);
DESTROY_IF(this->issuer);
free(this->authKeyIdentifier.ptr);
free(this->encoding.ptr);
@@ -718,6 +717,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert,
{
chunk_t extensions = chunk_empty, certList = chunk_empty, serial;
chunk_t crlDistributionPoints = chunk_empty, baseCrlNumber = chunk_empty;
+ chunk_t sig_scheme = chunk_empty;
enumerator_t *enumerator;
crl_reason_t reason;
time_t date;
@@ -730,10 +730,20 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert,
this->authKeyIdentifier = chunk_clone(x509->get_subjectKeyIdentifier(x509));
- /* select signature scheme */
- this->algorithm = hasher_signature_algorithm_to_oid(digest_alg,
- key->get_type(key));
- if (this->algorithm == OID_UNKNOWN)
+ /* select signature scheme, if not already specified */
+ if (!this->scheme)
+ {
+ INIT(this->scheme,
+ .scheme = signature_scheme_from_oid(
+ hasher_signature_algorithm_to_oid(digest_alg,
+ key->get_type(key))),
+ );
+ }
+ if (this->scheme->scheme == SIGN_UNKNOWN)
+ {
+ return FALSE;
+ }
+ if (!signature_params_build(this->scheme, &sig_scheme))
{
return FALSE;
}
@@ -787,23 +797,24 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert,
asn1_integer("c", this->crlNumber))),
crlDistributionPoints, baseCrlNumber));
- this->tbsCertList = asn1_wrap(ASN1_SEQUENCE, "cmcmmmm",
+ this->tbsCertList = asn1_wrap(ASN1_SEQUENCE, "cccmmmm",
ASN1_INTEGER_1,
- asn1_algorithmIdentifier(this->algorithm),
+ sig_scheme,
this->issuer->get_encoding(this->issuer),
asn1_from_time(&this->thisUpdate, ASN1_UTCTIME),
asn1_from_time(&this->nextUpdate, ASN1_UTCTIME),
asn1_wrap(ASN1_SEQUENCE, "m", certList),
extensions);
- if (!key->sign(key, signature_scheme_from_oid(this->algorithm),
+ if (!key->sign(key, this->scheme->scheme, this->scheme->params,
this->tbsCertList, &this->signature))
{
+ chunk_free(&sig_scheme);
return FALSE;
}
this->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm",
this->tbsCertList,
- asn1_algorithmIdentifier(this->algorithm),
+ sig_scheme,
asn1_bitstring("c", this->signature));
return TRUE;
}
@@ -842,6 +853,10 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args)
crl->crlNumber = va_arg(args, chunk_t);
crl->crlNumber = chunk_clone(crl->crlNumber);
continue;
+ case BUILD_SIGNATURE_SCHEME:
+ crl->scheme = va_arg(args, signature_params_t*);
+ crl->scheme = signature_params_clone(crl->scheme);
+ continue;
case BUILD_DIGEST_ALG:
digest_alg = va_arg(args, int);
continue;
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index aef76af32..de22ab6be 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -276,7 +276,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
return chunk_empty;
}
- if (!this->key->sign(this->key, scheme, tbsRequest, &signature))
+ if (!this->key->sign(this->key, scheme, NULL, tbsRequest, &signature))
{
DBG1(DBG_LIB, "creating OCSP signature failed, skipped");
return chunk_empty;
@@ -372,7 +372,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
METHOD(certificate_t, issued_by, bool,
private_x509_ocsp_request_t *this, certificate_t *issuer,
- signature_scheme_t *scheme)
+ signature_params_t **scheme)
{
DBG1(DBG_LIB, "OCSP request validation not implemented!");
return FALSE;
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 140e9bfa9..aa4999cbd 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -1,4 +1,5 @@
-/**
+/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2008-2009 Martin Willi
* Copyright (C) 2007-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
@@ -63,9 +64,9 @@ struct private_x509_ocsp_response_t {
chunk_t tbsResponseData;
/**
- * signature algorithm (OID)
+ * signature scheme
*/
- int signatureAlgorithm;
+ signature_params_t *scheme;
/**
* signature
@@ -576,8 +577,13 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
}
break;
case BASIC_RESPONSE_ALGORITHM:
- this->signatureAlgorithm = asn1_parse_algorithmIdentifier(object,
- parser->get_level(parser)+1, NULL);
+ INIT(this->scheme);
+ if (!signature_params_parse(object, parser->get_level(parser)+1,
+ this->scheme))
+ {
+ DBG1(DBG_ASN, " unable to parse signature algorithm");
+ goto end;
+ }
break;
case BASIC_RESPONSE_SIGNATURE:
this->signature = chunk_skip(object, 1);
@@ -703,10 +709,9 @@ METHOD(certificate_t, has_issuer, id_match_t,
METHOD(certificate_t, issued_by, bool,
private_x509_ocsp_response_t *this, certificate_t *issuer,
- signature_scheme_t *schemep)
+ signature_params_t **scheme)
{
public_key_t *key;
- signature_scheme_t scheme;
bool valid;
x509_t *x509 = (x509_t*)issuer;
@@ -743,21 +748,17 @@ METHOD(certificate_t, issued_by, bool,
return FALSE;
}
- /* get the public key of the issuer */
key = issuer->get_public_key(issuer);
-
- /* determine signature scheme */
- scheme = signature_scheme_from_oid(this->signatureAlgorithm);
-
- if (scheme == SIGN_UNKNOWN || key == NULL)
+ if (!key)
{
return FALSE;
}
- valid = key->verify(key, scheme, this->tbsResponseData, this->signature);
+ valid = key->verify(key, this->scheme->scheme, this->scheme->params,
+ this->tbsResponseData, this->signature);
key->destroy(key);
- if (valid && schemep)
+ if (valid && scheme)
{
- *schemep = scheme;
+ *scheme = signature_params_clone(this->scheme);
}
return valid;
}
@@ -839,6 +840,7 @@ METHOD(certificate_t, destroy, void,
{
this->certs->destroy_offset(this->certs, offsetof(certificate_t, destroy));
this->responses->destroy_function(this->responses, free);
+ signature_params_destroy(this->scheme);
DESTROY_IF(this->responderId);
free(this->encoding.ptr);
free(this);
@@ -879,7 +881,6 @@ static x509_ocsp_response_t *load(chunk_t blob)
.producedAt = UNDEFINED_TIME,
.usableUntil = UNDEFINED_TIME,
.responses = linked_list_create(),
- .signatureAlgorithm = OID_UNKNOWN,
.certs = linked_list_create(),
);
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index e39e24bff..587fbd5d6 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -72,9 +72,9 @@ struct private_x509_pkcs10_t {
chunk_t challengePassword;
/**
- * Signature algorithm
+ * Signature scheme
*/
- int algorithm;
+ signature_params_t *scheme;
/**
* Signature
@@ -124,10 +124,9 @@ METHOD(certificate_t, has_subject, id_match_t,
METHOD(certificate_t, issued_by, bool,
private_x509_pkcs10_t *this, certificate_t *issuer,
- signature_scheme_t *schemep)
+ signature_params_t **scheme)
{
public_key_t *key;
- signature_scheme_t scheme;
bool valid;
if (&this->public.interface.interface != issuer)
@@ -136,27 +135,22 @@ METHOD(certificate_t, issued_by, bool,
}
if (this->self_signed)
{
- return TRUE;
+ valid = TRUE;
}
-
- /* determine signature scheme */
- scheme = signature_scheme_from_oid(this->algorithm);
- if (scheme == SIGN_UNKNOWN)
+ else
{
- return FALSE;
- }
-
- /* get the public key contained in the certificate request */
- key = this->public_key;
- if (!key)
- {
- return FALSE;
+ /* get the public key contained in the certificate request */
+ key = this->public_key;
+ if (!key)
+ {
+ return FALSE;
+ }
+ valid = key->verify(key, this->scheme->scheme, this->scheme->params,
+ this->certificationRequestInfo, this->signature);
}
- valid = key->verify(key, scheme, this->certificationRequestInfo,
- this->signature);
- if (valid && schemep)
+ if (valid && scheme)
{
- *schemep = scheme;
+ *scheme = signature_params_clone(this->scheme);
}
return valid;
}
@@ -410,7 +404,7 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this)
case PKCS10_SUBJECT_PUBLIC_KEY_INFO:
this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
- if (this->public_key == NULL)
+ if (!this->public_key)
{
goto end;
}
@@ -438,7 +432,12 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this)
}
break;
case PKCS10_ALGORITHM:
- this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
+ INIT(this->scheme);
+ if (!signature_params_parse(object, level, this->scheme))
+ {
+ DBG1(DBG_ASN, " unable to parse signature algorithm");
+ goto end;
+ }
break;
case PKCS10_SIGNATURE:
this->signature = chunk_skip(object, 1);
@@ -474,6 +473,7 @@ METHOD(certificate_t, destroy, void,
{
this->subjectAltNames->destroy_offset(this->subjectAltNames,
offsetof(identification_t, destroy));
+ signature_params_destroy(this->scheme);
DESTROY_IF(this->subject);
DESTROY_IF(this->public_key);
chunk_free(&this->encoding);
@@ -530,25 +530,34 @@ static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key,
{
chunk_t key_info, subjectAltNames, attributes;
chunk_t extensionRequest = chunk_empty;
- chunk_t challengePassword = chunk_empty;
- signature_scheme_t scheme;
+ chunk_t challengePassword = chunk_empty, sig_scheme = chunk_empty;
identification_t *subject;
subject = cert->subject;
cert->public_key = sign_key->get_public_key(sign_key);
- /* select signature scheme */
- cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg,
- sign_key->get_type(sign_key));
- if (cert->algorithm == OID_UNKNOWN)
+ /* select signature scheme, if not already specified */
+ if (!cert->scheme)
+ {
+ INIT(cert->scheme,
+ .scheme = signature_scheme_from_oid(
+ hasher_signature_algorithm_to_oid(digest_alg,
+ sign_key->get_type(sign_key))),
+ );
+ }
+ if (cert->scheme->scheme == SIGN_UNKNOWN)
+ {
+ return FALSE;
+ }
+ if (!signature_params_build(cert->scheme, &sig_scheme))
{
return FALSE;
}
- scheme = signature_scheme_from_oid(cert->algorithm);
if (!cert->public_key->get_encoding(cert->public_key,
PUBKEY_SPKI_ASN1_DER, &key_info))
{
+ chunk_free(&sig_scheme);
return FALSE;
}
@@ -584,15 +593,16 @@ static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key,
key_info,
attributes);
- if (!sign_key->sign(sign_key, scheme, cert->certificationRequestInfo,
- &cert->signature))
+ if (!sign_key->sign(sign_key, cert->scheme->scheme, cert->scheme->params,
+ cert->certificationRequestInfo, &cert->signature))
{
+ chunk_free(&sig_scheme);
return FALSE;
}
cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm",
cert->certificationRequestInfo,
- asn1_algorithmIdentifier(cert->algorithm),
+ sig_scheme,
asn1_bitstring("c", cert->signature));
return TRUE;
}
@@ -674,6 +684,10 @@ x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args)
case BUILD_CHALLENGE_PWD:
cert->challengePassword = chunk_clone(va_arg(args, chunk_t));
continue;
+ case BUILD_SIGNATURE_SCHEME:
+ cert->scheme = va_arg(args, signature_params_t*);
+ cert->scheme = signature_params_clone(cert->scheme);
+ continue;
case BUILD_DIGEST_ALG:
digest_alg = va_arg(args, int);
continue;
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index d5d47694f..3a39037bc 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c
index df6066b19..4466e91eb 100644
--- a/src/libstrongswan/processing/watcher.c
+++ b/src/libstrongswan/processing/watcher.c
@@ -513,6 +513,7 @@ METHOD(watcher_t, remove_, void,
private_watcher_t *this, int fd)
{
entry_t *entry, *prev = NULL;
+ bool found = FALSE;
this->mutex->lock(this->mutex);
while (TRUE)
@@ -530,6 +531,7 @@ METHOD(watcher_t, remove_, void,
break;
}
entry = remove_entry(this, entry, prev);
+ found = TRUE;
continue;
}
prev = entry;
@@ -541,8 +543,10 @@ METHOD(watcher_t, remove_, void,
}
this->condvar->wait(this->condvar, this->mutex);
}
-
- update(this);
+ if (found)
+ {
+ update(this);
+ }
this->mutex->unlock(this->mutex);
}
diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
index 0653b955b..12f160224 100644
--- a/src/libstrongswan/selectors/traffic_selector.c
+++ b/src/libstrongswan/selectors/traffic_selector.c
@@ -25,6 +25,10 @@
#include <utils/identification.h>
#include <collections/linked_list.h>
+#define IPV4_LEN 4
+#define IPV6_LEN 16
+#define TS_IP_LEN(this) ({ ((this)->type == TS_IPV4_ADDR_RANGE) ? IPV4_LEN : IPV6_LEN; })
+
#define NON_SUBNET_ADDRESS_RANGE 255
ENUM(ts_type_name, TS_IPV4_ADDR_RANGE, TS_IPV6_ADDR_RANGE,
@@ -68,26 +72,12 @@ struct private_traffic_selector_t {
/**
* begin of address range, network order
*/
- union {
- /** dummy char for common address manipulation */
- char from[0];
- /** IPv4 address */
- uint32_t from4[1];
- /** IPv6 address */
- uint32_t from6[4];
- };
+ char from[IPV6_LEN];
/**
* end of address range, network order
*/
- union {
- /** dummy char for common address manipulation */
- char to[0];
- /** IPv4 address */
- uint32_t to4[1];
- /** IPv6 address */
- uint32_t to6[4];
- };
+ char to[IPV6_LEN];
/**
* begin of port range
@@ -111,7 +101,7 @@ static void calc_range(private_traffic_selector_t *this, uint8_t netbits)
this->netbits = netbits;
- len = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
+ len = TS_IP_LEN(this);
bytes = (netbits + 7)/8;
bits = (bytes * 8) - netbits;
mask = bits ? (1 << bits) - 1 : 0;
@@ -130,7 +120,7 @@ static uint8_t calc_netbits(private_traffic_selector_t *this)
{
int byte, bit;
uint8_t netbits;
- size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
+ size_t size = TS_IP_LEN(this);
bool prefix = TRUE;
/* a perfect match results in a single address with a /32 or /128 netmask */
@@ -221,8 +211,8 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
char to_str[INET6_ADDRSTRLEN] = "";
char *serv_proto = NULL, *sep = "";
bool has_proto, has_ports;
- size_t written = 0;
- uint32_t from[4], to[4];
+ size_t written = 0, len;
+ char from[IPV6_LEN], to[IPV6_LEN];
if (this == NULL)
{
@@ -241,11 +231,11 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
return written;
}
- memset(from, 0, sizeof(from));
- memset(to, 0xFF, sizeof(to));
+ len = TS_IP_LEN(this);
+ memset(from, 0, len);
+ memset(to, 0xFF, len);
if (this->dynamic &&
- memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) &&
- memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16))
+ memeq(this->from, from, len) && memeq(this->to, to, len))
{
written += print_in_hook(data, "dynamic");
}
@@ -253,21 +243,21 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
{
if (this->type == TS_IPV4_ADDR_RANGE)
{
- inet_ntop(AF_INET, &this->from4, from_str, sizeof(from_str));
+ inet_ntop(AF_INET, &this->from, from_str, sizeof(from_str));
}
else
{
- inet_ntop(AF_INET6, &this->from6, from_str, sizeof(from_str));
+ inet_ntop(AF_INET6, &this->from, from_str, sizeof(from_str));
}
if (this->netbits == NON_SUBNET_ADDRESS_RANGE)
{
if (this->type == TS_IPV4_ADDR_RANGE)
{
- inet_ntop(AF_INET, &this->to4, to_str, sizeof(to_str));
+ inet_ntop(AF_INET, &this->to, to_str, sizeof(to_str));
}
else
{
- inet_ntop(AF_INET6, &this->to6, to_str, sizeof(to_str));
+ inet_ntop(AF_INET6, &this->to, to_str, sizeof(to_str));
}
written += print_in_hook(data, "%s..%s", from_str, to_str);
}
@@ -377,17 +367,6 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*,
{
return NULL;
}
- switch (this->type)
- {
- case TS_IPV4_ADDR_RANGE:
- size = sizeof(this->from4);
- break;
- case TS_IPV6_ADDR_RANGE:
- size = sizeof(this->from6);
- break;
- default:
- return NULL;
- }
if (this->protocol != other->protocol &&
this->protocol != 0 && other->protocol != 0)
@@ -414,6 +393,7 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*,
return NULL;
}
}
+ size = TS_IP_LEN(this);
/* get higher from-address */
if (memcmp(this->from, other->from, size) > 0)
{
@@ -456,29 +436,13 @@ METHOD(traffic_selector_t, equals, bool,
METHOD(traffic_selector_t, get_from_address, chunk_t,
private_traffic_selector_t *this)
{
- switch (this->type)
- {
- case TS_IPV4_ADDR_RANGE:
- return chunk_create(this->from, sizeof(this->from4));
- case TS_IPV6_ADDR_RANGE:
- return chunk_create(this->from, sizeof(this->from6));
- default:
- return chunk_empty;
- }
+ return chunk_create(this->from, TS_IP_LEN(this));
}
METHOD(traffic_selector_t, get_to_address, chunk_t,
private_traffic_selector_t *this)
{
- switch (this->type)
- {
- case TS_IPV4_ADDR_RANGE:
- return chunk_create(this->to, sizeof(this->to4));
- case TS_IPV6_ADDR_RANGE:
- return chunk_create(this->to, sizeof(this->to6));
- default:
- return chunk_empty;
- }
+ return chunk_create(this->to, TS_IP_LEN(this));
}
METHOD(traffic_selector_t, get_from_port, uint16_t,
@@ -526,7 +490,7 @@ METHOD(traffic_selector_t, is_host, bool,
}
else
{
- size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
+ size_t length = TS_IP_LEN(this);
if (this->dynamic)
{
@@ -555,8 +519,8 @@ METHOD(traffic_selector_t, set_address, void,
if (host->is_anyaddr(host))
{
- memset(this->from6, 0x00, sizeof(this->from6));
- memset(this->to6, 0xFF, sizeof(this->to6));
+ memset(this->from, 0x00, sizeof(this->from));
+ memset(this->to, 0xFF, sizeof(this->to));
this->netbits = 0;
}
else
@@ -624,11 +588,11 @@ METHOD(traffic_selector_t, to_subnet, bool,
{
case TS_IPV4_ADDR_RANGE:
family = AF_INET;
- net_chunk.len = sizeof(this->from4);
+ net_chunk.len = IPV4_LEN;
break;
case TS_IPV6_ADDR_RANGE:
family = AF_INET6;
- net_chunk.len = sizeof(this->from6);
+ net_chunk.len = IPV6_LEN;
break;
default:
/* unreachable */
@@ -659,26 +623,16 @@ METHOD(traffic_selector_t, clone_, traffic_selector_t*,
private_traffic_selector_t *this)
{
private_traffic_selector_t *clone;
+ size_t len = TS_IP_LEN(this);
clone = traffic_selector_create(this->protocol, this->type,
this->from_port, this->to_port);
clone->netbits = this->netbits;
clone->dynamic = this->dynamic;
- switch (clone->type)
- {
- case TS_IPV4_ADDR_RANGE:
- memcpy(clone->from4, this->from4, sizeof(this->from4));
- memcpy(clone->to4, this->to4, sizeof(this->to4));
- return &clone->public;
- case TS_IPV6_ADDR_RANGE:
- memcpy(clone->from6, this->from6, sizeof(this->from6));
- memcpy(clone->to6, this->to6, sizeof(this->to6));
- return &clone->public;
- default:
- /* unreachable */
- return &clone->public;
- }
+ memcpy(clone->from, this->from, len);
+ memcpy(clone->to, this->to, len);
+ return &clone->public;
}
METHOD(traffic_selector_t, hash, u_int,
@@ -713,6 +667,7 @@ int traffic_selector_cmp(traffic_selector_t *a_pub, traffic_selector_t *b_pub,
void *opts)
{
private_traffic_selector_t *a, *b;
+ size_t len;
int res;
a = (private_traffic_selector_t*)a_pub;
@@ -724,36 +679,18 @@ int traffic_selector_cmp(traffic_selector_t *a_pub, traffic_selector_t *b_pub,
{
return res;
}
- switch (a->type)
+ len = TS_IP_LEN(a);
+ /* lower starting subnets first */
+ res = memcmp(a->from, b->from, len);
+ if (res)
{
- case TS_IPV4_ADDR_RANGE:
- /* lower starting subnets first */
- res = memcmp(a->from4, b->from4, sizeof(a->from4));
- if (res)
- {
- return res;
- }
- /* larger subnets first */
- res = memcmp(b->to4, a->to4, sizeof(a->to4));
- if (res)
- {
- return res;
- }
- break;
- case TS_IPV6_ADDR_RANGE:
- res = memcmp(a->from6, b->from6, sizeof(a->from6));
- if (res)
- {
- return res;
- }
- res = memcmp(b->to6, a->to6, sizeof(a->to6));
- if (res)
- {
- return res;
- }
- break;
- default:
- return 1;
+ return res;
+ }
+ /* larger subnets first */
+ res = memcmp(b->to, a->to, len);
+ if (res)
+ {
+ return res;
}
/* lower protocols first */
res = compare_int(a->protocol, b->protocol);
@@ -782,32 +719,19 @@ traffic_selector_t *traffic_selector_create_from_bytes(uint8_t protocol,
private_traffic_selector_t *this = traffic_selector_create(protocol, type,
from_port, to_port);
- switch (type)
+ if (!this)
{
- case TS_IPV4_ADDR_RANGE:
- if (from.len != 4 || to.len != 4)
- {
- free(this);
- return NULL;
- }
- memcpy(this->from4, from.ptr, from.len);
- memcpy(this->to4, to.ptr, to.len);
- break;
- case TS_IPV6_ADDR_RANGE:
- if (from.len != 16 || to.len != 16)
- {
- free(this);
- return NULL;
- }
- memcpy(this->from6, from.ptr, from.len);
- memcpy(this->to6, to.ptr, to.len);
- break;
- default:
- free(this);
- return NULL;
+ return NULL;
}
+ if (from.len != to.len || from.len != TS_IP_LEN(this))
+ {
+ free(this);
+ return NULL;
+ }
+ memcpy(this->from, from.ptr, from.len);
+ memcpy(this->to, to.ptr, to.len);
calc_netbits(this);
- return (&this->public);
+ return &this->public;
}
/*
@@ -816,21 +740,15 @@ traffic_selector_t *traffic_selector_create_from_bytes(uint8_t protocol,
traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
chunk_t from, chunk_t to)
{
- size_t len;
private_traffic_selector_t *this = traffic_selector_create(0, type, 0, 65535);
+ size_t len;
- switch (type)
+ if (!this)
{
- case TS_IPV4_ADDR_RANGE:
- len = 4;
- break;
- case TS_IPV6_ADDR_RANGE:
- len = 16;
- break;
- default:
- free(this);
- return NULL;
+ return NULL;
}
+ len = TS_IP_LEN(this);
+
memset(this->from, 0x00, len);
memset(this->to , 0xff, len);
@@ -846,7 +764,7 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
this->to[to.len-2] |= mask;
}
calc_netbits(this);
- return (&this->public);
+ return &this->public;
}
/*
@@ -857,29 +775,29 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
uint16_t from_port, uint16_t to_port)
{
private_traffic_selector_t *this;
+ ts_type_t type;
chunk_t from;
- this = traffic_selector_create(protocol, 0, from_port, to_port);
-
switch (net->get_family(net))
{
case AF_INET:
- this->type = TS_IPV4_ADDR_RANGE;
+ type = TS_IPV4_ADDR_RANGE;
break;
case AF_INET6:
- this->type = TS_IPV6_ADDR_RANGE;
+ type = TS_IPV6_ADDR_RANGE;
break;
default:
net->destroy(net);
- free(this);
return NULL;
}
+
+ this = traffic_selector_create(protocol, type, from_port, to_port);
+
from = net->get_address(net);
memcpy(this->from, from.ptr, from.len);
- netbits = min(netbits, this->type == TS_IPV4_ADDR_RANGE ? 32 : 128);
+ netbits = min(netbits, TS_IP_LEN(this) * 8);
calc_range(this, netbits);
net->destroy(net);
-
return &this->public;
}
@@ -914,7 +832,6 @@ traffic_selector_t *traffic_selector_create_from_string(
free(this);
return NULL;
}
-
calc_netbits(this);
return &this->public;
}
@@ -947,8 +864,8 @@ traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol,
private_traffic_selector_t *this = traffic_selector_create(
protocol, TS_IPV4_ADDR_RANGE, from_port, to_port);
- memset(this->from6, 0, sizeof(this->from6));
- memset(this->to6, 0xFF, sizeof(this->to6));
+ memset(this->from, 0, sizeof(this->from));
+ memset(this->to, 0xFF, sizeof(this->to));
this->netbits = 0;
this->dynamic = TRUE;
@@ -963,6 +880,12 @@ static private_traffic_selector_t *traffic_selector_create(uint8_t protocol,
{
private_traffic_selector_t *this;
+ /* sanity check */
+ if (type != TS_IPV4_ADDR_RANGE && type != TS_IPV6_ADDR_RANGE)
+ {
+ return NULL;
+ }
+
INIT(this,
.public = {
.get_subset = _get_subset,
diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index 2a92d523b..c618d8837 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -494,11 +494,12 @@ inline bool settings_value_as_bool(char *value, bool def)
}
METHOD(settings_t, get_bool, bool,
- private_settings_t *this, char *key, bool def, ...)
+ private_settings_t *this, char *key, int def, ...)
{
char *value;
va_list args;
+ /* we can't use bool for def due to this call */
va_start(args, def);
value = find_value(this, this->top, key, args);
va_end(args);
@@ -604,41 +605,11 @@ METHOD(settings_t, get_double, double,
*/
inline uint32_t settings_value_as_time(char *value, uint32_t def)
{
- char *endptr;
- uint32_t timeval;
- if (value)
+ time_t val;
+
+ if (timespan_from_string(value, NULL, &val))
{
- errno = 0;
- timeval = strtoul(value, &endptr, 10);
- if (endptr == value)
- {
- return def;
- }
- if (errno == 0)
- {
- while (isspace(*endptr))
- {
- endptr++;
- }
- switch (*endptr)
- {
- case 'd': /* time in days */
- timeval *= 24 * 3600;
- break;
- case 'h': /* time in hours */
- timeval *= 3600;
- break;
- case 'm': /* time in minutes */
- timeval *= 60;
- break;
- case 's': /* time in seconds */
- case '\0':
- break;
- default:
- return def;
- }
- return timeval;
- }
+ return val;
}
return def;
}
@@ -665,9 +636,10 @@ METHOD(settings_t, set_str, void,
}
METHOD(settings_t, set_bool, void,
- private_settings_t *this, char *key, bool value, ...)
+ private_settings_t *this, char *key, int value, ...)
{
va_list args;
+ /* we can't use bool for value due to this call */
va_start(args, value);
set_value(this, this->top, key, args, value ? "1" : "0");
va_end(args);
diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h
index eec5ece6c..28cde4876 100644
--- a/src/libstrongswan/settings/settings.h
+++ b/src/libstrongswan/settings/settings.h
@@ -173,7 +173,7 @@ struct settings_t {
* @param ... argument list for key
* @return value of the key
*/
- bool (*get_bool)(settings_t *this, char *key, bool def, ...);
+ bool (*get_bool)(settings_t *this, char *key, int def, ...);
/**
* Get an integer value.
@@ -221,7 +221,7 @@ struct settings_t {
* @param value value to set
* @param ... argument list for key
*/
- void (*set_bool)(settings_t *this, char *key, bool value, ...);
+ void (*set_bool)(settings_t *this, char *key, int value, ...);
/**
* Set an integer value.
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index 0231c1c14..07f5eb5f2 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -15,11 +15,11 @@ libtest_la_LIBADD = \
$(PTHREADLIB) $(ATOMICLIB)
-TESTS = tests
+TESTS = libstrongswan_tests
check_PROGRAMS = $(TESTS)
-tests_SOURCES = tests.h tests.c \
+libstrongswan_tests_SOURCES = tests.h tests.c \
suites/test_linked_list.c \
suites/test_enumerator.c \
suites/test_linked_list_enumerator.c \
@@ -56,16 +56,17 @@ tests_SOURCES = tests.h tests.c \
suites/test_test_rng.c \
suites/test_mgf1.c \
suites/test_ntru.c \
- suites/test_ed25519.c
+ suites/test_ed25519.c \
+ suites/test_signature_params.c
-tests_CFLAGS = \
+libstrongswan_tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/tests \
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS=\""${s_plugins}\"" \
@COVERAGE_CFLAGS@
-tests_LDFLAGS = @COVERAGE_LDFLAGS@
-tests_LDADD = \
+libstrongswan_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+libstrongswan_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
libtest.la
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index ce0ad3772..f8f8ce83e 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -87,7 +87,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-TESTS = tests$(EXEEXT)
+TESTS = libstrongswan_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libstrongswan/tests
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -123,51 +123,53 @@ am__v_lt_1 =
libtest_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtest_la_CFLAGS) \
$(CFLAGS) $(libtest_la_LDFLAGS) $(LDFLAGS) -o $@
-am__EXEEXT_1 = tests$(EXEEXT)
-am_tests_OBJECTS = tests-tests.$(OBJEXT) \
- suites/tests-test_linked_list.$(OBJEXT) \
- suites/tests-test_enumerator.$(OBJEXT) \
- suites/tests-test_linked_list_enumerator.$(OBJEXT) \
- suites/tests-test_bio_reader.$(OBJEXT) \
- suites/tests-test_bio_writer.$(OBJEXT) \
- suites/tests-test_chunk.$(OBJEXT) \
- suites/tests-test_enum.$(OBJEXT) \
- suites/tests-test_hashtable.$(OBJEXT) \
- suites/tests-test_identification.$(OBJEXT) \
- suites/tests-test_traffic_selector.$(OBJEXT) \
- suites/tests-test_threading.$(OBJEXT) \
- suites/tests-test_process.$(OBJEXT) \
- suites/tests-test_watcher.$(OBJEXT) \
- suites/tests-test_stream.$(OBJEXT) \
- suites/tests-test_fetch_http.$(OBJEXT) \
- suites/tests-test_utils.$(OBJEXT) \
- suites/tests-test_settings.$(OBJEXT) \
- suites/tests-test_vectors.$(OBJEXT) \
- suites/tests-test_array.$(OBJEXT) \
- suites/tests-test_ecdsa.$(OBJEXT) \
- suites/tests-test_rsa.$(OBJEXT) \
- suites/tests-test_certpolicy.$(OBJEXT) \
- suites/tests-test_certnames.$(OBJEXT) \
- suites/tests-test_host.$(OBJEXT) \
- suites/tests-test_auth_cfg.$(OBJEXT) \
- suites/tests-test_hasher.$(OBJEXT) \
- suites/tests-test_crypter.$(OBJEXT) \
- suites/tests-test_crypto_factory.$(OBJEXT) \
- suites/tests-test_iv_gen.$(OBJEXT) \
- suites/tests-test_pen.$(OBJEXT) \
- suites/tests-test_asn1.$(OBJEXT) \
- suites/tests-test_asn1_parser.$(OBJEXT) \
- suites/tests-test_printf.$(OBJEXT) \
- suites/tests-test_test_rng.$(OBJEXT) \
- suites/tests-test_mgf1.$(OBJEXT) \
- suites/tests-test_ntru.$(OBJEXT) \
- suites/tests-test_ed25519.$(OBJEXT)
-tests_OBJECTS = $(am_tests_OBJECTS)
-tests_DEPENDENCIES = \
+am__EXEEXT_1 = libstrongswan_tests$(EXEEXT)
+am_libstrongswan_tests_OBJECTS = libstrongswan_tests-tests.$(OBJEXT) \
+ suites/libstrongswan_tests-test_linked_list.$(OBJEXT) \
+ suites/libstrongswan_tests-test_enumerator.$(OBJEXT) \
+ suites/libstrongswan_tests-test_linked_list_enumerator.$(OBJEXT) \
+ suites/libstrongswan_tests-test_bio_reader.$(OBJEXT) \
+ suites/libstrongswan_tests-test_bio_writer.$(OBJEXT) \
+ suites/libstrongswan_tests-test_chunk.$(OBJEXT) \
+ suites/libstrongswan_tests-test_enum.$(OBJEXT) \
+ suites/libstrongswan_tests-test_hashtable.$(OBJEXT) \
+ suites/libstrongswan_tests-test_identification.$(OBJEXT) \
+ suites/libstrongswan_tests-test_traffic_selector.$(OBJEXT) \
+ suites/libstrongswan_tests-test_threading.$(OBJEXT) \
+ suites/libstrongswan_tests-test_process.$(OBJEXT) \
+ suites/libstrongswan_tests-test_watcher.$(OBJEXT) \
+ suites/libstrongswan_tests-test_stream.$(OBJEXT) \
+ suites/libstrongswan_tests-test_fetch_http.$(OBJEXT) \
+ suites/libstrongswan_tests-test_utils.$(OBJEXT) \
+ suites/libstrongswan_tests-test_settings.$(OBJEXT) \
+ suites/libstrongswan_tests-test_vectors.$(OBJEXT) \
+ suites/libstrongswan_tests-test_array.$(OBJEXT) \
+ suites/libstrongswan_tests-test_ecdsa.$(OBJEXT) \
+ suites/libstrongswan_tests-test_rsa.$(OBJEXT) \
+ suites/libstrongswan_tests-test_certpolicy.$(OBJEXT) \
+ suites/libstrongswan_tests-test_certnames.$(OBJEXT) \
+ suites/libstrongswan_tests-test_host.$(OBJEXT) \
+ suites/libstrongswan_tests-test_auth_cfg.$(OBJEXT) \
+ suites/libstrongswan_tests-test_hasher.$(OBJEXT) \
+ suites/libstrongswan_tests-test_crypter.$(OBJEXT) \
+ suites/libstrongswan_tests-test_crypto_factory.$(OBJEXT) \
+ suites/libstrongswan_tests-test_iv_gen.$(OBJEXT) \
+ suites/libstrongswan_tests-test_pen.$(OBJEXT) \
+ suites/libstrongswan_tests-test_asn1.$(OBJEXT) \
+ suites/libstrongswan_tests-test_asn1_parser.$(OBJEXT) \
+ suites/libstrongswan_tests-test_printf.$(OBJEXT) \
+ suites/libstrongswan_tests-test_test_rng.$(OBJEXT) \
+ suites/libstrongswan_tests-test_mgf1.$(OBJEXT) \
+ suites/libstrongswan_tests-test_ntru.$(OBJEXT) \
+ suites/libstrongswan_tests-test_ed25519.$(OBJEXT) \
+ suites/libstrongswan_tests-test_signature_params.$(OBJEXT)
+libstrongswan_tests_OBJECTS = $(am_libstrongswan_tests_OBJECTS)
+libstrongswan_tests_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la libtest.la
-tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(tests_CFLAGS) $(CFLAGS) \
- $(tests_LDFLAGS) $(LDFLAGS) -o $@
+libstrongswan_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(libstrongswan_tests_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_tests_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -202,8 +204,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(libtest_la_SOURCES) $(tests_SOURCES)
-DIST_SOURCES = $(libtest_la_SOURCES) $(tests_SOURCES)
+SOURCES = $(libtest_la_SOURCES) $(libstrongswan_tests_SOURCES)
+DIST_SOURCES = $(libtest_la_SOURCES) $(libstrongswan_tests_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -285,9 +287,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -503,7 +507,7 @@ libtest_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(PTHREADLIB) $(ATOMICLIB)
-tests_SOURCES = tests.h tests.c \
+libstrongswan_tests_SOURCES = tests.h tests.c \
suites/test_linked_list.c \
suites/test_enumerator.c \
suites/test_linked_list_enumerator.c \
@@ -540,17 +544,18 @@ tests_SOURCES = tests.h tests.c \
suites/test_test_rng.c \
suites/test_mgf1.c \
suites/test_ntru.c \
- suites/test_ed25519.c
+ suites/test_ed25519.c \
+ suites/test_signature_params.c
-tests_CFLAGS = \
+libstrongswan_tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libstrongswan/tests \
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS=\""${s_plugins}\"" \
@COVERAGE_CFLAGS@
-tests_LDFLAGS = @COVERAGE_LDFLAGS@
-tests_LDADD = \
+libstrongswan_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+libstrongswan_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
libtest.la
@@ -624,84 +629,86 @@ suites/$(am__dirstamp):
suites/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) suites/$(DEPDIR)
@: > suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_linked_list.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_enumerator.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_linked_list_enumerator.$(OBJEXT): \
+suites/libstrongswan_tests-test_linked_list.$(OBJEXT): \
suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_bio_reader.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_bio_writer.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_chunk.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_enum.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_hashtable.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_identification.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_traffic_selector.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_threading.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_process.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_watcher.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_stream.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_fetch_http.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_utils.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_settings.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_vectors.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_array.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_ecdsa.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_rsa.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_certpolicy.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_certnames.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_host.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_auth_cfg.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_hasher.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_crypter.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_crypto_factory.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_iv_gen.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_pen.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_asn1.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_asn1_parser.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_printf.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_test_rng.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_mgf1.$(OBJEXT): suites/$(am__dirstamp) \
- suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_ntru.$(OBJEXT): suites/$(am__dirstamp) \
+suites/libstrongswan_tests-test_enumerator.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_linked_list_enumerator.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_bio_reader.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_bio_writer.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_chunk.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_enum.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_hashtable.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_identification.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_traffic_selector.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_threading.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_process.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_watcher.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_stream.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_fetch_http.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_utils.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_settings.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_vectors.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_array.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_ecdsa.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_rsa.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
-suites/tests-test_ed25519.$(OBJEXT): suites/$(am__dirstamp) \
+suites/libstrongswan_tests-test_certpolicy.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_certnames.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_host.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_auth_cfg.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_hasher.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_crypter.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_crypto_factory.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_iv_gen.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_pen.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_asn1.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_asn1_parser.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_printf.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_test_rng.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_mgf1.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_ntru.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_ed25519.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/libstrongswan_tests-test_signature_params.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
-tests$(EXEEXT): $(tests_OBJECTS) $(tests_DEPENDENCIES) $(EXTRA_tests_DEPENDENCIES)
- @rm -f tests$(EXEEXT)
- $(AM_V_CCLD)$(tests_LINK) $(tests_OBJECTS) $(tests_LDADD) $(LIBS)
+libstrongswan_tests$(EXEEXT): $(libstrongswan_tests_OBJECTS) $(libstrongswan_tests_DEPENDENCIES) $(EXTRA_libstrongswan_tests_DEPENDENCIES)
+ @rm -f libstrongswan_tests$(EXEEXT)
+ $(AM_V_CCLD)$(libstrongswan_tests_LINK) $(libstrongswan_tests_OBJECTS) $(libstrongswan_tests_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -712,46 +719,47 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libstrongswan_tests-tests.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-test_runner.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-test_suite.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tests-tests.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_array.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_asn1.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_asn1_parser.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_auth_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_bio_reader.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_bio_writer.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_certnames.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_certpolicy.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_chunk.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_crypter.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_crypto_factory.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ecdsa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ed25519.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_enum.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_enumerator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_fetch_http.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_hasher.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_hashtable.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_host.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_identification.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_iv_gen.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_linked_list.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_mgf1.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ntru.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_pen.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_printf.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_process.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_rsa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_settings.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_stream.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_test_rng.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_threading.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_traffic_selector.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_utils.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_vectors.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_watcher.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_array.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_asn1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_asn1_parser.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_auth_cfg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_bio_reader.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_bio_writer.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_certnames.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_certpolicy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_chunk.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_crypter.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_ecdsa.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_ed25519.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_enum.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_enumerator.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_fetch_http.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_hasher.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_hashtable.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_host.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_identification.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_iv_gen.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_linked_list.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_linked_list_enumerator.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_mgf1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_ntru.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_pen.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_printf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_process.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_rsa.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_settings.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_signature_params.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_stream.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_test_rng.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_threading.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_traffic_selector.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_utils.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_vectors.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libstrongswan_tests-test_watcher.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/libtest_la-test_rng.Plo@am__quote@
.c.o:
@@ -799,537 +807,551 @@ utils/libtest_la-test_rng.lo: utils/test_rng.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o utils/libtest_la-test_rng.lo `test -f 'utils/test_rng.c' || echo '$(srcdir)/'`utils/test_rng.c
-tests-tests.o: tests.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.o -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.o' libtool=no @AMDEPBACKSLASH@
+libstrongswan_tests-tests.o: tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT libstrongswan_tests-tests.o -MD -MP -MF $(DEPDIR)/libstrongswan_tests-tests.Tpo -c -o libstrongswan_tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libstrongswan_tests-tests.Tpo $(DEPDIR)/libstrongswan_tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='libstrongswan_tests-tests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o libstrongswan_tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+
+libstrongswan_tests-tests.obj: tests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT libstrongswan_tests-tests.obj -MD -MP -MF $(DEPDIR)/libstrongswan_tests-tests.Tpo -c -o libstrongswan_tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libstrongswan_tests-tests.Tpo $(DEPDIR)/libstrongswan_tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='libstrongswan_tests-tests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o libstrongswan_tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+
+suites/libstrongswan_tests-test_linked_list.o: suites/test_linked_list.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_linked_list.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_linked_list.Tpo -c -o suites/libstrongswan_tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_linked_list.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_linked_list.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/libstrongswan_tests-test_linked_list.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c
-tests-tests.obj: tests.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.obj -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_linked_list.obj: suites/test_linked_list.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_linked_list.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_linked_list.Tpo -c -o suites/libstrongswan_tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_linked_list.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_linked_list.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/libstrongswan_tests-test_linked_list.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi`
-suites/tests-test_linked_list.o: suites/test_linked_list.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list.o -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list.Tpo -c -o suites/tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list.Tpo suites/$(DEPDIR)/tests-test_linked_list.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/tests-test_linked_list.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_enumerator.o: suites/test_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_enumerator.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_enumerator.Tpo -c -o suites/libstrongswan_tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_enumerator.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_enumerator.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/libstrongswan_tests-test_enumerator.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c
-suites/tests-test_linked_list.obj: suites/test_linked_list.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list.Tpo -c -o suites/tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list.Tpo suites/$(DEPDIR)/tests-test_linked_list.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/tests-test_linked_list.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_enumerator.obj: suites/test_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_enumerator.Tpo -c -o suites/libstrongswan_tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_enumerator.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_enumerator.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/libstrongswan_tests-test_enumerator.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi`
-suites/tests-test_enumerator.o: suites/test_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enumerator.o -MD -MP -MF suites/$(DEPDIR)/tests-test_enumerator.Tpo -c -o suites/tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enumerator.Tpo suites/$(DEPDIR)/tests-test_enumerator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/tests-test_enumerator.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_linked_list_enumerator.o: suites/test_linked_list_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_linked_list_enumerator.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_linked_list_enumerator.Tpo -c -o suites/libstrongswan_tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_linked_list_enumerator.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/libstrongswan_tests-test_linked_list_enumerator.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c
-suites/tests-test_enumerator.obj: suites/test_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_enumerator.Tpo -c -o suites/tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enumerator.Tpo suites/$(DEPDIR)/tests-test_enumerator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/tests-test_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_linked_list_enumerator.obj: suites/test_linked_list_enumerator.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_linked_list_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_linked_list_enumerator.Tpo -c -o suites/libstrongswan_tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_linked_list_enumerator.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/libstrongswan_tests-test_linked_list_enumerator.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi`
-suites/tests-test_linked_list_enumerator.o: suites/test_linked_list_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list_enumerator.o -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo -c -o suites/tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/tests-test_linked_list_enumerator.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_bio_reader.o: suites/test_bio_reader.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_bio_reader.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_bio_reader.Tpo -c -o suites/libstrongswan_tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_bio_reader.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_bio_reader.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/libstrongswan_tests-test_bio_reader.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c
-suites/tests-test_linked_list_enumerator.obj: suites/test_linked_list_enumerator.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo -c -o suites/tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/tests-test_linked_list_enumerator.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_bio_reader.obj: suites/test_bio_reader.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_bio_reader.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_bio_reader.Tpo -c -o suites/libstrongswan_tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_bio_reader.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_bio_reader.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/libstrongswan_tests-test_bio_reader.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi`
-suites/tests-test_bio_reader.o: suites/test_bio_reader.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_reader.o -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_reader.Tpo -c -o suites/tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_reader.Tpo suites/$(DEPDIR)/tests-test_bio_reader.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/tests-test_bio_reader.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_bio_writer.o: suites/test_bio_writer.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_bio_writer.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_bio_writer.Tpo -c -o suites/libstrongswan_tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_bio_writer.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_bio_writer.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/libstrongswan_tests-test_bio_writer.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c
-suites/tests-test_bio_reader.obj: suites/test_bio_reader.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_reader.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_reader.Tpo -c -o suites/tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_reader.Tpo suites/$(DEPDIR)/tests-test_bio_reader.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/tests-test_bio_reader.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_bio_writer.obj: suites/test_bio_writer.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_bio_writer.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_bio_writer.Tpo -c -o suites/libstrongswan_tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_bio_writer.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_bio_writer.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/libstrongswan_tests-test_bio_writer.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi`
-suites/tests-test_bio_writer.o: suites/test_bio_writer.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_writer.o -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_writer.Tpo -c -o suites/tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_writer.Tpo suites/$(DEPDIR)/tests-test_bio_writer.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/tests-test_bio_writer.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_chunk.o: suites/test_chunk.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_chunk.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_chunk.Tpo -c -o suites/libstrongswan_tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_chunk.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_chunk.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/libstrongswan_tests-test_chunk.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c
-suites/tests-test_bio_writer.obj: suites/test_bio_writer.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_writer.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_writer.Tpo -c -o suites/tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_writer.Tpo suites/$(DEPDIR)/tests-test_bio_writer.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/tests-test_bio_writer.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_chunk.obj: suites/test_chunk.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_chunk.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_chunk.Tpo -c -o suites/libstrongswan_tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_chunk.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_chunk.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/libstrongswan_tests-test_chunk.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi`
-suites/tests-test_chunk.o: suites/test_chunk.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_chunk.o -MD -MP -MF suites/$(DEPDIR)/tests-test_chunk.Tpo -c -o suites/tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_chunk.Tpo suites/$(DEPDIR)/tests-test_chunk.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/tests-test_chunk.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_enum.o: suites/test_enum.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_enum.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_enum.Tpo -c -o suites/libstrongswan_tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_enum.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_enum.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/libstrongswan_tests-test_enum.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c
-suites/tests-test_chunk.obj: suites/test_chunk.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_chunk.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_chunk.Tpo -c -o suites/tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_chunk.Tpo suites/$(DEPDIR)/tests-test_chunk.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/tests-test_chunk.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_enum.obj: suites/test_enum.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_enum.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_enum.Tpo -c -o suites/libstrongswan_tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_enum.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_enum.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/libstrongswan_tests-test_enum.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi`
-suites/tests-test_enum.o: suites/test_enum.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enum.o -MD -MP -MF suites/$(DEPDIR)/tests-test_enum.Tpo -c -o suites/tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enum.Tpo suites/$(DEPDIR)/tests-test_enum.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/tests-test_enum.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_hashtable.o: suites/test_hashtable.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_hashtable.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_hashtable.Tpo -c -o suites/libstrongswan_tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_hashtable.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_hashtable.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/libstrongswan_tests-test_hashtable.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c
-suites/tests-test_enum.obj: suites/test_enum.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enum.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_enum.Tpo -c -o suites/tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enum.Tpo suites/$(DEPDIR)/tests-test_enum.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/tests-test_enum.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_hashtable.obj: suites/test_hashtable.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_hashtable.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_hashtable.Tpo -c -o suites/libstrongswan_tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_hashtable.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_hashtable.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/libstrongswan_tests-test_hashtable.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi`
-suites/tests-test_hashtable.o: suites/test_hashtable.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hashtable.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hashtable.Tpo -c -o suites/tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hashtable.Tpo suites/$(DEPDIR)/tests-test_hashtable.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/tests-test_hashtable.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_identification.o: suites/test_identification.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_identification.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_identification.Tpo -c -o suites/libstrongswan_tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_identification.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_identification.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/libstrongswan_tests-test_identification.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c
-suites/tests-test_hashtable.obj: suites/test_hashtable.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hashtable.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_hashtable.Tpo -c -o suites/tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hashtable.Tpo suites/$(DEPDIR)/tests-test_hashtable.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/tests-test_hashtable.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_identification.obj: suites/test_identification.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_identification.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_identification.Tpo -c -o suites/libstrongswan_tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_identification.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_identification.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/libstrongswan_tests-test_identification.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi`
-suites/tests-test_identification.o: suites/test_identification.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_identification.o -MD -MP -MF suites/$(DEPDIR)/tests-test_identification.Tpo -c -o suites/tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_identification.Tpo suites/$(DEPDIR)/tests-test_identification.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/tests-test_identification.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_traffic_selector.o: suites/test_traffic_selector.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_traffic_selector.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_traffic_selector.Tpo -c -o suites/libstrongswan_tests-test_traffic_selector.o `test -f 'suites/test_traffic_selector.c' || echo '$(srcdir)/'`suites/test_traffic_selector.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_traffic_selector.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_traffic_selector.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_traffic_selector.c' object='suites/libstrongswan_tests-test_traffic_selector.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_traffic_selector.o `test -f 'suites/test_traffic_selector.c' || echo '$(srcdir)/'`suites/test_traffic_selector.c
-suites/tests-test_identification.obj: suites/test_identification.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_identification.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_identification.Tpo -c -o suites/tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_identification.Tpo suites/$(DEPDIR)/tests-test_identification.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/tests-test_identification.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_traffic_selector.obj: suites/test_traffic_selector.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_traffic_selector.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_traffic_selector.Tpo -c -o suites/libstrongswan_tests-test_traffic_selector.obj `if test -f 'suites/test_traffic_selector.c'; then $(CYGPATH_W) 'suites/test_traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_traffic_selector.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_traffic_selector.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_traffic_selector.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_traffic_selector.c' object='suites/libstrongswan_tests-test_traffic_selector.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_traffic_selector.obj `if test -f 'suites/test_traffic_selector.c'; then $(CYGPATH_W) 'suites/test_traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_traffic_selector.c'; fi`
-suites/tests-test_traffic_selector.o: suites/test_traffic_selector.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_traffic_selector.o -MD -MP -MF suites/$(DEPDIR)/tests-test_traffic_selector.Tpo -c -o suites/tests-test_traffic_selector.o `test -f 'suites/test_traffic_selector.c' || echo '$(srcdir)/'`suites/test_traffic_selector.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_traffic_selector.Tpo suites/$(DEPDIR)/tests-test_traffic_selector.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_traffic_selector.c' object='suites/tests-test_traffic_selector.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_threading.o: suites/test_threading.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_threading.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_threading.Tpo -c -o suites/libstrongswan_tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_threading.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_threading.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/libstrongswan_tests-test_threading.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_traffic_selector.o `test -f 'suites/test_traffic_selector.c' || echo '$(srcdir)/'`suites/test_traffic_selector.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c
-suites/tests-test_traffic_selector.obj: suites/test_traffic_selector.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_traffic_selector.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_traffic_selector.Tpo -c -o suites/tests-test_traffic_selector.obj `if test -f 'suites/test_traffic_selector.c'; then $(CYGPATH_W) 'suites/test_traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_traffic_selector.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_traffic_selector.Tpo suites/$(DEPDIR)/tests-test_traffic_selector.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_traffic_selector.c' object='suites/tests-test_traffic_selector.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_threading.obj: suites/test_threading.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_threading.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_threading.Tpo -c -o suites/libstrongswan_tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_threading.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_threading.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/libstrongswan_tests-test_threading.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_traffic_selector.obj `if test -f 'suites/test_traffic_selector.c'; then $(CYGPATH_W) 'suites/test_traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_traffic_selector.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
-suites/tests-test_threading.o: suites/test_threading.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_threading.o -MD -MP -MF suites/$(DEPDIR)/tests-test_threading.Tpo -c -o suites/tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_threading.Tpo suites/$(DEPDIR)/tests-test_threading.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/tests-test_threading.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_process.o: suites/test_process.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_process.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_process.Tpo -c -o suites/libstrongswan_tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_process.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_process.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/libstrongswan_tests-test_process.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c
-suites/tests-test_threading.obj: suites/test_threading.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_threading.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_threading.Tpo -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_threading.Tpo suites/$(DEPDIR)/tests-test_threading.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/tests-test_threading.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_process.obj: suites/test_process.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_process.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_process.Tpo -c -o suites/libstrongswan_tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_process.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_process.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/libstrongswan_tests-test_process.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi`
-suites/tests-test_process.o: suites/test_process.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_process.o -MD -MP -MF suites/$(DEPDIR)/tests-test_process.Tpo -c -o suites/tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_process.Tpo suites/$(DEPDIR)/tests-test_process.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/tests-test_process.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_watcher.o: suites/test_watcher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_watcher.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_watcher.Tpo -c -o suites/libstrongswan_tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_watcher.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_watcher.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/libstrongswan_tests-test_watcher.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
-suites/tests-test_process.obj: suites/test_process.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_process.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_process.Tpo -c -o suites/tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_process.Tpo suites/$(DEPDIR)/tests-test_process.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/tests-test_process.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_watcher.obj: suites/test_watcher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_watcher.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_watcher.Tpo -c -o suites/libstrongswan_tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_watcher.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_watcher.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/libstrongswan_tests-test_watcher.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi`
-suites/tests-test_watcher.o: suites/test_watcher.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/tests-test_watcher.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_stream.o: suites/test_stream.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_stream.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_stream.Tpo -c -o suites/libstrongswan_tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_stream.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_stream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/libstrongswan_tests-test_stream.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c
-suites/tests-test_watcher.obj: suites/test_watcher.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/tests-test_watcher.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_stream.obj: suites/test_stream.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_stream.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_stream.Tpo -c -o suites/libstrongswan_tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_stream.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_stream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/libstrongswan_tests-test_stream.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi`
-suites/tests-test_stream.o: suites/test_stream.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_stream.o -MD -MP -MF suites/$(DEPDIR)/tests-test_stream.Tpo -c -o suites/tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_stream.Tpo suites/$(DEPDIR)/tests-test_stream.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/tests-test_stream.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_fetch_http.o: suites/test_fetch_http.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_fetch_http.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_fetch_http.Tpo -c -o suites/libstrongswan_tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_fetch_http.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_fetch_http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/libstrongswan_tests-test_fetch_http.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c
-suites/tests-test_stream.obj: suites/test_stream.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_stream.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_stream.Tpo -c -o suites/tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_stream.Tpo suites/$(DEPDIR)/tests-test_stream.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/tests-test_stream.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_fetch_http.obj: suites/test_fetch_http.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_fetch_http.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_fetch_http.Tpo -c -o suites/libstrongswan_tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_fetch_http.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_fetch_http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/libstrongswan_tests-test_fetch_http.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi`
-suites/tests-test_fetch_http.o: suites/test_fetch_http.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_fetch_http.o -MD -MP -MF suites/$(DEPDIR)/tests-test_fetch_http.Tpo -c -o suites/tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_fetch_http.Tpo suites/$(DEPDIR)/tests-test_fetch_http.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/tests-test_fetch_http.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_utils.o: suites/test_utils.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_utils.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_utils.Tpo -c -o suites/libstrongswan_tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_utils.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_utils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/libstrongswan_tests-test_utils.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c
-suites/tests-test_fetch_http.obj: suites/test_fetch_http.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_fetch_http.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_fetch_http.Tpo -c -o suites/tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_fetch_http.Tpo suites/$(DEPDIR)/tests-test_fetch_http.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/tests-test_fetch_http.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_utils.obj: suites/test_utils.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_utils.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_utils.Tpo -c -o suites/libstrongswan_tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_utils.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_utils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/libstrongswan_tests-test_utils.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi`
-suites/tests-test_utils.o: suites/test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_utils.o -MD -MP -MF suites/$(DEPDIR)/tests-test_utils.Tpo -c -o suites/tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_utils.Tpo suites/$(DEPDIR)/tests-test_utils.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/tests-test_utils.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_settings.o: suites/test_settings.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_settings.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_settings.Tpo -c -o suites/libstrongswan_tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_settings.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_settings.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/libstrongswan_tests-test_settings.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c
-suites/tests-test_utils.obj: suites/test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_utils.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_utils.Tpo -c -o suites/tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_utils.Tpo suites/$(DEPDIR)/tests-test_utils.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/tests-test_utils.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_settings.obj: suites/test_settings.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_settings.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_settings.Tpo -c -o suites/libstrongswan_tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_settings.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_settings.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/libstrongswan_tests-test_settings.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi`
-suites/tests-test_settings.o: suites/test_settings.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_settings.o -MD -MP -MF suites/$(DEPDIR)/tests-test_settings.Tpo -c -o suites/tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_settings.Tpo suites/$(DEPDIR)/tests-test_settings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/tests-test_settings.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_vectors.o: suites/test_vectors.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_vectors.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_vectors.Tpo -c -o suites/libstrongswan_tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_vectors.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_vectors.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/libstrongswan_tests-test_vectors.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
-suites/tests-test_settings.obj: suites/test_settings.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_settings.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_settings.Tpo -c -o suites/tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_settings.Tpo suites/$(DEPDIR)/tests-test_settings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/tests-test_settings.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_vectors.obj: suites/test_vectors.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_vectors.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_vectors.Tpo -c -o suites/libstrongswan_tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_vectors.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_vectors.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/libstrongswan_tests-test_vectors.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
-suites/tests-test_vectors.o: suites/test_vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_vectors.o -MD -MP -MF suites/$(DEPDIR)/tests-test_vectors.Tpo -c -o suites/tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_vectors.Tpo suites/$(DEPDIR)/tests-test_vectors.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/tests-test_vectors.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_array.o: suites/test_array.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_array.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_array.Tpo -c -o suites/libstrongswan_tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_array.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_array.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/libstrongswan_tests-test_array.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c
-suites/tests-test_vectors.obj: suites/test_vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_vectors.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_vectors.Tpo -c -o suites/tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_vectors.Tpo suites/$(DEPDIR)/tests-test_vectors.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/tests-test_vectors.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_array.obj: suites/test_array.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_array.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_array.Tpo -c -o suites/libstrongswan_tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_array.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_array.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/libstrongswan_tests-test_array.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi`
-suites/tests-test_array.o: suites/test_array.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_array.o -MD -MP -MF suites/$(DEPDIR)/tests-test_array.Tpo -c -o suites/tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_array.Tpo suites/$(DEPDIR)/tests-test_array.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/tests-test_array.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_ecdsa.o: suites/test_ecdsa.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_ecdsa.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_ecdsa.Tpo -c -o suites/libstrongswan_tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_ecdsa.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_ecdsa.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/libstrongswan_tests-test_ecdsa.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c
-suites/tests-test_array.obj: suites/test_array.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_array.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_array.Tpo -c -o suites/tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_array.Tpo suites/$(DEPDIR)/tests-test_array.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/tests-test_array.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_ecdsa.obj: suites/test_ecdsa.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_ecdsa.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_ecdsa.Tpo -c -o suites/libstrongswan_tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_ecdsa.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_ecdsa.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/libstrongswan_tests-test_ecdsa.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi`
-suites/tests-test_ecdsa.o: suites/test_ecdsa.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ecdsa.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ecdsa.Tpo -c -o suites/tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ecdsa.Tpo suites/$(DEPDIR)/tests-test_ecdsa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/tests-test_ecdsa.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_rsa.o: suites/test_rsa.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_rsa.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_rsa.Tpo -c -o suites/libstrongswan_tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_rsa.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_rsa.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/libstrongswan_tests-test_rsa.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c
-suites/tests-test_ecdsa.obj: suites/test_ecdsa.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ecdsa.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ecdsa.Tpo -c -o suites/tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ecdsa.Tpo suites/$(DEPDIR)/tests-test_ecdsa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/tests-test_ecdsa.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_rsa.obj: suites/test_rsa.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_rsa.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_rsa.Tpo -c -o suites/libstrongswan_tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_rsa.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_rsa.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/libstrongswan_tests-test_rsa.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi`
-suites/tests-test_rsa.o: suites/test_rsa.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_rsa.o -MD -MP -MF suites/$(DEPDIR)/tests-test_rsa.Tpo -c -o suites/tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_rsa.Tpo suites/$(DEPDIR)/tests-test_rsa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/tests-test_rsa.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_certpolicy.o: suites/test_certpolicy.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_certpolicy.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_certpolicy.Tpo -c -o suites/libstrongswan_tests-test_certpolicy.o `test -f 'suites/test_certpolicy.c' || echo '$(srcdir)/'`suites/test_certpolicy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_certpolicy.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_certpolicy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_certpolicy.c' object='suites/libstrongswan_tests-test_certpolicy.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_certpolicy.o `test -f 'suites/test_certpolicy.c' || echo '$(srcdir)/'`suites/test_certpolicy.c
-suites/tests-test_rsa.obj: suites/test_rsa.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_rsa.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_rsa.Tpo -c -o suites/tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_rsa.Tpo suites/$(DEPDIR)/tests-test_rsa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/tests-test_rsa.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_certpolicy.obj: suites/test_certpolicy.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_certpolicy.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_certpolicy.Tpo -c -o suites/libstrongswan_tests-test_certpolicy.obj `if test -f 'suites/test_certpolicy.c'; then $(CYGPATH_W) 'suites/test_certpolicy.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_certpolicy.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_certpolicy.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_certpolicy.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_certpolicy.c' object='suites/libstrongswan_tests-test_certpolicy.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_certpolicy.obj `if test -f 'suites/test_certpolicy.c'; then $(CYGPATH_W) 'suites/test_certpolicy.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_certpolicy.c'; fi`
-suites/tests-test_certpolicy.o: suites/test_certpolicy.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_certpolicy.o -MD -MP -MF suites/$(DEPDIR)/tests-test_certpolicy.Tpo -c -o suites/tests-test_certpolicy.o `test -f 'suites/test_certpolicy.c' || echo '$(srcdir)/'`suites/test_certpolicy.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_certpolicy.Tpo suites/$(DEPDIR)/tests-test_certpolicy.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_certpolicy.c' object='suites/tests-test_certpolicy.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_certnames.o: suites/test_certnames.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_certnames.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_certnames.Tpo -c -o suites/libstrongswan_tests-test_certnames.o `test -f 'suites/test_certnames.c' || echo '$(srcdir)/'`suites/test_certnames.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_certnames.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_certnames.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_certnames.c' object='suites/libstrongswan_tests-test_certnames.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_certpolicy.o `test -f 'suites/test_certpolicy.c' || echo '$(srcdir)/'`suites/test_certpolicy.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_certnames.o `test -f 'suites/test_certnames.c' || echo '$(srcdir)/'`suites/test_certnames.c
-suites/tests-test_certpolicy.obj: suites/test_certpolicy.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_certpolicy.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_certpolicy.Tpo -c -o suites/tests-test_certpolicy.obj `if test -f 'suites/test_certpolicy.c'; then $(CYGPATH_W) 'suites/test_certpolicy.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_certpolicy.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_certpolicy.Tpo suites/$(DEPDIR)/tests-test_certpolicy.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_certpolicy.c' object='suites/tests-test_certpolicy.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_certnames.obj: suites/test_certnames.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_certnames.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_certnames.Tpo -c -o suites/libstrongswan_tests-test_certnames.obj `if test -f 'suites/test_certnames.c'; then $(CYGPATH_W) 'suites/test_certnames.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_certnames.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_certnames.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_certnames.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_certnames.c' object='suites/libstrongswan_tests-test_certnames.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_certpolicy.obj `if test -f 'suites/test_certpolicy.c'; then $(CYGPATH_W) 'suites/test_certpolicy.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_certpolicy.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_certnames.obj `if test -f 'suites/test_certnames.c'; then $(CYGPATH_W) 'suites/test_certnames.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_certnames.c'; fi`
-suites/tests-test_certnames.o: suites/test_certnames.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_certnames.o -MD -MP -MF suites/$(DEPDIR)/tests-test_certnames.Tpo -c -o suites/tests-test_certnames.o `test -f 'suites/test_certnames.c' || echo '$(srcdir)/'`suites/test_certnames.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_certnames.Tpo suites/$(DEPDIR)/tests-test_certnames.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_certnames.c' object='suites/tests-test_certnames.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_host.o: suites/test_host.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_host.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_host.Tpo -c -o suites/libstrongswan_tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_host.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_host.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/libstrongswan_tests-test_host.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_certnames.o `test -f 'suites/test_certnames.c' || echo '$(srcdir)/'`suites/test_certnames.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c
-suites/tests-test_certnames.obj: suites/test_certnames.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_certnames.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_certnames.Tpo -c -o suites/tests-test_certnames.obj `if test -f 'suites/test_certnames.c'; then $(CYGPATH_W) 'suites/test_certnames.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_certnames.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_certnames.Tpo suites/$(DEPDIR)/tests-test_certnames.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_certnames.c' object='suites/tests-test_certnames.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_host.obj: suites/test_host.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_host.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_host.Tpo -c -o suites/libstrongswan_tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_host.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_host.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/libstrongswan_tests-test_host.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_certnames.obj `if test -f 'suites/test_certnames.c'; then $(CYGPATH_W) 'suites/test_certnames.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_certnames.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
-suites/tests-test_host.o: suites/test_host.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_host.o -MD -MP -MF suites/$(DEPDIR)/tests-test_host.Tpo -c -o suites/tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_host.Tpo suites/$(DEPDIR)/tests-test_host.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/tests-test_host.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_auth_cfg.o: suites/test_auth_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_auth_cfg.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_auth_cfg.Tpo -c -o suites/libstrongswan_tests-test_auth_cfg.o `test -f 'suites/test_auth_cfg.c' || echo '$(srcdir)/'`suites/test_auth_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_auth_cfg.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_auth_cfg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_auth_cfg.c' object='suites/libstrongswan_tests-test_auth_cfg.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_auth_cfg.o `test -f 'suites/test_auth_cfg.c' || echo '$(srcdir)/'`suites/test_auth_cfg.c
-suites/tests-test_host.obj: suites/test_host.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_host.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_host.Tpo -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_host.Tpo suites/$(DEPDIR)/tests-test_host.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/tests-test_host.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_auth_cfg.obj: suites/test_auth_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_auth_cfg.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_auth_cfg.Tpo -c -o suites/libstrongswan_tests-test_auth_cfg.obj `if test -f 'suites/test_auth_cfg.c'; then $(CYGPATH_W) 'suites/test_auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_auth_cfg.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_auth_cfg.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_auth_cfg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_auth_cfg.c' object='suites/libstrongswan_tests-test_auth_cfg.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_auth_cfg.obj `if test -f 'suites/test_auth_cfg.c'; then $(CYGPATH_W) 'suites/test_auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_auth_cfg.c'; fi`
-suites/tests-test_auth_cfg.o: suites/test_auth_cfg.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_auth_cfg.o -MD -MP -MF suites/$(DEPDIR)/tests-test_auth_cfg.Tpo -c -o suites/tests-test_auth_cfg.o `test -f 'suites/test_auth_cfg.c' || echo '$(srcdir)/'`suites/test_auth_cfg.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_auth_cfg.Tpo suites/$(DEPDIR)/tests-test_auth_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_auth_cfg.c' object='suites/tests-test_auth_cfg.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_hasher.o: suites/test_hasher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_hasher.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_hasher.Tpo -c -o suites/libstrongswan_tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_hasher.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_hasher.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/libstrongswan_tests-test_hasher.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_auth_cfg.o `test -f 'suites/test_auth_cfg.c' || echo '$(srcdir)/'`suites/test_auth_cfg.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
-suites/tests-test_auth_cfg.obj: suites/test_auth_cfg.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_auth_cfg.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_auth_cfg.Tpo -c -o suites/tests-test_auth_cfg.obj `if test -f 'suites/test_auth_cfg.c'; then $(CYGPATH_W) 'suites/test_auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_auth_cfg.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_auth_cfg.Tpo suites/$(DEPDIR)/tests-test_auth_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_auth_cfg.c' object='suites/tests-test_auth_cfg.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_hasher.obj: suites/test_hasher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_hasher.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_hasher.Tpo -c -o suites/libstrongswan_tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_hasher.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_hasher.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/libstrongswan_tests-test_hasher.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_auth_cfg.obj `if test -f 'suites/test_auth_cfg.c'; then $(CYGPATH_W) 'suites/test_auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_auth_cfg.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi`
-suites/tests-test_hasher.o: suites/test_hasher.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/tests-test_hasher.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_crypter.o: suites/test_crypter.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_crypter.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_crypter.Tpo -c -o suites/libstrongswan_tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_crypter.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_crypter.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/libstrongswan_tests-test_crypter.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c
-suites/tests-test_hasher.obj: suites/test_hasher.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/tests-test_hasher.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_crypter.obj: suites/test_crypter.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_crypter.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_crypter.Tpo -c -o suites/libstrongswan_tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_crypter.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_crypter.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/libstrongswan_tests-test_crypter.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi`
-suites/tests-test_crypter.o: suites/test_crypter.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypter.o -MD -MP -MF suites/$(DEPDIR)/tests-test_crypter.Tpo -c -o suites/tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypter.Tpo suites/$(DEPDIR)/tests-test_crypter.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/tests-test_crypter.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_crypto_factory.o: suites/test_crypto_factory.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_crypto_factory.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Tpo -c -o suites/libstrongswan_tests-test_crypto_factory.o `test -f 'suites/test_crypto_factory.c' || echo '$(srcdir)/'`suites/test_crypto_factory.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypto_factory.c' object='suites/libstrongswan_tests-test_crypto_factory.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_crypto_factory.o `test -f 'suites/test_crypto_factory.c' || echo '$(srcdir)/'`suites/test_crypto_factory.c
-suites/tests-test_crypter.obj: suites/test_crypter.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypter.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_crypter.Tpo -c -o suites/tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypter.Tpo suites/$(DEPDIR)/tests-test_crypter.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/tests-test_crypter.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_crypto_factory.obj: suites/test_crypto_factory.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_crypto_factory.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Tpo -c -o suites/libstrongswan_tests-test_crypto_factory.obj `if test -f 'suites/test_crypto_factory.c'; then $(CYGPATH_W) 'suites/test_crypto_factory.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypto_factory.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_crypto_factory.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypto_factory.c' object='suites/libstrongswan_tests-test_crypto_factory.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_crypto_factory.obj `if test -f 'suites/test_crypto_factory.c'; then $(CYGPATH_W) 'suites/test_crypto_factory.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypto_factory.c'; fi`
-suites/tests-test_crypto_factory.o: suites/test_crypto_factory.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypto_factory.o -MD -MP -MF suites/$(DEPDIR)/tests-test_crypto_factory.Tpo -c -o suites/tests-test_crypto_factory.o `test -f 'suites/test_crypto_factory.c' || echo '$(srcdir)/'`suites/test_crypto_factory.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypto_factory.Tpo suites/$(DEPDIR)/tests-test_crypto_factory.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypto_factory.c' object='suites/tests-test_crypto_factory.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_iv_gen.o: suites/test_iv_gen.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_iv_gen.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_iv_gen.Tpo -c -o suites/libstrongswan_tests-test_iv_gen.o `test -f 'suites/test_iv_gen.c' || echo '$(srcdir)/'`suites/test_iv_gen.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_iv_gen.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_iv_gen.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_iv_gen.c' object='suites/libstrongswan_tests-test_iv_gen.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypto_factory.o `test -f 'suites/test_crypto_factory.c' || echo '$(srcdir)/'`suites/test_crypto_factory.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_iv_gen.o `test -f 'suites/test_iv_gen.c' || echo '$(srcdir)/'`suites/test_iv_gen.c
-suites/tests-test_crypto_factory.obj: suites/test_crypto_factory.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypto_factory.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_crypto_factory.Tpo -c -o suites/tests-test_crypto_factory.obj `if test -f 'suites/test_crypto_factory.c'; then $(CYGPATH_W) 'suites/test_crypto_factory.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypto_factory.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypto_factory.Tpo suites/$(DEPDIR)/tests-test_crypto_factory.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypto_factory.c' object='suites/tests-test_crypto_factory.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_iv_gen.obj: suites/test_iv_gen.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_iv_gen.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_iv_gen.Tpo -c -o suites/libstrongswan_tests-test_iv_gen.obj `if test -f 'suites/test_iv_gen.c'; then $(CYGPATH_W) 'suites/test_iv_gen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_iv_gen.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_iv_gen.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_iv_gen.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_iv_gen.c' object='suites/libstrongswan_tests-test_iv_gen.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypto_factory.obj `if test -f 'suites/test_crypto_factory.c'; then $(CYGPATH_W) 'suites/test_crypto_factory.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypto_factory.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_iv_gen.obj `if test -f 'suites/test_iv_gen.c'; then $(CYGPATH_W) 'suites/test_iv_gen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_iv_gen.c'; fi`
-suites/tests-test_iv_gen.o: suites/test_iv_gen.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_iv_gen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_iv_gen.Tpo -c -o suites/tests-test_iv_gen.o `test -f 'suites/test_iv_gen.c' || echo '$(srcdir)/'`suites/test_iv_gen.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_iv_gen.Tpo suites/$(DEPDIR)/tests-test_iv_gen.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_iv_gen.c' object='suites/tests-test_iv_gen.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_pen.o: suites/test_pen.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_pen.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_pen.Tpo -c -o suites/libstrongswan_tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_pen.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_pen.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/libstrongswan_tests-test_pen.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_iv_gen.o `test -f 'suites/test_iv_gen.c' || echo '$(srcdir)/'`suites/test_iv_gen.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
-suites/tests-test_iv_gen.obj: suites/test_iv_gen.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_iv_gen.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_iv_gen.Tpo -c -o suites/tests-test_iv_gen.obj `if test -f 'suites/test_iv_gen.c'; then $(CYGPATH_W) 'suites/test_iv_gen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_iv_gen.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_iv_gen.Tpo suites/$(DEPDIR)/tests-test_iv_gen.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_iv_gen.c' object='suites/tests-test_iv_gen.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_pen.obj: suites/test_pen.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_pen.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_pen.Tpo -c -o suites/libstrongswan_tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_pen.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_pen.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/libstrongswan_tests-test_pen.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_iv_gen.obj `if test -f 'suites/test_iv_gen.c'; then $(CYGPATH_W) 'suites/test_iv_gen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_iv_gen.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi`
-suites/tests-test_pen.o: suites/test_pen.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/tests-test_pen.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_asn1.o: suites/test_asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_asn1.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_asn1.Tpo -c -o suites/libstrongswan_tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_asn1.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_asn1.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/libstrongswan_tests-test_asn1.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c
-suites/tests-test_pen.obj: suites/test_pen.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/tests-test_pen.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_asn1.obj: suites/test_asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_asn1.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_asn1.Tpo -c -o suites/libstrongswan_tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_asn1.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_asn1.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/libstrongswan_tests-test_asn1.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi`
-suites/tests-test_asn1.o: suites/test_asn1.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1.o -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1.Tpo -c -o suites/tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1.Tpo suites/$(DEPDIR)/tests-test_asn1.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/tests-test_asn1.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_asn1_parser.o: suites/test_asn1_parser.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_asn1_parser.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_asn1_parser.Tpo -c -o suites/libstrongswan_tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_asn1_parser.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_asn1_parser.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/libstrongswan_tests-test_asn1_parser.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c
-suites/tests-test_asn1.obj: suites/test_asn1.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1.Tpo -c -o suites/tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1.Tpo suites/$(DEPDIR)/tests-test_asn1.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/tests-test_asn1.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_asn1_parser.obj: suites/test_asn1_parser.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_asn1_parser.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_asn1_parser.Tpo -c -o suites/libstrongswan_tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_asn1_parser.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_asn1_parser.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/libstrongswan_tests-test_asn1_parser.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi`
-suites/tests-test_asn1_parser.o: suites/test_asn1_parser.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1_parser.o -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1_parser.Tpo -c -o suites/tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1_parser.Tpo suites/$(DEPDIR)/tests-test_asn1_parser.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/tests-test_asn1_parser.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_printf.o: suites/test_printf.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_printf.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_printf.Tpo -c -o suites/libstrongswan_tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_printf.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/libstrongswan_tests-test_printf.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c
-suites/tests-test_asn1_parser.obj: suites/test_asn1_parser.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1_parser.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1_parser.Tpo -c -o suites/tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1_parser.Tpo suites/$(DEPDIR)/tests-test_asn1_parser.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/tests-test_asn1_parser.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_printf.obj: suites/test_printf.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_printf.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_printf.Tpo -c -o suites/libstrongswan_tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_printf.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/libstrongswan_tests-test_printf.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi`
-suites/tests-test_printf.o: suites/test_printf.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_printf.o -MD -MP -MF suites/$(DEPDIR)/tests-test_printf.Tpo -c -o suites/tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_printf.Tpo suites/$(DEPDIR)/tests-test_printf.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/tests-test_printf.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_test_rng.o: suites/test_test_rng.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_test_rng.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_test_rng.Tpo -c -o suites/libstrongswan_tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_test_rng.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_test_rng.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/libstrongswan_tests-test_test_rng.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c
-suites/tests-test_printf.obj: suites/test_printf.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_printf.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_printf.Tpo -c -o suites/tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_printf.Tpo suites/$(DEPDIR)/tests-test_printf.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/tests-test_printf.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_test_rng.obj: suites/test_test_rng.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_test_rng.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_test_rng.Tpo -c -o suites/libstrongswan_tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_test_rng.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_test_rng.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/libstrongswan_tests-test_test_rng.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi`
-suites/tests-test_test_rng.o: suites/test_test_rng.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_test_rng.o -MD -MP -MF suites/$(DEPDIR)/tests-test_test_rng.Tpo -c -o suites/tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_test_rng.Tpo suites/$(DEPDIR)/tests-test_test_rng.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/tests-test_test_rng.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_mgf1.o: suites/test_mgf1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_mgf1.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_mgf1.Tpo -c -o suites/libstrongswan_tests-test_mgf1.o `test -f 'suites/test_mgf1.c' || echo '$(srcdir)/'`suites/test_mgf1.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_mgf1.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_mgf1.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_mgf1.c' object='suites/libstrongswan_tests-test_mgf1.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_mgf1.o `test -f 'suites/test_mgf1.c' || echo '$(srcdir)/'`suites/test_mgf1.c
-suites/tests-test_test_rng.obj: suites/test_test_rng.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_test_rng.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_test_rng.Tpo -c -o suites/tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_test_rng.Tpo suites/$(DEPDIR)/tests-test_test_rng.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/tests-test_test_rng.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_mgf1.obj: suites/test_mgf1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_mgf1.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_mgf1.Tpo -c -o suites/libstrongswan_tests-test_mgf1.obj `if test -f 'suites/test_mgf1.c'; then $(CYGPATH_W) 'suites/test_mgf1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_mgf1.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_mgf1.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_mgf1.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_mgf1.c' object='suites/libstrongswan_tests-test_mgf1.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_mgf1.obj `if test -f 'suites/test_mgf1.c'; then $(CYGPATH_W) 'suites/test_mgf1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_mgf1.c'; fi`
-suites/tests-test_mgf1.o: suites/test_mgf1.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_mgf1.o -MD -MP -MF suites/$(DEPDIR)/tests-test_mgf1.Tpo -c -o suites/tests-test_mgf1.o `test -f 'suites/test_mgf1.c' || echo '$(srcdir)/'`suites/test_mgf1.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_mgf1.Tpo suites/$(DEPDIR)/tests-test_mgf1.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_mgf1.c' object='suites/tests-test_mgf1.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_ntru.o: suites/test_ntru.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_ntru.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_ntru.Tpo -c -o suites/libstrongswan_tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_ntru.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_ntru.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/libstrongswan_tests-test_ntru.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_mgf1.o `test -f 'suites/test_mgf1.c' || echo '$(srcdir)/'`suites/test_mgf1.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c
-suites/tests-test_mgf1.obj: suites/test_mgf1.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_mgf1.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_mgf1.Tpo -c -o suites/tests-test_mgf1.obj `if test -f 'suites/test_mgf1.c'; then $(CYGPATH_W) 'suites/test_mgf1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_mgf1.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_mgf1.Tpo suites/$(DEPDIR)/tests-test_mgf1.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_mgf1.c' object='suites/tests-test_mgf1.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_ntru.obj: suites/test_ntru.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_ntru.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_ntru.Tpo -c -o suites/libstrongswan_tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_ntru.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_ntru.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/libstrongswan_tests-test_ntru.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_mgf1.obj `if test -f 'suites/test_mgf1.c'; then $(CYGPATH_W) 'suites/test_mgf1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_mgf1.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi`
-suites/tests-test_ntru.o: suites/test_ntru.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ntru.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ntru.Tpo -c -o suites/tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ntru.Tpo suites/$(DEPDIR)/tests-test_ntru.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/tests-test_ntru.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_ed25519.o: suites/test_ed25519.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_ed25519.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_ed25519.Tpo -c -o suites/libstrongswan_tests-test_ed25519.o `test -f 'suites/test_ed25519.c' || echo '$(srcdir)/'`suites/test_ed25519.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_ed25519.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_ed25519.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ed25519.c' object='suites/libstrongswan_tests-test_ed25519.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_ed25519.o `test -f 'suites/test_ed25519.c' || echo '$(srcdir)/'`suites/test_ed25519.c
-suites/tests-test_ntru.obj: suites/test_ntru.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ntru.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ntru.Tpo -c -o suites/tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ntru.Tpo suites/$(DEPDIR)/tests-test_ntru.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/tests-test_ntru.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_ed25519.obj: suites/test_ed25519.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_ed25519.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_ed25519.Tpo -c -o suites/libstrongswan_tests-test_ed25519.obj `if test -f 'suites/test_ed25519.c'; then $(CYGPATH_W) 'suites/test_ed25519.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ed25519.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_ed25519.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_ed25519.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ed25519.c' object='suites/libstrongswan_tests-test_ed25519.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_ed25519.obj `if test -f 'suites/test_ed25519.c'; then $(CYGPATH_W) 'suites/test_ed25519.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ed25519.c'; fi`
-suites/tests-test_ed25519.o: suites/test_ed25519.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ed25519.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ed25519.Tpo -c -o suites/tests-test_ed25519.o `test -f 'suites/test_ed25519.c' || echo '$(srcdir)/'`suites/test_ed25519.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ed25519.Tpo suites/$(DEPDIR)/tests-test_ed25519.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ed25519.c' object='suites/tests-test_ed25519.o' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_signature_params.o: suites/test_signature_params.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_signature_params.o -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_signature_params.Tpo -c -o suites/libstrongswan_tests-test_signature_params.o `test -f 'suites/test_signature_params.c' || echo '$(srcdir)/'`suites/test_signature_params.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_signature_params.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_signature_params.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_signature_params.c' object='suites/libstrongswan_tests-test_signature_params.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ed25519.o `test -f 'suites/test_ed25519.c' || echo '$(srcdir)/'`suites/test_ed25519.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_signature_params.o `test -f 'suites/test_signature_params.c' || echo '$(srcdir)/'`suites/test_signature_params.c
-suites/tests-test_ed25519.obj: suites/test_ed25519.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ed25519.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ed25519.Tpo -c -o suites/tests-test_ed25519.obj `if test -f 'suites/test_ed25519.c'; then $(CYGPATH_W) 'suites/test_ed25519.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ed25519.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ed25519.Tpo suites/$(DEPDIR)/tests-test_ed25519.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ed25519.c' object='suites/tests-test_ed25519.obj' libtool=no @AMDEPBACKSLASH@
+suites/libstrongswan_tests-test_signature_params.obj: suites/test_signature_params.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -MT suites/libstrongswan_tests-test_signature_params.obj -MD -MP -MF suites/$(DEPDIR)/libstrongswan_tests-test_signature_params.Tpo -c -o suites/libstrongswan_tests-test_signature_params.obj `if test -f 'suites/test_signature_params.c'; then $(CYGPATH_W) 'suites/test_signature_params.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_signature_params.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libstrongswan_tests-test_signature_params.Tpo suites/$(DEPDIR)/libstrongswan_tests-test_signature_params.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_signature_params.c' object='suites/libstrongswan_tests-test_signature_params.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ed25519.obj `if test -f 'suites/test_ed25519.c'; then $(CYGPATH_W) 'suites/test_ed25519.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ed25519.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libstrongswan_tests_CFLAGS) $(CFLAGS) -c -o suites/libstrongswan_tests-test_signature_params.obj `if test -f 'suites/test_signature_params.c'; then $(CYGPATH_W) 'suites/test_signature_params.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_signature_params.c'; fi`
mostlyclean-libtool:
-rm -f *.lo
diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c
index fa02df9ca..d7fb7c2a9 100644
--- a/src/libstrongswan/tests/suites/test_asn1.c
+++ b/src/libstrongswan/tests/suites/test_asn1.c
@@ -758,13 +758,10 @@ END_TEST
START_TEST(test_asn1_parse_integer_uint64)
{
- typedef struct {
+ struct {
uint64_t n;
chunk_t chunk;
- } testdata_t;
-
-
- testdata_t test[] = {
+ } test[] = {
{ 67305985ULL, chunk_from_chars(
0x04, 0x03, 0x02, 0x01) },
{ 578437695752307201ULL, chunk_from_chars(
@@ -782,6 +779,37 @@ START_TEST(test_asn1_parse_integer_uint64)
}
END_TEST
+/*******************************************************************************
+ * integer_from_uint64
+ */
+
+START_TEST(test_asn1_integer_from_uint64)
+{
+ struct {
+ uint64_t n;
+ chunk_t chunk;
+ } test[] = {
+ { 0ULL, chunk_from_chars(0x00) },
+ { 255ULL, chunk_from_chars(0xff) },
+ { 256ULL, chunk_from_chars(0x01, 0x00) },
+ { 67305985ULL, chunk_from_chars(0x04, 0x03, 0x02, 0x01) },
+ { 578437695752307201ULL, chunk_from_chars(
+ 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01) },
+ { 18446744073709551615ULL, chunk_from_chars(
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff) },
+ };
+ chunk_t asn;
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ asn = asn1_integer_from_uint64(test[i].n);
+ ck_assert_chunk_eq(test[i].chunk, asn);
+ chunk_free(&asn);
+ }
+}
+END_TEST
+
Suite *asn1_suite_create()
{
Suite *s;
@@ -861,8 +889,9 @@ Suite *asn1_suite_create()
tcase_add_test(tc, test_asn1_integer);
suite_add_tcase(s, tc);
- tc = tcase_create("parse_integer_uint64");
+ tc = tcase_create("integer_uint64");
tcase_add_test(tc, test_asn1_parse_integer_uint64);
+ tcase_add_test(tc, test_asn1_integer_from_uint64);
suite_add_tcase(s, tc);
return s;
diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c
index 139b73021..d0fa8a045 100644
--- a/src/libstrongswan/tests/suites/test_auth_cfg.c
+++ b/src/libstrongswan/tests/suites/test_auth_cfg.c
@@ -45,7 +45,7 @@ static void check_sig_constraints(auth_cfg_t *cfg, auth_rule_t type,
{
enumerator_t *enumerator;
auth_rule_t t;
- void *value;
+ signature_params_t *value;
int i = 0;
enumerator = cfg->create_enumerator(cfg);
@@ -54,7 +54,7 @@ static void check_sig_constraints(auth_cfg_t *cfg, auth_rule_t type,
if (t == type)
{
ck_assert(expected[i]);
- ck_assert_int_eq(expected[i], (signature_scheme_t)value);
+ ck_assert_int_eq(expected[i], value->scheme);
i++;
}
}
@@ -106,6 +106,102 @@ START_TEST(test_ike_contraints_fallback)
}
END_TEST
+typedef union {
+ rsa_pss_params_t pss;
+} signature_param_types_t;
+
+struct {
+ char *constraints;
+ signature_scheme_t sig[5];
+ signature_param_types_t p[5];
+} sig_constraints_params_tests[] = {
+ { "rsa/pss-sha256", { SIGN_RSA_EMSA_PSS, 0 }, {
+ { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
+ { "rsa/pss-sha256-sha384", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, 0 }, {
+ { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }},
+ { .pss = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384, .salt_len = HASH_SIZE_SHA384, }}}},
+ { "rsa/pss-sha256-rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
+ { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
+ { "rsa-sha256-rsa/pss-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PSS, 0 }, {
+ {},
+ { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}},
+ { "rsa/pss", { 0 }, {}},
+};
+
+static void check_sig_constraints_params(auth_cfg_t *cfg, auth_rule_t type,
+ signature_scheme_t scheme[],
+ signature_param_types_t p[])
+{
+ enumerator_t *enumerator;
+ auth_rule_t t;
+ signature_params_t *value;
+ int i = 0;
+
+ enumerator = cfg->create_enumerator(cfg);
+ while (enumerator->enumerate(enumerator, &t, &value))
+ {
+ if (t == type)
+ {
+ if (scheme[i] == SIGN_RSA_EMSA_PSS)
+ {
+ signature_params_t expected = {
+ .scheme = scheme[i],
+ .params = &p[i].pss,
+ };
+ ck_assert(signature_params_equal(value, &expected));
+ }
+ else
+ {
+ ck_assert(scheme[i]);
+ ck_assert(!value->params);
+ ck_assert_int_eq(scheme[i], value->scheme);
+ }
+ i++;
+ }
+ }
+ enumerator->destroy(enumerator);
+ ck_assert(!scheme[i]);
+}
+
+START_TEST(test_sig_contraints_params)
+{
+ auth_cfg_t *cfg;
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_params_tests[_i].constraints, TRUE);
+ check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME,
+ sig_constraints_params_tests[_i].sig,
+ sig_constraints_params_tests[_i].p);
+ cfg->destroy(cfg);
+}
+END_TEST
+
+struct {
+ char *constraints;
+ signature_scheme_t sig[6];
+ signature_param_types_t p[6];
+} sig_constraints_rsa_pss_tests[] = {
+ { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {
+ { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}, {}, {}, {}}},
+ { "rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
+ { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}}},
+};
+
+START_TEST(test_sig_contraints_rsa_pss)
+{
+ auth_cfg_t *cfg;
+
+ lib->settings->set_bool(lib->settings, "%s.rsa_pss", TRUE, lib->ns);
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_rsa_pss_tests[_i].constraints, TRUE);
+ check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME,
+ sig_constraints_rsa_pss_tests[_i].sig,
+ sig_constraints_rsa_pss_tests[_i].p);
+ cfg->destroy(cfg);
+}
+END_TEST
+
Suite *auth_cfg_suite_create()
{
Suite *s;
@@ -118,5 +214,10 @@ Suite *auth_cfg_suite_create()
tcase_add_loop_test(tc, test_ike_contraints_fallback, 0, countof(sig_constraints_tests));
suite_add_tcase(s, tc);
+ tc = tcase_create("add_pubkey_constraints parameters");
+ tcase_add_loop_test(tc, test_sig_contraints_params, 0, countof(sig_constraints_params_tests));
+ tcase_add_loop_test(tc, test_sig_contraints_rsa_pss, 0, countof(sig_constraints_rsa_pss_tests));
+ suite_add_tcase(s, tc);
+
return s;
}
diff --git a/src/libstrongswan/tests/suites/test_ecdsa.c b/src/libstrongswan/tests/suites/test_ecdsa.c
index 3c842996d..6edae81ae 100644
--- a/src/libstrongswan/tests/suites/test_ecdsa.c
+++ b/src/libstrongswan/tests/suites/test_ecdsa.c
@@ -57,9 +57,9 @@ static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
{
continue;
}
- fail_unless(privkey->sign(privkey, schemes[i].scheme, data, &sig),
+ fail_unless(privkey->sign(privkey, schemes[i].scheme, NULL, data, &sig),
"sign %N", signature_scheme_names, schemes[i].scheme);
- fail_unless(pubkey->verify(pubkey, schemes[i].scheme, data, sig),
+ fail_unless(pubkey->verify(pubkey, schemes[i].scheme, NULL, data, sig),
"verify %N", signature_scheme_names, schemes[i].scheme);
free(sig.ptr);
}
@@ -121,7 +121,8 @@ static void test_bad_sigs(public_key_t *pubkey)
for (i = 0; i < countof(invalid_sigs); i++)
{
fail_if(
- pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
+ pubkey->verify(pubkey, schemes[s].scheme, NULL, data,
+ invalid_sigs[i]),
"bad %N sig accepted %B",
signature_scheme_names, schemes[s].scheme,
&invalid_sigs[i]);
diff --git a/src/libstrongswan/tests/suites/test_ed25519.c b/src/libstrongswan/tests/suites/test_ed25519.c
index 00842628d..86cbb1bc0 100644
--- a/src/libstrongswan/tests/suites/test_ed25519.c
+++ b/src/libstrongswan/tests/suites/test_ed25519.c
@@ -297,13 +297,13 @@ START_TEST(test_ed25519_sign)
ck_assert(public->equals(public, pubkey));
/* sign */
- ck_assert(key->sign(key, SIGN_ED25519, sig_tests[_i].msg, &sig));
+ ck_assert(key->sign(key, SIGN_ED25519, NULL, sig_tests[_i].msg, &sig));
ck_assert(sig.len == 64);
ck_assert(chunk_equals(sig, sig_tests[_i].sig));
/* verify */
- ck_assert(pubkey->verify(pubkey, SIGN_ED25519, sig_tests[_i].msg,
- sig_tests[_i].sig));
+ ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[_i].msg,
+ sig_tests[_i].sig));
/* cleanup */
key->destroy(key);
@@ -340,10 +340,10 @@ START_TEST(test_ed25519_gen)
ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL));
/* wrong signature scheme */
- ck_assert(!key->sign(key, SIGN_ED448, msg, &sig));
+ ck_assert(!key->sign(key, SIGN_ED448, NULL, msg, &sig));
/* correct signature scheme*/
- ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
+ ck_assert(key->sign(key, SIGN_ED25519, NULL, msg, &sig));
/* export public key */
pubkey = key->get_public_key(key);
@@ -375,10 +375,10 @@ START_TEST(test_ed25519_gen)
ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL));
/* verify with wrong signature scheme */
- ck_assert(!pubkey->verify(pubkey, SIGN_ED448, msg, sig));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED448, NULL, msg, sig));
/* verify with correct signature scheme */
- ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig));
+ ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig));
/* cleanup */
key->destroy(key);
@@ -404,10 +404,10 @@ START_TEST(test_ed25519_speed)
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
BUILD_KEY_SIZE, 256, BUILD_END);
ck_assert(key != NULL);
- ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
+ ck_assert(key->sign(key, SIGN_ED25519, NULL, msg, &sig));
pubkey = key->get_public_key(key);
ck_assert(pubkey != NULL);
- ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig));
+ ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig));
key->destroy(key);
pubkey->destroy(pubkey);
chunk_free(&sig);
@@ -476,25 +476,29 @@ START_TEST(test_ed25519_fail)
BUILD_BLOB_ASN1_DER, sig_tests[0].pubkey, BUILD_END);
ck_assert(pubkey != NULL);
- ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, chunk_empty, chunk_empty));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, chunk_empty,
+ chunk_empty));
/* malformed signature */
sig = chunk_create(sig1, 64);
memcpy(sig1, sig_tests[0].sig.ptr, 64);
sig1[63] |= 0xe0;
- ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
+ sig));
/* wrong signature */
memcpy(sig1, sig_tests[0].sig.ptr, 64);
sig1[0] = 0xe4;
- ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
+ sig));
/* detect all-zeroes public key */
pubkey->destroy(pubkey);
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, zero_pk, BUILD_END);
ck_assert(pubkey != NULL);
- ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
+ ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg,
+ sig));
pubkey->destroy(pubkey);
}
END_TEST
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index 6a83fe777..7bf527329 100644
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -90,12 +90,10 @@ START_TEST(test_hasher_sig_to_oid)
}
END_TEST
-typedef struct {
+static struct {
signature_scheme_t scheme;
hash_algorithm_t alg;
-}hasher_sig_scheme_t;
-
-static hasher_sig_scheme_t sig_schemes[] = {
+} sig_schemes[] = {
{ SIGN_UNKNOWN, HASH_UNKNOWN },
{ SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN },
{ SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 },
@@ -108,6 +106,7 @@ static hasher_sig_scheme_t sig_schemes[] = {
{ SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 },
{ SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 },
{ SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 },
+ { SIGN_RSA_EMSA_PSS, HASH_UNKNOWN },
{ SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 },
{ SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 },
{ SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 },
@@ -124,16 +123,35 @@ static hasher_sig_scheme_t sig_schemes[] = {
{ SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
{ SIGN_ED25519, HASH_IDENTITY },
{ SIGN_ED448, HASH_IDENTITY },
- { 30, HASH_UNKNOWN }
+ { 30, HASH_UNKNOWN },
};
START_TEST(test_hasher_from_sig_scheme)
{
- ck_assert(hasher_from_signature_scheme(sig_schemes[_i].scheme) ==
+ ck_assert(hasher_from_signature_scheme(sig_schemes[_i].scheme, NULL) ==
sig_schemes[_i].alg);
}
END_TEST
+static struct {
+ signature_scheme_t scheme;
+ union {
+ rsa_pss_params_t pss;
+ } p;
+ hash_algorithm_t alg;
+} sig_schemes_params[] = {
+ { SIGN_RSA_EMSA_PSS, .p.pss = { .hash = HASH_SHA256 }, HASH_SHA256 },
+ { SIGN_RSA_EMSA_PSS, .p.pss = { .hash = HASH_SHA512 }, HASH_SHA512 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_256, .p.pss = { .hash = HASH_SHA512 }, HASH_SHA256 },
+};
+
+START_TEST(test_hasher_from_sig_scheme_params)
+{
+ ck_assert(hasher_from_signature_scheme(sig_schemes_params[_i].scheme,
+ &sig_schemes_params[_i].p) == sig_schemes_params[_i].alg);
+}
+END_TEST
+
typedef struct {
pseudo_random_function_t prf;
hash_algorithm_t alg;
@@ -201,9 +219,9 @@ START_TEST(test_hasher_from_integrity)
size_t length;
length = 0;
- ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) ==
+ ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) ==
auths[_i].alg);
- ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) ==
+ ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) ==
auths[_i].alg);
ck_assert(length == auths[_i].length);
}
@@ -226,7 +244,7 @@ typedef struct {
static hasher_ikev2_t ikev2[] = {
{ HASH_IDENTITY, TRUE },
- { HASH_SHA1, TRUE },
+ { HASH_SHA1, FALSE },
{ HASH_SHA256, TRUE },
{ HASH_SHA384, TRUE },
{ HASH_SHA512, TRUE },
@@ -269,6 +287,7 @@ Suite *hasher_suite_create()
tc = tcase_create("from_sig_scheme");
tcase_add_loop_test(tc, test_hasher_from_sig_scheme, 0, countof(sig_schemes));
+ tcase_add_loop_test(tc, test_hasher_from_sig_scheme_params, 0, countof(sig_schemes_params));
suite_add_tcase(s, tc);
tc = tcase_create("from_prf");
diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
index 41e783521..3f6353404 100644
--- a/src/libstrongswan/tests/suites/test_rsa.c
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2013 Martin Willi
* Copyright (C) 2013 revosec AG
*
@@ -16,6 +19,7 @@
#include "test_suite.h"
#include <plugins/plugin_feature.h>
+#include <credentials/keys/signature_params.h>
/**
* Signature schemes to test
@@ -28,6 +32,15 @@ static signature_scheme_t schemes[] = {
SIGN_RSA_EMSA_PKCS1_SHA2_256,
SIGN_RSA_EMSA_PKCS1_SHA2_384,
SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ SIGN_RSA_EMSA_PSS,
+};
+/**
+ * Default parameters for RSA PSS signatures
+ */
+static rsa_pss_params_t default_pss_params = {
+ .hash = HASH_SHA256,
+ .mgf1_hash = HASH_SHA256,
+ .salt_len = RSA_PSS_SALT_LEN_DEFAULT,
};
/**
@@ -40,16 +53,24 @@ static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
for (i = 0; i < countof(schemes); i++)
{
+ rsa_pss_params_t *params = NULL;
+
if (!lib->plugins->has_feature(lib->plugins,
PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i])) ||
!lib->plugins->has_feature(lib->plugins,
PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i])))
{
+ warn("%N not supported, skip scheme", signature_scheme_names,
+ schemes[i]);
continue;
}
- fail_unless(privkey->sign(privkey, schemes[i], data, &sig),
+ if (schemes[i] == SIGN_RSA_EMSA_PSS)
+ {
+ params = &default_pss_params;
+ }
+ fail_unless(privkey->sign(privkey, schemes[i], params, data, &sig),
"sign %N", signature_scheme_names, schemes[i]);
- fail_unless(pubkey->verify(pubkey, schemes[i], data, sig),
+ fail_unless(pubkey->verify(pubkey, schemes[i], params, data, sig),
"verify %N", signature_scheme_names, schemes[i]);
free(sig.ptr);
}
@@ -98,15 +119,23 @@ static void test_bad_sigs(public_key_t *pubkey)
for (s = 0; s < countof(schemes); s++)
{
- if (!lib->plugins->has_feature(lib->plugins,
- PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s])))
- {
- continue;
- }
+ rsa_pss_params_t *params = NULL;
+
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s])))
+ {
+ warn("%N not supported, skip scheme", signature_scheme_names,
+ schemes[s]);
+ continue;
+ }
+ if (schemes[s] == SIGN_RSA_EMSA_PSS)
+ {
+ params = &default_pss_params;
+ }
for (i = 0; i < countof(invalid_sigs); i++)
{
fail_if(
- pubkey->verify(pubkey, schemes[s], data, invalid_sigs[i]),
+ pubkey->verify(pubkey, schemes[s], params, data, invalid_sigs[i]),
"bad %N sig accepted %B", signature_scheme_names, schemes[s],
&invalid_sigs[i]);
}
@@ -373,6 +402,4770 @@ START_TEST(test_load)
}
END_TEST
+/**
+ * Keys for the FIPS 186-4 SigGen PKCS#1 Ver1.5 test vectors
+ */
+static private_key_t *privkey_2048, *privkey_3072;
+static public_key_t *pubkey_2048, *pubkey_3072;
+
+static void create_key(chunk_t n, chunk_t e, chunk_t d, private_key_t **privkey,
+ public_key_t **pubkey)
+{
+ *privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e,
+ BUILD_RSA_PRIV_EXP, d, BUILD_END);
+ ck_assert(*privkey != NULL);
+ *pubkey = (*privkey)->get_public_key(*privkey);
+ ck_assert(*pubkey != NULL);
+}
+
+START_SETUP(setup_keys)
+{
+ create_key(chunk_from_chars(
+ 0xce,0xa8,0x04,0x75,0x32,0x4c,0x1d,0xc8,0x34,0x78,0x27,0x81,0x8d,0xa5,0x8b,0xac,
+ 0x06,0x9d,0x34,0x19,0xc6,0x14,0xa6,0xea,0x1a,0xc6,0xa3,0xb5,0x10,0xdc,0xd7,0x2c,
+ 0xc5,0x16,0x95,0x49,0x05,0xe9,0xfe,0xf9,0x08,0xd4,0x5e,0x13,0x00,0x6a,0xdf,0x27,
+ 0xd4,0x67,0xa7,0xd8,0x3c,0x11,0x1d,0x1a,0x5d,0xf1,0x5e,0xf2,0x93,0x77,0x1a,0xef,
+ 0xb9,0x20,0x03,0x2a,0x5b,0xb9,0x89,0xf8,0xe4,0xf5,0xe1,0xb0,0x50,0x93,0xd3,0xf1,
+ 0x30,0xf9,0x84,0xc0,0x7a,0x77,0x2a,0x36,0x83,0xf4,0xdc,0x6f,0xb2,0x8a,0x96,0x81,
+ 0x5b,0x32,0x12,0x3c,0xcd,0xd1,0x39,0x54,0xf1,0x9d,0x5b,0x8b,0x24,0xa1,0x03,0xe7,
+ 0x71,0xa3,0x4c,0x32,0x87,0x55,0xc6,0x5e,0xd6,0x4e,0x19,0x24,0xff,0xd0,0x4d,0x30,
+ 0xb2,0x14,0x2c,0xc2,0x62,0xf6,0xe0,0x04,0x8f,0xef,0x6d,0xbc,0x65,0x2f,0x21,0x47,
+ 0x9e,0xa1,0xc4,0xb1,0xd6,0x6d,0x28,0xf4,0xd4,0x6e,0xf7,0x18,0x5e,0x39,0x0c,0xbf,
+ 0xa2,0xe0,0x23,0x80,0x58,0x2f,0x31,0x88,0xbb,0x94,0xeb,0xbf,0x05,0xd3,0x14,0x87,
+ 0xa0,0x9a,0xff,0x01,0xfc,0xbb,0x4c,0xd4,0xbf,0xd1,0xf0,0xa8,0x33,0xb3,0x8c,0x11,
+ 0x81,0x3c,0x84,0x36,0x0b,0xb5,0x3c,0x7d,0x44,0x81,0x03,0x1c,0x40,0xba,0xd8,0x71,
+ 0x3b,0xb6,0xb8,0x35,0xcb,0x08,0x09,0x8e,0xd1,0x5b,0xa3,0x1e,0xe4,0xba,0x72,0x8a,
+ 0x8c,0x8e,0x10,0xf7,0x29,0x4e,0x1b,0x41,0x63,0xb7,0xae,0xe5,0x72,0x77,0xbf,0xd8,
+ 0x81,0xa6,0xf9,0xd4,0x3e,0x02,0xc6,0x92,0x5a,0xa3,0xa0,0x43,0xfb,0x7f,0xb7,0x8d),
+ chunk_from_chars(
+ 0x26,0x04,0x45),
+ chunk_from_chars(
+ 0x09,0x97,0x63,0x4c,0x47,0x7c,0x1a,0x03,0x9d,0x44,0xc8,0x10,0xb2,0xaa,0xa3,0xc7,
+ 0x86,0x2b,0x0b,0x88,0xd3,0x70,0x82,0x72,0xe1,0xe1,0x5f,0x66,0xfc,0x93,0x89,0x70,
+ 0x9f,0x8a,0x11,0xf3,0xea,0x6a,0x5a,0xf7,0xef,0xfa,0x2d,0x01,0xc1,0x89,0xc5,0x0f,
+ 0x0d,0x5b,0xcb,0xe3,0xfa,0x27,0x2e,0x56,0xcf,0xc4,0xa4,0xe1,0xd3,0x88,0xa9,0xdc,
+ 0xd6,0x5d,0xf8,0x62,0x89,0x02,0x55,0x6c,0x8b,0x6b,0xb6,0xa6,0x41,0x70,0x9b,0x5a,
+ 0x35,0xdd,0x26,0x22,0xc7,0x3d,0x46,0x40,0xbf,0xa1,0x35,0x9d,0x0e,0x76,0xe1,0xf2,
+ 0x19,0xf8,0xe3,0x3e,0xb9,0xbd,0x0b,0x59,0xec,0x19,0x8e,0xb2,0xfc,0xca,0xae,0x03,
+ 0x46,0xbd,0x8b,0x40,0x1e,0x12,0xe3,0xc6,0x7c,0xb6,0x29,0x56,0x9c,0x18,0x5a,0x2e,
+ 0x0f,0x35,0xa2,0xf7,0x41,0x64,0x4c,0x1c,0xca,0x5e,0xbb,0x13,0x9d,0x77,0xa8,0x9a,
+ 0x29,0x53,0xfc,0x5e,0x30,0x04,0x8c,0x0e,0x61,0x9f,0x07,0xc8,0xd2,0x1d,0x1e,0x56,
+ 0xb8,0xaf,0x07,0x19,0x3d,0x0f,0xdf,0x3f,0x49,0xcd,0x49,0xf2,0xef,0x31,0x38,0xb5,
+ 0x13,0x88,0x62,0xf1,0x47,0x0b,0xd2,0xd1,0x6e,0x34,0xa2,0xb9,0xe7,0x77,0x7a,0x6c,
+ 0x8c,0x8d,0x4c,0xb9,0x4b,0x4e,0x8b,0x5d,0x61,0x6c,0xd5,0x39,0x37,0x53,0xe7,0xb0,
+ 0xf3,0x1c,0xc7,0xda,0x55,0x9b,0xa8,0xe9,0x8d,0x88,0x89,0x14,0xe3,0x34,0x77,0x3b,
+ 0xaf,0x49,0x8a,0xd8,0x8d,0x96,0x31,0xeb,0x5f,0xe3,0x2e,0x53,0xa4,0x14,0x5b,0xf0,
+ 0xba,0x54,0x8b,0xf2,0xb0,0xa5,0x0c,0x63,0xf6,0x7b,0x14,0xe3,0x98,0xa3,0x4b,0x0d),
+ &privkey_2048, &pubkey_2048);
+
+ create_key(chunk_from_chars(
+ 0xdc,0xa9,0x83,0x04,0xb7,0x29,0xe8,0x19,0xb3,0x40,0xe2,0x6c,0xec,0xb7,0x30,0xae,
+ 0xcb,0xd8,0x93,0x0e,0x33,0x4c,0x73,0x14,0x93,0xb1,0x80,0xde,0x97,0x0e,0x6d,0x3b,
+ 0xc5,0x79,0xf8,0x6c,0x8d,0x5d,0x03,0x2f,0x8c,0xd3,0x3c,0x43,0x97,0xee,0x7f,0xfd,
+ 0x01,0x9d,0x51,0xb0,0xa7,0xdb,0xe4,0xf5,0x25,0x05,0xa1,0xa3,0x4a,0xe3,0x5d,0x23,
+ 0xcf,0xaa,0xf5,0x94,0x41,0x9d,0x50,0x9f,0x46,0x9b,0x13,0x69,0x58,0x9f,0x9c,0x86,
+ 0x16,0xa7,0xd6,0x98,0x51,0x3b,0xc1,0xd4,0x23,0xd7,0x00,0x70,0xd3,0xd7,0x2b,0x99,
+ 0x6c,0x23,0xab,0xe6,0x8b,0x22,0xcc,0xc3,0x9a,0xab,0xd1,0x65,0x07,0x12,0x40,0x42,
+ 0xc8,0x8d,0x4d,0xa6,0xa7,0x45,0x12,0x88,0xec,0x87,0xc9,0x24,0x4b,0xe2,0x26,0xaa,
+ 0xc0,0x2d,0x18,0x17,0x68,0x2f,0x80,0xcc,0x34,0xc6,0xea,0xf3,0x7e,0xc8,0x4d,0x24,
+ 0x7a,0xae,0xde,0xbb,0x56,0xc3,0xbb,0xca,0xff,0xb5,0xcf,0x42,0xf6,0x1f,0xe1,0xb7,
+ 0xf3,0xfc,0x89,0x74,0x8e,0x21,0x39,0x73,0xbf,0x5f,0x67,0x9d,0x8b,0x8b,0x42,0xa4,
+ 0x7a,0xc4,0xaf,0xd9,0xe5,0x1e,0x1d,0x12,0x14,0xdf,0xe1,0xa7,0xe1,0x16,0x90,0x80,
+ 0xbd,0x9a,0xd9,0x17,0x58,0xf6,0xc0,0xf9,0xb2,0x2a,0xe4,0x0a,0xf6,0xb4,0x14,0x03,
+ 0xd8,0xf2,0xd9,0x6d,0xb5,0xa0,0x88,0xda,0xa5,0xef,0x86,0x83,0xf8,0x6f,0x50,0x1f,
+ 0x7a,0xd3,0xf3,0x58,0xb6,0x33,0x7d,0xa5,0x5c,0x6c,0xfc,0x00,0x31,0x97,0x42,0x0c,
+ 0x1c,0x75,0xab,0xdb,0x7b,0xe1,0x40,0x3e,0xa4,0xf3,0xe6,0x42,0x59,0xf5,0xc6,0xda,
+ 0x33,0x25,0xbb,0x87,0xd6,0x05,0xb6,0xe1,0x4b,0x53,0x50,0xe6,0xe1,0x45,0x5c,0x9d,
+ 0x49,0x7d,0x81,0x04,0x66,0x08,0xe3,0x87,0x95,0xdc,0x85,0xab,0xa4,0x06,0xc9,0xde,
+ 0x1f,0x4f,0x99,0x90,0xd5,0x15,0x3b,0x98,0xbb,0xab,0xbd,0xcb,0xd6,0xbb,0x18,0x85,
+ 0x43,0x12,0xb2,0xda,0x48,0xb4,0x11,0xe8,0x38,0xf2,0x6a,0xe3,0x10,0x9f,0x10,0x4d,
+ 0xfd,0x16,0x19,0xf9,0x91,0x82,0x4e,0xc8,0x19,0x86,0x1e,0x51,0x99,0xf2,0x6b,0xb9,
+ 0xb3,0xb2,0x99,0xbf,0xa9,0xec,0x2f,0xd6,0x91,0x27,0x1b,0x58,0xa8,0xad,0xec,0xbf,
+ 0x0f,0xf6,0x27,0xb5,0x43,0x36,0xf3,0xdf,0x70,0x03,0xd7,0x0e,0x37,0xd1,0x1d,0xdb,
+ 0xd9,0x30,0xd9,0xab,0xa7,0xe8,0x8e,0xd4,0x01,0xac,0xb4,0x40,0x92,0xfd,0x53,0xd5),
+ chunk_from_chars(
+ 0xea,0xf0,0x5d),
+ chunk_from_chars(
+ 0x2d,0x6d,0xb9,0x1e,0xb3,0x2e,0x36,0xe5,0xd5,0x12,0x7d,0xeb,0x03,0x4d,0x14,0x07,
+ 0x2f,0xe6,0x0c,0x1c,0xd1,0x3c,0x8c,0x3d,0xd9,0xad,0xbc,0x87,0x14,0x0b,0x5e,0x71,
+ 0x36,0xf4,0xf8,0x9e,0x61,0xbb,0xee,0x78,0x26,0xf4,0x5a,0xc1,0xd9,0x91,0x94,0xfb,
+ 0xaa,0x8c,0x5a,0x0b,0xb9,0x4d,0xb3,0x1d,0x93,0x72,0x3b,0x51,0x41,0x9d,0x9c,0x6f,
+ 0x6e,0xeb,0x5f,0x36,0x10,0xb6,0x7f,0x4b,0x4e,0x2a,0xde,0x05,0xcc,0x6b,0x89,0x90,
+ 0xe8,0x83,0x2c,0xf4,0xcd,0x40,0xf2,0xdf,0x03,0x88,0xc9,0xa5,0x20,0x72,0xe2,0x7e,
+ 0xfe,0xba,0xe2,0x0b,0x4a,0xd5,0x95,0x1f,0x4d,0x20,0xdd,0x18,0x94,0x3e,0x58,0xb7,
+ 0x86,0xd8,0x79,0x76,0x52,0xb2,0xbb,0x75,0x9c,0x31,0x9d,0x2b,0x00,0x46,0xdb,0xf6,
+ 0x9c,0x53,0xc0,0x75,0xd0,0x0c,0x28,0x7b,0x87,0x60,0x42,0xfa,0xfa,0x23,0xfe,0x4d,
+ 0xd7,0x05,0xe4,0xe4,0x23,0x27,0x7c,0x90,0x00,0x31,0x1e,0x94,0xea,0x3f,0x74,0x56,
+ 0xe3,0x2f,0xd1,0x2a,0xfe,0x4a,0x2b,0xde,0x35,0x8a,0x65,0x82,0x4f,0x10,0x55,0x06,
+ 0x48,0x23,0xc8,0x93,0xfc,0x93,0xbe,0x3b,0x8c,0x65,0x8b,0xb4,0x41,0xd7,0xf0,0xb0,
+ 0x0a,0xc2,0x46,0xbf,0x04,0x3a,0x9c,0x00,0x53,0xd3,0x19,0xf0,0x03,0xef,0x5a,0x55,
+ 0x33,0xf7,0x4d,0x63,0x0d,0x8c,0xe9,0x3b,0xab,0x41,0x6a,0x82,0x95,0x1e,0x05,0xb8,
+ 0x2c,0x60,0x36,0x59,0x3e,0xca,0x89,0xf0,0xeb,0xac,0xd7,0xd5,0x1e,0xd9,0x61,0x0a,
+ 0xf4,0x35,0x37,0xfc,0xd2,0x66,0xe5,0xe4,0x7c,0x0d,0x25,0xfe,0xda,0xd6,0xd0,0x47,
+ 0xa1,0xa1,0xee,0x3e,0xb4,0x44,0x36,0x7e,0x3e,0xff,0x7c,0x75,0x20,0xca,0x4f,0x77,
+ 0x9f,0x20,0x27,0xfe,0x45,0x03,0x62,0x04,0x16,0x84,0x54,0xdf,0x49,0x18,0xb5,0x47,
+ 0xa4,0xd1,0x9e,0x93,0x8f,0x3c,0x6d,0xb6,0xca,0x27,0x02,0xad,0x9b,0xbd,0xa1,0x26,
+ 0x1c,0x64,0xd0,0x0b,0x57,0x82,0x85,0xbd,0xcf,0xc9,0x85,0x1f,0x96,0xa4,0xf2,0xcd,
+ 0x14,0xd6,0x6b,0x9c,0x1f,0x65,0x74,0x2a,0x13,0x44,0x94,0x8c,0x9f,0x1d,0xa8,0xd3,
+ 0x38,0xed,0x4e,0x3d,0xeb,0x1e,0xba,0xdf,0x11,0xf8,0xc2,0x81,0x94,0x4e,0x88,0x49,
+ 0x82,0x34,0x96,0xf8,0x61,0x11,0xf3,0x78,0xbd,0xd0,0x84,0xc9,0x9f,0x65,0xfb,0x9b,
+ 0x4e,0xe6,0x27,0x1b,0x1d,0x1b,0xe4,0x24,0xc2,0x94,0xd1,0x85,0xd9,0xfd,0x9c,0xdf),
+ &privkey_3072, &pubkey_3072);
+}
+END_SETUP
+
+START_TEARDOWN(teardown_keys)
+{
+ pubkey_2048->destroy(pubkey_2048);
+ privkey_2048->destroy(privkey_2048);
+ pubkey_3072->destroy(pubkey_3072);
+ privkey_3072->destroy(privkey_3072);
+}
+END_TEARDOWN
+
+/**
+ * Test vectors from FIPS 186-4
+ */
+static struct {
+ signature_scheme_t scheme;
+ chunk_t m;
+ chunk_t s;
+} pkcs15_2048[] = {
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x5a,0xf2,0x83,0xb1,0xb7,0x6a,0xb2,0xa6,0x95,0xd7,0x94,0xc2,0x3b,0x35,0xca,0x73,
+ 0x71,0xfc,0x77,0x9e,0x92,0xeb,0xf5,0x89,0xe3,0x04,0xc7,0xf9,0x23,0xd8,0xcf,0x97,
+ 0x63,0x04,0xc1,0x98,0x18,0xfc,0xd8,0x9d,0x6f,0x07,0xc8,0xd8,0xe0,0x8b,0xf3,0x71,
+ 0x06,0x8b,0xdf,0x28,0xae,0x6e,0xe8,0x3b,0x2e,0x02,0x32,0x8a,0xf8,0xc0,0xe2,0xf9,
+ 0x6e,0x52,0x8e,0x16,0xf8,0x52,0xf1,0xfc,0x54,0x55,0xe4,0x77,0x2e,0x28,0x8a,0x68,
+ 0xf1,0x59,0xca,0x6b,0xdc,0xf9,0x02,0xb8,0x58,0xa1,0xf9,0x47,0x89,0xb3,0x16,0x38,
+ 0x23,0xe2,0xd0,0x71,0x7f,0xf5,0x66,0x89,0xee,0xc7,0xd0,0xe5,0x4d,0x93,0xf5,0x20,
+ 0xd9,0x6e,0x1e,0xb0,0x45,0x15,0xab,0xc7,0x0a,0xe9,0x05,0x78,0xff,0x38,0xd3,0x1b),
+ .s = chunk_from_chars(
+ 0x6b,0x8b,0xe9,0x7d,0x9e,0x51,0x8a,0x2e,0xde,0x74,0x6f,0xf4,0xa7,0xd9,0x1a,0x84,
+ 0xa1,0xfc,0x66,0x5b,0x52,0xf1,0x54,0xa9,0x27,0x65,0x0d,0xb6,0xe7,0x34,0x8c,0x69,
+ 0xf8,0xc8,0x88,0x1f,0x7b,0xcf,0x9b,0x1a,0x6d,0x33,0x66,0xee,0xd3,0x0c,0x3a,0xed,
+ 0x4e,0x93,0xc2,0x03,0xc4,0x3f,0x55,0x28,0xa4,0x5d,0xe7,0x91,0x89,0x57,0x47,0xad,
+ 0xe9,0xc5,0xfa,0x5e,0xee,0x81,0x42,0x7e,0xde,0xe0,0x20,0x82,0x14,0x7a,0xa3,0x11,
+ 0x71,0x2a,0x6a,0xd5,0xfb,0x17,0x32,0xe9,0x3b,0x3d,0x6c,0xd2,0x3f,0xfd,0x46,0xa0,
+ 0xb3,0xca,0xf6,0x2a,0x8b,0x69,0x95,0x7c,0xc6,0x8a,0xe3,0x9f,0x99,0x93,0xc1,0xa7,
+ 0x79,0x59,0x9c,0xdd,0xa9,0x49,0xbd,0xaa,0xba,0xbb,0x77,0xf2,0x48,0xfc,0xfe,0xaa,
+ 0x44,0x05,0x9b,0xe5,0x45,0x9f,0xb9,0xb8,0x99,0x27,0x8e,0x92,0x95,0x28,0xee,0x13,
+ 0x0f,0xac,0xd5,0x33,0x72,0xec,0xbc,0x42,0xf3,0xe8,0xde,0x29,0x98,0x42,0x58,0x60,
+ 0x40,0x64,0x40,0xf2,0x48,0xd8,0x17,0x43,0x2d,0xe6,0x87,0x11,0x2e,0x50,0x4d,0x73,
+ 0x40,0x28,0xe6,0xc5,0x62,0x0f,0xa2,0x82,0xca,0x07,0x64,0x70,0x06,0xcf,0x0a,0x2f,
+ 0xf8,0x3e,0x19,0xa9,0x16,0x55,0x4c,0xc6,0x18,0x10,0xc2,0xe8,0x55,0x30,0x5d,0xb4,
+ 0xe5,0xcf,0x89,0x3a,0x6a,0x96,0x76,0x73,0x65,0x79,0x45,0x56,0xff,0x03,0x33,0x59,
+ 0x08,0x4d,0x7e,0x38,0xa8,0x45,0x6e,0x68,0xe2,0x11,0x55,0xb7,0x61,0x51,0x31,0x4a,
+ 0x29,0x87,0x5f,0xee,0xe0,0x95,0x57,0x16,0x1c,0xbc,0x65,0x45,0x41,0xe8,0x9e,0x42),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0xc4,0x30,0x11,0xf3,0xee,0x88,0xc9,0xc9,0xad,0xca,0xc8,0xbf,0x37,0x22,0x1a,0xfa,
+ 0x31,0x76,0x9d,0x34,0x7d,0xec,0x70,0x5e,0x53,0xac,0xa9,0x89,0x93,0xe7,0x46,0x06,
+ 0x59,0x18,0x67,0xcc,0xd2,0x89,0xba,0x1b,0x4f,0x19,0x36,0x5f,0x98,0x3e,0x0c,0x57,
+ 0x83,0x46,0xda,0x76,0xc5,0xe2,0x22,0x8a,0x07,0xe4,0xfc,0x9b,0x3d,0x48,0x07,0x16,
+ 0x33,0x71,0xa5,0x2b,0x68,0xb6,0x68,0x73,0x20,0x1d,0xc7,0xd6,0xb5,0x66,0x16,0xac,
+ 0x2e,0x4c,0xb5,0x22,0x12,0x07,0x87,0xdf,0x7f,0x15,0xa5,0xe8,0x76,0x3a,0x54,0xc1,
+ 0x79,0xc6,0x35,0xd6,0x58,0x16,0xbc,0x19,0x48,0x5d,0xe3,0xeb,0x35,0xa5,0x20,0x40,
+ 0x59,0x10,0x94,0xfe,0x0e,0x64,0x85,0xa7,0xe0,0xc6,0x0e,0x38,0xe7,0xc6,0x15,0x51),
+ .s = chunk_from_chars(
+ 0xaa,0x3a,0x4e,0x12,0xeb,0x87,0x59,0x6c,0x71,0x1c,0x9a,0x22,0xbc,0xab,0xcb,0x9d,
+ 0xad,0xff,0xca,0xbc,0xec,0xbd,0x16,0x22,0x88,0x89,0xe9,0xbb,0x45,0x7d,0x5d,0x22,
+ 0x57,0x1a,0x72,0xf0,0x34,0xbe,0x47,0x83,0x38,0x4f,0x43,0xce,0x6f,0xff,0xc6,0x05,
+ 0x34,0xb8,0x33,0x1c,0xdd,0x5d,0x7c,0x77,0xf4,0x91,0x80,0xbf,0xd1,0x94,0xb5,0xfd,
+ 0x43,0xa5,0x08,0xc6,0x6d,0x78,0x6c,0x55,0x88,0x76,0x73,0x58,0x94,0xe6,0xa9,0x30,
+ 0x09,0x52,0xde,0x79,0x2f,0x74,0x70,0x45,0xe7,0x4d,0x87,0xfd,0x50,0x98,0x02,0x30,
+ 0x70,0x7a,0x34,0xa4,0xdf,0x01,0x3c,0xe0,0x50,0xbb,0xff,0x0d,0x6f,0x57,0x08,0x85,
+ 0xc9,0xc7,0xbf,0x8d,0xc4,0x99,0x13,0x2c,0xae,0xe0,0x71,0xb4,0x1d,0x81,0xff,0x91,
+ 0xb8,0xce,0x21,0xaa,0x2f,0x28,0x2c,0xbf,0x52,0x38,0x9f,0x23,0x9a,0xfe,0x14,0x90,
+ 0x89,0x0b,0xe2,0x1f,0x9d,0x80,0x8b,0x3d,0x70,0xb9,0x7e,0xfd,0x59,0xc0,0xb6,0x0e,
+ 0x46,0x60,0x88,0xbb,0x42,0x71,0x4f,0x21,0x2b,0xc9,0x0d,0xb7,0xe9,0x42,0xeb,0xce,
+ 0xe6,0x0e,0x7b,0x10,0x7f,0xff,0x44,0xfb,0x35,0x64,0xff,0x07,0xd6,0xd0,0x28,0x50,
+ 0x21,0x5f,0xd3,0x57,0xd8,0x97,0xc4,0xd3,0x2b,0xef,0x86,0x61,0x68,0x9f,0x2d,0x84,
+ 0xff,0x89,0x76,0x37,0xfb,0x6d,0x55,0x68,0xa7,0x27,0x0e,0x78,0x34,0x26,0xb7,0x4b,
+ 0x70,0x37,0x49,0x3e,0x51,0x55,0xfd,0x7c,0xb3,0xdd,0xdd,0xfd,0x36,0xbd,0x8a,0x9c,
+ 0x87,0x7d,0x71,0xd2,0xa9,0x66,0x05,0x7c,0x08,0x26,0x3d,0x29,0x39,0xc8,0x49,0x87),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x61,0xd7,0xb3,0x15,0x01,0x31,0x35,0x1e,0x7b,0x4c,0x8e,0x56,0x45,0xd3,0x8b,0xe9,
+ 0x33,0x5b,0x40,0x28,0x9a,0xf3,0x4c,0xc6,0xb6,0xfc,0x5e,0x48,0x49,0x3b,0xf8,0xb7,
+ 0x85,0x2c,0x73,0x98,0x2c,0x99,0x44,0x1e,0xf6,0x6c,0x7d,0x9d,0x33,0xc2,0x97,0x42,
+ 0xb1,0x40,0x6e,0x02,0xe0,0xaa,0x8d,0xd0,0x34,0xb1,0xac,0x13,0xcb,0x0d,0x77,0x57,
+ 0x50,0xcc,0x91,0x42,0x1f,0xea,0xd9,0xca,0xa9,0x21,0xec,0xa6,0x1a,0x02,0xeb,0x02,
+ 0x3a,0x45,0x7e,0x77,0x91,0x5e,0x18,0x3a,0xcf,0x51,0x7d,0x94,0x6b,0xc6,0x82,0x92,
+ 0x89,0x60,0x14,0xfd,0x21,0x4b,0x7c,0x8c,0x5e,0x14,0xe1,0x59,0x44,0xbe,0x0f,0x92,
+ 0x96,0x12,0x77,0x71,0xf7,0x36,0x76,0x6e,0x4f,0x81,0xda,0xb3,0x70,0x8e,0xa2,0xd0),
+ .s = chunk_from_chars(
+ 0x84,0xe9,0x2a,0x14,0x5a,0xe6,0xbe,0x1f,0xf9,0x24,0x2d,0x9e,0xd2,0xd6,0x8d,0xe6,
+ 0x68,0xe8,0x02,0x52,0x4e,0x8a,0xc0,0xa7,0x9d,0xe6,0x2f,0xe7,0x40,0x48,0xc3,0x54,
+ 0x91,0xfd,0x2f,0xfd,0xb1,0x85,0x05,0x7e,0x66,0x6d,0xbf,0xaa,0xc8,0x4c,0x34,0xfd,
+ 0xe7,0x89,0x12,0x63,0xf8,0xb2,0xbc,0x74,0x74,0x62,0x30,0x32,0x0f,0x67,0xa7,0xbd,
+ 0x73,0x19,0xc9,0xb9,0xde,0x41,0x90,0x54,0x70,0x14,0xe2,0xd7,0xa2,0xa5,0x06,0x0d,
+ 0x62,0x00,0xaa,0xdc,0x3a,0x44,0xba,0xc0,0x29,0xff,0x39,0x92,0xed,0xd3,0x0e,0xc5,
+ 0x3a,0xb0,0xd9,0x12,0x3e,0xaa,0x6b,0x14,0x73,0x52,0xa0,0x73,0xa9,0x81,0x61,0xe6,
+ 0x4f,0x39,0x4b,0xb9,0x94,0x92,0xc6,0x97,0x7e,0x24,0xf4,0x45,0xc7,0x12,0x5b,0xfb,
+ 0x90,0xf8,0x7f,0xaf,0x26,0x22,0x72,0x13,0x4a,0xcb,0x18,0x82,0x3a,0x99,0xa5,0x22,
+ 0x8d,0x14,0x95,0x46,0x32,0x97,0xfd,0x77,0x48,0x77,0xfb,0x63,0xd4,0x91,0x81,0x06,
+ 0x34,0x7e,0x6f,0x29,0x31,0x5e,0x48,0x36,0x3f,0x39,0xb3,0x32,0x99,0xea,0xa3,0x2d,
+ 0x8d,0xa7,0x1b,0x22,0x9d,0x8f,0xfe,0xe5,0xf6,0x6f,0x72,0x2a,0xd3,0xaa,0x41,0x75,
+ 0xd3,0xf8,0x4e,0xce,0x9c,0xc8,0xec,0xa8,0xd6,0xf2,0xf3,0x56,0xa8,0x5c,0x15,0x24,
+ 0x89,0x6c,0x18,0xf7,0xb5,0xc8,0xf9,0xbc,0xde,0xf4,0x5c,0x49,0x6d,0x53,0x91,0x79,
+ 0x89,0x1d,0xdc,0x76,0xe5,0x20,0x8a,0xd8,0x35,0x3d,0x48,0xc6,0x24,0x05,0x4f,0x34,
+ 0x40,0xee,0xba,0x44,0x32,0xa1,0x06,0x54,0xa1,0x1e,0xf5,0x37,0x83,0xbd,0x11,0x6f),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0xb6,0x77,0x1a,0xb0,0xe1,0x28,0xb4,0x1b,0x32,0xb8,0xb0,0x5e,0x05,0xad,0xd2,0x3c,
+ 0xe0,0xfb,0x87,0x7b,0x40,0xbf,0xcc,0x3b,0x99,0x2f,0x4c,0x86,0x98,0xd1,0xc8,0x28,
+ 0xab,0xec,0xbc,0xc1,0xc3,0x3d,0x40,0x18,0x59,0xea,0x2c,0xb2,0xaf,0xbc,0x7f,0xa4,
+ 0x58,0x88,0x02,0xa5,0xfa,0xee,0x28,0x67,0x53,0x46,0x39,0x28,0x7a,0xd8,0xaf,0x84,
+ 0x67,0x4b,0xe1,0x8d,0xb6,0x61,0xde,0x1d,0xa8,0xe1,0x9c,0x6b,0x6b,0xd4,0x52,0xdd,
+ 0x9b,0xf3,0x22,0x1d,0x08,0x61,0xfb,0x6f,0xba,0x96,0xbe,0x42,0x32,0x9b,0x9f,0x04,
+ 0xf3,0x7d,0xcf,0x3b,0x41,0xfc,0x58,0xd2,0x29,0x83,0x48,0xb0,0xc1,0x5d,0x11,0x90,
+ 0xb1,0x25,0x30,0x0c,0xf2,0x7e,0x0d,0xfa,0xd6,0x05,0x22,0xfc,0x49,0x84,0x60,0x53),
+ .s = chunk_from_chars(
+ 0x62,0x76,0x92,0x55,0x68,0x62,0x6f,0x0c,0xbe,0x6f,0x51,0x50,0xb0,0x50,0xe1,0x70,
+ 0x25,0x82,0xf8,0xda,0xf9,0x9a,0x6f,0x88,0x0e,0xf7,0x5c,0xd9,0x6c,0x2d,0x42,0x08,
+ 0xfb,0x6e,0x91,0xb0,0x1b,0xa6,0xab,0xa2,0xa8,0x16,0xb2,0xd3,0xcb,0x97,0x5d,0xf8,
+ 0x50,0xb1,0xd2,0x68,0xc4,0x66,0x2d,0xd1,0xea,0x3a,0x30,0x0c,0x1d,0x71,0x71,0xc6,
+ 0x33,0xdd,0x2e,0xfb,0xac,0x30,0x00,0xc5,0x6a,0xb8,0x0f,0x98,0x9d,0xbc,0x18,0x24,
+ 0x3e,0x63,0x6b,0xa5,0xd4,0xd2,0x6a,0x7d,0x3f,0x19,0x65,0xad,0x3c,0xb0,0xf1,0xa8,
+ 0x51,0x3f,0x99,0x80,0x03,0xf7,0xb6,0x7e,0x2a,0xc5,0xc7,0x18,0xcb,0x68,0x8b,0x32,
+ 0x01,0xd5,0x6e,0x68,0xf0,0xb9,0xf8,0x62,0x57,0xb8,0x47,0x94,0xcd,0xff,0xbc,0x1f,
+ 0xe3,0xea,0x24,0xb7,0xbb,0x6e,0x9e,0xf0,0x53,0x9b,0xd4,0xfb,0xc1,0xaf,0xb5,0x5b,
+ 0xc1,0xdc,0xa3,0x99,0x96,0xea,0x8a,0x63,0x76,0x9f,0x6e,0x22,0x57,0x07,0xf6,0x90,
+ 0x47,0x55,0x5e,0x1a,0x4e,0xf3,0xc6,0x39,0xc5,0xf2,0xa4,0x97,0xb8,0x89,0x42,0x4a,
+ 0x90,0x14,0x86,0x39,0xbb,0x64,0xdf,0x0a,0x06,0xe0,0xb7,0xf0,0xe8,0xed,0x46,0x6a,
+ 0x97,0x7b,0xac,0xa3,0x2f,0x48,0x23,0x37,0xb2,0xab,0xe3,0x98,0x3e,0xae,0xc3,0xfe,
+ 0x10,0x75,0x01,0x6e,0x58,0x67,0x52,0x17,0x60,0xfd,0x06,0x07,0xd7,0x99,0xf1,0x76,
+ 0x6b,0x3f,0xf6,0xe2,0xae,0x15,0x5d,0x69,0x25,0x0f,0x8b,0xf0,0x8c,0x8e,0xdc,0xa0,
+ 0xb4,0xf3,0x1d,0x0f,0x83,0x8c,0xfd,0x29,0x8c,0xb7,0x31,0x2d,0xf9,0x3f,0x09,0x97),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x6a,0x81,0xcb,0x6c,0x7b,0x26,0x8f,0x4b,0x9f,0xb9,0x17,0x2a,0xdb,0xbb,0x36,0xa2,
+ 0x37,0xa0,0xdc,0xf1,0xc3,0xc8,0x3a,0x95,0xdc,0xb0,0x27,0x1a,0xac,0x6a,0xc3,0x30,
+ 0xf0,0x4a,0x5a,0x00,0xfe,0xe3,0x8b,0xc0,0x06,0x31,0xa9,0x85,0x98,0x18,0x61,0x59,
+ 0x66,0x0d,0x9d,0x8e,0x4c,0x14,0xa9,0x52,0x8d,0xea,0x94,0x83,0x60,0x83,0xda,0xc4,
+ 0xab,0xb7,0x3f,0xd0,0x0e,0x38,0xfe,0x0e,0x23,0xc7,0x23,0x66,0x04,0xa7,0x36,0x54,
+ 0x0e,0x52,0x19,0x3a,0xe5,0x6c,0x33,0xfb,0xb8,0xf5,0xcf,0xc5,0xc7,0xc2,0xbe,0x2e,
+ 0x22,0x2e,0x44,0x83,0xb3,0x0d,0x32,0x5c,0x7e,0xe1,0x4f,0x74,0x28,0x51,0xfc,0xb8,
+ 0xb6,0xd6,0x18,0x9e,0x98,0xb8,0x22,0xb8,0xe6,0x39,0x9d,0x89,0xe9,0x0f,0xb9,0x97),
+ .s = chunk_from_chars(
+ 0xb6,0x79,0x91,0x05,0x0c,0x08,0x3e,0x64,0x50,0x97,0xdb,0x03,0xff,0xf3,0x47,0x58,
+ 0x86,0x8b,0xeb,0x19,0xe9,0xc0,0xc4,0x84,0x75,0xf0,0xf9,0x13,0x36,0x1e,0x71,0xd3,
+ 0xd6,0xf2,0x7a,0x8c,0x4f,0x0b,0x26,0x9b,0x49,0xe8,0x53,0x40,0x39,0xe5,0x3a,0xd3,
+ 0xba,0xb9,0xa3,0xe6,0x2a,0xbe,0x07,0x8e,0xe7,0x5e,0x7f,0xb5,0x95,0x90,0x06,0xfb,
+ 0xfb,0x01,0x4c,0xa7,0xb8,0x1b,0x3d,0x5a,0xfe,0x0e,0xe5,0xf6,0xfc,0x2d,0xfb,0xc4,
+ 0x50,0xf2,0x83,0x95,0x43,0x00,0x2f,0x33,0xf4,0xf3,0x54,0xf8,0x27,0x27,0x8c,0x76,
+ 0xc0,0x41,0x68,0x6e,0xea,0x78,0x86,0xeb,0xb2,0xa7,0xaf,0xa5,0x99,0x5c,0x6c,0xdd,
+ 0xb1,0xc0,0xb5,0x80,0x66,0xdd,0xb8,0xdc,0x54,0xa6,0x92,0x7c,0x14,0x6c,0x3b,0x2a,
+ 0x0f,0xa7,0xce,0xf2,0x89,0x03,0xc6,0xc6,0x72,0xbc,0x20,0xef,0x68,0xff,0xbf,0xab,
+ 0x24,0x7e,0xb6,0x88,0xab,0x4b,0xde,0x71,0x06,0xd9,0xc5,0x9d,0x21,0x53,0x09,0x6d,
+ 0xc9,0xe5,0x20,0x72,0x67,0x03,0x8d,0x88,0xe2,0x17,0x4e,0x76,0xad,0xc1,0x50,0x8a,
+ 0xe2,0x4e,0xb6,0x02,0x33,0x2e,0x53,0xc0,0xc2,0xe3,0x31,0x54,0xa6,0x6a,0x97,0xa0,
+ 0xf1,0x2f,0x66,0xc6,0x12,0x58,0xc7,0xbf,0x6b,0xbf,0x3f,0x1d,0xcb,0xe9,0xca,0xf2,
+ 0xfd,0x30,0xec,0x68,0xc0,0xa9,0xd0,0x9f,0x4f,0xd7,0x76,0x30,0x4b,0x54,0x0e,0x62,
+ 0xfc,0x85,0x12,0xbe,0xaa,0xbc,0x4b,0xe2,0x10,0x7a,0x1e,0xc1,0x8e,0x87,0xf6,0x1f,
+ 0x9d,0xb2,0x5e,0x87,0x1d,0xc0,0x69,0x3c,0xef,0x17,0xc2,0xa6,0x87,0xfc,0x85,0x4f),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x05,0x6c,0x1e,0x46,0x44,0x59,0x9e,0x31,0x83,0xdd,0x8d,0x2f,0x64,0xe4,0xbb,0x23,
+ 0x52,0xff,0x00,0xd0,0x12,0xab,0x76,0x3f,0x9a,0xd6,0xe5,0x60,0x27,0x9f,0x7f,0xf3,
+ 0x8a,0x5e,0xce,0xa9,0xc2,0xe4,0xea,0x87,0xd0,0x04,0xef,0x8c,0xc7,0x52,0xae,0x93,
+ 0x23,0x2a,0xa3,0x7b,0x5b,0xf4,0x28,0x84,0xba,0xa7,0xe7,0xfc,0x6a,0x8c,0x95,0x1c,
+ 0xd2,0x45,0xde,0x2d,0x22,0x0d,0x9b,0xee,0x2b,0x41,0x4b,0x3a,0x75,0x20,0xc1,0xe6,
+ 0x8b,0xcf,0x1a,0xe9,0x9a,0x9f,0xf2,0xbf,0x3a,0x93,0xd8,0x0f,0x8c,0x1d,0xfe,0x8b,
+ 0x85,0x29,0x35,0x17,0x89,0x5c,0x19,0x2e,0x3c,0x9e,0x89,0x82,0x95,0xd6,0x5b,0xe3,
+ 0x34,0xf4,0x4d,0x62,0xf5,0x35,0x3e,0xb6,0xc5,0xa2,0x9e,0xdf,0xb4,0xdb,0x23,0x09),
+ .s = chunk_from_chars(
+ 0xae,0x05,0x20,0x4e,0x40,0x9d,0x72,0x7e,0xb9,0xe4,0xdc,0x24,0xbe,0x8f,0x86,0x33,
+ 0x28,0xc2,0x81,0x3d,0xa4,0xfc,0xef,0x28,0x86,0x6e,0x21,0xa5,0xda,0xb2,0x1a,0x48,
+ 0x53,0x21,0xb7,0x35,0x27,0x4a,0xf0,0x6b,0xf1,0x7e,0x27,0x15,0x18,0xe1,0x11,0x64,
+ 0xd7,0x22,0xab,0x07,0x35,0x48,0xf0,0x2e,0x1b,0x44,0x19,0x23,0xdb,0x6f,0x1c,0xee,
+ 0x65,0xa0,0x17,0xed,0xfb,0xaf,0x33,0x61,0xc6,0x7f,0xbc,0x2b,0x39,0xfe,0x03,0x8c,
+ 0xb5,0xcb,0x65,0xa6,0x40,0xf9,0x58,0x87,0x38,0x9c,0xe8,0xa5,0xad,0x2e,0xc6,0xe6,
+ 0x9d,0x3d,0x60,0x35,0x05,0xb0,0x25,0xf6,0xd6,0x33,0x0c,0x8b,0x64,0x88,0x02,0xca,
+ 0xf7,0xe6,0xfa,0x3f,0xe7,0xb3,0x81,0x41,0x65,0x99,0x86,0xcb,0x89,0xe6,0x23,0x2f,
+ 0x10,0x62,0x22,0x56,0x4d,0x5e,0x51,0x95,0xed,0xa6,0xa2,0x5f,0x99,0x06,0x85,0x72,
+ 0xc2,0xfa,0xfe,0x97,0xf1,0x47,0xf7,0xf2,0xf4,0x11,0x9f,0x21,0x38,0x5a,0xf1,0xfc,
+ 0xed,0x97,0xf7,0x86,0x32,0xd8,0xbf,0x4f,0xd9,0xa9,0x05,0x4d,0x8b,0x9a,0xa2,0xa9,
+ 0xf4,0xde,0xd5,0x87,0x84,0x7a,0x91,0xd4,0x2c,0x63,0x91,0x12,0x5f,0x10,0x3a,0xe2,
+ 0x88,0x54,0x7e,0x84,0x89,0x69,0x3a,0xe8,0x68,0x6b,0x84,0x89,0x1b,0x77,0x2b,0x10,
+ 0xc4,0x79,0x68,0x83,0xf6,0x6c,0xd4,0x59,0xa8,0xc1,0xa6,0xa4,0x18,0x7b,0xd6,0xb3,
+ 0x87,0xd3,0x49,0xe9,0x2d,0x7b,0x60,0x49,0x53,0x72,0x7c,0x9e,0x9f,0xdc,0x44,0x9e,
+ 0x73,0x45,0xe7,0xca,0x6b,0x33,0x9e,0x26,0xb0,0x86,0xf5,0x54,0x88,0x98,0xcb,0xe9),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0xce,0xc5,0xc9,0xb6,0xf8,0x44,0x97,0xac,0x32,0x7f,0x68,0xef,0x88,0x66,0x41,0xfe,
+ 0xc9,0x95,0x17,0x8b,0x30,0x71,0x92,0x30,0x43,0x74,0x11,0x5e,0xfc,0xc5,0xee,0x96,
+ 0x27,0x0c,0x03,0xdb,0x0b,0x84,0x6d,0x67,0x4c,0x52,0x8f,0x9d,0x10,0x15,0x5a,0x3f,
+ 0x61,0xbe,0xcc,0xe1,0xd3,0xa2,0xb7,0x9d,0x66,0xcd,0xc4,0x09,0xad,0x99,0xb7,0x66,
+ 0x30,0x80,0xf5,0x1a,0x10,0x2f,0x43,0x61,0xe9,0xdb,0xd0,0x3f,0xfc,0xd8,0x76,0xb9,
+ 0x8e,0x68,0x3d,0x44,0x8b,0xd1,0x21,0x7e,0x6f,0xb2,0x15,0x1c,0x66,0x96,0x47,0x23,
+ 0xb2,0xca,0xa6,0x5c,0x4e,0x6c,0xa2,0x01,0xd1,0xc5,0x32,0xbd,0x94,0xd9,0x1c,0xd4,
+ 0x17,0x3b,0x71,0x9d,0xa1,0x26,0x56,0x39,0x27,0xca,0x0a,0x7f,0x6f,0xe4,0x25,0x36),
+ .s = chunk_from_chars(
+ 0xc4,0x8a,0x8e,0x01,0xd4,0xbb,0xfe,0x0f,0x2f,0x05,0x65,0x93,0x37,0xea,0x71,0xd2,
+ 0x1f,0x38,0xd7,0xf7,0xa1,0x0b,0x00,0xb0,0x6e,0x1f,0x89,0x9e,0xaf,0x40,0xa8,0xe9,
+ 0x7e,0xad,0x64,0xbc,0xa3,0x7f,0x13,0xa5,0x5e,0xf1,0xcf,0x3f,0xb5,0x2c,0xee,0x27,
+ 0x9c,0xdc,0xb0,0x96,0x08,0x5a,0x46,0x7a,0xfa,0x97,0xb0,0x3d,0x78,0xd6,0x07,0x6e,
+ 0x47,0x2b,0x12,0xd6,0xbe,0x96,0x47,0xce,0xc3,0x2d,0x8d,0x91,0xa2,0x62,0x47,0x69,
+ 0x37,0x71,0x68,0x74,0x60,0xba,0x52,0x69,0xde,0x18,0xe1,0xed,0xef,0x60,0x22,0x53,
+ 0x3a,0x95,0x79,0xf9,0x1d,0x58,0x4f,0x9e,0x0c,0xee,0x11,0x00,0xc4,0x47,0xb7,0x75,
+ 0x76,0xb1,0xb4,0xee,0x16,0x3e,0xd4,0x70,0x01,0x47,0xa9,0xaa,0x61,0xbd,0xc4,0xe2,
+ 0x31,0x6d,0x2d,0x81,0x8c,0x10,0x28,0xed,0x1c,0x3e,0x37,0x2c,0x9f,0x6a,0x17,0x45,
+ 0x57,0x24,0x44,0x63,0x72,0x48,0x09,0x1b,0x83,0xf7,0xb5,0x39,0xf9,0xbd,0x58,0xb7,
+ 0x67,0x56,0x76,0x03,0x4c,0x20,0xe4,0xca,0x11,0x9b,0x91,0xc4,0xca,0x5d,0xc7,0x6a,
+ 0xcb,0xff,0x3d,0x04,0x62,0x89,0x83,0x52,0xc5,0x91,0xc2,0xca,0x6f,0x2d,0x8b,0x09,
+ 0xe2,0xe6,0x33,0x8a,0x84,0x33,0x6e,0x06,0xf0,0xcc,0x02,0x0e,0x9e,0xb8,0xda,0x78,
+ 0x58,0x89,0xb4,0x97,0xf3,0xb9,0x8e,0x82,0x7e,0xe7,0xa7,0xd3,0xf1,0xb0,0xb7,0x3c,
+ 0x19,0x58,0xe1,0x6a,0xa9,0x78,0x61,0xe6,0x67,0x59,0x70,0xce,0x31,0xd9,0xd1,0x19,
+ 0xbb,0x34,0x0b,0xe8,0x0f,0xd0,0xf4,0x3c,0x3d,0xbe,0x64,0xf2,0xa5,0x9d,0x62,0x9d),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x91,0x93,0xf8,0xb9,0x14,0xdf,0xe0,0xe6,0x25,0x21,0xf3,0x5a,0xfa,0x4f,0xa5,0xd4,
+ 0x28,0x35,0xe1,0x98,0xaf,0x67,0x38,0x09,0x37,0x7a,0x3e,0x7a,0x99,0x73,0x31,0x42,
+ 0xa1,0x80,0xdc,0x0e,0x13,0xe6,0xbb,0x7c,0xeb,0x3b,0x60,0xe5,0xe9,0xd5,0x15,0x79,
+ 0x4d,0x82,0xc3,0x92,0xe0,0x79,0x13,0x42,0x33,0x91,0xd2,0x2e,0x2b,0xb1,0x9a,0xa0,
+ 0xbd,0x88,0xaf,0xd7,0xf7,0x7e,0x27,0xa2,0x40,0xea,0x4e,0x2d,0xe0,0x85,0x48,0x1a,
+ 0xc3,0x1f,0xf8,0xd3,0x79,0x90,0x21,0x1f,0x82,0xf2,0xcb,0xf4,0xc9,0x0d,0xe9,0x8d,
+ 0x6e,0x13,0x38,0xbb,0xc8,0x8e,0x6a,0x80,0xab,0x96,0x84,0xda,0xe6,0x47,0x85,0xdd,
+ 0x10,0x72,0x48,0x04,0x85,0x93,0xab,0xc9,0xab,0x03,0xf1,0x73,0x7a,0x6f,0x65,0x30),
+ .s = chunk_from_chars(
+ 0x5c,0x2f,0xe4,0x53,0xa8,0xb0,0x8c,0x90,0xb0,0x2e,0xb2,0xc9,0x99,0x42,0x42,0xd5,
+ 0x18,0xf3,0xf2,0x1b,0x36,0x88,0x95,0xcf,0xfd,0x62,0x40,0x50,0xe4,0x8a,0xa7,0x14,
+ 0x00,0x5a,0xe6,0x75,0xfe,0x79,0xaa,0x3c,0xad,0xd4,0xdf,0x55,0xbd,0xf1,0x2b,0xec,
+ 0x5b,0xe8,0xa4,0x1d,0x87,0x53,0x8f,0x7e,0x03,0x1b,0x78,0x2e,0x34,0xd3,0x92,0x46,
+ 0x8e,0x5f,0x14,0xbc,0x61,0x3b,0x8f,0x4d,0x28,0xc8,0xfb,0x79,0xa2,0x53,0x7e,0x1e,
+ 0x60,0x10,0x31,0xda,0x72,0x0a,0xcd,0x7b,0x2c,0x8d,0xcb,0xe9,0x85,0x86,0x24,0xa7,
+ 0xa9,0xa9,0x2a,0x06,0xf9,0x18,0x45,0xf7,0x32,0x37,0x0d,0x67,0x36,0x5c,0x64,0x64,
+ 0xf7,0xb6,0x8f,0x22,0xeb,0x3e,0xdf,0xee,0xc9,0x7e,0x32,0x85,0x02,0x4d,0x7f,0x69,
+ 0x43,0xb6,0xd5,0x0a,0x16,0xcc,0x96,0xd6,0x0f,0x68,0x03,0x51,0xde,0xaa,0x25,0xf0,
+ 0xbc,0x86,0x89,0x48,0x60,0x7a,0x6b,0xa7,0xf1,0x94,0x9b,0x85,0x94,0x3c,0x6a,0x92,
+ 0xbd,0x61,0x72,0xe8,0x1b,0xcc,0x05,0x50,0x14,0xb7,0x8a,0x73,0x39,0x72,0xe3,0xf3,
+ 0x9d,0x14,0x09,0x9d,0x16,0x07,0xa2,0x0f,0xf8,0x68,0x1c,0x29,0xae,0x1e,0xf9,0x9e,
+ 0xf1,0x15,0xed,0x6a,0x10,0x84,0xb5,0x14,0xb8,0x1a,0x69,0xd4,0xa1,0x5c,0xe1,0xe2,
+ 0x57,0x6f,0xdc,0xf2,0xb2,0xaf,0x61,0x5b,0x52,0xfe,0xc7,0x01,0x32,0x11,0x2d,0xcc,
+ 0x5b,0xc1,0x9e,0xc1,0x7f,0x32,0x28,0x14,0x60,0x62,0x34,0x20,0x31,0x73,0x53,0xe8,
+ 0xa2,0x55,0xfd,0xa5,0x02,0xbd,0x1f,0xb1,0x1a,0x58,0x83,0x2a,0xe2,0xc0,0x4f,0x9a),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x0e,0x57,0xef,0x40,0xb0,0x21,0xbf,0x87,0xf6,0x42,0xc5,0x75,0x6b,0x65,0x15,0xa0,
+ 0xe0,0x6c,0x15,0xa0,0x18,0x56,0xd7,0x16,0xc5,0x66,0xa6,0xed,0xb3,0x81,0xdf,0xdf,
+ 0x44,0xd9,0x03,0x3b,0x1c,0xc8,0x09,0xe6,0x1d,0xfe,0xf9,0xa0,0x96,0xdf,0xb6,0x89,
+ 0xb7,0x27,0x1b,0xe4,0x49,0xd0,0x4a,0x1a,0x9c,0x35,0x41,0x02,0xc0,0x77,0xaf,0x5f,
+ 0xf7,0x20,0x05,0xab,0x6b,0x06,0xcf,0x13,0x1d,0x73,0x45,0xc2,0x1e,0x82,0x1d,0x62,
+ 0x01,0xcc,0xa4,0xe0,0x90,0x44,0x0d,0x70,0xbe,0x60,0x09,0xd2,0xdd,0x7a,0x98,0xd3,
+ 0x11,0x75,0x1e,0x16,0x05,0xa3,0xb9,0x14,0xdc,0xe6,0xd2,0x62,0x6b,0x16,0xf2,0x33,
+ 0xa5,0xa3,0xd7,0x1d,0x56,0x7c,0xc8,0x20,0x15,0x2f,0x25,0xe4,0x73,0x51,0x42,0x42),
+ .s = chunk_from_chars(
+ 0x76,0x43,0xaa,0x3f,0xe6,0x3e,0x66,0xf7,0x9d,0x6b,0x40,0x9d,0x14,0x5e,0xa8,0x20,
+ 0xc9,0xf7,0x35,0x6f,0x71,0xb4,0xac,0xdc,0xbd,0x43,0xfe,0x1e,0x99,0xf8,0x80,0x2c,
+ 0xd1,0x66,0x2b,0x16,0x24,0x0f,0x5c,0xfd,0x94,0xa7,0x69,0xb0,0xb3,0xf2,0xcb,0x0b,
+ 0x11,0x88,0x7e,0x88,0x6e,0x5b,0xa4,0x37,0x33,0x36,0x74,0x90,0xb3,0xfc,0x18,0x8f,
+ 0x2f,0xb3,0xa0,0xc0,0xc8,0xa6,0x8b,0x5d,0x27,0x26,0xc8,0xf7,0xa3,0x19,0x02,0xb6,
+ 0xb8,0x6c,0xd4,0x02,0x28,0x7d,0x38,0x5c,0x3e,0x3c,0x06,0x50,0x3c,0xe1,0x7f,0xd6,
+ 0xe5,0x4e,0x58,0x2f,0x4a,0x90,0x7a,0x91,0xf9,0x52,0xd2,0xa3,0x60,0xe2,0xfb,0xa0,
+ 0x00,0x28,0xe4,0xd3,0xb0,0x2a,0xab,0xf7,0xd2,0x20,0xb3,0x1d,0x1f,0x8e,0xe7,0xfa,
+ 0xa0,0x70,0x14,0x76,0x82,0xcc,0xc8,0xbc,0xc7,0x56,0xca,0x6a,0x68,0xfc,0x20,0x95,
+ 0x45,0x50,0xc3,0x17,0xe8,0x79,0x18,0x78,0x1a,0x3d,0x1f,0x19,0x23,0x50,0x30,0x91,
+ 0x09,0x0c,0x3c,0x60,0xca,0x1c,0x0b,0x1c,0x69,0x99,0x06,0xfb,0xf8,0x5a,0xa7,0x0a,
+ 0xd9,0xae,0x48,0x70,0x9f,0xf7,0x43,0xb8,0x2d,0xcc,0x31,0x07,0x4c,0xfc,0xea,0x62,
+ 0x3e,0xa4,0x5e,0x48,0x64,0x4b,0x19,0xa2,0x17,0x72,0xca,0x10,0x7e,0xd6,0x42,0x39,
+ 0xc5,0x65,0x74,0xa0,0x87,0xf1,0xa6,0xaa,0xdf,0x0f,0x4b,0x00,0xff,0xe5,0x81,0xc1,
+ 0x41,0x02,0x74,0xc8,0x75,0xe4,0x59,0x90,0x63,0xe4,0x6e,0x51,0x68,0x80,0x3f,0x0d,
+ 0x28,0xd2,0x1f,0xcd,0x35,0x09,0xb4,0xc6,0x22,0x29,0x95,0xad,0xd7,0x75,0x3b,0xf3),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x0c,0x84,0x91,0xfc,0x34,0x8d,0x34,0x1f,0xe8,0x5c,0x46,0xa5,0x61,0x15,0xf2,0x60,
+ 0x35,0xc5,0x9e,0x6a,0x2b,0xe7,0x65,0xc4,0x4e,0x2e,0xc8,0x3d,0x40,0x7e,0xa0,0x96,
+ 0xd1,0x3b,0x57,0xe3,0xd0,0xc7,0x58,0x34,0x22,0x46,0xc4,0x75,0x10,0xa5,0x67,0x93,
+ 0xe5,0xda,0xea,0xe1,0xb9,0x6d,0x4a,0xb9,0x88,0x37,0x89,0x66,0x87,0x6a,0xa3,0x41,
+ 0xb7,0xd1,0xc3,0x1b,0xba,0x59,0xb7,0xdb,0xe6,0xd1,0xa1,0x68,0x98,0xee,0xf0,0xca,
+ 0xca,0x92,0x8f,0x8c,0xe8,0x4d,0x5c,0x64,0xe0,0x25,0xdc,0x16,0x79,0x92,0x2d,0x95,
+ 0xe5,0xcd,0x3c,0x6b,0x99,0x4a,0x38,0x5c,0x5c,0x83,0x46,0x46,0x9e,0xf8,0x76,0x4c,
+ 0x0c,0x74,0xf5,0x33,0x61,0x91,0x85,0x0c,0x7f,0x7e,0x2b,0x14,0xbe,0x00,0x27,0xd8),
+ .s = chunk_from_chars(
+ 0xca,0xcc,0x8d,0x9f,0x5e,0xcd,0x34,0xc1,0x43,0x48,0x84,0x61,0x13,0x5c,0x49,0x51,
+ 0x67,0x61,0x45,0xc6,0xe4,0x72,0xb9,0x2f,0x12,0xf7,0x58,0x04,0x6f,0x17,0x21,0x42,
+ 0xfa,0x38,0x8f,0x28,0x5f,0x3f,0xff,0x06,0x82,0x42,0x02,0x88,0x29,0x04,0x7e,0x24,
+ 0x80,0x59,0xed,0x4f,0xd3,0x9d,0x2c,0x5a,0xde,0x46,0x9d,0xc7,0xc3,0x93,0x45,0xe5,
+ 0x11,0x49,0x50,0xd2,0x03,0x1c,0xc7,0x46,0x5f,0xe7,0x12,0xc4,0x04,0x1d,0x05,0xc7,
+ 0x56,0xd3,0xf2,0xd8,0x8a,0x46,0xce,0xb9,0x9f,0x2e,0x24,0xa5,0x2e,0x95,0x8a,0x03,
+ 0xcd,0x25,0x19,0xa9,0xb1,0x37,0xe6,0x2d,0x5c,0xa2,0xb3,0x53,0xf7,0xb0,0x47,0xb6,
+ 0x25,0xc3,0x60,0x23,0x13,0xfd,0xb5,0x3c,0x8d,0xb2,0x3d,0x83,0x95,0x1a,0x59,0x9d,
+ 0xb3,0x28,0xfe,0xdc,0x4a,0xe0,0x6d,0xa8,0x9c,0xe7,0xf5,0x62,0x59,0xb5,0xc8,0x22,
+ 0x2f,0x7b,0xd3,0xd9,0x74,0x04,0x78,0xfd,0x28,0xe5,0x81,0x0d,0xb7,0x8a,0xee,0x86,
+ 0x23,0xfd,0xd3,0x9f,0x60,0x3f,0x8d,0xdf,0x98,0x08,0x1d,0x78,0x73,0x98,0x0c,0x4e,
+ 0xb0,0xe2,0x2a,0x9c,0xd4,0x08,0xf7,0xc4,0x13,0x4c,0x12,0xd2,0x04,0x9a,0x2d,0x12,
+ 0x0f,0x4b,0x62,0xe6,0xb3,0x82,0xb9,0x97,0xfc,0x37,0x5e,0xf7,0xac,0x95,0x5f,0xcf,
+ 0x80,0xb0,0x45,0xc3,0xd6,0x38,0x5f,0xf4,0x22,0xda,0xd3,0x50,0xc6,0x88,0x70,0x53,
+ 0x90,0x68,0xa1,0x62,0xa2,0xed,0xbb,0x93,0xce,0xef,0xed,0x96,0x77,0x93,0x9b,0x90,
+ 0xbd,0x3d,0xfa,0x0d,0xc0,0x53,0x46,0x0b,0x4e,0x23,0x32,0xef,0xa6,0x92,0x17,0x9a),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x6c,0xd5,0x9f,0xdd,0x3e,0xfd,0x89,0x3d,0x09,0x1a,0xfd,0xc3,0x15,0x5d,0x35,0x4f,
+ 0x10,0xd6,0xd8,0x81,0x67,0x42,0x7a,0x2c,0xf7,0x24,0x62,0x07,0xe5,0x17,0x91,0xa6,
+ 0xca,0x62,0x00,0xa9,0x14,0xcd,0x28,0x34,0xa9,0xb3,0xc7,0x9f,0xcd,0x59,0xe2,0x6e,
+ 0x45,0x7e,0x06,0x83,0xbc,0x33,0xd4,0x92,0x67,0xed,0xbd,0xd6,0xe5,0xd9,0x09,0x02,
+ 0x69,0x6f,0x1e,0x7b,0x1a,0x4a,0xff,0xc4,0xba,0x37,0x13,0x39,0x86,0x8c,0x28,0x01,
+ 0x5e,0xbb,0xb7,0x3e,0x26,0x26,0x69,0x86,0x6c,0x35,0xdb,0x97,0x4b,0xa6,0x9e,0x46,
+ 0x8f,0x25,0x83,0xb9,0x19,0x1d,0x15,0xd6,0x86,0xcd,0x66,0xfb,0x0b,0x9e,0x0f,0xf0,
+ 0xa3,0xb4,0x72,0x1a,0x6d,0xc3,0x42,0xf1,0x4f,0x24,0x46,0xb4,0xe0,0x28,0x59,0x5b),
+ .s = chunk_from_chars(
+ 0x39,0x74,0x90,0x0b,0xec,0x3f,0xcb,0x08,0x1f,0x0e,0x5a,0x29,0x9a,0xdf,0x30,0xd0,
+ 0x87,0xaa,0xba,0xa6,0x33,0x91,0x14,0x10,0xe8,0x7a,0x49,0x79,0xbb,0xe3,0xfa,0x80,
+ 0xc3,0xab,0xcf,0x22,0x16,0x86,0x39,0x9a,0x49,0xbc,0x2f,0x1e,0x5a,0xc4,0x0c,0x35,
+ 0xdf,0x17,0x00,0xe4,0xb9,0xcb,0x7c,0x80,0x5a,0x89,0x66,0x46,0x57,0x3f,0x4a,0x57,
+ 0x0a,0x97,0x04,0xd2,0xa2,0xe6,0xba,0xee,0x4b,0x43,0xd9,0x16,0x90,0x68,0x84,0xad,
+ 0x3c,0xf2,0x83,0x52,0x9e,0xa2,0x65,0xe8,0xfc,0xb5,0xcc,0x1b,0xdf,0x7b,0x7d,0xee,
+ 0x85,0x94,0x1e,0x4b,0x4f,0xb2,0x5c,0x1f,0xc7,0xb9,0x51,0xfb,0x12,0x9a,0xb3,0x93,
+ 0xcb,0x06,0x9b,0xe2,0x71,0xc1,0xd9,0x54,0xda,0x3c,0x43,0x67,0x43,0x09,0xf1,0xd2,
+ 0x12,0x82,0x6f,0xab,0xb8,0xe8,0x12,0xde,0x2d,0x53,0xd1,0x25,0x97,0xde,0x04,0x0d,
+ 0x32,0xcb,0x28,0xc9,0xf8,0x13,0x15,0x9c,0xb1,0x8c,0x1b,0x51,0xf7,0xa8,0x74,0xcb,
+ 0xf2,0x29,0xcc,0x22,0x2c,0xae,0xb9,0x8e,0x35,0xec,0x5e,0x4b,0xf5,0xc5,0xe2,0x2c,
+ 0xc8,0x52,0x86,0x31,0xf1,0x51,0x17,0xe8,0xc2,0xbe,0x6e,0xac,0x91,0xf4,0x07,0x0e,
+ 0xec,0xdd,0x07,0xec,0xc6,0xdb,0x6c,0x46,0xea,0xa6,0x5f,0x47,0x2f,0x20,0x06,0x98,
+ 0x8e,0xfe,0xf0,0xb5,0x1c,0x53,0x8c,0x6e,0x04,0xd7,0x51,0x9c,0x8e,0x3d,0xa4,0xb1,
+ 0x72,0xb1,0xe2,0x76,0x10,0x89,0xed,0x3a,0xd1,0x19,0x79,0x92,0xef,0x37,0xc1,0x68,
+ 0xdc,0x88,0x1c,0x8b,0x5f,0x8b,0xbf,0xee,0x91,0x9f,0x7c,0x7a,0xfd,0x25,0xb8,0xfc),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0xac,0xb3,0x0b,0xe9,0x09,0x2b,0x2f,0x18,0xf2,0x59,0x34,0xa0,0xd6,0x78,0xb6,0xbc,
+ 0xd6,0xb6,0x7c,0x2b,0x88,0xe7,0x58,0x84,0xf4,0x7b,0x4f,0xca,0xe3,0xad,0xfa,0x40,
+ 0x5a,0xfe,0x2c,0x7e,0x61,0xe2,0xd6,0xc5,0x08,0xb9,0x27,0x90,0xac,0x00,0xf7,0x6b,
+ 0x77,0xc9,0x65,0x08,0x26,0x68,0xbf,0x90,0x0f,0x70,0xa3,0x37,0x62,0xde,0x64,0x13,
+ 0xaf,0x93,0xaf,0x2e,0xa8,0x08,0x6f,0xda,0x29,0x3d,0xed,0x44,0x75,0xf2,0x3c,0x4c,
+ 0xc3,0x1a,0xd4,0x94,0xf9,0x8d,0x7d,0xd7,0xb7,0xfd,0x6f,0x7d,0x97,0x2b,0xb7,0x6c,
+ 0xb3,0x5a,0xdc,0x20,0x68,0x04,0xc3,0xfe,0x5a,0xcd,0xd0,0xe5,0xb8,0xb5,0x4e,0x07,
+ 0xc2,0x91,0x11,0xf7,0x88,0xbc,0x59,0x02,0xf4,0x0a,0xfa,0xc3,0x0a,0xfd,0xba,0xf2),
+ .s = chunk_from_chars(
+ 0xb5,0xc6,0x0d,0x8d,0xa9,0xb3,0x94,0x38,0x78,0xcb,0x23,0x59,0xcf,0x65,0xe4,0x81,
+ 0x7c,0x07,0x94,0xf9,0x50,0x45,0x3c,0xa7,0x7c,0x81,0xa5,0xa1,0xc1,0x58,0x55,0x91,
+ 0xaa,0x50,0xa6,0x74,0x68,0xe3,0xb3,0x99,0xe4,0xfa,0xf1,0xd6,0x06,0xbe,0xa0,0xd9,
+ 0xe6,0xcc,0x1d,0x2d,0x70,0xdb,0x80,0x63,0x73,0x9e,0x0c,0x27,0xd3,0xdc,0x9f,0x9a,
+ 0xfe,0x88,0xde,0xa5,0x2e,0x73,0x29,0x8a,0x07,0xd0,0x5c,0x7d,0x97,0x07,0x00,0x2e,
+ 0xfa,0x53,0x7c,0x38,0x9e,0x38,0xbd,0x37,0xbc,0xa7,0x4e,0xb0,0xaf,0x62,0x61,0xa5,
+ 0xda,0x06,0x13,0x62,0x02,0xc8,0xad,0x48,0x7e,0xeb,0xd5,0x0b,0xef,0x74,0x76,0x70,
+ 0x89,0xc7,0x08,0x70,0xbe,0x1d,0x8f,0xab,0x91,0x56,0xf9,0xfd,0xbc,0x2f,0x2e,0x9c,
+ 0xc3,0x30,0xa9,0x50,0x18,0xce,0x79,0x43,0x98,0x4b,0xec,0xc2,0x56,0x21,0xbf,0xa6,
+ 0x60,0x18,0xef,0x83,0x20,0xb6,0x00,0x59,0xf9,0x41,0x15,0x6e,0x9c,0xdd,0x87,0xff,
+ 0x0d,0x82,0xcf,0x7b,0xe7,0x74,0x65,0xe0,0x20,0x3e,0x71,0x20,0xaa,0xec,0xed,0x84,
+ 0xab,0xd8,0x18,0x69,0x47,0xd4,0xac,0x3d,0xaf,0x3f,0x99,0x39,0x02,0xae,0xc4,0x7c,
+ 0x30,0x90,0x47,0x5c,0x85,0x7b,0x5d,0x35,0x9f,0x0a,0x55,0x72,0xd4,0x68,0x8e,0x5a,
+ 0x76,0xa4,0x65,0x38,0x68,0xff,0x54,0xce,0x9f,0x99,0x9e,0x6b,0xb5,0x59,0xd1,0xc1,
+ 0x1c,0x67,0xc1,0x5b,0xe9,0xd7,0xfe,0x5f,0x8c,0x17,0x04,0x30,0x1d,0x05,0x5f,0x3d,
+ 0x29,0x07,0x72,0x27,0x79,0xd6,0x01,0x20,0x36,0x08,0x4e,0x95,0x0d,0xe3,0x6f,0x4f),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x60,0x1a,0x6a,0xad,0x3f,0xaa,0x79,0x88,0xd5,0xae,0x52,0x8a,0x69,0x69,0x03,0x1b,
+ 0x10,0xa6,0xf3,0x92,0x16,0x94,0x6a,0xa8,0x9f,0xd4,0x53,0x2c,0x8e,0xd1,0x41,0xf9,
+ 0xa6,0x50,0xb1,0x26,0xef,0x48,0x8f,0x7c,0x5c,0xf3,0xfb,0x2d,0xaa,0x25,0x4c,0xc2,
+ 0x8b,0xdd,0x55,0x56,0x04,0x19,0xe8,0x02,0x14,0xef,0x99,0x98,0x96,0xda,0xc4,0x94,
+ 0x68,0x52,0xd2,0x4f,0xcd,0x9f,0xb7,0x76,0x10,0xee,0xbf,0xbb,0x6b,0xa5,0x8b,0xca,
+ 0x26,0xf4,0x56,0x7f,0x03,0xac,0x7e,0x56,0xda,0x55,0x3f,0x23,0x81,0x7b,0xc1,0x03,
+ 0xee,0x48,0x55,0x92,0xa0,0x58,0xfb,0x5e,0x3b,0xc8,0x29,0x9c,0x72,0x90,0xc7,0x1a,
+ 0x29,0x13,0x7e,0x75,0xdb,0xf5,0x32,0x8c,0x3a,0x2d,0xcd,0x34,0x16,0x5b,0x3f,0x2e),
+ .s = chunk_from_chars(
+ 0x30,0x1d,0x60,0xd5,0x65,0x76,0xf3,0x66,0x3a,0x7f,0xbe,0x80,0x36,0xbb,0xe4,0xfb,
+ 0xc0,0xfb,0xd8,0x2c,0xd6,0xa4,0x2e,0x36,0xd7,0xbb,0xc8,0xb2,0x06,0x54,0x3d,0xc2,
+ 0xd5,0x6d,0x31,0x98,0xe7,0x91,0x1a,0xd1,0x38,0xca,0xd2,0x22,0xdd,0x99,0x05,0x0d,
+ 0xd1,0xf8,0x5f,0xe1,0x9c,0x8a,0x88,0xbf,0x67,0x13,0x5e,0x7f,0x8f,0x11,0xb5,0xf5,
+ 0xe4,0x85,0xc9,0x1f,0xc7,0xd4,0x78,0x06,0x9b,0x72,0xf4,0x6e,0xbc,0xdc,0xf2,0xd2,
+ 0xae,0x7d,0xe6,0xac,0x8f,0xe5,0x3b,0xb6,0xc0,0x49,0x11,0xd1,0x22,0xcc,0x23,0x1d,
+ 0xc2,0x10,0xb2,0x14,0x7e,0xbe,0x8b,0x05,0x2e,0x8b,0x2c,0xcc,0x09,0xf3,0x38,0xb3,
+ 0x49,0xde,0x20,0x25,0xcc,0x87,0xb2,0x61,0x9a,0x7b,0x16,0x33,0x47,0xca,0x66,0xa3,
+ 0x47,0x91,0xa2,0xe4,0x6b,0x4e,0x2a,0xc5,0x7e,0xb9,0xf6,0x02,0x9c,0xdb,0xe0,0x24,
+ 0xe8,0x96,0xd5,0x7f,0x7d,0x04,0x91,0xf7,0x78,0x33,0x12,0xf8,0xf0,0x6c,0x79,0x07,
+ 0x70,0x15,0x0c,0xd1,0x39,0xf6,0x1f,0xd2,0xb3,0xe7,0x04,0x1b,0x37,0x26,0x1c,0x6e,
+ 0x7e,0xa8,0x6d,0x4e,0x06,0xd9,0x30,0x0b,0x1a,0x56,0x67,0xcb,0x02,0x88,0xc5,0x50,
+ 0xb2,0xaf,0xb3,0x55,0x94,0x48,0x34,0xb4,0x61,0xce,0xad,0x13,0x79,0x42,0x76,0xbb,
+ 0x46,0xe5,0xe2,0x0a,0xec,0x7b,0x63,0xaa,0xca,0x4d,0x49,0x1a,0x50,0x0f,0xac,0xd5,
+ 0x9a,0x37,0xc5,0x27,0x79,0xcf,0x46,0x7d,0x74,0xaf,0x1e,0x62,0xb1,0xeb,0xe0,0xfd,
+ 0x0b,0xe1,0xca,0xcb,0x7c,0xe6,0xd0,0x50,0xd8,0x6e,0x4e,0xb7,0x6c,0xde,0x06,0x93),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x44,0xd3,0xe0,0xfc,0x90,0x10,0x0a,0x1c,0x93,0x16,0x06,0x3f,0x26,0xb1,0x80,0x32,
+ 0x6c,0xc2,0xe3,0x83,0x4c,0xe5,0x6e,0x43,0x24,0x52,0x8a,0x0b,0xbb,0x01,0x5b,0x3d,
+ 0x78,0x12,0x95,0x8c,0xd2,0x6b,0x91,0xbf,0x08,0xa3,0xa0,0xb1,0x12,0x1f,0x9f,0x9d,
+ 0xd7,0x7a,0xcb,0x98,0xa0,0x2a,0xd7,0x5f,0xcd,0x61,0x3c,0x53,0xc7,0x32,0xd1,0xc2,
+ 0x35,0xf5,0x9b,0x68,0x73,0xec,0xe6,0x36,0x3f,0x27,0x94,0x52,0xb6,0xa4,0xb6,0x5e,
+ 0x80,0xbb,0x59,0xfd,0x47,0xb9,0xa2,0x93,0x6d,0xcc,0x1e,0x4d,0xfe,0x1f,0x53,0x62,
+ 0xe3,0x45,0x9b,0x98,0x59,0xdb,0x32,0x09,0xa2,0x69,0x8d,0x27,0xfa,0x8a,0xed,0xfe,
+ 0xcd,0x4d,0x35,0xb9,0x27,0xda,0xf8,0x68,0x6c,0x59,0xd7,0x00,0x49,0x0f,0x0a,0xa3),
+ .s = chunk_from_chars(
+ 0xaf,0x22,0x29,0xe9,0x4a,0x85,0x7b,0x89,0xe0,0xe8,0x90,0xda,0xca,0x3a,0x8f,0xe1,
+ 0x2e,0xbd,0xba,0x04,0x94,0x8d,0x18,0x83,0xa7,0xd7,0x81,0x6a,0x3b,0x68,0x2f,0x7d,
+ 0xa3,0x03,0x25,0x40,0xa8,0x76,0x9f,0x9c,0xca,0xc9,0x58,0x6c,0xf2,0x4e,0x8c,0x20,
+ 0x4b,0x45,0xb8,0x5d,0x1b,0xdc,0xc5,0xa5,0x45,0x0a,0x21,0x5b,0x40,0x48,0xea,0x42,
+ 0x98,0x3b,0x34,0x56,0xfa,0x8c,0x76,0xc6,0x78,0x6e,0x02,0x4f,0x70,0x5e,0x08,0x8d,
+ 0x69,0x45,0x59,0xd6,0x68,0xca,0xa8,0x68,0x4c,0xad,0x0f,0xc5,0x78,0x50,0xfc,0xaf,
+ 0x34,0xe4,0x58,0xae,0xe8,0xfa,0xd4,0xe0,0x9e,0x6f,0x19,0x65,0x57,0xd4,0xe8,0x86,
+ 0x02,0x84,0xd9,0x82,0xc0,0x10,0x5d,0x98,0xce,0x49,0x12,0xe9,0x6c,0x35,0x50,0xe2,
+ 0xa0,0xc7,0xe8,0xba,0xd5,0xab,0xc2,0x9a,0x9a,0x54,0x2f,0x57,0xa8,0xc6,0x05,0x79,
+ 0x03,0x80,0x67,0xb3,0xd5,0x39,0x1a,0xbc,0x21,0xb4,0xf9,0xde,0xb0,0x24,0xca,0x58,
+ 0xf9,0xb0,0xc3,0x8c,0x0d,0x1f,0x82,0x37,0x3f,0x52,0x8e,0x93,0x9b,0xd7,0x3a,0x24,
+ 0xd5,0x01,0xc5,0x91,0x16,0x88,0x14,0xc8,0x72,0xc5,0x25,0xdb,0x0e,0x56,0xca,0xe4,
+ 0x7d,0xf0,0x0f,0xa3,0x72,0x8d,0xc3,0xa0,0x97,0x69,0x65,0x32,0x3c,0xe8,0xd2,0xde,
+ 0xe2,0xb1,0x38,0xb5,0x0a,0xb7,0xaf,0xd4,0x84,0x95,0x11,0x46,0x73,0xe9,0x1b,0xb3,
+ 0xed,0x22,0x05,0xe2,0x6a,0x84,0x55,0x47,0x4c,0x3d,0x4e,0xc8,0x73,0x9b,0xbf,0xf6,
+ 0xdf,0x39,0xb2,0xb7,0x2e,0xe0,0x50,0x41,0x09,0x30,0x42,0x3b,0x14,0x72,0xb6,0xed),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x5a,0xf0,0x90,0x77,0xa1,0xf5,0x34,0xb8,0x98,0x22,0xb2,0x6c,0x32,0x72,0xad,0xf8,
+ 0x50,0x0d,0x3c,0x6b,0xd9,0x0f,0x9b,0x5e,0x0d,0x8b,0x21,0x1f,0x16,0xd0,0x72,0x0e,
+ 0xe0,0xea,0xf6,0x46,0x2b,0x6c,0x8a,0x80,0xdf,0x6d,0x75,0x35,0x9f,0xd1,0x9d,0x03,
+ 0xa0,0xca,0xfb,0x52,0xbc,0x9d,0x4c,0x37,0xc2,0xaa,0x09,0x99,0x11,0xa7,0x9a,0x92,
+ 0x65,0x2c,0xc7,0x17,0xf0,0x74,0x6f,0xdc,0xad,0x62,0x7c,0x72,0xf1,0xc2,0x16,0xb2,
+ 0x43,0xd2,0x17,0x5f,0x6d,0x00,0xbf,0x07,0xd3,0xf6,0xaa,0x2a,0x04,0xd4,0xfe,0x9f,
+ 0x8f,0xbc,0xe9,0x32,0x18,0x94,0x4b,0x92,0xaa,0x07,0xaf,0x6b,0x4f,0xcd,0x80,0xcf,
+ 0xde,0x2d,0x7a,0xda,0x15,0xc0,0x5e,0x96,0xe7,0x77,0xea,0x1c,0x17,0xdf,0x08,0xfc),
+ .s = chunk_from_chars(
+ 0xa5,0x68,0x23,0xfa,0x57,0x7e,0x89,0x46,0xf1,0xd2,0xf6,0xe3,0x51,0xb7,0x38,0xb5,
+ 0x35,0x92,0x54,0x43,0x58,0x52,0x8a,0xf8,0x88,0x07,0xea,0x4f,0x19,0x01,0x7d,0xfe,
+ 0x81,0xa3,0xd6,0x9f,0x62,0xfb,0xff,0x64,0x95,0x50,0xd9,0xb3,0x10,0xfa,0xf2,0x7a,
+ 0x04,0x1f,0xe6,0x24,0xf0,0xa0,0x2b,0xdc,0xdd,0xb7,0x9b,0xfb,0x0a,0x46,0x57,0x39,
+ 0xec,0x8b,0x64,0xb7,0x48,0xcc,0x29,0xe5,0xa0,0x2c,0x77,0x7e,0x18,0x26,0xd3,0xe2,
+ 0xf1,0xee,0xe6,0xfe,0x2e,0xde,0xe4,0xa8,0xbc,0xac,0x51,0x9c,0x7c,0x7c,0xa5,0xc0,
+ 0x39,0xe7,0x6d,0x63,0x06,0x68,0x94,0x5a,0x1e,0x5e,0x86,0x18,0xe2,0x35,0x86,0x45,
+ 0x61,0xa4,0x40,0xe7,0x3e,0x39,0xf6,0xd6,0x84,0x2a,0xd7,0xda,0x64,0xef,0x5b,0x0c,
+ 0xe1,0xc4,0xab,0x88,0xdb,0x15,0x7b,0x68,0x10,0x71,0x74,0xad,0x7d,0x5c,0x9a,0x60,
+ 0x65,0x06,0x87,0x68,0xc1,0x1c,0x4c,0x96,0xff,0x67,0x05,0x0b,0x5d,0x07,0xb8,0xcd,
+ 0x02,0x7f,0xcd,0x0d,0x34,0x7e,0xc7,0x9a,0x19,0x7c,0xf4,0x34,0x35,0x98,0x5b,0xc1,
+ 0xae,0xb4,0x79,0xdb,0x00,0x22,0x28,0x9e,0x8d,0xd3,0xb3,0x1b,0xb7,0xc6,0x2d,0x88,
+ 0x31,0xcf,0xe6,0x95,0x2f,0x41,0xd2,0x4f,0x89,0xd7,0x53,0x78,0x95,0x35,0xf9,0x18,
+ 0xff,0x68,0xb3,0x69,0x50,0xaf,0x6f,0xd3,0x1d,0xee,0x1a,0xc4,0x76,0xa0,0xcf,0x93,
+ 0xaf,0xe9,0xf4,0xa7,0x66,0xf3,0xc4,0xd2,0xc0,0xc3,0xf9,0x28,0x25,0xd5,0x57,0x2e,
+ 0xb2,0xeb,0x8a,0x2b,0x64,0x4e,0x32,0x9e,0xea,0x16,0x83,0xf9,0x08,0x10,0xed,0x77),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0xf6,0x0a,0x3a,0x54,0x37,0x68,0xfa,0xbe,0x37,0xf0,0x03,0x00,0x9a,0x8c,0x26,0xf7,
+ 0xdc,0x91,0xf1,0x42,0x2d,0x44,0x29,0xed,0x7f,0x9d,0x74,0x4c,0xdd,0x4b,0x55,0x2a,
+ 0xfe,0xf7,0x5d,0x24,0x1a,0xcd,0xa0,0x4f,0xfc,0x39,0x67,0x21,0x59,0xee,0x24,0x8e,
+ 0x60,0x2d,0xab,0x71,0x92,0x44,0x9e,0x2e,0xd4,0x55,0x29,0x95,0xc2,0x58,0xf0,0x0a,
+ 0x47,0x63,0x46,0xe3,0x6a,0x29,0xa0,0x12,0x6b,0xc2,0x49,0x04,0x0f,0xaa,0x57,0xc9,
+ 0x38,0x0b,0xdd,0x74,0xb8,0x3f,0x62,0xc5,0x67,0x90,0x92,0x05,0x74,0x43,0x34,0x32,
+ 0xf8,0xd6,0x5c,0x5c,0xd1,0x85,0xe2,0x4f,0xad,0x13,0x12,0x72,0x65,0xc6,0xa5,0xef,
+ 0x8d,0xb4,0xf1,0x14,0x49,0x3d,0x5c,0xfa,0x61,0xd9,0x16,0x64,0x98,0x14,0x08,0xe9),
+ .s = chunk_from_chars(
+ 0x08,0xd3,0x96,0x48,0x1d,0xee,0xf1,0x8c,0xb0,0xbe,0xf7,0xc3,0xe8,0x26,0xfe,0x6e,
+ 0x5c,0x9e,0xcc,0x85,0xe5,0x23,0x0d,0x35,0xd6,0x67,0x72,0xb8,0xd2,0xd0,0x15,0xd4,
+ 0xe5,0xf5,0x79,0x4f,0xbe,0x05,0x50,0xdf,0x2f,0x74,0x57,0x30,0xd6,0xf8,0xd1,0xd3,
+ 0xb8,0x50,0xd1,0x64,0xfc,0xe4,0x63,0x08,0x05,0xe7,0x11,0xb5,0x93,0x08,0xf8,0x60,
+ 0x85,0x06,0xb7,0xe0,0x1e,0x8e,0x92,0x94,0xed,0x8b,0x7e,0x75,0x82,0x16,0x56,0x77,
+ 0xf1,0x80,0xe9,0x65,0x16,0x9d,0xca,0x81,0xb3,0xda,0xf2,0x4d,0x7b,0x92,0xfe,0x32,
+ 0xd6,0xa9,0xac,0x63,0x82,0x1d,0x48,0xb1,0xa0,0xa1,0x44,0xfc,0x7a,0x04,0xb0,0xbf,
+ 0xc6,0x3a,0x3b,0xc1,0x6a,0x0f,0xd8,0x37,0xb0,0x20,0x37,0xed,0x76,0xe5,0x0d,0x46,
+ 0xcb,0xfa,0x38,0x57,0xe6,0x58,0xe3,0x70,0xc5,0x86,0xab,0x1e,0xed,0x82,0x50,0x76,
+ 0x32,0x1a,0xc8,0xe8,0x2b,0xe3,0x74,0xba,0xcb,0x29,0x5e,0x4d,0x34,0x08,0xf0,0xcc,
+ 0x1f,0xc4,0xc3,0x00,0xb8,0x42,0x75,0xa5,0x1c,0x35,0x73,0xe9,0xca,0xbf,0xdb,0xe3,
+ 0xdc,0x51,0xe4,0xa6,0xf5,0x81,0x1d,0x86,0x0d,0x72,0x5a,0xaf,0x8f,0xd0,0xaf,0x19,
+ 0xa2,0x43,0x7b,0x0f,0x1c,0x80,0xf5,0xac,0x22,0x2f,0x6b,0x25,0xf1,0xfa,0x09,0xe9,
+ 0x33,0x99,0xa6,0x97,0x6b,0x1b,0x3c,0xa7,0x6a,0xfe,0x60,0x86,0xe9,0xb2,0x32,0xaa,
+ 0xe6,0xc7,0xb8,0x18,0x25,0x5b,0xf9,0x63,0xf3,0x1c,0x04,0xae,0x3f,0xa2,0x13,0x6c,
+ 0x0a,0x44,0x29,0x97,0xd4,0xcf,0x12,0xf3,0x95,0xfb,0x80,0x4a,0x47,0x55,0xb5,0x6b),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x2c,0x07,0xa8,0x1d,0xe5,0x89,0x55,0xb6,0x76,0xfe,0xc0,0x57,0x2d,0x48,0xd1,0x95,
+ 0x5b,0x48,0x75,0xff,0x62,0xa4,0x4b,0x00,0x10,0xc7,0xa1,0x07,0x2b,0x29,0x9e,0xe4,
+ 0x4d,0xd0,0xc0,0x76,0xf2,0x17,0x8a,0x83,0xd0,0xae,0x76,0xe7,0x67,0xe2,0x31,0xf1,
+ 0xd8,0x1e,0x07,0x0a,0xfa,0xb2,0x9c,0x97,0xab,0xd4,0xde,0x21,0x64,0xe4,0x37,0xb3,
+ 0x11,0xf5,0x07,0x84,0x1f,0x88,0x51,0xd6,0xd6,0x9a,0xb5,0x1e,0xe9,0xe2,0x9e,0x65,
+ 0x4b,0x54,0xbc,0xee,0x45,0xe9,0xb5,0x19,0xc6,0xa2,0x17,0x87,0xfa,0xcb,0x92,0x7f,
+ 0x1d,0x7d,0x64,0x91,0x92,0x66,0x14,0x79,0x2f,0xcc,0x63,0x46,0xdc,0xd0,0x80,0xbb,
+ 0x5c,0xf0,0x7b,0xf5,0x6a,0xd0,0xfc,0x4e,0x08,0x3a,0x35,0x82,0x14,0x63,0x15,0x10),
+ .s = chunk_from_chars(
+ 0x9a,0xa3,0x91,0xe7,0xc2,0xf0,0xe9,0x20,0xaa,0xc2,0x7e,0xd9,0xfc,0x20,0x81,0xd3,
+ 0xc9,0xca,0xa3,0x73,0x58,0x83,0xd0,0x1a,0xd7,0xa7,0xe3,0xb1,0x18,0x67,0xd0,0xad,
+ 0x62,0x41,0x56,0x47,0x7b,0xbb,0xdd,0xe6,0x59,0xf4,0x74,0x68,0x2d,0x0d,0x77,0x44,
+ 0x89,0xe2,0xb5,0xb0,0x39,0xd1,0xeb,0x35,0x45,0x4c,0x9e,0x3e,0xed,0x78,0xcf,0xf9,
+ 0xc4,0x26,0x2e,0x3a,0xec,0xfc,0xa1,0xd8,0x17,0x54,0x2b,0x48,0x60,0x96,0x59,0x8e,
+ 0x11,0x14,0xbf,0xc0,0x3f,0x20,0xa4,0x5d,0xe3,0x6f,0x6d,0xf7,0x0d,0x14,0x4d,0x01,
+ 0xdc,0x48,0x66,0xa0,0xf8,0x33,0x19,0xe7,0xc2,0xb8,0x53,0x0f,0x8c,0x27,0xa4,0x1b,
+ 0x7a,0xdd,0x9f,0x69,0x2d,0x8a,0x8e,0x64,0x64,0x55,0xb6,0x7c,0x9e,0xc4,0x7a,0x4d,
+ 0x2c,0xe3,0xdf,0xe3,0x5d,0x6a,0x2e,0x89,0xd9,0xbe,0x50,0xc5,0xb6,0xda,0x39,0xbb,
+ 0x02,0x54,0xbd,0x23,0xa8,0x09,0xab,0x97,0xb2,0xb4,0x8a,0x06,0x8a,0x87,0xab,0xde,
+ 0x6b,0x6a,0x6e,0x35,0x95,0x5f,0xc9,0x2a,0x96,0x26,0xf9,0x60,0x7d,0x5b,0x3f,0x40,
+ 0x15,0x17,0x27,0x15,0x94,0xbe,0xf7,0x38,0x59,0x81,0x2b,0x6a,0x62,0x1e,0xd6,0xbd,
+ 0xaf,0x3c,0x5f,0x2a,0x90,0xb1,0xe1,0x68,0x0f,0x68,0xdc,0xfc,0xca,0xcb,0x65,0xe0,
+ 0x08,0x1f,0x1c,0xcb,0x6a,0x20,0x73,0x70,0x9d,0x1b,0xa0,0x67,0x06,0x50,0x16,0xed,
+ 0x73,0xeb,0xd7,0xeb,0xe9,0xe7,0xa7,0xb6,0x0c,0x8c,0x9d,0xd0,0x4a,0x56,0xfa,0xb3,
+ 0x07,0x02,0xc8,0xa6,0xdf,0x6a,0x35,0x3a,0x30,0x10,0x47,0xdf,0x4c,0x7a,0xff,0x62),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x35,0xec,0x92,0xaf,0xdb,0xc2,0xfc,0xef,0xe4,0x8f,0x1e,0x2f,0x6e,0x48,0x29,0xae,
+ 0x53,0xb3,0xda,0x04,0x59,0xcc,0x4e,0xa8,0xa9,0x68,0x18,0xb5,0x83,0x18,0x91,0xee,
+ 0x2f,0x50,0x6f,0xff,0x37,0xc8,0x99,0x06,0xd3,0x23,0x3a,0x51,0xa5,0xcf,0x14,0x69,
+ 0xa6,0x2c,0x18,0x50,0x61,0xf0,0x33,0x08,0x5f,0xca,0x6a,0x54,0xe2,0x45,0x29,0xc3,
+ 0xd6,0xf0,0xd8,0xe9,0x04,0xbc,0xb0,0xf0,0x89,0xa5,0xcd,0x50,0x86,0x94,0x84,0xda,
+ 0x1a,0x84,0xf6,0xfb,0x8d,0xe4,0xe5,0x3f,0xce,0x3d,0xc7,0x14,0x20,0x15,0x19,0xd1,
+ 0x10,0x13,0xf6,0xf6,0xaa,0x64,0xe8,0xb5,0xec,0x5c,0xfe,0xb2,0x7b,0x61,0x1f,0x08,
+ 0x95,0x05,0x9d,0x8c,0x47,0x72,0x0d,0x55,0xe0,0x0b,0x57,0x7c,0xa5,0x50,0x09,0x20),
+ .s = chunk_from_chars(
+ 0x6b,0x0f,0x5b,0x50,0xe6,0x78,0xda,0x08,0x3e,0xd0,0xf1,0xb6,0x4e,0x94,0x3e,0x8c,
+ 0x62,0x79,0xc7,0x24,0x6a,0xf5,0xad,0x07,0x9c,0xdb,0xf2,0x23,0xe4,0x2a,0x0d,0x47,
+ 0x1e,0x56,0x31,0x4b,0xc0,0xd5,0x8f,0x20,0x2a,0xa6,0xc5,0xe1,0xe5,0x25,0x59,0x85,
+ 0xb0,0x79,0x5d,0x48,0xeb,0x3d,0x4b,0x8e,0x3f,0xc9,0x22,0x40,0xae,0x02,0xb4,0x08,
+ 0x8c,0x6c,0xe8,0xab,0x0e,0x8c,0x79,0xc6,0x8d,0xfd,0xc4,0x86,0x57,0xd6,0xa2,0x82,
+ 0x95,0x39,0x1b,0x9a,0x5a,0x5f,0x35,0x25,0x51,0x26,0xbf,0x8c,0xa5,0x3c,0xbc,0xc0,
+ 0x08,0x2e,0xab,0x52,0xec,0x10,0x9d,0x22,0xa1,0x18,0x5f,0x6d,0xc7,0x92,0xfc,0x29,
+ 0x0a,0xa8,0xdb,0xae,0xbb,0x2f,0xbe,0x40,0x4f,0x1d,0x03,0x9a,0xa6,0x34,0x3c,0xd7,
+ 0xaf,0x9f,0xcb,0x2d,0x1e,0x05,0xde,0xf4,0x80,0x96,0xc2,0x37,0xe1,0x0d,0xaa,0x7c,
+ 0xfa,0xc5,0xae,0x9b,0x3b,0x30,0x22,0x00,0x5d,0x0d,0x2d,0x5c,0x9c,0x5c,0x50,0x2b,
+ 0x2f,0x23,0x59,0x4e,0x80,0xd1,0x60,0x4b,0xbb,0x8f,0x5d,0xec,0x07,0xcd,0x3a,0xfe,
+ 0x1f,0x77,0x77,0x43,0xb0,0xb5,0x8a,0x4e,0x0e,0x4e,0x5c,0xaa,0x14,0x88,0x30,0xee,
+ 0xe0,0x47,0x96,0x8e,0x7f,0x40,0x66,0x1f,0x9f,0x1a,0x02,0xe1,0xa7,0xfd,0x2b,0x6c,
+ 0xaf,0x19,0x32,0x6a,0x75,0xe9,0x56,0x5e,0xfd,0xc0,0x11,0x4b,0xce,0xcb,0x14,0xdd,
+ 0xa0,0x6c,0x32,0x9c,0xf3,0x22,0xa5,0xbd,0x3e,0x6a,0xb4,0x8d,0x95,0xf2,0xd2,0xa9,
+ 0xc1,0xc1,0x23,0x3a,0x0a,0xa0,0x15,0xa7,0x38,0xf9,0x01,0xf1,0x31,0x48,0xb4,0x54),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x80,0xc9,0xde,0xbd,0xf9,0x31,0x74,0xd7,0x57,0x50,0xa6,0xcf,0x09,0xaf,0x71,0xfc,
+ 0x18,0xfd,0x51,0x3b,0xff,0x9c,0xb4,0x91,0xbe,0x60,0xaf,0x11,0x2a,0x93,0xf0,0x00,
+ 0x87,0x3c,0xf4,0x38,0x58,0xa0,0x7a,0xca,0x76,0x0a,0x37,0xe7,0x60,0xc8,0xcb,0x01,
+ 0xd2,0x76,0xf4,0x2d,0x99,0x7f,0x01,0xcc,0xa5,0xe0,0x8a,0x6a,0x60,0x2f,0x5f,0xe6,
+ 0x3e,0xdc,0xbe,0xd3,0x95,0xb8,0xc9,0x1f,0xb0,0xb3,0x36,0xf2,0x1f,0xea,0x49,0xd9,
+ 0x50,0xe1,0xff,0x24,0x64,0x0c,0x8d,0x8d,0x3b,0x95,0x08,0x1a,0xd1,0x59,0x66,0x44,
+ 0xce,0x34,0xa5,0x58,0x58,0x7e,0x4a,0x1e,0x2c,0xd5,0x0d,0xb9,0xed,0x1d,0xd3,0xce,
+ 0xbb,0xc6,0xdc,0xe8,0x08,0x4d,0x3e,0x1b,0xa7,0x06,0x92,0xe8,0x26,0x18,0xed,0x61),
+ .s = chunk_from_chars(
+ 0x4a,0x15,0xa7,0x83,0xad,0xbf,0x27,0x46,0x22,0xd5,0xa6,0x10,0xbb,0x6f,0xc7,0x33,
+ 0x37,0x99,0x9e,0x44,0x5d,0xc2,0x13,0x3a,0xcc,0xb7,0x88,0xd6,0x20,0x3d,0x70,0xf3,
+ 0xcd,0xc6,0x3e,0x67,0xda,0xa4,0x17,0x1a,0x79,0x52,0xa4,0x98,0x64,0x56,0xfa,0xb3,
+ 0xc0,0x77,0xa8,0x94,0x1f,0xb2,0x59,0xe3,0x7a,0x5c,0x0c,0xbb,0x20,0xc4,0x08,0xfa,
+ 0x24,0xad,0x0e,0xc8,0x50,0xe9,0xbf,0x02,0x8c,0x36,0x04,0x60,0x99,0x41,0xf5,0xae,
+ 0x2f,0x18,0xbf,0x1a,0xc3,0x7a,0x24,0xf7,0x55,0xab,0xb9,0xc8,0x5d,0xdc,0xd0,0xbf,
+ 0x4a,0x12,0xfa,0xbd,0x9d,0x25,0x30,0x29,0xe0,0x81,0xf6,0x28,0xe2,0xbb,0xe9,0xf9,
+ 0xaf,0xe9,0x22,0x49,0x54,0xd8,0x31,0x5d,0xb8,0x6c,0x21,0x25,0x51,0x2b,0xb9,0x8c,
+ 0xe9,0xb3,0x69,0x30,0x99,0x4b,0x09,0x1a,0x8a,0x1d,0x7d,0x4e,0x2f,0x4a,0x0e,0x58,
+ 0xd0,0xa3,0x58,0x76,0xad,0xad,0x14,0x30,0x05,0x30,0xb3,0x9c,0x8d,0xc1,0x1d,0xed,
+ 0x3e,0xf2,0xfa,0x95,0xd5,0xf2,0x2e,0x67,0xca,0xe3,0x4c,0xc2,0x1a,0xd5,0xe2,0x3f,
+ 0x91,0x22,0xb5,0x3d,0xfb,0x79,0xf1,0xa2,0xac,0x63,0xc1,0x84,0x4e,0x9e,0xf0,0x69,
+ 0xa2,0xe4,0x1f,0x17,0x8d,0x6d,0xce,0xdc,0x51,0x8a,0xaf,0xcf,0x81,0xe0,0xeb,0xd8,
+ 0x82,0x55,0x6e,0x73,0x1c,0xb0,0xab,0x41,0xd9,0x57,0x27,0x4a,0x3f,0xbb,0xb7,0xce,
+ 0xf2,0x60,0x87,0x91,0x00,0x0c,0x6b,0x86,0x08,0x68,0xcb,0x73,0x93,0xe7,0xd0,0x3d,
+ 0x94,0x56,0x89,0xff,0xb7,0x75,0x55,0xef,0xe0,0x8f,0x46,0x14,0x51,0xd3,0x3c,0x11),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x31,0x39,0x5c,0xef,0x34,0x95,0x51,0x34,0x3a,0x49,0x27,0x1a,0x8d,0x81,0x2b,0x4c,
+ 0x7b,0x65,0xb4,0x55,0xb7,0xed,0xa8,0x11,0xfc,0xf7,0x41,0x61,0xf3,0x97,0x11,0x23,
+ 0x57,0xae,0x44,0x62,0x57,0xbe,0x26,0xc9,0x3c,0xfc,0xe5,0x5e,0x4b,0xa7,0x97,0x6d,
+ 0xed,0x99,0x7e,0xc1,0x0d,0x1c,0x8b,0x1a,0xc2,0xfe,0x22,0xdc,0x2e,0xe8,0x1d,0x05,
+ 0xa6,0xeb,0x13,0x61,0x12,0x5c,0xda,0x01,0x97,0xe2,0x4a,0xe9,0x74,0xcd,0x44,0x09,
+ 0x2a,0xa9,0xf3,0x6f,0xe0,0x13,0x52,0xba,0x05,0xcc,0xef,0xd2,0x37,0x0c,0xee,0xd6,
+ 0x64,0x19,0x50,0x56,0x2f,0x17,0x76,0xc3,0x95,0x22,0xe0,0x23,0xd0,0x9a,0x3b,0x09,
+ 0x7b,0xbe,0x9b,0xc5,0xf8,0x7d,0x05,0xd8,0x0f,0x88,0x30,0xab,0xd7,0xac,0x8c,0x80),
+ .s = chunk_from_chars(
+ 0x16,0x2f,0x38,0x76,0x95,0xcf,0x9d,0x82,0xdd,0xa8,0x9c,0x74,0x93,0x18,0xe4,0x6c,
+ 0x9b,0xe8,0x95,0xec,0x36,0x4e,0xa4,0xae,0xce,0x97,0xcc,0xfa,0x63,0x92,0x5a,0xf3,
+ 0x71,0x08,0x94,0xda,0x2b,0x7b,0x59,0x67,0xe4,0x6f,0x4e,0xfa,0x80,0xca,0x25,0xd2,
+ 0xa9,0x65,0xa7,0xe1,0x5f,0x75,0xe0,0xaa,0x1b,0xd4,0x25,0x0f,0x8f,0x41,0x09,0x9e,
+ 0x6e,0x97,0x14,0xc3,0xfc,0x43,0x11,0x07,0x7a,0xe9,0xbd,0xdf,0xe3,0x5b,0xa4,0x72,
+ 0x75,0x31,0x52,0x9c,0x23,0x9d,0x54,0x6a,0xb1,0xc2,0x98,0x18,0x7f,0x16,0x5f,0x70,
+ 0x8c,0xcc,0x0a,0xe3,0x97,0x9a,0x8d,0xa1,0x93,0xe3,0x48,0x59,0xa5,0x9c,0x2c,0x3b,
+ 0xc4,0x22,0x53,0xc8,0x34,0x66,0x88,0xe6,0xbb,0xa6,0xfb,0x1b,0x01,0xb1,0x0c,0x1e,
+ 0xc2,0xc6,0x49,0x3d,0xed,0xcc,0x26,0x96,0x26,0x9d,0x85,0x1b,0xde,0x63,0xe2,0x7e,
+ 0x37,0xbe,0xd3,0x57,0x45,0x5c,0x8f,0xee,0x56,0x29,0xf9,0x4a,0xfa,0x7a,0x98,0x66,
+ 0x95,0xcf,0xd5,0xb9,0x92,0x12,0x65,0x7a,0x6c,0x88,0x46,0x44,0x59,0x60,0x86,0xb8,
+ 0x9e,0x0c,0x7c,0x05,0xe8,0x19,0xfa,0xeb,0xeb,0xef,0x74,0x5f,0xd2,0x95,0xaf,0x88,
+ 0x66,0xe0,0x75,0x0f,0x54,0x79,0xba,0xed,0x50,0xcb,0xb3,0xd0,0x59,0xf8,0xa5,0xeb,
+ 0x7e,0x0e,0x61,0xe2,0x73,0x3a,0xe5,0x0f,0x0c,0x1e,0xc4,0x2b,0xe7,0x1f,0x5d,0xff,
+ 0x32,0x41,0x95,0xcb,0x4f,0x0e,0x94,0x1a,0x21,0x56,0x15,0x13,0xc3,0x03,0x7d,0xb9,
+ 0x2f,0xec,0x95,0x56,0xb7,0x72,0xcc,0xab,0x23,0x9e,0x34,0xb1,0x87,0x6c,0x56,0xb1),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xa7,0xc3,0x09,0xd4,0x4a,0x57,0x18,0x8b,0xbd,0x7b,0x72,0x6b,0x98,0xb9,0x8c,0xe1,
+ 0x25,0x82,0x22,0x8e,0x14,0x15,0x86,0x48,0x70,0xa2,0x39,0x61,0xd2,0xaf,0xb8,0x2c,
+ 0xd5,0xbc,0x98,0xbe,0xc9,0x22,0xd5,0xf2,0xac,0x41,0x68,0xb0,0x56,0xda,0x17,0x6e,
+ 0xf3,0xba,0x91,0xf6,0xb6,0x99,0xba,0x6a,0xcc,0x41,0x44,0x86,0x8f,0xf3,0x7f,0x26,
+ 0xfd,0x06,0x72,0x08,0x68,0xd1,0x2a,0xd2,0x6e,0xcb,0x52,0x57,0x2c,0xf1,0x04,0x16,
+ 0xaf,0x68,0xdf,0x03,0xab,0x64,0x5a,0x8b,0x70,0x48,0x57,0xd2,0x19,0x0f,0xfc,0x3f,
+ 0x07,0xea,0xbe,0x3a,0x8e,0x2a,0xbe,0x34,0xed,0x61,0x59,0xe8,0x84,0xc4,0xfa,0xe1,
+ 0x41,0xd4,0x33,0x3d,0x5c,0x3e,0x0d,0xb0,0x44,0xff,0x9c,0xcc,0xd9,0xcb,0xd6,0x7f),
+ .s = chunk_from_chars(
+ 0x14,0x8a,0xf6,0x1e,0xd5,0xea,0x8a,0x87,0xa0,0x8b,0x3f,0x40,0x39,0x29,0xbf,0x80,
+ 0x31,0xdb,0x4f,0xd3,0x99,0x9b,0x64,0x40,0x9b,0xa4,0x89,0xf9,0x7a,0x3e,0xe5,0x20,
+ 0x8e,0xa4,0x20,0x2d,0x2e,0xc1,0x87,0x34,0xf6,0x15,0x00,0x3a,0x51,0xf7,0x74,0x41,
+ 0x08,0x5b,0xe6,0xac,0x0f,0x11,0x81,0x0f,0xfa,0x2d,0xad,0x58,0xf0,0xe1,0x86,0xd5,
+ 0x52,0x0a,0xc2,0xb8,0xa5,0xd3,0x96,0x6e,0x8d,0x2a,0xbb,0x80,0x74,0xe1,0x3b,0x50,
+ 0xa4,0xe7,0xde,0x83,0xbe,0x10,0xa6,0x6f,0xdc,0x7c,0xa1,0x81,0x18,0xc5,0x77,0x4f,
+ 0x78,0x12,0x12,0xde,0x9e,0xfe,0xbc,0x63,0x76,0xfc,0xdd,0xdc,0x65,0xa3,0xb1,0xb8,
+ 0xf1,0xab,0x31,0x49,0x2f,0xe4,0x78,0x25,0x9c,0xe7,0x19,0xb3,0xdb,0x58,0x74,0x98,
+ 0xd8,0x79,0xa0,0x1d,0xec,0x96,0xe8,0xea,0xbe,0xb0,0x7f,0xf7,0x07,0x3f,0x3f,0x3e,
+ 0xb4,0x46,0x08,0x49,0x55,0xca,0x26,0x32,0x9a,0x79,0x13,0x15,0xa2,0xc2,0x59,0xd2,
+ 0x25,0xe2,0x6b,0x21,0x54,0xb2,0x04,0x7b,0x21,0xfa,0xba,0x68,0x11,0x5b,0xfd,0x96,
+ 0x2e,0x5e,0x24,0xec,0x52,0xd7,0xc5,0xd2,0x31,0xe3,0x04,0x4c,0xbc,0xd8,0xc8,0x80,
+ 0x48,0x55,0x70,0x3c,0xba,0xa6,0x22,0xb1,0x5b,0x6e,0xf7,0x8c,0x74,0x21,0xa3,0x67,
+ 0x16,0x6f,0x1b,0x02,0x57,0x6c,0x87,0x36,0x05,0x93,0xda,0x75,0xb7,0x18,0x9e,0xfa,
+ 0xfd,0x10,0x82,0xbd,0x59,0xf6,0x85,0x7f,0x17,0x01,0xf6,0x46,0xc2,0x4d,0x70,0xc9,
+ 0x52,0x73,0xc4,0x9d,0x5b,0x11,0xe6,0xaf,0xe2,0x58,0x82,0x1b,0x55,0xc1,0x68,0x0c),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xca,0x50,0x5d,0x45,0x91,0x12,0x16,0x64,0x99,0x07,0x47,0xd9,0x5d,0x95,0x55,0xcc,
+ 0x75,0xbf,0xc3,0xfd,0xae,0xec,0xee,0xaa,0x60,0xea,0xfa,0xb3,0xfc,0x32,0x0c,0xfc,
+ 0xe5,0x6e,0xb9,0x13,0x81,0x38,0xbf,0x13,0x8f,0x25,0xf3,0xc8,0xbb,0x02,0x7b,0x13,
+ 0x6f,0x5d,0x3d,0x90,0xed,0x48,0x97,0x77,0x9b,0x59,0x51,0xc0,0x9d,0xf5,0xd0,0x8b,
+ 0xa9,0xce,0x8c,0xbe,0x17,0xab,0xc4,0xf0,0x38,0x68,0x70,0x86,0xe9,0x3d,0x77,0x1b,
+ 0x68,0x43,0x22,0x26,0x66,0x33,0xd0,0xd6,0x5d,0x71,0xec,0x41,0x23,0x4a,0x1d,0xbe,
+ 0xc0,0x7a,0xbc,0x8f,0x7d,0xf2,0x8b,0xc4,0x3d,0xd8,0xa4,0x5b,0x10,0xce,0xaf,0xac,
+ 0x06,0x77,0x58,0x05,0x41,0x37,0x01,0x91,0x4e,0x3b,0xb3,0x7e,0xb6,0xba,0x5b,0x5e),
+ .s = chunk_from_chars(
+ 0x58,0x9c,0xcd,0x4e,0xbf,0x97,0x64,0xf8,0x7e,0x6a,0xfa,0x7f,0x13,0xc4,0x06,0x25,
+ 0x79,0xb0,0x22,0x28,0x11,0x7b,0x15,0xa8,0x73,0x8a,0xb3,0x9c,0xd6,0x44,0x77,0x06,
+ 0x9c,0xb4,0xf5,0x2c,0xd8,0xd5,0xf4,0x57,0x4c,0x65,0x7b,0x45,0x38,0x35,0xca,0x3c,
+ 0xed,0xb8,0x24,0xf0,0x3b,0x92,0xa5,0x73,0xd6,0xd3,0xd9,0x13,0x61,0x31,0x3f,0x11,
+ 0xbd,0xcb,0x34,0xd2,0x05,0x9f,0xe2,0xe6,0xce,0x2b,0x85,0x44,0x61,0xaf,0x58,0xa9,
+ 0x29,0x4c,0x88,0xcb,0xfb,0x2a,0x63,0x99,0x76,0xb5,0x6e,0x47,0x48,0x02,0x6f,0x30,
+ 0x40,0xe2,0xfd,0x71,0x12,0xd6,0xad,0x44,0x50,0x06,0x89,0xac,0x77,0x7c,0x07,0x1d,
+ 0x17,0x39,0x19,0x69,0x76,0x2e,0x18,0x64,0x17,0xc4,0x40,0x0a,0xbd,0xda,0x5c,0x16,
+ 0xdc,0xe0,0x07,0x76,0x42,0xf1,0xfc,0x13,0x54,0xe0,0xe8,0xc1,0x4e,0x55,0x8c,0x92,
+ 0x3c,0x1b,0xfb,0x85,0x48,0x8b,0x83,0x50,0xf4,0x15,0x86,0x6a,0x60,0x87,0x1e,0xd7,
+ 0x15,0x1f,0x5f,0xbc,0x5b,0x88,0x05,0x00,0x01,0x19,0x77,0xc7,0x78,0xe1,0x7f,0xe8,
+ 0x91,0x8c,0x5d,0x34,0x3f,0x70,0xb0,0x0d,0x58,0xf7,0x18,0x95,0x61,0x25,0xfe,0x28,
+ 0xb3,0xa5,0xe2,0xd0,0x76,0x04,0xa2,0xb8,0xa8,0x77,0x20,0x44,0x34,0xce,0x90,0x3b,
+ 0x35,0xa0,0x30,0x93,0x6b,0xc7,0x19,0x51,0xca,0x59,0x3d,0xf9,0x7d,0x24,0xe8,0xe8,
+ 0xad,0x8f,0x2d,0xc9,0xb7,0x8f,0x76,0xef,0x13,0xa1,0xd3,0x86,0xca,0x85,0x7c,0xed,
+ 0x48,0xf1,0x9f,0x3e,0xbe,0x39,0x10,0x8f,0x9b,0x33,0xff,0x59,0xeb,0x05,0x56,0xb1),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x23,0x7a,0x7e,0x44,0xb0,0xa6,0xc2,0x68,0xbb,0x63,0x36,0x4b,0x95,0x8a,0xe0,0x2b,
+ 0x95,0xe7,0xee,0xd3,0x6b,0x3e,0xa5,0xbf,0xb1,0x8b,0x9b,0x81,0xc3,0x8e,0x26,0x63,
+ 0xd1,0x87,0x14,0x4e,0x32,0x3f,0x9c,0xea,0xfb,0x47,0x95,0x07,0xd1,0x84,0xe6,0x3c,
+ 0xfb,0xec,0x3e,0xcd,0xbb,0x8a,0x05,0xd2,0xdf,0xc8,0x92,0x96,0x93,0xed,0x9e,0x3e,
+ 0x79,0xe5,0xf8,0xab,0xfc,0x41,0x7b,0xa1,0xe1,0x7e,0x3e,0x28,0x1e,0x8a,0x0a,0x32,
+ 0xf0,0x84,0x11,0x7f,0x28,0xc3,0xdc,0xbe,0xc5,0x1b,0x86,0xf5,0xc8,0x5b,0x28,0x22,
+ 0x44,0x1a,0x94,0x23,0xb5,0xb4,0x46,0xd3,0x92,0x8f,0x97,0x76,0x26,0xa3,0x34,0x57,
+ 0x9b,0x39,0xcf,0xaf,0x58,0xf2,0x14,0xc9,0x8d,0x0c,0xdf,0x64,0x0b,0xe1,0xac,0x59),
+ .s = chunk_from_chars(
+ 0xaf,0x07,0x6b,0xc2,0x13,0xca,0xf7,0x56,0x19,0xf4,0xbd,0x1d,0x78,0x7c,0xc1,0x98,
+ 0xf7,0xdf,0x33,0x24,0xa0,0xdd,0x87,0xa8,0x84,0x16,0xe0,0xa4,0xb8,0x1c,0x2f,0xb9,
+ 0xa9,0xdb,0x5f,0x98,0xae,0xd4,0x3b,0xc1,0x5f,0xe2,0x35,0x71,0x43,0xa6,0xe4,0xff,
+ 0x70,0x1d,0x9c,0x48,0xf5,0x1d,0xe9,0xeb,0x80,0x36,0x70,0xbb,0xc4,0xb0,0xae,0xa7,
+ 0x22,0x0b,0xe2,0xf8,0x4b,0x83,0x00,0x31,0x8c,0x77,0xa9,0xf6,0x15,0x98,0x6c,0x49,
+ 0x80,0xab,0xda,0x85,0xe3,0xad,0x00,0x89,0x56,0x4d,0xba,0xf7,0xf4,0x4d,0x81,0xb6,
+ 0x66,0x4e,0xec,0x03,0x11,0xad,0xb1,0x94,0xd4,0x6d,0xe9,0x6b,0xb1,0x7d,0x5a,0x5d,
+ 0x47,0x42,0x68,0x45,0x80,0x2c,0xa0,0xf4,0x9a,0x16,0x9e,0xb8,0x2b,0x75,0xaf,0xa1,
+ 0x91,0x02,0x7a,0x0c,0xc8,0xfc,0xe9,0xdd,0x16,0x05,0x53,0x50,0xdf,0x97,0x45,0xfc,
+ 0x72,0x00,0xff,0x9f,0x4e,0xa3,0xcf,0xbf,0xc6,0x6c,0x42,0x84,0x81,0x13,0xe3,0xbe,
+ 0x32,0x93,0xd5,0x10,0x38,0x2d,0x09,0x99,0xf0,0x32,0x51,0x55,0x27,0xbd,0x99,0xf6,
+ 0x6e,0xfa,0x2a,0x75,0x5e,0x01,0x12,0x47,0xb2,0x23,0xa6,0x8e,0x51,0x25,0x8b,0x6b,
+ 0xc3,0x19,0xa7,0xcd,0xef,0x4a,0xec,0x53,0x3e,0x9d,0xcd,0x8a,0xe2,0x6e,0x34,0x9e,
+ 0x5b,0x33,0xc7,0x91,0x21,0x90,0x7d,0xe5,0x09,0xa1,0xcb,0x83,0xc2,0xe5,0x9a,0x47,
+ 0xc1,0xa8,0x84,0xbf,0x68,0xe7,0x22,0x93,0x16,0xa6,0x2e,0x3c,0x49,0xd1,0xf5,0x42,
+ 0xeb,0xe7,0x10,0x5c,0xfc,0x27,0x09,0x92,0x68,0x12,0x0a,0x77,0x43,0x90,0x84,0x71),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xab,0x18,0x93,0x92,0x30,0xb0,0x96,0x64,0x6a,0x37,0xa7,0x81,0x62,0x9f,0xbd,0x92,
+ 0x70,0xf3,0x89,0x1a,0x5c,0xea,0xb4,0xa8,0xc3,0xbc,0x68,0x51,0xbc,0x34,0x11,0x5d,
+ 0xbc,0x06,0x65,0x41,0xb7,0x64,0xa2,0xce,0x88,0xcc,0x16,0xa7,0x93,0x24,0xe5,0xf8,
+ 0xa9,0x08,0x07,0x65,0x2c,0x63,0x90,0x41,0x73,0x3c,0x34,0x01,0x6f,0xd3,0x0a,0xf0,
+ 0x8f,0xed,0x90,0x24,0xe2,0x6c,0xf0,0xb0,0x7c,0x22,0x81,0x1b,0x1a,0xe7,0x91,0x11,
+ 0x09,0xe9,0x62,0x59,0x43,0x44,0x72,0x07,0xdc,0xd3,0xff,0xf3,0x9c,0x45,0xcb,0x69,
+ 0xee,0x73,0x1d,0x22,0xf8,0xf0,0x08,0x73,0x0c,0xe2,0xef,0xc5,0x3f,0x11,0x49,0x45,
+ 0x57,0x3e,0xa2,0xdd,0xeb,0xb6,0xe2,0x62,0xc5,0x27,0xd2,0x0f,0x8b,0xb1,0xdc,0x32),
+ .s = chunk_from_chars(
+ 0x95,0xbd,0x0b,0xf2,0x36,0x2f,0x34,0xb2,0xe0,0x40,0x75,0xb2,0x93,0x4f,0x40,0x47,
+ 0x98,0x70,0x3e,0xa4,0x72,0xb8,0x1a,0xc3,0xcc,0x22,0x3a,0xec,0x48,0x6e,0x4c,0x3d,
+ 0x9c,0x5d,0x1c,0x2f,0x9e,0xe2,0x24,0x17,0x13,0x29,0x64,0xed,0x58,0xe4,0x99,0x37,
+ 0xf5,0xb2,0x57,0xd3,0x16,0xca,0x7f,0xff,0xe2,0x90,0xb1,0x9f,0x5b,0x58,0x10,0x38,
+ 0x36,0x81,0x2b,0xef,0x30,0xca,0x03,0x27,0x03,0x9d,0x8b,0x9e,0xa9,0x12,0x95,0x39,
+ 0x2f,0xc3,0x94,0xb8,0x81,0xe2,0xd2,0xac,0x9e,0x30,0xc5,0xa4,0x42,0x56,0x70,0x0f,
+ 0xc9,0xde,0x0d,0xba,0x29,0x82,0x73,0xae,0xc3,0x0c,0x4f,0x77,0x8d,0x2e,0x71,0x27,
+ 0xe8,0xb8,0xa8,0x8b,0x02,0x74,0xfc,0xe0,0x40,0x81,0xcc,0x13,0xad,0xbe,0xfe,0x55,
+ 0x50,0x14,0xe1,0xb5,0xd5,0xdc,0xf6,0x22,0x4c,0x5a,0xe2,0x77,0x54,0x23,0xa6,0x6c,
+ 0x81,0x81,0x8e,0xec,0x01,0x4a,0x3f,0xaf,0x9e,0xe7,0x5a,0x3f,0x6c,0x3e,0x51,0xc5,
+ 0x56,0xb0,0xa2,0x88,0xe8,0xc2,0x62,0x94,0x66,0x84,0xeb,0x62,0x8b,0x88,0xe3,0xf8,
+ 0x75,0xe6,0x2e,0xf6,0xe8,0x01,0xca,0xe7,0x5f,0x61,0xce,0xe4,0x04,0x97,0x1c,0x39,
+ 0xd2,0x4a,0x97,0x12,0xeb,0x34,0x2d,0xdc,0x66,0x35,0x15,0xde,0xc1,0x03,0xb1,0x8d,
+ 0x97,0xd7,0x8e,0xd6,0x82,0x12,0xf2,0x79,0x00,0xe7,0x7c,0x04,0x9b,0x60,0xc8,0x53,
+ 0x00,0x2b,0x08,0x02,0x2d,0xf5,0x6f,0x70,0x7e,0xfa,0x71,0x02,0x75,0x89,0xe1,0xa3,
+ 0xca,0x6e,0x41,0x5b,0xa5,0xf4,0x43,0x7e,0x97,0x8b,0x07,0xaf,0x3b,0x73,0xba,0x0d),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xa2,0x80,0xe8,0x9c,0xeb,0x2c,0x8c,0xf2,0x62,0x97,0x19,0x1b,0xaf,0x9a,0x95,0x5d,
+ 0x0d,0x52,0x37,0x5d,0xa0,0x23,0x63,0x3e,0x0a,0xfc,0xdb,0x0d,0x39,0xdc,0x33,0x5d,
+ 0x82,0x95,0x85,0x2e,0xf4,0xd0,0x67,0x14,0xe6,0x51,0x1a,0x95,0xd3,0x7c,0x04,0xd2,
+ 0x68,0x18,0x60,0x6a,0xda,0x54,0x35,0x9b,0x7d,0x07,0x84,0xaa,0x93,0x3c,0xc6,0x85,
+ 0x61,0xee,0x96,0xa8,0x89,0x10,0xaa,0x3d,0x93,0xd1,0x07,0x87,0xcd,0x1d,0x75,0x80,
+ 0x55,0x67,0x31,0xc1,0x74,0xa6,0xe3,0xa3,0x2d,0x9d,0xcf,0xa4,0x16,0x60,0x4f,0x0c,
+ 0x67,0x14,0x81,0xd0,0x51,0xf6,0x3d,0xb6,0x91,0x9f,0x4a,0xba,0x44,0x86,0xd1,0xb0,
+ 0xfd,0xc6,0x11,0x2c,0x15,0x21,0x55,0x9f,0x42,0x45,0x23,0xc2,0x6b,0x4f,0xb7,0x38),
+ .s = chunk_from_chars(
+ 0xcd,0x60,0xde,0x3b,0x4a,0x12,0x89,0xa8,0x4c,0xa7,0x61,0xf9,0x0f,0xa6,0x3f,0x4d,
+ 0x56,0x88,0xbd,0x88,0x5f,0x4b,0x53,0x1c,0x85,0x15,0xad,0xd2,0xde,0x12,0x51,0xf9,
+ 0x93,0xff,0x7f,0x98,0x6b,0xef,0x3f,0xba,0x69,0x2e,0xcd,0xeb,0xc8,0x19,0x42,0xd7,
+ 0x42,0x9c,0x7a,0x59,0xc5,0xd3,0xf1,0xfb,0x87,0x2f,0xc1,0xda,0x19,0x15,0xe9,0x45,
+ 0x86,0xa5,0xc3,0xd9,0x63,0x60,0x36,0x19,0x00,0x8f,0x7e,0xfe,0xde,0xd1,0xd7,0x0b,
+ 0x0a,0x11,0xce,0x2c,0xd8,0x1b,0x5b,0x0d,0x86,0xb3,0x76,0x0c,0x94,0x83,0x67,0x4f,
+ 0x55,0xe9,0xfa,0x47,0xf2,0xf3,0x10,0xd5,0x88,0xfb,0x21,0x60,0xe8,0xb5,0xc3,0x2b,
+ 0xe4,0xe7,0xa9,0x68,0xd5,0xa8,0xd4,0xac,0x65,0x76,0xb7,0x1a,0x2b,0x91,0xcd,0x6a,
+ 0xf0,0x01,0x6c,0xbc,0x81,0x6d,0x4a,0xae,0x8c,0x70,0x64,0x9e,0x08,0xdc,0xe9,0x0b,
+ 0x3c,0xe5,0x2a,0xb4,0x9c,0xe2,0xcb,0x5b,0x0e,0xd8,0xa4,0x5e,0x33,0xd9,0x4c,0xf2,
+ 0xd4,0xcf,0xde,0xe1,0x15,0x12,0x70,0xb2,0x07,0x3a,0xef,0xfe,0xaf,0x71,0x7d,0x39,
+ 0xe0,0x41,0x92,0xb8,0xb6,0x93,0xc5,0x3f,0x21,0xa6,0x12,0x38,0x13,0x28,0x08,0x06,
+ 0x92,0x0b,0x7d,0xc5,0x82,0x20,0x1c,0x9d,0x11,0x70,0x50,0x32,0x06,0x71,0xe8,0x61,
+ 0x39,0xa0,0x27,0x97,0x6b,0x7e,0xcf,0x41,0x33,0x69,0xa9,0xfc,0x28,0xe0,0xbd,0x71,
+ 0x9c,0xeb,0x5e,0x10,0x7d,0xe7,0x99,0xf1,0xbc,0x2e,0x25,0x5a,0x9f,0x29,0x47,0x6d,
+ 0x45,0x74,0xd1,0x33,0x2f,0x66,0x46,0x8a,0xfb,0x90,0x04,0xff,0x7b,0x53,0x53,0x02),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x85,0xed,0x1e,0x3d,0xfc,0xd5,0xbc,0xa2,0x4c,0xad,0x1d,0x01,0xeb,0xe1,0x92,0xb7,
+ 0xd0,0x59,0xec,0x9b,0x88,0x44,0x36,0xe1,0x87,0x14,0xa4,0x3f,0xbc,0xc9,0xc6,0x4f,
+ 0x68,0x73,0x01,0x35,0x2f,0xf2,0x40,0x81,0x70,0x01,0xe7,0x57,0xd2,0x73,0x09,0xcd,
+ 0x1f,0xbb,0xda,0x94,0x56,0xb2,0x67,0xdb,0xfb,0x95,0x84,0x70,0xb2,0x4d,0x06,0x28,
+ 0x0c,0xf4,0x33,0x82,0xa1,0x94,0x77,0x87,0x5f,0x32,0x59,0xf4,0x21,0x0b,0xac,0x9b,
+ 0x83,0x1d,0x0a,0x07,0xf5,0xe9,0x7e,0x5f,0x0f,0x78,0x81,0x8c,0x25,0x9c,0x28,0x9e,
+ 0x1a,0x78,0x9b,0x6c,0x79,0x42,0xc9,0x7b,0xc1,0x48,0x5a,0x22,0x01,0x31,0xe5,0xeb,
+ 0xa5,0x86,0x64,0x3b,0x90,0x71,0xe5,0x36,0x6b,0xc4,0x82,0xdd,0x3c,0x3c,0x92,0x79),
+ .s = chunk_from_chars(
+ 0x13,0x81,0x34,0xbb,0xec,0xef,0xaf,0xc7,0xca,0x8b,0x10,0x2c,0xbe,0x87,0xb0,0x12,
+ 0xf8,0xaa,0xda,0x88,0x78,0x99,0x50,0x02,0xcf,0x18,0x87,0x69,0x4b,0x5b,0xe3,0xb8,
+ 0xf0,0xbb,0x61,0x6b,0xc6,0xe0,0x79,0x62,0xd5,0x48,0x2d,0x3a,0x52,0xc5,0x2a,0xb9,
+ 0x1b,0x3e,0xe0,0x06,0x4d,0x24,0x55,0x8e,0x13,0xc7,0x5c,0x80,0xf6,0xa9,0x5b,0x7d,
+ 0xc4,0x98,0x44,0x28,0x79,0xd5,0xba,0xf8,0xff,0xa7,0xe2,0xf6,0x38,0x80,0x8b,0x97,
+ 0xff,0x70,0x13,0x6b,0xb6,0x45,0xe3,0x09,0x44,0xdd,0x97,0xa9,0x97,0xa0,0x20,0x51,
+ 0x69,0x55,0x3a,0x5b,0x9e,0x87,0x4c,0x5a,0x94,0x41,0xe1,0x8c,0x15,0xeb,0xed,0x76,
+ 0x04,0x3b,0x63,0x9d,0xfd,0x64,0xdb,0x79,0xe1,0x74,0x84,0x7a,0x10,0x27,0x24,0xa2,
+ 0xa0,0x5c,0x64,0x94,0x73,0xcc,0x7d,0xac,0xd3,0x9e,0x2e,0x1d,0x56,0x66,0xbb,0xb5,
+ 0xf0,0x12,0x46,0x74,0x70,0x48,0xff,0xfc,0xdf,0xcd,0xdf,0x78,0x2d,0xa2,0x4a,0x6d,
+ 0xcc,0x02,0x2b,0x26,0x95,0xf7,0x07,0x81,0xbd,0x9f,0x8f,0xf7,0xd0,0x3b,0xe2,0x2e,
+ 0xb8,0xfc,0x79,0x3f,0x5c,0x07,0x1a,0x66,0xd9,0xa6,0xea,0x46,0xc6,0xa2,0xcf,0x05,
+ 0x56,0x52,0x6b,0xa8,0xb0,0x85,0x07,0x35,0x46,0x44,0x80,0x81,0x73,0x2a,0xc1,0x5f,
+ 0x12,0x83,0x3c,0x1d,0xb1,0x70,0x1f,0xf7,0xf6,0x83,0x44,0xca,0x65,0xdf,0xf8,0x62,
+ 0x11,0xa0,0x03,0xad,0xbf,0x51,0x89,0xcf,0xae,0x79,0xea,0xa8,0xc8,0xb7,0x14,0x1e,
+ 0xa3,0x78,0xe4,0x4c,0xc9,0xc5,0xbf,0x02,0x4d,0x2c,0x71,0x0f,0xf5,0xcd,0x68,0xaf),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x0b,0xdb,0xa3,0x4e,0x35,0xfc,0xa6,0x5a,0x17,0x81,0xd4,0xd7,0xc9,0x33,0xa5,0xf2,
+ 0x10,0xd3,0xa5,0x94,0x83,0xae,0xbc,0x95,0xec,0x71,0xb3,0x2d,0xf1,0x3f,0xf4,0xab,
+ 0xf4,0x01,0x91,0x69,0x37,0xfd,0x88,0xff,0x44,0xab,0x46,0xb7,0x8c,0xc3,0x69,0x41,
+ 0x4e,0x9b,0xca,0xa8,0xba,0xb0,0xbb,0x85,0x57,0x82,0x8d,0x73,0xa2,0xa6,0x56,0xc2,
+ 0xf8,0x16,0xf0,0x70,0xb5,0xcb,0x45,0x54,0x9e,0x8e,0xca,0x9d,0x7c,0x0b,0x4a,0x7b,
+ 0x0a,0x27,0xe5,0x1c,0x11,0x93,0x58,0xda,0xd2,0xa1,0x7f,0xb3,0xa4,0x57,0x18,0xf9,
+ 0xde,0xc3,0xc9,0x4a,0xf7,0x8d,0x65,0xc3,0xec,0xd3,0x6b,0x71,0xe2,0x30,0xcf,0x08,
+ 0x0d,0x1e,0xfd,0xd8,0xd0,0x7f,0x1c,0xfc,0x26,0x76,0x8f,0xd5,0x40,0x7b,0xc2,0xb7),
+ .s = chunk_from_chars(
+ 0x9f,0x48,0xde,0xb9,0x6b,0xec,0x0b,0x72,0xfb,0xc4,0xf1,0x2f,0x08,0xaf,0xb4,0x6b,
+ 0xcc,0xf1,0x9d,0x9e,0x0c,0xd0,0x36,0x8e,0xbe,0xb3,0x12,0xd8,0x38,0x72,0x62,0x63,
+ 0x80,0xac,0x92,0x8b,0x61,0x2c,0x5c,0xd7,0x74,0x38,0xd4,0x7a,0xa9,0xce,0xea,0x90,
+ 0x5a,0x9d,0xe7,0x18,0x2c,0x8e,0xf7,0x6e,0x8a,0x7a,0x03,0xd6,0xef,0xec,0x84,0x00,
+ 0xb6,0x49,0x63,0x62,0xbf,0x6a,0x30,0xce,0xb1,0xce,0xd2,0x18,0x5f,0xc7,0xc2,0x11,
+ 0x7b,0x6a,0x6d,0x88,0x8a,0xc2,0x0c,0x16,0x87,0xb0,0xf2,0xaa,0x9b,0x76,0x70,0x5f,
+ 0xd3,0x15,0x48,0x89,0xb6,0xac,0xaf,0x4e,0x63,0xbe,0x25,0x88,0x0c,0x71,0xe6,0xc2,
+ 0x39,0xec,0xfb,0x96,0x50,0x04,0xcd,0x63,0x21,0x25,0x7f,0x84,0x6a,0xfd,0x2a,0x65,
+ 0x90,0xc7,0x2a,0xd8,0x31,0x46,0xee,0xfc,0x7b,0x0d,0xc4,0x79,0x63,0x39,0xa7,0xf6,
+ 0x4d,0xa0,0xfb,0xe3,0x59,0xf9,0x4a,0xce,0x1f,0xd1,0x51,0xc5,0xac,0x7b,0xb5,0x70,
+ 0x7b,0x32,0xea,0xcf,0x56,0x4f,0xe1,0x62,0x2e,0x66,0xe1,0x84,0x4e,0x63,0x96,0x02,
+ 0xca,0x36,0x27,0x4a,0xe0,0x1f,0x93,0xe6,0xb2,0xbd,0x1e,0xff,0xd3,0x4a,0xb6,0x3d,
+ 0x85,0x2c,0xc9,0xca,0xf3,0xce,0x84,0x46,0xc2,0x9c,0x8a,0xe3,0xc6,0x11,0x0f,0xb7,
+ 0x53,0x8c,0xc8,0x37,0x1c,0x2a,0x39,0x81,0x24,0x9c,0xdc,0x1b,0xe2,0xb2,0x4b,0x6a,
+ 0x0c,0x95,0x17,0x64,0xd0,0xb7,0xef,0xa9,0x2a,0x22,0xcd,0x8e,0xd1,0x65,0xe1,0x82,
+ 0x86,0x35,0x79,0x37,0x79,0x97,0xa9,0xee,0x50,0xc8,0xac,0x3a,0xa4,0xdf,0x1a,0xca),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x9a,0xee,0xd8,0x5b,0x40,0xba,0x7f,0x86,0xa2,0x28,0xb5,0xa1,0x51,0x5b,0xa1,0x90,
+ 0xb2,0xef,0xff,0x66,0x99,0x3a,0x5e,0xce,0x19,0xd1,0x8b,0xaa,0x9b,0x4e,0x4d,0xf9,
+ 0x2e,0x51,0x52,0xfe,0x1e,0xc5,0x6a,0x9f,0xc8,0x65,0xf3,0x0b,0xac,0x7e,0x94,0x9f,
+ 0xc4,0xf6,0x2f,0x0b,0x15,0x8d,0x10,0xb0,0x83,0x63,0x6b,0x4d,0xe9,0xbb,0x05,0xdb,
+ 0x69,0xfe,0x31,0xb5,0x01,0x03,0xfe,0xfc,0x5f,0x8d,0xaf,0x3a,0xf7,0x15,0x6b,0x45,
+ 0x52,0xca,0x36,0x67,0xa9,0xd7,0x20,0xbb,0xb2,0xe4,0xbc,0xda,0xba,0xdf,0xd4,0xb7,
+ 0xf4,0xfc,0x5b,0xc8,0x11,0xfa,0xa3,0x67,0x10,0xa9,0xd1,0x77,0x58,0xa9,0x8d,0x4a,
+ 0x04,0x74,0xfe,0xc2,0x7e,0x9e,0xf5,0xb7,0x4f,0x5c,0x68,0x99,0x35,0x44,0x23,0x57),
+ .s = chunk_from_chars(
+ 0x9e,0xec,0xdb,0xd7,0xfb,0xf6,0x18,0xdd,0xdd,0xfb,0x6e,0x75,0xd6,0x44,0x40,0xf6,
+ 0x04,0x45,0xb8,0x53,0xc5,0x42,0xfe,0x0f,0xba,0xaa,0x6a,0x43,0x12,0x94,0xe6,0xcb,
+ 0x66,0x83,0xae,0x1a,0x71,0xea,0x05,0x5e,0xb4,0x9c,0xd2,0xa3,0xcb,0x51,0x54,0xdc,
+ 0x93,0xd9,0xaa,0x16,0x63,0x99,0xf4,0xe6,0x29,0x4f,0x0e,0xb0,0x65,0x28,0x00,0xd7,
+ 0x1e,0x04,0x1c,0x1c,0xe1,0xad,0x84,0x9c,0x03,0xc9,0x63,0xbc,0x09,0x29,0xdc,0xdd,
+ 0x11,0xbe,0x5d,0x67,0xa0,0x50,0xd0,0x2b,0x64,0xb2,0x9e,0xab,0xa6,0x55,0x64,0x2b,
+ 0x64,0x36,0xfb,0xfb,0x16,0x36,0x90,0xbf,0x43,0x2f,0xdc,0xee,0xdd,0x10,0x6c,0x2f,
+ 0x49,0x72,0xec,0xbf,0x30,0x77,0xed,0x8b,0x75,0x3b,0xb6,0x05,0xec,0x1e,0xa0,0x30,
+ 0x20,0x83,0x9a,0x31,0x8a,0x24,0xf8,0xd4,0xc1,0xd7,0xd8,0xdf,0x99,0xa7,0xf0,0x01,
+ 0x0a,0xe4,0x1a,0x8b,0x06,0x8e,0x28,0x88,0x53,0x10,0x56,0xa7,0xda,0xbb,0xe9,0x21,
+ 0x87,0x8d,0xcd,0x3c,0x7d,0x69,0x41,0x68,0x67,0xf4,0x01,0x2a,0x60,0x6a,0xe8,0x68,
+ 0x55,0xf1,0x5a,0xed,0x0d,0xa1,0x25,0x0e,0x59,0x68,0x77,0x06,0xe8,0x9c,0x94,0x94,
+ 0xba,0xf3,0x7f,0x61,0xfb,0x17,0x03,0xb7,0x99,0x28,0x79,0x5f,0x90,0xcc,0xbe,0x29,
+ 0x3a,0x1e,0x94,0x72,0xf6,0xe0,0xf4,0xb8,0x90,0xfd,0xda,0x3e,0xa2,0x52,0x2e,0x3d,
+ 0x11,0xd5,0xab,0xdf,0x00,0x69,0x51,0x94,0x24,0xd1,0x47,0xb5,0x64,0x6a,0x5a,0x60,
+ 0x1f,0x19,0xec,0x89,0x72,0x9a,0x8b,0x48,0x46,0x1e,0x71,0xc0,0x8b,0xbe,0x9c,0xda),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x65,0x4e,0x18,0x9f,0x06,0xc7,0xd4,0x2d,0x55,0x39,0xa5,0x87,0x21,0x84,0xf8,0x33,
+ 0x6c,0xf1,0x00,0x69,0x1f,0x19,0x08,0x18,0xfd,0x02,0x08,0x2a,0xd6,0x8a,0x76,0x09,
+ 0xfd,0x09,0x5e,0x62,0xfc,0x32,0xb5,0x29,0x85,0x3a,0xeb,0xdd,0xac,0x3d,0xbf,0x0d,
+ 0x54,0xdd,0x57,0x1b,0xe7,0x2c,0x90,0x40,0x4b,0xcc,0x93,0xd0,0x11,0x54,0xa9,0xbf,
+ 0xef,0xf6,0x50,0x65,0x70,0x5f,0x8e,0x7e,0xea,0xdf,0x85,0x75,0xb1,0xca,0x48,0xe2,
+ 0x8a,0x1e,0xed,0x51,0x62,0x65,0xe3,0x45,0x40,0xdd,0x86,0x7c,0x79,0xd7,0xf1,0x75,
+ 0x23,0x5d,0x13,0x30,0xcb,0x17,0x06,0x35,0x6b,0x70,0x9b,0xd7,0x96,0xf4,0x3a,0xba,
+ 0xf6,0xfc,0xe9,0x93,0xf8,0x8e,0xaa,0x2f,0xc6,0x7f,0x0a,0xb7,0x76,0xda,0xf7,0x32),
+ .s = chunk_from_chars(
+ 0xaf,0x90,0x29,0x8b,0xce,0xf6,0x15,0x30,0x9f,0x23,0x5d,0x5c,0x33,0x60,0xf0,0xdf,
+ 0x11,0xf5,0xfb,0x98,0x87,0x89,0xf2,0x13,0xd4,0xc4,0x61,0x34,0xfe,0xe5,0xeb,0x10,
+ 0x4a,0xa1,0xfa,0xbb,0x13,0x07,0xc9,0xa9,0x04,0x70,0x9d,0xe8,0x86,0x73,0xed,0x99,
+ 0x51,0xcb,0xa9,0x31,0x67,0xc6,0x7c,0x09,0xd8,0x27,0x02,0x1b,0x08,0xa2,0x2c,0x05,
+ 0x05,0x82,0x8a,0xb4,0xbe,0xb4,0x2e,0x59,0xa3,0x88,0x32,0xcb,0x4d,0xa2,0x4e,0xcf,
+ 0x91,0xf4,0x70,0xa3,0xb4,0x12,0xc0,0x71,0x2a,0x8a,0x59,0xf6,0xf2,0x73,0x9d,0x4e,
+ 0x9e,0xb4,0xcc,0x58,0xd2,0xc5,0x25,0x92,0xf1,0x45,0x2d,0xc6,0x57,0x59,0xab,0xe4,
+ 0x3e,0x8d,0x2b,0xc8,0x04,0xe2,0xef,0xb3,0xef,0xc9,0xb2,0x3c,0xc1,0x73,0x4f,0xf7,
+ 0xca,0xef,0xa4,0x6b,0x03,0xba,0x4b,0x39,0x7d,0x07,0x14,0xcd,0xb8,0x50,0x1a,0x81,
+ 0x2c,0x1b,0x9f,0x47,0x41,0x1c,0x91,0xcb,0xa5,0x3a,0x3d,0x3b,0x13,0x9e,0xdb,0xd7,
+ 0xcb,0xb5,0x43,0xf5,0xbf,0x38,0x29,0xba,0x7f,0x5f,0xaf,0xd8,0xa7,0x12,0xc0,0xb1,
+ 0x11,0x94,0x3f,0x53,0x20,0x93,0x53,0xaf,0xab,0xa1,0x76,0xb3,0xf5,0xdc,0x06,0x03,
+ 0x39,0xd0,0x9b,0x1f,0xb3,0xc2,0x13,0xda,0xe5,0xd0,0xf0,0x04,0xd3,0x02,0x82,0x85,
+ 0x60,0xfb,0x5d,0xeb,0xf9,0xfe,0x49,0x1e,0xaa,0x66,0xf5,0x97,0xaa,0x4d,0xe2,0x3e,
+ 0xee,0xf9,0x17,0x63,0x58,0x75,0x5c,0x95,0x2e,0xf9,0x6e,0x36,0x72,0x58,0x3b,0x6e,
+ 0xcd,0x95,0xa0,0x2e,0x8c,0xa7,0xb2,0x1d,0x7c,0x20,0xcb,0xb7,0xa7,0x57,0xaf,0x71),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x12,0x1f,0x80,0xb4,0x3f,0x97,0x57,0xb3,0xfa,0x80,0x90,0x6a,0xea,0xb2,0x32,0x19,
+ 0x5f,0x0e,0x2c,0x41,0xe5,0xbf,0x8c,0x09,0x1a,0xc0,0xf1,0xe0,0xbc,0x9e,0x43,0x64,
+ 0x06,0x80,0xa1,0x82,0x3d,0x64,0x9b,0xdf,0x86,0xab,0xa2,0x77,0xfa,0xd8,0xbc,0x85,
+ 0xfc,0x95,0x7d,0xa2,0xca,0xf7,0x32,0x30,0x53,0x02,0x5f,0xf9,0x49,0x70,0x6c,0x14,
+ 0x76,0xae,0x9b,0x09,0x53,0x28,0x3d,0x34,0xd7,0xc6,0x26,0x6f,0x8d,0xb6,0x5e,0xeb,
+ 0xe9,0x6d,0x19,0x5f,0xdc,0xe8,0xe9,0x65,0xa6,0x38,0x33,0x20,0xec,0x3d,0xe0,0x23,
+ 0x0a,0xb2,0x54,0x8e,0xaa,0x69,0xa4,0x7a,0x96,0xd8,0x03,0x98,0xca,0xd5,0x7e,0x14,
+ 0xce,0x9e,0xea,0xc0,0x42,0x1c,0x1a,0x6e,0xba,0x69,0x55,0x9d,0xcd,0x8f,0x06,0x59),
+ .s = chunk_from_chars(
+ 0x06,0xa2,0xd7,0x45,0x85,0xf1,0x2e,0xa7,0xa8,0x05,0x27,0xb8,0xc6,0x35,0xa2,0x1c,
+ 0xc1,0x1b,0x45,0xdb,0xb0,0x88,0x5a,0x12,0x72,0x21,0x26,0x81,0x1d,0xd2,0x5d,0x65,
+ 0x7b,0xfa,0x9f,0xda,0x77,0x43,0x01,0xca,0x34,0x98,0xd0,0x5d,0xfd,0xfb,0x78,0xa6,
+ 0xaa,0x16,0xa9,0xf8,0xa9,0x5f,0x40,0xf1,0xf0,0x4b,0xd3,0x54,0xa5,0x22,0xf6,0xa2,
+ 0xd6,0x2b,0x32,0x4e,0xfa,0x3c,0x00,0x6c,0x22,0xc2,0x31,0x4b,0x01,0xfa,0x0e,0x91,
+ 0xa3,0xdb,0xa4,0x9a,0xa3,0x5b,0x46,0xb1,0x98,0x04,0xb0,0x7a,0xd9,0x8f,0xe4,0xbc,
+ 0x99,0x03,0x93,0xa4,0xa2,0x73,0xce,0x8f,0x1c,0x85,0xfc,0x19,0xcd,0x5e,0xae,0x9a,
+ 0xf0,0xb7,0xd1,0x95,0x7b,0xb2,0x34,0x09,0x77,0x8a,0x01,0x0b,0x00,0xc6,0x95,0x9e,
+ 0x1b,0x67,0x06,0x6f,0xdb,0x9f,0x84,0x95,0xb4,0xde,0x4d,0xcb,0xb9,0x87,0x35,0x81,
+ 0x45,0xb1,0xff,0x6a,0x39,0xef,0x6f,0xc5,0x88,0xcd,0xa1,0x74,0x4e,0x0a,0xb9,0xe7,
+ 0xeb,0x00,0x2c,0x29,0xa7,0x85,0x31,0xd2,0x51,0x57,0xc5,0xc2,0xcd,0x64,0x70,0x55,
+ 0x15,0x60,0xa0,0x28,0x45,0xdb,0x6d,0xbe,0xe2,0x42,0xf9,0x65,0xa2,0x55,0x40,0x6f,
+ 0x6e,0xf4,0x7b,0x32,0x21,0xa5,0x11,0x0e,0xdb,0x44,0xd3,0x8b,0x94,0x19,0x1a,0xea,
+ 0xf4,0x33,0xc0,0xec,0xe3,0x48,0x0b,0x9d,0x1b,0x06,0xd8,0xb8,0xb6,0xc0,0xa2,0x32,
+ 0xa0,0x4c,0x56,0x78,0x88,0xe6,0x37,0x2f,0x2e,0x94,0xbc,0x2b,0xe6,0xb8,0x27,0xf8,
+ 0x71,0x2a,0xf4,0x8c,0x6f,0x1e,0x4f,0x22,0x3f,0x55,0x28,0xfc,0xf3,0x48,0x79,0x9d),
+ },
+};
+
+START_TEST(test_sign_pkcs15_2048)
+{
+ signature_scheme_t scheme = pkcs15_2048[_i].scheme;
+ chunk_t sig;
+
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, scheme)) ||
+ !lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, scheme)))
+ {
+ warn("%N not supported, skip test", signature_scheme_names, scheme);
+ return;
+ }
+ fail_unless(privkey_2048->sign(privkey_2048, scheme, NULL, pkcs15_2048[_i].m, &sig),
+ "sign %N", signature_scheme_names, scheme);
+ ck_assert_chunk_eq(pkcs15_2048[_i].s, sig);
+ fail_unless(pubkey_2048->verify(pubkey_2048, scheme, NULL, pkcs15_2048[_i].m, sig),
+ "verify %N", signature_scheme_names, scheme);
+ free(sig.ptr);
+}
+END_TEST
+
+/**
+ * Test vectors from FIPS 186-4
+ */
+static struct {
+ signature_scheme_t scheme;
+ chunk_t m;
+ chunk_t s;
+} pkcs15_3072[] = {
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0xbc,0xf6,0x07,0x43,0x33,0xa7,0xed,0xe5,0x92,0xff,0xc9,0xec,0xf1,0xc5,0x11,0x81,
+ 0x28,0x7e,0x0a,0x69,0x36,0x3f,0x46,0x7d,0xe4,0xbf,0x6b,0x5a,0xa5,0xb0,0x37,0x59,
+ 0xc1,0x50,0xc1,0xc2,0xb2,0x3b,0x02,0x3c,0xce,0x83,0x93,0x88,0x27,0x02,0xb8,0x6f,
+ 0xb0,0xef,0x9e,0xf9,0xa1,0xb0,0xe1,0xe0,0x1c,0xef,0x51,0x44,0x10,0xf0,0xf6,0xa0,
+ 0x5e,0x22,0x52,0xfd,0x3a,0xf4,0xe5,0x66,0xd4,0xe9,0xf7,0x9b,0x38,0xef,0x91,0x0a,
+ 0x73,0xed,0xcd,0xfa,0xf8,0x9b,0x4f,0x0a,0x42,0x96,0x14,0xda,0xba,0xb4,0x6b,0x08,
+ 0xda,0x94,0x40,0x5e,0x93,0x7a,0xa0,0x49,0xec,0x5a,0x7a,0x8d,0xed,0x33,0xa3,0x38,
+ 0xbb,0x9f,0x1d,0xd4,0x04,0xa7,0x99,0xe1,0x9d,0xdb,0x3a,0x83,0x6a,0xa3,0x9c,0x77),
+ .s = chunk_from_chars(
+ 0xd1,0xd2,0x1b,0x8d,0xfa,0x55,0xf0,0x68,0x1e,0x8f,0xa8,0x61,0x35,0xcf,0x29,0x2d,
+ 0x71,0xb7,0x66,0x97,0x13,0xc2,0x91,0xd8,0xf8,0xdc,0x24,0x64,0x64,0xde,0x3b,0xbb,
+ 0x96,0x1b,0x59,0x6d,0xfc,0x8f,0xda,0x6c,0x82,0x3c,0x38,0x40,0x08,0xd0,0x5b,0xcb,
+ 0x3d,0xcc,0xc3,0x6a,0xcc,0xf1,0xb2,0xbe,0xde,0x1a,0x95,0xe5,0x22,0x58,0xd7,0xd1,
+ 0xbd,0xf1,0xfc,0x44,0xe1,0x80,0x72,0xab,0xd4,0x5c,0x13,0x92,0x01,0x5e,0xe7,0x16,
+ 0x92,0x69,0x0e,0xf8,0xcd,0xaa,0xed,0x33,0x7d,0xd8,0x54,0x67,0x83,0xf9,0x61,0xbb,
+ 0x96,0x20,0xeb,0x5c,0x7b,0x8b,0x67,0x16,0xe8,0xc6,0x00,0x35,0x1f,0xab,0x77,0x65,
+ 0xee,0x38,0xa1,0x5d,0x32,0xd8,0xa2,0xc0,0x94,0x98,0x25,0xc4,0x9a,0x7f,0x25,0xee,
+ 0xdd,0x9b,0xe7,0xb8,0x07,0xbb,0xfd,0x51,0x79,0x13,0x78,0x66,0x20,0xd2,0x49,0x82,
+ 0x3d,0xae,0x6f,0xe2,0xfd,0x39,0xac,0x63,0x9d,0xd7,0x48,0x21,0xb0,0xc1,0x20,0xb4,
+ 0x2f,0x31,0xc2,0xc6,0x39,0xd2,0xc6,0x1b,0x39,0x5f,0x09,0xf8,0x68,0x51,0xbc,0x80,
+ 0x9b,0x34,0xc4,0x98,0x1a,0xc6,0x5c,0xf2,0x5b,0x2e,0x8a,0xdc,0xbc,0xe1,0x90,0xef,
+ 0x2e,0xf6,0x7a,0x01,0x89,0x03,0x9c,0x91,0x10,0xf2,0x67,0x01,0xc3,0xee,0xd7,0x31,
+ 0xc8,0xd9,0xea,0xd1,0x78,0x22,0x0f,0xfc,0xac,0x7f,0x0f,0x67,0x8a,0xa2,0x22,0x68,
+ 0xe1,0xd0,0x19,0x42,0xec,0x51,0xe8,0x0e,0xef,0x06,0xe2,0x11,0x28,0x30,0x85,0x5e,
+ 0x87,0xba,0xfe,0x8c,0xc9,0xc2,0x2f,0xd7,0x37,0xc7,0xab,0xbc,0xa5,0xeb,0x7a,0x22,
+ 0x1d,0x38,0x35,0xa8,0x66,0x10,0xd2,0x4b,0x50,0x7b,0x5d,0xcb,0x46,0x18,0xaa,0x42,
+ 0x1f,0x63,0xa5,0x60,0x9e,0xf5,0xd6,0x8f,0x57,0x60,0xfd,0xdf,0x97,0x01,0x35,0x60,
+ 0x2e,0xfa,0xd0,0x85,0x1b,0xbf,0xf9,0x8f,0xe8,0x7f,0xa5,0x8b,0xc3,0x65,0xf3,0x8e,
+ 0xe7,0xec,0x8e,0xf5,0xaa,0xb1,0x7f,0xd1,0x1d,0x89,0xd9,0x1e,0xf4,0xc6,0x04,0xe0,
+ 0xd1,0xf0,0x01,0xd0,0xe0,0x88,0x69,0xdf,0x92,0x25,0xe3,0xb4,0xce,0xf5,0x2f,0xf8,
+ 0x68,0x15,0xe1,0x3b,0x3e,0xfd,0xf4,0x57,0x76,0xf9,0x35,0x37,0x69,0xa8,0xa5,0x1f,
+ 0xe7,0xd8,0x91,0xa7,0xef,0x70,0x35,0xee,0xcf,0xa2,0x59,0x84,0x87,0x38,0x37,0x68,
+ 0x86,0xed,0xc9,0x1c,0xc7,0x8f,0x6d,0xa3,0x1c,0x2f,0x07,0xee,0x36,0x2c,0x3d,0x82),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x2b,0xca,0xd6,0xe7,0x44,0xf2,0x49,0x0b,0xa6,0xa6,0xe0,0x72,0x28,0x32,0x41,0x7e,
+ 0xbd,0x91,0x0f,0x91,0x46,0xeb,0x62,0xba,0xaa,0x5c,0x74,0x95,0x29,0xf7,0x9d,0x6c,
+ 0xed,0x0b,0x81,0xa2,0xe2,0xa4,0x88,0x52,0xc8,0x55,0x8e,0x33,0x87,0x35,0xdc,0xbf,
+ 0xc2,0x28,0x57,0x94,0xae,0x60,0xf8,0x1a,0x25,0x23,0x7c,0x66,0xf6,0xce,0x5d,0x5e,
+ 0x80,0x1a,0x00,0x1e,0x7f,0x9e,0x30,0x9b,0x25,0x95,0xcb,0x86,0x6d,0xe2,0xbb,0x74,
+ 0xac,0x51,0x28,0x3b,0x68,0x20,0xec,0x9f,0x6e,0xbe,0x48,0x2e,0x1f,0xd2,0xd5,0x68,
+ 0x0b,0x7f,0xbd,0x23,0xc1,0xe6,0x2a,0x2e,0xe4,0xed,0xff,0x35,0x82,0x3f,0xc7,0xe4,
+ 0xa2,0x95,0xea,0x4f,0x1c,0x33,0x27,0x92,0xae,0xb5,0x3e,0xb4,0x4b,0x0b,0xed,0xd2),
+ .s = chunk_from_chars(
+ 0x37,0xd9,0x60,0xfe,0x39,0x12,0x98,0xbb,0xdc,0x22,0x3f,0xa1,0xeb,0x1d,0x3c,0xd9,
+ 0xa4,0x6b,0xa8,0xc6,0x2e,0x1d,0xa8,0xc5,0x63,0xc8,0x9a,0x8f,0x0e,0x67,0xb8,0x64,
+ 0xfc,0x89,0x83,0x7f,0xfc,0x08,0xaa,0xb7,0x12,0x2b,0x84,0xc4,0x35,0xc7,0xf9,0x40,
+ 0x6e,0x16,0x5a,0x10,0x29,0x85,0x7c,0x1e,0x4d,0xea,0x65,0x35,0x69,0x27,0x72,0x73,
+ 0xb1,0xd9,0xb0,0xa9,0xf5,0xb0,0xdc,0x24,0xaf,0xdd,0x21,0x44,0x76,0xd4,0x72,0x08,
+ 0xad,0x52,0x21,0xa7,0xd7,0x93,0xca,0xb8,0x06,0x71,0xfb,0x49,0x87,0xc8,0x6b,0xd6,
+ 0x14,0x48,0x80,0xc5,0x9d,0x24,0x87,0x14,0x00,0xf6,0x4b,0xdc,0x6d,0x49,0x6d,0xbd,
+ 0x49,0x7f,0x3d,0xbf,0x64,0x28,0x64,0xfe,0x49,0xaf,0x3e,0x21,0x51,0x5e,0x62,0xd6,
+ 0x0f,0x00,0x71,0xdb,0x48,0x84,0xf4,0x96,0x70,0xea,0xa9,0xe4,0xe4,0x98,0x2f,0x26,
+ 0x9a,0xbe,0x72,0x42,0x44,0x28,0x88,0x59,0xc2,0xad,0xf6,0x0a,0x09,0xfa,0xaa,0xbb,
+ 0x07,0x99,0x0e,0x09,0xe5,0x6d,0xe2,0x54,0xba,0xbb,0xee,0x14,0xbe,0x7e,0xb6,0xed,
+ 0xa0,0xcd,0xb2,0x2f,0x3d,0x0d,0xe8,0x72,0x48,0x04,0x67,0x3f,0xb9,0x9f,0x86,0xef,
+ 0xb4,0x26,0x3d,0xcc,0x50,0x17,0xab,0xc9,0x1b,0xd9,0xcd,0x83,0x36,0x79,0x47,0x5b,
+ 0xfa,0xc5,0x0a,0x2b,0xe8,0xdb,0x86,0x29,0x6b,0xbf,0x80,0x17,0x88,0x93,0x57,0x37,
+ 0x13,0x14,0x60,0x4e,0x83,0xd6,0x8b,0x6e,0xfe,0xcd,0x4b,0x79,0xf0,0xa8,0xaf,0xa0,
+ 0xdf,0xfa,0x44,0x8f,0xb7,0xfc,0xe6,0xd3,0x44,0x70,0x9a,0x67,0x0e,0x0c,0xff,0x43,
+ 0x2c,0x3e,0x18,0x7b,0xcf,0xf7,0xfd,0xc4,0xf4,0xe9,0xab,0xe1,0x09,0x5c,0x46,0xb0,
+ 0x1d,0x88,0xb6,0x04,0x4b,0xb9,0x50,0xe9,0x28,0x59,0x01,0x0d,0x9a,0x0e,0x3b,0x2d,
+ 0x1f,0x27,0xa0,0x96,0xea,0xca,0xa2,0x42,0x63,0xa2,0xa0,0x52,0x3d,0x6e,0x0d,0xa1,
+ 0xfb,0xa8,0xaf,0x76,0x81,0x96,0xf7,0xa5,0x1f,0x92,0xfd,0xf1,0x52,0xbe,0xf0,0x62,
+ 0xdd,0x1f,0x83,0x27,0xce,0xe1,0xd3,0x44,0xc2,0x00,0xc2,0x11,0x5a,0xc6,0xec,0x1d,
+ 0xd8,0x51,0x4c,0xef,0x9e,0x36,0xd0,0xce,0x8c,0x32,0xe5,0x87,0x83,0xc4,0xfc,0xba,
+ 0x90,0x1a,0xa7,0x0c,0x2b,0x42,0x96,0x64,0x88,0x00,0x2f,0xf1,0x71,0xd3,0x64,0x14,
+ 0xa1,0x44,0xbf,0x46,0x77,0x51,0x83,0xa8,0x81,0x5d,0xe9,0xee,0x3e,0x81,0xf3,0x1b),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0xc3,0x97,0x8b,0xd0,0x50,0xd4,0x6d,0xa4,0xa7,0x92,0x27,0xd8,0x27,0x0a,0x22,0x02,
+ 0x95,0x34,0x82,0x87,0x59,0x30,0xfb,0x1a,0xea,0xe4,0xe6,0x7f,0x87,0xe7,0x94,0x95,
+ 0x28,0x9d,0xe2,0x93,0xb4,0xa4,0x0d,0x92,0x74,0x6f,0xc8,0x4c,0xc8,0x31,0x8c,0x23,
+ 0x18,0xfd,0x30,0x65,0x0e,0x2b,0xb9,0xce,0x02,0xfd,0x73,0x4e,0xb6,0x83,0x41,0x0d,
+ 0x44,0xbb,0x31,0xad,0x54,0xfd,0x53,0xcf,0x92,0x96,0xcc,0xd8,0x60,0xb4,0x26,0xf5,
+ 0xc7,0x82,0xea,0x5c,0xb4,0x93,0x71,0xd5,0x61,0x84,0xf7,0x79,0x11,0xdd,0xf1,0xba,
+ 0x00,0x39,0xa0,0xa4,0x9a,0xa7,0xe7,0x63,0xeb,0x4f,0x5a,0x04,0x57,0x59,0x97,0x80,
+ 0x8b,0x0a,0xd9,0xf6,0xb3,0x30,0xca,0x38,0xed,0xc1,0x99,0x89,0xfe,0xbf,0x4d,0xa5),
+ .s = chunk_from_chars(
+ 0x9a,0xed,0x20,0xa8,0xbd,0xaf,0x26,0xf1,0xf1,0x19,0x02,0x0d,0x8f,0x3e,0xa6,0xce,
+ 0x91,0x51,0x38,0xd4,0xc8,0x7d,0xce,0x02,0x5e,0x7f,0x4e,0x49,0x53,0x6c,0x8e,0xc0,
+ 0x79,0xed,0xc6,0xca,0xf0,0xd6,0x03,0xbf,0x42,0xbd,0x6a,0x45,0x4a,0x6d,0x52,0xd0,
+ 0xd9,0x9f,0xd0,0xf5,0x9f,0xfb,0x3b,0x22,0xe9,0xe6,0x7b,0x3d,0x0b,0xb2,0xd2,0x75,
+ 0xd9,0xae,0xdc,0x6d,0xa9,0x6a,0x72,0xcb,0xff,0x35,0xc4,0x3e,0x7f,0x39,0xa9,0x96,
+ 0xfa,0x8a,0x6d,0x33,0x8a,0x07,0x25,0xf7,0x85,0x25,0x4f,0xe9,0x1a,0x20,0x83,0x4b,
+ 0xa5,0x57,0xfe,0xdf,0xe7,0x15,0x2b,0x99,0x56,0xfe,0xdd,0xfd,0x94,0x17,0x41,0xef,
+ 0xf9,0x17,0x7c,0x2f,0xbb,0x55,0xe2,0x00,0xbb,0xe4,0x21,0x62,0xb3,0x2a,0x94,0x0c,
+ 0xc3,0x00,0xab,0x37,0x55,0x57,0xdf,0xfd,0x48,0xdf,0xa5,0x39,0xf5,0x0e,0xdd,0x52,
+ 0xdf,0x15,0x8d,0x90,0x72,0xd1,0x49,0x82,0xe9,0x63,0x03,0xbc,0x61,0x2c,0x2c,0x25,
+ 0x06,0xdb,0xca,0x3a,0x93,0x9d,0x62,0x6d,0x2e,0x7f,0xb4,0x44,0xc6,0xad,0x7d,0x8d,
+ 0x9f,0x3b,0xba,0x82,0x10,0xb2,0xac,0x2f,0x69,0x67,0x83,0xc3,0x49,0xfc,0x52,0x80,
+ 0xc1,0x05,0x40,0x2a,0x4b,0x3d,0x86,0xbe,0xf5,0x02,0x6c,0x3d,0xd9,0x99,0xe3,0xb2,
+ 0x23,0x80,0xf9,0xdc,0xce,0x40,0xe3,0xa9,0xcc,0x9f,0x1d,0x7b,0xc3,0x8e,0xf3,0xdd,
+ 0x7e,0x94,0x13,0xbb,0x57,0x98,0x00,0xc0,0xe6,0xc3,0xe9,0xab,0x91,0x2d,0xa8,0xfe,
+ 0xc1,0xa4,0xab,0x21,0x39,0x8e,0x96,0x80,0xba,0x0d,0x04,0xf3,0xb4,0xc8,0xd5,0x3c,
+ 0x02,0xf0,0x5c,0x7a,0xe4,0x9b,0x70,0xa5,0x61,0x1c,0xf8,0x2e,0x38,0xde,0x84,0xaa,
+ 0x8c,0x24,0x26,0xf0,0xb6,0x3e,0xa0,0x1b,0x28,0x9f,0x20,0x1d,0x3a,0xf4,0x0d,0xad,
+ 0x5d,0x6e,0x5b,0xcc,0xc7,0x5b,0x99,0x59,0xe5,0xc9,0x75,0x8e,0x79,0x10,0x5a,0xf7,
+ 0xa9,0xaf,0xb1,0x2a,0xee,0x57,0x7c,0xb3,0x99,0x18,0x79,0xdb,0x0f,0xd8,0x66,0x2c,
+ 0x5b,0xc4,0x90,0x22,0x75,0x24,0x98,0xa3,0x01,0xd9,0x5f,0x4b,0x1d,0x08,0xc0,0x1e,
+ 0xbc,0x31,0x3f,0x89,0xc0,0x0b,0x1e,0xc2,0x73,0x5a,0x07,0x98,0x3f,0xd5,0x28,0xe6,
+ 0x38,0x82,0x45,0x03,0x6f,0x0e,0xd4,0xa2,0xdb,0xb6,0x5d,0xd3,0x3a,0xb7,0xf1,0x24,
+ 0xc0,0x14,0xec,0x16,0x79,0xf1,0xc2,0xf1,0x1e,0xdf,0xfb,0x93,0xfa,0x2d,0x1d,0x73),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x0c,0x11,0x95,0x02,0xc2,0xa0,0x19,0x20,0xa0,0x90,0xe4,0x33,0x57,0xe7,0xb2,0x8e,
+ 0x33,0xc7,0xee,0x85,0x8b,0x43,0x30,0xe0,0x5c,0x71,0x04,0x89,0x31,0xc0,0xed,0x88,
+ 0x46,0x8c,0xa9,0x31,0xec,0xf0,0xb7,0x9c,0x2f,0xdc,0x17,0x56,0xb7,0x67,0x51,0x56,
+ 0xec,0x66,0xb8,0x33,0x5e,0x3d,0xf0,0x94,0x63,0xf5,0xae,0xe7,0x02,0x8f,0xbf,0x56,
+ 0x0f,0x98,0x4c,0xf6,0x98,0xfe,0x5c,0x42,0x80,0x22,0x9a,0xc9,0x6a,0x2e,0x59,0x23,
+ 0xd8,0xa9,0xd5,0x29,0x94,0x49,0xbb,0x66,0x50,0x08,0xec,0xc8,0x89,0x79,0x7e,0x9b,
+ 0xb1,0x5d,0x04,0xb8,0x8c,0x72,0x10,0xfa,0xdb,0x8b,0xf6,0xf2,0x38,0xe5,0xd2,0xdc,
+ 0x41,0xb9,0xcc,0xd1,0xf8,0x0e,0x9a,0x3e,0x6a,0xd1,0x47,0x94,0x8f,0x27,0x33,0x41),
+ .s = chunk_from_chars(
+ 0x8a,0xbf,0x2a,0x30,0x77,0x4e,0x6e,0x73,0x38,0xec,0xa0,0x9c,0xcc,0xac,0xa3,0x68,
+ 0x43,0x99,0x94,0x04,0x92,0xfb,0x94,0xb2,0x3b,0x5a,0xd6,0x2c,0xe3,0xe1,0x1d,0x2d,
+ 0xbe,0xf8,0x96,0x6b,0xa5,0x26,0x99,0x79,0xeb,0x96,0x53,0xba,0xad,0x71,0x95,0x16,
+ 0xd3,0xe8,0x39,0x90,0x79,0xa2,0xf6,0x70,0x27,0x5a,0x2e,0xd4,0x2c,0x82,0x0a,0x9a,
+ 0x31,0xfc,0xd7,0x03,0xa7,0x66,0x37,0xe0,0xd7,0x13,0xf3,0x2d,0x79,0x2b,0x9a,0xe3,
+ 0x6d,0x72,0x88,0xf6,0x0c,0x2d,0x1a,0xe5,0x26,0x83,0xbb,0x15,0x94,0x1b,0x1c,0xd8,
+ 0x90,0xd2,0xcd,0x64,0x99,0x8b,0x77,0x25,0x85,0xe7,0x60,0x32,0xa1,0x70,0x2e,0x06,
+ 0x52,0xcb,0xf2,0x59,0xa1,0xce,0xae,0x69,0x5d,0x40,0xcf,0x2f,0x4f,0x6d,0x81,0x34,
+ 0x1c,0x8b,0xc9,0x08,0x2c,0xb9,0x6c,0x75,0x2c,0x35,0x5d,0xfb,0xe2,0x96,0xdd,0x21,
+ 0xd6,0x98,0x46,0xfa,0x37,0x61,0x3e,0x73,0x81,0x7b,0x2a,0x07,0x04,0x66,0x58,0xc9,
+ 0xe3,0xfc,0x6d,0x09,0x1e,0x17,0x59,0x1b,0xb1,0xa4,0xfb,0x6e,0x2a,0xc0,0x0a,0x31,
+ 0x94,0xc1,0x48,0x8e,0x16,0xa9,0xd2,0x90,0x37,0x86,0xdb,0x86,0xae,0x90,0xe9,0x6a,
+ 0xcb,0x4d,0xe9,0x90,0x1a,0xaf,0x1b,0x06,0x51,0xfb,0x76,0xa5,0x8d,0xcb,0x3d,0xb4,
+ 0x73,0xef,0xbf,0xb8,0x31,0xef,0x8e,0x30,0xf8,0x99,0x67,0xdd,0xd3,0xa6,0xc2,0xf1,
+ 0x89,0x79,0xa0,0x45,0x06,0x57,0xcd,0xae,0xef,0x6e,0x59,0x37,0x7c,0x6d,0xb1,0xec,
+ 0x46,0x06,0x5f,0x61,0x40,0x24,0xa6,0x9c,0x51,0x8a,0x55,0x99,0x42,0x59,0x4a,0x46,
+ 0x26,0x6e,0x0d,0x3c,0xa1,0x33,0x42,0x96,0xb9,0x68,0xa2,0x3a,0x4b,0x11,0xc6,0x3a,
+ 0x97,0xe2,0x9e,0xb1,0x6b,0x24,0xc0,0x2d,0x54,0x5d,0x5b,0x42,0x7e,0x6a,0xa5,0x85,
+ 0x33,0x33,0x18,0xe6,0x3a,0x20,0x45,0x24,0xe0,0xe4,0x2a,0xc1,0xed,0xb7,0x0d,0x34,
+ 0x56,0x78,0x0d,0xbe,0xad,0x31,0xf7,0x85,0xf0,0xb2,0xa7,0x7f,0xfe,0xb0,0xd3,0x73,
+ 0x84,0xcb,0x5f,0x65,0xb4,0xe3,0x6c,0xa2,0x41,0xf3,0xb2,0xb0,0x59,0x10,0x5f,0xaa,
+ 0xa3,0x22,0x2d,0x6c,0x13,0x5e,0xa5,0xa3,0x66,0x51,0xae,0xa3,0x96,0xd2,0x2f,0xc4,
+ 0xea,0x1b,0x40,0x4d,0x7e,0x83,0x4b,0x6d,0xf1,0xfb,0x83,0x8b,0xb5,0xba,0x0d,0x78,
+ 0x4a,0x96,0xe2,0xae,0x28,0x43,0xdb,0x3e,0xee,0xa4,0x96,0xc7,0xad,0x2b,0x42,0x41),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0xdd,0xbd,0x84,0x68,0xbd,0xb0,0x36,0xf4,0x79,0x9f,0x42,0x8b,0xc8,0xb4,0x37,0x4e,
+ 0xd9,0xb7,0xcd,0xe5,0x41,0x33,0x7a,0xc4,0x39,0xd4,0x41,0xac,0x06,0x14,0xcb,0x75,
+ 0xb8,0x16,0xb8,0x0c,0x17,0xd2,0x37,0xb8,0xdb,0x73,0xd4,0xa1,0x1b,0xfd,0x92,0x92,
+ 0x08,0x33,0x3a,0xfe,0xdb,0xb8,0xf2,0x41,0x0c,0x74,0x11,0x29,0xc5,0x39,0x32,0xb5,
+ 0x96,0xa7,0x88,0x1c,0x6a,0x4d,0x71,0x11,0xba,0x10,0x4d,0x46,0x00,0xd1,0x90,0x2f,
+ 0x6f,0x4a,0x16,0x08,0xe1,0x39,0xb7,0x19,0x11,0xc1,0x1c,0x39,0x0a,0x0d,0xd0,0x91,
+ 0xdf,0x36,0x9a,0xa2,0x9d,0x67,0x0b,0x8a,0x7e,0x3f,0x53,0x82,0x5f,0x76,0x59,0xac,
+ 0x74,0xc4,0x0a,0x0c,0x3b,0xfe,0xf0,0xd3,0xae,0x83,0x07,0xe4,0xbd,0xd6,0xcd,0x91),
+ .s = chunk_from_chars(
+ 0x4e,0x37,0x7e,0x24,0x59,0x81,0x5d,0x5b,0x33,0x91,0x5f,0xa6,0x3c,0xd4,0x77,0xb5,
+ 0xbe,0x7c,0x6b,0x7f,0x78,0x14,0xd1,0x35,0x00,0x34,0xce,0x71,0x0b,0xe6,0x7e,0xd6,
+ 0x91,0x39,0xdb,0x62,0x2e,0xf6,0x0e,0xc6,0xb7,0x63,0x8e,0x94,0xb2,0x02,0x36,0x8b,
+ 0xac,0x63,0x1e,0x05,0x77,0x02,0xb0,0xe6,0x48,0x7b,0x32,0x4a,0x6b,0x98,0xed,0x7e,
+ 0x03,0xd1,0xf3,0xf2,0x0a,0x98,0x14,0xb0,0x0e,0x21,0x7a,0x46,0x48,0xe4,0xbb,0xc4,
+ 0x49,0xa2,0xaf,0x40,0x5c,0xa4,0xb5,0x9f,0x84,0x38,0xdd,0xfd,0x75,0xd3,0x4d,0x10,
+ 0x64,0xe5,0x8b,0xfb,0x32,0x5c,0x55,0xbd,0x54,0xea,0x6c,0xdf,0x77,0x12,0xba,0x80,
+ 0x7c,0x3e,0x4c,0x66,0x5d,0x62,0x0c,0xd5,0x95,0x13,0xd7,0xbc,0x08,0x55,0x24,0x7e,
+ 0xb6,0x70,0xec,0xc2,0x92,0x50,0x96,0x61,0x81,0x27,0x02,0x70,0x32,0x75,0xd9,0xb2,
+ 0xf8,0x7e,0xf2,0x79,0xd7,0x70,0x0e,0x69,0xd9,0x95,0xdb,0x98,0x14,0x4a,0x14,0xc8,
+ 0x17,0x74,0xa4,0xcd,0x89,0x0e,0xc0,0x3d,0x13,0xf8,0x58,0xf3,0x76,0x9e,0x50,0x48,
+ 0xed,0x55,0xca,0xa8,0x12,0x01,0xe8,0x78,0x5d,0x37,0x71,0xce,0x6d,0xa5,0x11,0x75,
+ 0xd0,0x17,0xd2,0x11,0xfa,0x70,0x37,0x94,0x41,0x6f,0x46,0x9b,0x11,0x29,0xd7,0x31,
+ 0xab,0xde,0x74,0x4d,0xa5,0xb2,0xfa,0xcd,0x7a,0x9b,0x09,0x3d,0x6c,0x97,0x43,0x50,
+ 0x9b,0x01,0x03,0xba,0xb9,0xc8,0x1c,0x6e,0x5f,0x38,0xbc,0x97,0x18,0xe3,0xe4,0xfa,
+ 0xa8,0x64,0x75,0xd1,0x37,0x25,0xa8,0x29,0xac,0x61,0xdf,0x8d,0x15,0xf0,0xb2,0x7c,
+ 0xb4,0x0d,0x0e,0xba,0x0b,0x24,0x6b,0x9c,0x36,0x0b,0x56,0x9b,0x81,0xb3,0xab,0xf3,
+ 0x80,0xee,0xc2,0x74,0x92,0x31,0x6b,0xc2,0x92,0xe5,0x15,0x0e,0xe0,0x60,0x72,0x19,
+ 0xa2,0xbd,0x80,0xba,0x98,0x4c,0x7e,0x3f,0x19,0x89,0xbc,0x51,0xe4,0xc5,0xda,0x3a,
+ 0xe5,0x07,0x06,0x76,0xe0,0xc1,0x50,0xd0,0x37,0xa8,0x6a,0x0f,0x91,0xbf,0xc0,0x7c,
+ 0xde,0x64,0xc1,0x9f,0x9c,0x7a,0x7a,0xf4,0x4d,0x69,0x29,0x97,0x00,0x41,0x44,0x8d,
+ 0x3b,0x17,0xc2,0x49,0xd5,0xe0,0xb5,0x86,0x2e,0x9a,0x25,0x20,0x9e,0x8f,0x97,0xd7,
+ 0xa0,0xf0,0x30,0x18,0x15,0x04,0xfe,0xad,0x22,0x66,0xc8,0x73,0xfd,0x23,0x59,0x83,
+ 0xdf,0x3d,0x06,0x57,0xb9,0x20,0x96,0xe2,0xb4,0x90,0xdf,0x33,0xca,0x11,0x57,0x33),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0xf9,0x96,0xf3,0xad,0xc2,0xab,0xa5,0x05,0xad,0x4a,0xe5,0x2b,0xc5,0xa4,0x33,0x71,
+ 0xa3,0x3d,0x0f,0x28,0xe1,0x95,0x0b,0x66,0xd2,0x08,0x24,0x06,0x70,0xf3,0x52,0xef,
+ 0x96,0x18,0x5e,0x9a,0x70,0x44,0xf4,0xce,0x2f,0x2f,0xf9,0xae,0x01,0xa3,0x1e,0xf6,
+ 0x40,0xe0,0xb6,0x82,0xe9,0x40,0xc5,0x10,0x51,0x17,0x59,0x46,0x13,0xdd,0x1d,0xf7,
+ 0x4d,0x8f,0x2b,0xa2,0x0c,0x52,0x22,0x3b,0x04,0x5a,0x78,0x2e,0x85,0x0a,0x12,0xa2,
+ 0xaa,0x5c,0x12,0xfa,0xd4,0x84,0xf1,0xa2,0x56,0xd0,0xcd,0x08,0x72,0xd3,0x04,0xe8,
+ 0x85,0xc2,0x01,0xcd,0x7e,0x1e,0x56,0xd5,0x94,0x93,0x0b,0xb4,0x39,0x21,0x36,0xfb,
+ 0x49,0x79,0xcc,0x9b,0x88,0xaa,0xb7,0xa4,0x4b,0xfc,0x29,0x53,0x75,0x1c,0x2f,0x4c),
+ .s = chunk_from_chars(
+ 0x30,0xb3,0x48,0x62,0x4f,0xaa,0x99,0x85,0xfc,0xd9,0x5f,0x9c,0x7e,0xad,0x3a,0xfe,
+ 0x64,0x56,0xba,0xdf,0x8c,0x0f,0xed,0xbd,0xad,0xb3,0xa9,0x00,0x3a,0x67,0x02,0x97,
+ 0x3a,0xcd,0xb4,0xe8,0x66,0x52,0x36,0x7d,0xb2,0x3e,0x0a,0x81,0x41,0x88,0x0d,0x66,
+ 0x31,0x83,0x4f,0x9f,0x17,0x1c,0x94,0xa8,0xfe,0x9c,0x31,0x5b,0xcb,0x86,0x80,0xec,
+ 0xfb,0x5a,0x4f,0x59,0xb4,0x5d,0x4e,0x4c,0x3c,0x05,0x82,0x8b,0x7f,0xaa,0xa8,0xe4,
+ 0x23,0x4a,0xad,0xa4,0xe7,0x66,0x64,0x6c,0xc5,0x10,0xd0,0x7b,0x42,0xbd,0x38,0x83,
+ 0xa8,0x3b,0x5b,0xcb,0x92,0xd9,0xe7,0xcc,0x1d,0xdf,0x59,0x0a,0x69,0x01,0x11,0xbf,
+ 0xc6,0x2a,0x51,0xaf,0x7e,0x55,0x54,0x3e,0xa5,0x18,0x8c,0x92,0x45,0x3d,0x41,0xd3,
+ 0xe8,0xfd,0xab,0xee,0x3e,0x1d,0xef,0xa9,0xd0,0xaf,0xdb,0x85,0xc8,0x15,0x3a,0x50,
+ 0x19,0xae,0x45,0x56,0x3e,0xa3,0x08,0x0a,0x30,0x22,0x66,0x81,0x68,0xf0,0xc2,0x73,
+ 0xa6,0xdb,0x1a,0xfa,0xdc,0xd5,0xed,0xbc,0xa5,0x02,0x1c,0x2e,0x53,0xf4,0xd9,0x51,
+ 0xc6,0x04,0x20,0x6a,0xe1,0x0f,0x28,0x7f,0x45,0x18,0x67,0x27,0x1d,0x37,0x04,0x82,
+ 0x79,0x1c,0xdf,0xdc,0xb6,0xa4,0x01,0x0f,0x6b,0x3d,0x9b,0x92,0x85,0x63,0xd1,0x68,
+ 0xda,0x19,0xf1,0xc1,0xe5,0x70,0xf8,0xc1,0x58,0xf3,0xd4,0x90,0xb2,0x9a,0xa2,0x3a,
+ 0xbd,0x1f,0xfd,0xf2,0x08,0x66,0xc3,0x4c,0x6e,0x63,0xb9,0xe8,0xa9,0xa0,0x2d,0x7a,
+ 0x1b,0x19,0x6d,0x05,0x5f,0x4c,0x53,0xce,0x82,0xb4,0x00,0xe4,0xab,0x9e,0x1b,0x9d,
+ 0x70,0xd0,0x04,0x9d,0x6d,0x57,0xcf,0x0a,0x49,0x49,0xcf,0xc6,0x8d,0x63,0x38,0x82,
+ 0x88,0x2d,0xcf,0xdf,0xc5,0x0c,0xf4,0x49,0xdf,0x10,0xac,0xf2,0x03,0x05,0xc2,0xaa,
+ 0x43,0xbd,0xa1,0x0f,0xd8,0xa1,0x0b,0x4e,0xca,0xa2,0x31,0x00,0xaa,0x47,0xe9,0x29,
+ 0x36,0xdc,0xe1,0xbf,0xb8,0xd6,0x59,0x52,0x35,0xbb,0xfe,0x2c,0x85,0x85,0xcb,0x16,
+ 0x47,0xb2,0xbe,0xac,0xb1,0xe1,0xd4,0xb6,0xce,0xf7,0x58,0x81,0x1a,0x68,0x33,0x0f,
+ 0xa9,0xc3,0xa8,0x25,0x73,0xc0,0x8f,0xa2,0xcd,0xa5,0xa0,0x3f,0x34,0x25,0x55,0x4e,
+ 0x45,0xd9,0x8c,0x16,0x45,0xc5,0xbd,0x27,0xd1,0x2e,0x6c,0x20,0xb2,0xc4,0x62,0xa7,
+ 0x46,0xe8,0x82,0xa3,0x42,0x1a,0x7b,0x1b,0x1e,0x25,0xb4,0xc3,0x6c,0x8b,0x16,0xa1),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x6a,0xce,0x05,0x2d,0x7e,0x99,0xcd,0x97,0x3b,0xb5,0xc9,0xf6,0x67,0x9b,0x1c,0x30,
+ 0x5e,0x07,0x20,0x89,0x65,0xfe,0x58,0xc6,0x3b,0x10,0xa6,0x92,0xf1,0xdb,0xbe,0x22,
+ 0xfc,0xd0,0xdb,0x15,0x89,0x3a,0xb1,0x9e,0x10,0x7b,0xa2,0xe4,0x2c,0x99,0x34,0xa9,
+ 0xaa,0xfa,0xc3,0x2a,0xdf,0x6c,0x73,0x47,0x3f,0x69,0x69,0xe4,0x2c,0x98,0x3b,0x8f,
+ 0x0c,0x96,0xa4,0x63,0x9e,0xf7,0x7d,0x2c,0x8e,0x88,0xe8,0xcc,0x47,0xd7,0xcf,0xdd,
+ 0x08,0xf6,0x8d,0x97,0x3a,0x7b,0xea,0xf4,0x01,0xcb,0x4d,0x13,0x11,0x99,0x2d,0xda,
+ 0xc3,0xa9,0xc9,0xe0,0x67,0xda,0x19,0x8a,0xdc,0x63,0x04,0x74,0x5f,0x5d,0xd3,0x12,
+ 0xa1,0x82,0xe6,0x97,0x1c,0x34,0xa5,0x15,0xa6,0xc1,0xba,0xe6,0x47,0xe5,0x7e,0x4c),
+ .s = chunk_from_chars(
+ 0x5f,0x0e,0x74,0xf4,0x54,0x75,0x4a,0x30,0x74,0xfa,0xaf,0xc6,0x05,0xf3,0xc9,0xaf,
+ 0x47,0x60,0x4a,0x89,0x83,0x65,0x0a,0x9b,0x62,0x11,0xfb,0x19,0x1d,0x9a,0xfa,0x53,
+ 0x15,0xdf,0x4d,0xb4,0x50,0x1f,0xd4,0xf0,0x4c,0x74,0x1d,0x76,0x46,0x56,0xd4,0xa5,
+ 0xd0,0x06,0x38,0x8a,0xd8,0xfd,0xb2,0x19,0xec,0x6b,0x75,0x69,0x08,0xe2,0x3b,0x30,
+ 0xcb,0x63,0x9f,0xfa,0x7b,0xbf,0x28,0x74,0x71,0x3b,0xfd,0x5a,0x10,0x62,0xc1,0x9d,
+ 0x04,0xe0,0xe4,0xa7,0x4b,0x14,0x44,0x6a,0x7f,0xdf,0x5c,0xb8,0x12,0xe9,0xac,0x7b,
+ 0x60,0x12,0xd9,0xae,0x99,0x1c,0x47,0x65,0x6d,0x2a,0xde,0xd2,0x40,0x74,0xbb,0x8a,
+ 0x38,0xb1,0xa8,0x8b,0x1c,0x2b,0x13,0x1e,0x5b,0x09,0xc9,0x37,0x57,0xfd,0xb2,0xd6,
+ 0xb6,0x9a,0xa8,0x26,0x5a,0x43,0x5f,0xba,0x00,0xae,0xb3,0x6a,0x1f,0x62,0x9b,0xc3,
+ 0x4b,0x87,0x60,0x89,0xd2,0x8a,0x94,0x8d,0xd6,0xab,0x4c,0x89,0x94,0x30,0xda,0x60,
+ 0xa2,0x6f,0x6c,0x13,0x60,0x3f,0xc8,0x89,0xc7,0xb2,0x93,0x6c,0xa3,0xc5,0x15,0x6b,
+ 0xd7,0xfa,0x6e,0x34,0xea,0xc9,0xe0,0x48,0x00,0x83,0x3e,0xf0,0xcb,0x9b,0x6e,0xef,
+ 0x78,0x8c,0x0e,0xf0,0x02,0x1a,0x45,0x36,0xfb,0x83,0x71,0xfa,0x3e,0x2c,0x8b,0xb8,
+ 0xbe,0xfa,0xc1,0x6e,0x80,0x92,0xd6,0x9c,0x57,0x1c,0x1e,0x15,0xfd,0x25,0x5e,0xc0,
+ 0xa0,0x7a,0xcf,0x9a,0xe9,0x95,0x38,0x31,0xef,0xd3,0xdc,0xbe,0xf4,0x4e,0x0f,0xcc,
+ 0xeb,0xb1,0xaf,0x95,0x9d,0x71,0xf5,0x01,0x30,0xe8,0xac,0xb4,0xfa,0x23,0x19,0x26,
+ 0x1f,0xba,0x12,0xf2,0x71,0x5d,0xef,0x82,0xbf,0xaf,0xbf,0x40,0xe3,0x45,0xec,0x5d,
+ 0xcd,0xab,0x5c,0x1b,0xf5,0xf6,0x6b,0x1d,0x0e,0x9f,0x7a,0x9c,0x62,0xc9,0x37,0x57,
+ 0x46,0xe1,0xae,0x0c,0x8f,0x14,0xa4,0x89,0x18,0x43,0x83,0xe8,0x1d,0xce,0x20,0x70,
+ 0xad,0x4b,0x52,0x5d,0xf7,0x6b,0x44,0x6b,0x1f,0x22,0x92,0x1d,0x42,0x4d,0x9b,0xa3,
+ 0xce,0x21,0x57,0x75,0x01,0xdf,0x62,0x80,0xfd,0xc6,0x9f,0x02,0x39,0xae,0x11,0x27,
+ 0xb6,0x99,0x50,0x75,0x9d,0x5f,0x0b,0x69,0x3f,0x54,0xe8,0x7e,0x07,0x63,0x62,0x3b,
+ 0xf5,0xd3,0xff,0x69,0x43,0x00,0x81,0xb9,0xc9,0xe2,0x44,0x5a,0x05,0xe1,0x15,0x67,
+ 0x5e,0x09,0x0b,0xca,0xb2,0xaa,0x1d,0x75,0xce,0xee,0x2a,0xd6,0x19,0xec,0x8b,0x80),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x0e,0x49,0x74,0x0f,0xdc,0xca,0x6b,0xfc,0xe2,0x94,0xc1,0x1f,0x45,0x40,0x78,0x05,
+ 0xb3,0xda,0x41,0x2b,0x01,0xef,0x3f,0xb5,0x13,0xe7,0x0e,0x62,0xfd,0x95,0x04,0xc0,
+ 0x67,0x0d,0xb6,0x9c,0x36,0xb6,0xbe,0xbd,0x69,0xa0,0xbc,0xd2,0x40,0x17,0x9b,0xa8,
+ 0xa4,0x78,0x16,0xa0,0xc3,0x43,0x7a,0x61,0xfb,0x72,0xad,0xca,0xf9,0x09,0x6f,0x2a,
+ 0x22,0xef,0xe0,0xb4,0x31,0xfc,0x42,0x2d,0x22,0x53,0x01,0xe8,0x50,0xf2,0xf0,0xf4,
+ 0xda,0x87,0xd6,0x94,0x4a,0x85,0x29,0xef,0x79,0x78,0x19,0x09,0xad,0x96,0xd1,0xf2,
+ 0x05,0x96,0xf9,0x3e,0x17,0xc5,0x7f,0xb4,0xd7,0x56,0x97,0x4b,0xbb,0xf9,0x00,0x52,
+ 0x1c,0xb0,0x89,0xee,0xe0,0xde,0xd5,0xc9,0x56,0xa1,0x5b,0x09,0x61,0x62,0xb0,0x7f),
+ .s = chunk_from_chars(
+ 0x7b,0xbb,0x3d,0xdd,0x17,0xa4,0x2b,0xe7,0xcc,0x4e,0x7e,0xaf,0x45,0x65,0x09,0xa4,
+ 0xba,0x58,0xd4,0x0c,0x49,0xa3,0xd9,0x95,0x73,0xb7,0x33,0xe1,0x94,0x2f,0x9f,0xca,
+ 0x20,0xba,0x8b,0x91,0x07,0x08,0xd6,0xe7,0x50,0x36,0x7e,0x84,0x73,0x02,0xfc,0x60,
+ 0x3b,0x80,0x63,0xc1,0x9a,0xf8,0x83,0xe7,0x50,0x7f,0xb0,0xd9,0xcc,0x2b,0xe3,0x74,
+ 0x79,0xa3,0x7c,0xca,0x25,0xb8,0xc7,0xc4,0x6f,0x6b,0xf6,0x61,0xdc,0x6a,0x32,0x32,
+ 0xf8,0x8b,0x48,0x3f,0x1b,0x8f,0x41,0xb4,0x6d,0x49,0xba,0x3f,0x17,0x95,0xd6,0x8e,
+ 0xaa,0xd4,0xa2,0x55,0x6f,0xb5,0xd7,0x87,0x3b,0xbb,0x65,0x01,0xec,0xf0,0x6a,0xc5,
+ 0x58,0x23,0x5e,0xd1,0x39,0x90,0xb0,0xe1,0x6f,0x67,0x96,0x5b,0x09,0x36,0x6b,0xcb,
+ 0x36,0x2c,0xfc,0x6f,0xb9,0x78,0xf4,0xf6,0x8d,0x81,0x46,0xdc,0x8b,0x81,0x98,0x04,
+ 0xdf,0x42,0x4e,0x8c,0xa5,0xb6,0x3c,0xf1,0xfc,0xf9,0x7b,0xbf,0x30,0x0d,0x0b,0x99,
+ 0x88,0x60,0x79,0x8a,0x63,0x42,0x43,0x83,0xfc,0xd8,0x1d,0x37,0x77,0x3d,0x59,0xbb,
+ 0x13,0xb4,0xfa,0x5d,0x46,0x8c,0xd1,0x28,0xbb,0xab,0x18,0xa8,0xce,0x51,0x73,0xbe,
+ 0x5d,0x9d,0x54,0xd3,0x17,0x7f,0x02,0x45,0x78,0x84,0x09,0x97,0x3d,0xf4,0xa9,0x01,
+ 0x6b,0x94,0x4b,0xae,0xfb,0xf3,0xbf,0x11,0x46,0xa9,0x39,0x3d,0x22,0xe3,0x5e,0xc2,
+ 0xbe,0x0a,0xe6,0xf4,0xc3,0x1d,0xc4,0x98,0x1f,0x40,0xfc,0x1b,0xaf,0x38,0x26,0x00,
+ 0x69,0x9e,0xaf,0xce,0xa9,0x2c,0xbe,0x24,0xe2,0x6e,0xe8,0x46,0xfa,0x23,0xbc,0x19,
+ 0x3b,0x6e,0x72,0x14,0x01,0xb7,0xac,0x3f,0x5f,0x4e,0xbe,0xb6,0x33,0x97,0x9f,0x8e,
+ 0xf3,0x5f,0x4a,0xb1,0x11,0x7a,0x86,0x9d,0x5b,0x9d,0xbb,0x74,0x82,0xf0,0xd5,0xa5,
+ 0x9e,0x41,0x63,0x54,0x8d,0x25,0x12,0xae,0x06,0x72,0x05,0xb5,0x7d,0x03,0x0c,0x48,
+ 0x3f,0x72,0x0d,0x2c,0x44,0x35,0x04,0x28,0xf5,0x26,0x89,0x43,0xfc,0x5f,0x6e,0xa1,
+ 0xc8,0x8e,0x2e,0xc1,0x3a,0xb3,0xdc,0x14,0x56,0xe9,0x6a,0x3b,0x8e,0x7c,0x12,0x1a,
+ 0xf4,0xd6,0xa5,0xfe,0x4e,0xe5,0x5e,0x99,0xfb,0xc3,0x59,0x2a,0x48,0x7c,0x19,0x4b,
+ 0xc2,0xf2,0xbf,0x6e,0x79,0xfb,0x79,0xc2,0x87,0x6c,0xf3,0x36,0x5e,0x07,0x5b,0xee,
+ 0xac,0xc7,0xdb,0x4d,0xb7,0xee,0x69,0xe7,0xf1,0xfe,0x12,0xa3,0x27,0xe6,0xcb,0x0f),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0x0e,0x67,0x5d,0xac,0x9a,0xec,0x91,0x01,0x06,0xa6,0xab,0x21,0x9b,0x4c,0xce,0xb5,
+ 0x2d,0xed,0x25,0x49,0xe8,0x99,0xc9,0xa2,0x4d,0x5e,0xe5,0x51,0x77,0x76,0x18,0x88,
+ 0xa3,0xbe,0x1a,0x2d,0xef,0x6a,0xa3,0x2d,0x62,0xf7,0x88,0x13,0x2d,0x62,0x27,0xd9,
+ 0x30,0x98,0x06,0xfd,0xc0,0x2d,0xb7,0xd8,0xa8,0x50,0xff,0x2c,0x6d,0xff,0x37,0xfc,
+ 0xd7,0x77,0xf1,0xa0,0xac,0xef,0xdf,0x18,0xbf,0x85,0xf1,0xa1,0x29,0x79,0xbe,0x86,
+ 0xd7,0x99,0x25,0x39,0x45,0xfc,0x34,0xa2,0x88,0xf3,0x48,0xb7,0x92,0x3d,0x76,0x4d,
+ 0xb2,0x7a,0x2a,0x2d,0x5a,0xe2,0x0e,0x6b,0x25,0x37,0x2e,0xf3,0x18,0xf8,0x59,0x65,
+ 0x29,0xd8,0xca,0x23,0xfd,0x6f,0x08,0xa8,0xf6,0x2e,0x0a,0x1b,0x6d,0x98,0x9f,0x23),
+ .s = chunk_from_chars(
+ 0x80,0x52,0xd9,0x5f,0x12,0xce,0x0e,0x6e,0x53,0xa5,0xa3,0x56,0xa0,0xeb,0x35,0x3b,
+ 0xdc,0xc1,0xa6,0x65,0x14,0xd6,0xcf,0xb3,0xa3,0xd9,0x61,0x55,0x31,0x0b,0xdd,0xa0,
+ 0xa0,0xd1,0x79,0x5f,0x97,0x64,0x3f,0x3a,0x44,0x96,0x63,0x4f,0x2d,0xd9,0xb9,0x5a,
+ 0x21,0x38,0xee,0x39,0x0e,0x1e,0x74,0xbe,0x31,0x34,0xf3,0xf4,0x7a,0x91,0x9e,0xe7,
+ 0xb5,0x9f,0x8e,0xcd,0x27,0x2a,0xb8,0x8c,0x82,0xcb,0xce,0x7c,0x21,0x7e,0x5f,0x92,
+ 0xd0,0x57,0xa5,0xb0,0x0f,0xbf,0x05,0x75,0xcd,0xae,0xcd,0x7d,0xc2,0x85,0xa4,0x21,
+ 0x8c,0x8a,0x95,0x52,0x16,0x59,0x8f,0x07,0x42,0x67,0x1e,0x01,0x8e,0x8e,0x4e,0x76,
+ 0x83,0x9a,0x57,0x5f,0x50,0xb2,0x10,0x2a,0x8b,0x77,0xd1,0xb8,0x4f,0x6d,0xce,0x98,
+ 0xd7,0x8e,0x57,0x58,0xe0,0xa6,0xf9,0x2b,0xf3,0x5d,0x6a,0x2f,0x18,0xad,0x40,0x09,
+ 0x25,0xd7,0x88,0x0f,0x9e,0xfc,0x77,0x4a,0x8c,0x7e,0xbf,0x64,0x88,0x5c,0xd2,0xf6,
+ 0xf6,0x29,0xb5,0x4a,0x7c,0x12,0xec,0x91,0xd3,0x9b,0x3c,0x25,0x18,0x24,0x1f,0xdc,
+ 0x32,0x2d,0x9b,0x23,0x5a,0x8e,0xa4,0x4f,0x77,0xe8,0x2f,0x3d,0xc4,0xf7,0x28,0xf6,
+ 0x20,0xc0,0x7d,0x1e,0x7f,0xf4,0x09,0x4f,0x29,0xc6,0x74,0xab,0x0f,0x08,0x02,0xef,
+ 0xa1,0xc9,0xe6,0x48,0x1e,0xbb,0x84,0xe0,0xbf,0x13,0xef,0x46,0x8d,0x8c,0xca,0x11,
+ 0x45,0x70,0xb9,0xed,0xcd,0xdf,0x98,0xac,0x4a,0x83,0x4f,0xe7,0xa0,0xd5,0xc6,0xfa,
+ 0xe8,0xa6,0x0a,0x48,0x39,0x9f,0x3c,0x8a,0xf4,0x2f,0xf4,0x02,0x6e,0x42,0xa8,0x1a,
+ 0xac,0x36,0x11,0x4f,0xfc,0x05,0x3f,0x3f,0x72,0x9b,0x7c,0xf9,0xa9,0x7a,0x56,0x84,
+ 0x8e,0xbe,0xa0,0x11,0x5a,0xa8,0x29,0x83,0x41,0xaa,0x22,0x69,0x63,0xeb,0xdf,0x57,
+ 0xab,0x2d,0x8e,0x4b,0x90,0x00,0xdd,0x05,0x1a,0x6c,0x5d,0x69,0xf6,0x0e,0x1d,0xc1,
+ 0xb3,0x3f,0x20,0x94,0xfd,0xbf,0x8e,0x5b,0x62,0x7b,0xc0,0x76,0x4d,0xb9,0x52,0x2c,
+ 0xbb,0xc0,0x81,0xdb,0xf3,0x8c,0x21,0xb1,0x3f,0x98,0x08,0x13,0xbd,0x2b,0x00,0xc7,
+ 0x57,0xeb,0xb8,0xc0,0xb2,0x12,0x13,0x15,0x2e,0x69,0x40,0x39,0xf3,0x06,0xf7,0x34,
+ 0x28,0x57,0x65,0x1f,0x72,0x2b,0xdd,0xa0,0x12,0x12,0xa8,0x55,0x27,0x99,0xbd,0xa6,
+ 0xef,0x07,0xc5,0x20,0x7d,0xc7,0x44,0xef,0x79,0x69,0xaf,0xd5,0xaf,0x2e,0x6f,0x12),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .m = chunk_from_chars(
+ 0xf6,0xa7,0xa6,0xe5,0x26,0x59,0x12,0x5f,0xbb,0xc8,0x72,0x74,0x17,0x28,0x3b,0x9a,
+ 0x64,0x44,0x1f,0x87,0x12,0x1e,0x27,0xf3,0x86,0xd5,0x01,0x9f,0x10,0xcc,0x9b,0x96,
+ 0x1e,0x09,0xf1,0xb3,0xb0,0xdb,0x23,0x63,0x0c,0xc0,0xca,0xac,0xb3,0x85,0x8c,0x6f,
+ 0x93,0xaf,0xee,0xea,0x7e,0x1a,0x6a,0x80,0xdb,0xe0,0xc2,0xbd,0x9c,0x7c,0x93,0x95,
+ 0x70,0x30,0x2d,0xec,0x39,0xa4,0xa2,0x5c,0xc0,0xcf,0x1d,0x32,0xa7,0x1a,0x75,0xb9,
+ 0xa0,0xc3,0x02,0xbc,0xdd,0x80,0xb0,0x46,0xc8,0x66,0x51,0xac,0xf3,0x08,0x38,0xcd,
+ 0x52,0xe3,0x03,0x99,0xa8,0xfa,0xb8,0xd0,0x3f,0xbd,0x14,0x0c,0xdc,0x2f,0x1f,0x02,
+ 0xf2,0x48,0x04,0x05,0x16,0x98,0x20,0xcc,0xb3,0x2e,0x59,0x74,0xff,0xb8,0xb1,0xc8),
+ .s = chunk_from_chars(
+ 0x84,0x60,0x3a,0xcb,0xfe,0x1f,0x2f,0x76,0x9f,0x1a,0x62,0xb0,0xf2,0x87,0xf3,0x06,
+ 0x94,0x0b,0x22,0x54,0x76,0x71,0x4a,0x4b,0x68,0x27,0xc0,0x2d,0x7b,0xd0,0x52,0xf3,
+ 0x03,0xf3,0x0a,0x5f,0xa6,0xda,0x83,0xe6,0x06,0x15,0x30,0x56,0x69,0xca,0x9e,0xc1,
+ 0x77,0xc5,0xb3,0x2b,0x14,0x15,0xee,0xbe,0xf7,0x86,0x20,0x29,0x6e,0xba,0xd6,0xdb,
+ 0xbd,0x52,0x08,0x39,0xd3,0xaa,0xcc,0x97,0x81,0xac,0x86,0x02,0xdd,0xce,0x07,0x36,
+ 0xdc,0xfa,0x72,0x90,0xb4,0x5f,0x15,0x5b,0x8e,0x92,0x4d,0x0a,0xfd,0xf7,0xdf,0xc8,
+ 0xd1,0x99,0xbf,0x09,0x50,0x9d,0x01,0x76,0xa6,0x8b,0x14,0x57,0x56,0xee,0xf5,0x3d,
+ 0xe4,0x56,0xe1,0x70,0x78,0x85,0x98,0x49,0xa3,0x52,0xa5,0xbb,0x65,0x42,0x39,0xd8,
+ 0xeb,0xaf,0x88,0x00,0xca,0x82,0x63,0xd3,0x4a,0x86,0x8d,0x52,0xbf,0x8f,0x22,0x64,
+ 0x4d,0xd9,0xf3,0xc0,0x5b,0xd8,0x91,0xcd,0x92,0xf2,0x63,0x53,0x0c,0x58,0x96,0x02,
+ 0x3c,0x6b,0x21,0x3d,0xdb,0x64,0xed,0xe1,0x77,0x0f,0xf1,0x68,0x6c,0x34,0x03,0x6e,
+ 0x28,0x1e,0x91,0x1d,0x9d,0xc9,0x60,0x35,0x4f,0xd8,0x44,0xcb,0x7b,0x22,0xdc,0x0c,
+ 0xd8,0x1a,0x96,0x20,0x3b,0xa8,0x18,0x40,0x1c,0xcc,0x22,0x5f,0x85,0x7e,0x59,0xa5,
+ 0xcb,0x7b,0xa6,0xdf,0xc7,0xf5,0x13,0x5e,0xa3,0x27,0x81,0xe6,0x3d,0xaa,0x14,0xfb,
+ 0xda,0x1b,0xac,0xc1,0x8e,0xbc,0x50,0x82,0x4d,0x40,0x28,0xb8,0xfd,0xec,0xda,0x49,
+ 0xe8,0x10,0xba,0xe5,0xac,0xc8,0xad,0xc0,0xdc,0xa2,0xe2,0x36,0xfc,0x83,0x2a,0x97,
+ 0x33,0x0a,0x12,0x14,0xfa,0x0a,0xed,0x15,0xcd,0x10,0xc0,0x49,0xef,0xb6,0x5c,0xe8,
+ 0x55,0xc0,0x60,0xf0,0x5b,0xef,0xb3,0x17,0xb8,0x06,0x58,0x43,0xc4,0xeb,0x5a,0x03,
+ 0x71,0xfc,0x6f,0x20,0x9f,0x6f,0xfb,0x94,0x8c,0x88,0x1f,0x2f,0x20,0x91,0xca,0xf0,
+ 0xf5,0x9f,0x60,0xb7,0x2c,0x5f,0x67,0x27,0x1b,0xae,0x96,0xb9,0x13,0xfd,0x21,0xfa,
+ 0x1d,0xfa,0x97,0x5d,0x5e,0xcd,0x62,0xb0,0xd5,0x08,0x73,0xb6,0x86,0xd2,0x9c,0x88,
+ 0x0d,0x36,0xed,0xca,0xd3,0x3e,0xc3,0xe2,0x21,0x6c,0x9c,0xfc,0xfb,0x4f,0x98,0x4c,
+ 0x23,0xfd,0xe8,0x15,0xe2,0x80,0xa8,0x02,0x42,0x86,0x08,0xbe,0xd3,0x73,0x9a,0xf9,
+ 0x20,0x0d,0xe1,0xf8,0x5e,0xde,0xe2,0x83,0x4c,0x04,0x94,0x2c,0x06,0x8a,0xac,0xd2),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0xbb,0x29,0x4b,0x95,0xd9,0x13,0x00,0x5b,0x11,0x09,0x87,0xcd,0xe4,0x58,0x87,0x48,
+ 0x4a,0xe6,0xdf,0x79,0x48,0x73,0xdf,0xc5,0xc4,0x1f,0xb7,0xe8,0x99,0x2c,0x2f,0xdc,
+ 0xe7,0x06,0x99,0xfc,0xac,0x80,0x04,0x69,0x99,0x61,0xb3,0xad,0x1e,0x1f,0xce,0x9e,
+ 0xc8,0xea,0x56,0x85,0xcc,0xec,0x5e,0x80,0xe4,0xd0,0x79,0x25,0x59,0x81,0x6f,0x68,
+ 0x61,0x34,0x34,0xbf,0xac,0xa8,0x1a,0x84,0x3a,0xac,0x45,0x9a,0x6f,0xe3,0x5f,0x53,
+ 0x69,0xc4,0x8e,0x91,0x91,0xe4,0xa3,0x2c,0x70,0x78,0x95,0x94,0xc5,0x15,0x2d,0xb8,
+ 0xd4,0xbb,0x02,0x26,0x00,0x12,0xa8,0x73,0x9c,0xf3,0x25,0xdd,0xff,0x2a,0xa4,0x2f,
+ 0xd6,0x7b,0x6e,0xe5,0xbf,0xe3,0x15,0x91,0x13,0x1f,0xf2,0x7d,0x02,0x73,0xd2,0x92),
+ .s = chunk_from_chars(
+ 0x32,0x63,0x7c,0x60,0x79,0x8b,0x45,0x0b,0xff,0x10,0x0b,0xff,0x12,0x83,0x83,0x57,
+ 0xde,0xff,0x28,0x1d,0x5b,0x31,0xe4,0xf4,0xc2,0xcf,0xc9,0x6e,0xb7,0x79,0xce,0x6d,
+ 0x31,0xb1,0xce,0x8b,0xd7,0xaa,0x7f,0xa8,0x8d,0xdc,0x42,0x79,0xc8,0xc3,0x28,0x06,
+ 0x04,0xb0,0x18,0xcc,0xf4,0x52,0x00,0x4a,0x14,0x88,0xed,0x47,0x50,0x18,0x1c,0x50,
+ 0x25,0x63,0x65,0x11,0xac,0x67,0x24,0xfe,0x51,0x76,0x1c,0x27,0xd7,0xcf,0x9a,0x0c,
+ 0x87,0x82,0xea,0x22,0x31,0x26,0x88,0x53,0xc4,0xb1,0xf7,0xac,0xb0,0x00,0x5e,0x56,
+ 0x87,0xc8,0xf3,0xdf,0x16,0xc9,0x62,0xf0,0x2c,0xe5,0x6b,0x23,0xd3,0x87,0xa2,0xba,
+ 0xad,0xc8,0xbe,0xc9,0x42,0x29,0xc3,0x55,0x75,0x26,0xe6,0x17,0x07,0xa8,0xb5,0x92,
+ 0x93,0xa9,0x76,0xe3,0x2c,0x7f,0xa1,0x33,0x28,0x50,0x88,0xf3,0xce,0x3e,0x67,0x77,
+ 0x88,0xaa,0xa9,0x47,0xe7,0x62,0x2c,0x75,0x7e,0x84,0x4b,0x11,0x75,0x92,0xbe,0x99,
+ 0xfe,0x45,0x37,0x6f,0x8b,0x30,0x13,0xe8,0x77,0x2e,0xc9,0x2c,0x5b,0xb0,0xb9,0xfa,
+ 0x30,0x1b,0x95,0x54,0x45,0x99,0x69,0x0a,0xd9,0x36,0x68,0xd8,0x3b,0x2d,0xaa,0x7d,
+ 0xf0,0x5c,0x66,0x21,0x4e,0x27,0x50,0x14,0x78,0x0a,0x91,0x2d,0x8b,0x19,0x32,0xd7,
+ 0xa6,0x55,0x05,0x8e,0x74,0x3f,0x50,0xb0,0x74,0xb1,0xd9,0x69,0x1c,0xa2,0x3a,0x2f,
+ 0x95,0xf6,0xaf,0xfb,0xd5,0x16,0xd6,0x4c,0xcb,0x2a,0xa4,0x3c,0x23,0x6e,0xb9,0x5d,
+ 0x36,0xd2,0x72,0x54,0x5e,0x3b,0xeb,0x8f,0xf5,0xaa,0xcd,0x95,0xb3,0x0f,0x7f,0x1d,
+ 0x64,0x18,0xaf,0x04,0x2c,0xd9,0xa0,0xcf,0x01,0x89,0x84,0x62,0x62,0x32,0x2a,0x18,
+ 0x87,0x5a,0xe4,0xc3,0xe6,0x8e,0x4e,0x8f,0xfa,0xa0,0x27,0x6c,0xdd,0x99,0xa0,0x04,
+ 0x7c,0x86,0xc0,0xf7,0x1d,0x2d,0xee,0xfd,0x50,0x64,0x2d,0x29,0xc1,0x95,0xe6,0xd1,
+ 0x4f,0xb4,0x6f,0xba,0xc3,0x3a,0x50,0x8c,0x1f,0x03,0xa2,0x32,0xde,0x08,0xaa,0xe0,
+ 0x9f,0xaf,0x1d,0xa8,0xed,0x2b,0xa2,0xae,0x84,0xbc,0xca,0x88,0xb7,0x8d,0xcc,0xbd,
+ 0xe9,0xaf,0xde,0x08,0xa3,0xbe,0xb3,0x22,0xdc,0x79,0x35,0x6b,0x29,0xc8,0x48,0x41,
+ 0x69,0x89,0x14,0xb0,0x50,0xbe,0xb7,0x5a,0x7b,0x2f,0x67,0x01,0xaa,0x81,0x01,0xa5,
+ 0xa4,0x95,0x5e,0xe2,0x7b,0xaf,0xe8,0x1b,0x21,0xd0,0x3b,0x43,0xe3,0xc7,0x73,0x98),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0xf9,0x46,0xc6,0xbd,0x5e,0x1d,0x6b,0x89,0x09,0x2f,0x3c,0x48,0x7c,0x05,0x68,0xfa,
+ 0x07,0xc3,0x56,0xfa,0xe9,0xb8,0xe8,0x31,0xb8,0x32,0x02,0x89,0x03,0x97,0x46,0xa4,
+ 0x35,0xb1,0x22,0xcf,0xbc,0x4a,0x0d,0x31,0x6b,0xf9,0x0d,0x48,0x1d,0x3b,0x7d,0x97,
+ 0x9c,0xc5,0x0d,0x98,0xc1,0x19,0x0a,0xf8,0xdc,0x58,0xe0,0x03,0x55,0x57,0xdd,0x5e,
+ 0x94,0xf4,0x37,0xf4,0x1f,0xab,0x51,0x32,0x02,0x64,0x3a,0x77,0x74,0x8f,0x76,0xc6,
+ 0xb7,0x73,0x02,0xbf,0x40,0xc3,0x92,0xcd,0x18,0x73,0x1d,0xa0,0x82,0xc9,0x9b,0xde,
+ 0xde,0xb7,0x0e,0x15,0xcd,0x68,0xbf,0xf5,0x96,0x19,0xca,0xbc,0xc9,0x2a,0xdc,0xf1,
+ 0x22,0x75,0x3c,0x55,0xaf,0xde,0x08,0x17,0x35,0x2b,0xc2,0x47,0xd1,0x17,0x0b,0x8d),
+ .s = chunk_from_chars(
+ 0x50,0x70,0x6b,0xa4,0x9d,0x9a,0x31,0x66,0x88,0xa3,0xee,0x80,0xa0,0xbd,0x98,0x67,
+ 0x57,0xd4,0x3e,0xc8,0x32,0x85,0xaf,0x9e,0x78,0x19,0x6b,0xd5,0x2c,0x90,0x0d,0x40,
+ 0xb2,0x80,0xfa,0x0d,0xe5,0x4e,0x35,0xac,0xe7,0xd6,0x66,0x00,0x12,0xf1,0xa6,0x62,
+ 0x04,0x09,0x2f,0x0e,0x63,0x4b,0x97,0xe0,0xe5,0x16,0x65,0xb4,0x07,0x5e,0x36,0xf1,
+ 0x42,0x22,0x66,0xc7,0xca,0xd7,0xb2,0xd9,0x98,0x1b,0x91,0x3d,0xf3,0xfa,0x3e,0x6a,
+ 0x5a,0x1c,0xad,0xfc,0x63,0x78,0xa8,0x54,0x0e,0x0f,0xaa,0x26,0xf1,0xcc,0x6f,0xb2,
+ 0xfb,0x49,0x2a,0x80,0xd0,0xa6,0x94,0x5b,0xce,0x5b,0xbc,0x23,0xdd,0xb3,0xb1,0x07,
+ 0x01,0xf0,0x24,0x9b,0x27,0x40,0x7a,0x67,0x00,0x80,0x2e,0x88,0x42,0xef,0x3c,0xc7,
+ 0x61,0xc4,0x82,0x3a,0xcb,0x5d,0x14,0x53,0x50,0x8d,0xcd,0xbb,0x97,0x9e,0x7b,0xd8,
+ 0xd0,0x01,0x28,0xe6,0x0a,0x9b,0x37,0x89,0x16,0x7c,0x91,0x41,0x7d,0x93,0xf0,0xe9,
+ 0xfb,0xb0,0x0c,0x9a,0xf1,0x49,0x8e,0x09,0xeb,0x64,0x85,0xeb,0x94,0xce,0xa4,0x88,
+ 0x3f,0x6a,0x25,0x6e,0xab,0x2c,0xaa,0x82,0x6d,0xe4,0xfd,0xac,0x01,0xba,0xca,0x3a,
+ 0x21,0x6e,0x3d,0x20,0x4a,0x3d,0x83,0x7f,0xfd,0x4d,0x0b,0xe2,0xb2,0xce,0xf7,0x11,
+ 0x90,0x90,0x54,0xc4,0xda,0x1d,0x5b,0x93,0xa8,0xf9,0x84,0x51,0xc7,0x00,0x2a,0xe8,
+ 0x4a,0x5e,0x70,0x80,0xd9,0x86,0x71,0xc5,0x0e,0x3c,0x91,0xc4,0x08,0x7d,0x04,0x77,
+ 0xb1,0x04,0xf9,0x16,0x01,0x0e,0x74,0x2f,0x2d,0x20,0x7f,0xb4,0x0d,0x12,0x2d,0x8f,
+ 0x21,0x1a,0xf6,0xd7,0xc5,0xec,0xa4,0x95,0x42,0xd9,0xac,0xb0,0xf1,0x66,0xe3,0x6a,
+ 0xbc,0x37,0x15,0x50,0x70,0xc1,0x2e,0x9f,0x28,0xb9,0x07,0xd6,0x7a,0x2c,0xa7,0x0b,
+ 0xfc,0xe5,0x54,0xe1,0xc4,0x4c,0x91,0x52,0x0e,0x98,0xfc,0x9a,0xd0,0xc0,0xee,0x47,
+ 0x7f,0x75,0x05,0x16,0x47,0x6a,0x94,0x16,0x80,0x66,0xce,0x47,0x00,0x00,0x30,0xa9,
+ 0x9c,0x23,0xe2,0xc3,0x87,0x55,0xde,0x94,0x6d,0x5e,0xdf,0x0d,0x6a,0xa9,0x42,0x12,
+ 0xf9,0x92,0x31,0x5b,0x24,0x8c,0x1f,0x82,0x72,0x3b,0x29,0xc4,0x22,0x16,0xc7,0x8c,
+ 0xdc,0xb6,0x68,0xf1,0x12,0x78,0x26,0x1c,0xee,0x92,0x52,0xc8,0xfd,0x0e,0xd3,0x7d,
+ 0x0a,0x85,0x80,0xca,0x9b,0x9f,0xde,0x75,0x05,0x61,0x59,0x43,0x71,0x2d,0xa1,0x9a),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x9a,0x33,0x7d,0x4c,0x0b,0xb9,0xa0,0x05,0xb4,0x7f,0x47,0x65,0xd6,0x96,0xd1,0x9d,
+ 0xec,0x58,0xbc,0x84,0x82,0xf2,0x17,0x3a,0x4a,0x20,0x3a,0x0b,0x6d,0x38,0xb4,0x96,
+ 0x1f,0x6a,0x85,0x2e,0x76,0x46,0x8e,0x80,0x7c,0x7e,0x45,0x76,0x83,0xee,0xad,0x5c,
+ 0xb8,0xd9,0x86,0x42,0xfb,0x76,0xc0,0xa1,0xee,0xab,0x36,0x41,0x4c,0x18,0x99,0x59,
+ 0x7d,0x57,0xaa,0xf9,0x67,0x82,0xad,0xa5,0x86,0xf6,0x1a,0x42,0x3f,0x57,0x95,0x37,
+ 0x71,0xd5,0x20,0xcc,0x4e,0xad,0x90,0xd5,0x69,0xf2,0x3d,0x95,0x0f,0x8d,0xfe,0xdd,
+ 0xdb,0x83,0x55,0x74,0x85,0x76,0xe6,0xbb,0xfb,0x6f,0x2e,0x91,0xb3,0xda,0x71,0x75,
+ 0x3f,0xd2,0xf4,0xea,0x22,0x9f,0x6d,0x20,0xe2,0x7d,0xb8,0xd0,0x5e,0x9f,0xcb,0x68),
+ .s = chunk_from_chars(
+ 0xcf,0xf7,0xaa,0x7f,0x87,0x56,0x42,0xfb,0x93,0x43,0xe0,0x7e,0xf5,0xe7,0x30,0x3b,
+ 0xbf,0x5f,0x06,0x9b,0x44,0xc1,0x9f,0xbf,0x83,0xe5,0x9d,0x42,0x2e,0x25,0x26,0x7e,
+ 0xf9,0x30,0x74,0x14,0xb6,0xb1,0xef,0x61,0x71,0x1e,0xd0,0x01,0x32,0x76,0xd1,0xa2,
+ 0xad,0x98,0x39,0x04,0x74,0x02,0x7a,0x0a,0x70,0x3b,0xfe,0x8a,0x6e,0x87,0x70,0x60,
+ 0x59,0xd8,0x9c,0x06,0x09,0x80,0xc9,0xc9,0xe6,0x0d,0xc7,0xe1,0xfb,0x9f,0x77,0x7a,
+ 0x41,0x78,0x5a,0xb4,0xd2,0xb6,0x63,0xba,0x0e,0x3c,0x19,0x21,0x54,0x5c,0x47,0x9c,
+ 0x2a,0x38,0x3a,0x50,0xda,0x8e,0x48,0x9c,0xb2,0x2b,0x71,0x10,0x1d,0x0e,0xc1,0x48,
+ 0xac,0x70,0x92,0x87,0x32,0xa7,0x72,0x19,0x5a,0x14,0x0d,0x08,0x01,0x52,0x76,0x2a,
+ 0x9c,0x40,0x80,0x3a,0x39,0xfa,0x2a,0x69,0x78,0xc2,0xa7,0x5a,0xc4,0xd8,0xbd,0x1b,
+ 0xcc,0xaa,0x1f,0x42,0x04,0xba,0x65,0xed,0xdd,0xf3,0x2f,0xed,0xf2,0xd9,0xd0,0xa3,
+ 0xae,0xd9,0xb0,0x6c,0x47,0xe7,0x17,0x73,0x3c,0x57,0x78,0x12,0xd7,0x23,0xdb,0xa7,
+ 0x4a,0x85,0x2b,0x29,0x05,0x23,0x5c,0x81,0x2d,0xc5,0xf1,0xd0,0xdf,0x0f,0x0d,0xe7,
+ 0x3d,0xfb,0x86,0x22,0x1c,0x6f,0xfd,0xd1,0xed,0xa1,0x19,0xbb,0xe9,0x8d,0x14,0x8a,
+ 0xdd,0x36,0xa4,0xfe,0x50,0x48,0x9b,0x06,0xaa,0xee,0xfc,0xb5,0xc2,0x06,0x6d,0x90,
+ 0xfa,0x79,0x73,0x87,0x06,0xcd,0x18,0xe4,0x74,0xd6,0x96,0x09,0xff,0x12,0x10,0xc7,
+ 0x7d,0xe7,0xcd,0x23,0xba,0x2a,0x77,0x5a,0x43,0x29,0xcb,0x27,0x1a,0x82,0x6d,0x60,
+ 0x2c,0x40,0x1a,0x71,0x43,0x90,0x19,0xce,0xc1,0x0c,0xd9,0xf1,0x84,0xc4,0xd0,0x45,
+ 0x84,0x21,0x18,0x27,0xb1,0x9e,0xad,0xac,0x32,0x58,0xd8,0xa0,0xf2,0x63,0x16,0x13,
+ 0xf0,0x51,0xaa,0xe0,0xc6,0x13,0x05,0x0c,0xb2,0x44,0x42,0xf1,0x5e,0xd4,0xfe,0x0d,
+ 0xbd,0x29,0x0e,0x42,0x62,0x91,0x41,0xbd,0x2c,0xd5,0x6d,0x20,0x58,0x4a,0x1d,0x10,
+ 0xe1,0xf2,0xc2,0xa9,0xec,0x73,0x14,0x33,0xd5,0xbc,0xd1,0xd3,0x18,0xbe,0xd5,0x24,
+ 0x3b,0x4b,0x7d,0x0f,0x9a,0x79,0x82,0x06,0x1c,0x55,0xdf,0xaa,0x86,0xb2,0xc0,0x18,
+ 0x45,0xc0,0x21,0xfd,0xd2,0xa9,0x78,0xd4,0x20,0x34,0x21,0x2f,0x43,0xb3,0x35,0x1b,
+ 0x6a,0xde,0xb0,0x3b,0xdd,0x6c,0xaf,0x7d,0xe0,0x59,0x50,0x2f,0x16,0xd7,0x73,0x48),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x32,0xfd,0x45,0xe7,0x3f,0x6f,0x69,0x49,0xf2,0x0c,0xab,0x78,0xc0,0xcc,0x31,0xd8,
+ 0x14,0xba,0xea,0x63,0x89,0x54,0x6a,0x36,0x5d,0x35,0xf5,0x4f,0x23,0xf1,0xd9,0x95,
+ 0xb7,0x41,0x01,0x18,0x77,0x60,0xc8,0x9b,0xb0,0xb4,0x0b,0x50,0x57,0xb1,0x82,0xe2,
+ 0xfa,0xfb,0x50,0xb8,0xf5,0xca,0xd8,0x79,0xe9,0x93,0xd3,0xcb,0x6a,0xe5,0x9f,0x61,
+ 0xf8,0x91,0xda,0x34,0x31,0x0d,0x30,0x10,0x44,0x1a,0x71,0x53,0xa9,0xa5,0xe7,0xf2,
+ 0x10,0xeb,0xe6,0xbc,0x97,0xe1,0xa4,0xe3,0x3f,0xd3,0x4b,0xb8,0xa1,0x4b,0x4d,0xb6,
+ 0xdd,0x34,0xf8,0xc2,0xd4,0x3f,0x4a,0xb1,0x97,0x86,0x06,0x0b,0x1e,0x70,0x07,0x0e,
+ 0x3e,0xd4,0xd5,0xf6,0xd5,0x61,0x76,0x7c,0x48,0x3d,0x87,0x9d,0x2f,0xec,0x8b,0x9c),
+ .s = chunk_from_chars(
+ 0xc3,0x89,0x61,0x37,0x17,0xec,0x74,0x76,0xec,0xda,0x21,0x44,0xd0,0xe8,0xc8,0xf9,
+ 0xd6,0x6f,0xb4,0x69,0xc1,0x67,0xc4,0x20,0x9e,0xc0,0xbd,0xee,0xbf,0xb4,0x71,0x66,
+ 0x5d,0x33,0xda,0xd4,0x7b,0x8f,0x3c,0x31,0x9a,0x76,0xfe,0x8a,0x8a,0x9f,0x66,0x2b,
+ 0x6c,0x69,0x0b,0x74,0x90,0x3d,0x17,0xf6,0x1e,0x23,0x14,0xe5,0xea,0x8d,0x26,0x67,
+ 0x0e,0xe4,0xdb,0x4d,0xad,0x29,0x5b,0x27,0x7c,0xa0,0x8a,0xde,0x88,0x0d,0xe2,0xe4,
+ 0x2d,0x12,0xb9,0x29,0x52,0x76,0x4c,0x1d,0xc8,0x08,0xc2,0x66,0xdb,0xbe,0xdb,0x67,
+ 0x01,0x58,0xee,0xf3,0x6e,0x89,0x6f,0x55,0xa2,0x03,0xfb,0x99,0x55,0x6d,0xed,0x05,
+ 0x97,0x41,0x0b,0xa3,0x74,0x86,0xb1,0xd8,0x41,0xf3,0xd6,0xd5,0xc0,0xb3,0x9f,0x2f,
+ 0x49,0xf0,0xc5,0x79,0x48,0x24,0xfb,0xa9,0x4a,0x8e,0xc7,0xc2,0xb2,0xc9,0x1e,0xad,
+ 0xd5,0xc8,0xcb,0xe4,0x48,0x95,0xfe,0x3b,0xe3,0xbc,0x17,0x27,0xd6,0xfc,0x0e,0x53,
+ 0x64,0xf5,0x35,0x78,0x63,0x9d,0x3b,0x3a,0xf6,0x96,0xb7,0x50,0xa0,0x78,0x53,0x69,
+ 0x4f,0xfe,0x14,0x5a,0x28,0xc0,0x36,0x20,0xc7,0x8d,0xd7,0x37,0x7d,0x09,0x4d,0x92,
+ 0xc3,0xe0,0x95,0x46,0x88,0x3d,0x47,0x03,0xe6,0x2a,0x98,0xdd,0xf8,0x1f,0xd0,0x1f,
+ 0xcd,0xf3,0xc4,0xb2,0x15,0x22,0x4f,0xe2,0xb1,0xb4,0x99,0x2a,0xbf,0x31,0xf2,0x0d,
+ 0x12,0xaf,0xa8,0x68,0x20,0x23,0x90,0xde,0x33,0x4a,0x84,0x6b,0x2d,0x58,0xb2,0x53,
+ 0xea,0x8a,0xb3,0xc5,0x26,0x5d,0x84,0x77,0x3a,0x65,0x9e,0x8b,0xac,0x7a,0xf4,0x41,
+ 0x23,0xd9,0xea,0x15,0x06,0x2e,0x65,0xd4,0xd4,0x19,0xcf,0x2d,0x97,0x07,0x7d,0x06,
+ 0x24,0xf8,0xe5,0xc3,0x6f,0x2c,0x7b,0x35,0xcc,0xf9,0x54,0x35,0xd5,0xc3,0x68,0x86,
+ 0xff,0x91,0x05,0xa6,0xc1,0xea,0x22,0x5e,0x15,0xea,0x8c,0xbc,0x7b,0x6b,0xf6,0x85,
+ 0x61,0x51,0xcd,0x76,0xfb,0xb7,0x5b,0x5b,0x98,0xf0,0xe3,0xdb,0x51,0x6a,0x8e,0x21,
+ 0x81,0x89,0xfc,0xb1,0xcd,0x5d,0xe3,0xca,0xfe,0xaa,0x33,0xef,0x13,0x5c,0x5d,0x8b,
+ 0x8a,0xa5,0xf8,0x81,0xaf,0xaa,0xca,0xf4,0xc0,0x8b,0xd7,0x28,0x12,0x55,0xbc,0x2a,
+ 0x33,0xb7,0x6d,0x4a,0x36,0xe0,0xb1,0x70,0xc4,0x55,0x88,0x23,0x9e,0x5b,0x38,0xc6,
+ 0x79,0xb0,0x8c,0xf8,0x02,0xaf,0x73,0xb6,0xd7,0x9b,0x39,0x35,0x94,0x94,0x61,0xe7),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0xab,0x66,0xcc,0x48,0x7e,0xc9,0x51,0xf2,0x11,0x9d,0x6e,0x0f,0xa1,0x7a,0x6d,0x8f,
+ 0xeb,0x7d,0x07,0x14,0x9b,0xec,0x7d,0xb2,0x07,0x18,0xe4,0xf3,0x1d,0x88,0xc0,0x1f,
+ 0x9a,0x53,0xd5,0xba,0x7e,0xce,0x3a,0x4d,0xbc,0x67,0xaf,0x6a,0x35,0xd1,0x30,0xea,
+ 0xe7,0x62,0xcb,0x79,0x62,0xb9,0xae,0x55,0x7c,0xa3,0x84,0x52,0x46,0x40,0x02,0x22,
+ 0x3f,0x61,0xbc,0xd3,0xc7,0x35,0x3e,0x99,0xd6,0x25,0x58,0xce,0xed,0xfc,0xb9,0x37,
+ 0x4d,0x4b,0xbf,0x89,0x68,0x0c,0x8e,0x2b,0x95,0x85,0x60,0x3e,0x07,0x6f,0x1c,0xdb,
+ 0x00,0x58,0x29,0x9b,0x42,0x46,0x84,0x5d,0xc7,0x9d,0x10,0x43,0xb1,0x42,0x2e,0xfe,
+ 0x84,0x01,0x8e,0x4c,0x93,0x2c,0x45,0xbe,0xb8,0x85,0x1f,0xbf,0x48,0x5e,0x36,0xd2),
+ .s = chunk_from_chars(
+ 0xb5,0x13,0x31,0x55,0x2b,0x08,0xbe,0x35,0xa1,0x69,0x8a,0xa6,0x20,0x3d,0x84,0xdb,
+ 0xff,0xf9,0x00,0x1e,0xd5,0xdd,0x77,0x6f,0x2b,0xe4,0xdd,0xfc,0x07,0xdd,0x46,0x20,
+ 0xe9,0x65,0x4e,0x82,0xa3,0x34,0x65,0xbd,0x20,0xf1,0x18,0x63,0xc0,0xed,0x02,0xa0,
+ 0xae,0xa2,0x7a,0x44,0xd4,0x14,0xc3,0x28,0xa9,0x38,0xbf,0x87,0x7e,0x15,0x83,0x8a,
+ 0xb9,0x9d,0x67,0x0d,0x01,0x41,0x42,0x62,0xe8,0x86,0x5d,0xc1,0xd9,0xfc,0x30,0xfd,
+ 0x08,0x12,0x69,0x9f,0xa6,0x90,0xc3,0x4f,0x30,0x2f,0x63,0x7e,0xc8,0x02,0xcd,0x40,
+ 0xac,0x85,0x91,0xe9,0x76,0xc0,0xb8,0xbc,0xcb,0x1b,0x01,0x37,0xaf,0x64,0xa2,0x87,
+ 0x02,0x10,0xe8,0xfa,0x3d,0xc4,0x31,0xfe,0x09,0x56,0xb8,0xad,0xdf,0xf1,0xe4,0xb1,
+ 0x8c,0xf0,0x7e,0x07,0x8a,0xa9,0x3a,0xf8,0x1b,0xb3,0x02,0x3c,0x9e,0x59,0x4e,0x66,
+ 0x59,0x5f,0xd9,0x2b,0x10,0x22,0x6e,0xa1,0x26,0x00,0x5f,0x47,0x24,0x42,0x73,0x52,
+ 0xc3,0x8e,0x9e,0x85,0xfc,0x2e,0x07,0x23,0xf8,0x0a,0xf1,0xf6,0x15,0x99,0x55,0x0b,
+ 0x5e,0xf5,0x4c,0x5b,0x38,0xca,0x40,0x57,0x38,0x01,0x7b,0x89,0xcb,0x94,0x68,0xd9,
+ 0x74,0x1c,0xd6,0xbd,0xf7,0x11,0x21,0x62,0x25,0x1b,0xa1,0xd0,0x83,0xcc,0x37,0x0a,
+ 0x4a,0x82,0x61,0xc3,0x9b,0x6b,0x94,0xbf,0x21,0xa5,0x3b,0x75,0x64,0x53,0x1a,0xe9,
+ 0xeb,0xc4,0xcc,0xea,0x7e,0xbb,0x8b,0xd3,0x14,0xb2,0xe1,0x3b,0x58,0xed,0x10,0x18,
+ 0xae,0x5b,0x41,0x5e,0x0f,0x9e,0x3e,0x19,0xa5,0xea,0xd3,0xa4,0x46,0x03,0xf9,0x06,
+ 0x74,0xa1,0x90,0xfe,0xbd,0xe2,0x5f,0x8a,0xd8,0x77,0x8a,0xee,0xad,0x4d,0x0f,0x64,
+ 0xfb,0xae,0x37,0x16,0x6a,0x54,0xe3,0xa7,0x63,0xe3,0x55,0x59,0xbf,0x8c,0x3f,0x17,
+ 0x3f,0x19,0xff,0x7b,0xab,0x98,0xf3,0xef,0x80,0x3d,0xd5,0x6c,0x07,0x62,0x83,0x99,
+ 0xaf,0xf8,0x74,0x85,0xee,0x73,0xdb,0xc3,0xdb,0x34,0xec,0xc7,0xbf,0xf3,0xa5,0x32,
+ 0x26,0xcf,0x87,0xbc,0x81,0xd2,0x56,0xe8,0x0c,0x09,0x52,0x0c,0x8f,0x38,0xe9,0xbc,
+ 0xda,0x09,0x5e,0x36,0x35,0x12,0x8e,0x1b,0xed,0xd9,0x97,0x06,0x00,0x54,0x6a,0x75,
+ 0x1e,0xb1,0x1d,0xab,0x42,0xe2,0x89,0xd6,0xfd,0xfe,0xa0,0x4b,0xd5,0x8d,0x45,0x71,
+ 0xa7,0x9d,0x24,0xbc,0xe4,0x50,0x8c,0x54,0xe1,0xec,0x4c,0xf7,0x5b,0x98,0x5f,0xd3),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0xfe,0xf7,0xfe,0x89,0xb9,0xa5,0x99,0x02,0xa7,0x0a,0x1d,0x9c,0xaa,0xd0,0x9c,0xed,
+ 0x8b,0xee,0x41,0x45,0xed,0xcb,0xe3,0xef,0x7f,0xa6,0xda,0xb3,0x76,0x35,0x12,0x9f,
+ 0x3b,0x8c,0x5e,0x08,0x60,0x41,0x0e,0xcb,0xd9,0xce,0xc3,0xd8,0x69,0x36,0x82,0xf2,
+ 0x5a,0xec,0x08,0xb0,0x71,0xf0,0x5d,0xc8,0x21,0x3b,0xac,0x8c,0xff,0x5d,0x52,0xb5,
+ 0x76,0x65,0x35,0x60,0xbc,0x01,0x57,0x56,0x04,0xe6,0xab,0x90,0xf6,0x72,0x27,0xfb,
+ 0x5c,0x90,0x1a,0x78,0x1e,0xdd,0xc0,0x27,0x70,0x09,0x13,0xe5,0x4a,0x7f,0xe5,0x13,
+ 0x18,0x48,0x2c,0x9a,0xb4,0x2c,0x9d,0x2b,0x91,0x1b,0x7c,0xcc,0x39,0xcc,0xb2,0x90,
+ 0xf9,0xa4,0x20,0xa5,0xda,0xd9,0x33,0x94,0xd4,0xd7,0xb8,0xc5,0x3f,0xe3,0xf2,0x42),
+ .s = chunk_from_chars(
+ 0x45,0x06,0x8c,0xa6,0xd8,0x2f,0x2c,0x12,0x39,0x25,0xcd,0xe1,0x19,0x71,0x21,0x5d,
+ 0x8f,0xa4,0xa4,0xdf,0x68,0x48,0xbb,0x76,0x54,0x86,0x87,0x00,0x97,0x87,0x64,0x85,
+ 0x46,0x38,0x92,0x1b,0xea,0x58,0x69,0x28,0x0d,0xc6,0xad,0x95,0x81,0xab,0x43,0xff,
+ 0x70,0x12,0x96,0x99,0x48,0xa5,0x67,0x7f,0xa0,0xa6,0x61,0x36,0xa3,0x16,0xa4,0xbf,
+ 0xec,0xb8,0x9a,0xdf,0x41,0x31,0xb5,0xbe,0xdf,0x3d,0x46,0x93,0xb7,0x80,0xd1,0x33,
+ 0xaf,0x9b,0xf9,0xc1,0x33,0x30,0x5b,0xe7,0x83,0x74,0xaf,0xda,0x3b,0xa3,0x85,0x42,
+ 0x03,0x32,0x44,0x81,0xa9,0xd1,0x0b,0x9c,0xa9,0xb9,0x2d,0xc7,0xd7,0x4d,0xf5,0x31,
+ 0x87,0x2d,0xdf,0xc7,0x6c,0xaa,0x82,0xde,0x02,0x0e,0x2c,0x41,0x56,0x43,0xcb,0xcc,
+ 0x42,0x80,0xe6,0xd2,0xf4,0x37,0x1f,0xda,0x7d,0x92,0x49,0x31,0x4a,0x8f,0x43,0x76,
+ 0x48,0x99,0x1a,0x9b,0x03,0xd7,0x1b,0x58,0x39,0xad,0x38,0xa1,0x55,0x5a,0xd3,0x45,
+ 0x26,0x99,0x4b,0xa5,0x68,0x70,0xb6,0xea,0x18,0x01,0x12,0x95,0xf2,0xca,0x2b,0x07,
+ 0x13,0xb2,0xe9,0x2a,0xd7,0x76,0x80,0xc0,0xdc,0x5b,0xed,0x8d,0x3b,0x9b,0x31,0xac,
+ 0x14,0xdf,0x76,0x99,0x49,0xc4,0xa4,0x3e,0xa6,0x7f,0x6d,0xee,0xb3,0xdc,0x9e,0xd5,
+ 0x89,0xea,0x4e,0x8a,0x2c,0xf6,0x69,0x5d,0xf4,0x6f,0x94,0x6f,0x14,0x67,0xb2,0x8e,
+ 0x87,0x54,0x77,0xae,0x4e,0x64,0x50,0x80,0xfa,0xfd,0xa6,0xdd,0x55,0x1d,0x2c,0x02,
+ 0xfd,0x6b,0x2b,0x19,0x4f,0xc0,0xbd,0xb0,0x50,0xe0,0x6d,0x4c,0x78,0x41,0x05,0xf5,
+ 0xa3,0x3b,0x53,0xe7,0x30,0x98,0x05,0x59,0x63,0x07,0x1e,0xfc,0x1b,0xf3,0x97,0xfd,
+ 0x32,0x5f,0x3a,0x6f,0x4e,0x10,0xd7,0x6f,0x04,0x11,0xa0,0x01,0xe6,0x2e,0xc7,0x37,
+ 0x29,0x01,0x83,0x16,0xf5,0x63,0x10,0xf8,0x93,0xa5,0x93,0x63,0xd1,0xf6,0xfe,0x5c,
+ 0x17,0x44,0x4b,0x6c,0x72,0x8a,0x49,0x33,0xb7,0x52,0x12,0xfd,0xfa,0x25,0x8e,0x40,
+ 0x18,0xb7,0x76,0x39,0x51,0xab,0x4e,0x50,0x96,0x41,0x1d,0xf9,0xe5,0xbc,0x16,0xdf,
+ 0x38,0x96,0xe4,0x6c,0x97,0x3d,0x32,0xac,0x92,0x76,0xa4,0xe2,0xb5,0xb8,0x0e,0x3d,
+ 0x8d,0x79,0x8d,0xc0,0x47,0x0b,0x45,0x09,0x6b,0x4d,0x73,0x86,0x69,0xce,0x05,0x2e,
+ 0xd8,0x18,0xe5,0x60,0xaf,0x1e,0x92,0xc9,0x15,0x18,0x7d,0x66,0xcc,0x30,0x8b,0x70),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x82,0xb3,0x84,0x0e,0xeb,0x95,0xc9,0xc5,0x77,0x24,0xc7,0x0f,0x11,0x2b,0x6c,0x2d,
+ 0xc6,0x17,0xc3,0x17,0x85,0xac,0xd0,0xc8,0x23,0xf8,0xbc,0xdd,0xa2,0x85,0x32,0x5e,
+ 0xb3,0xd3,0x08,0xdc,0x79,0x05,0x22,0xbc,0x90,0xdb,0x93,0xd2,0x4e,0xe0,0x06,0x32,
+ 0x49,0xe5,0x5d,0x42,0x19,0xad,0x97,0x14,0x5f,0xea,0xf7,0xf3,0x06,0x68,0x62,0x3c,
+ 0xc8,0x89,0x0a,0x70,0xf4,0xf1,0x49,0x86,0x6f,0x82,0xcf,0x86,0xf9,0x8b,0x00,0x53,
+ 0xb2,0x3c,0x98,0xc8,0xdd,0x5e,0x91,0x07,0xe3,0x41,0x46,0x0e,0x9b,0xf5,0xd8,0x8c,
+ 0xc8,0xbc,0xd1,0xf2,0xe4,0xc0,0x07,0xcc,0x1c,0x02,0xc4,0x52,0x9b,0x93,0x23,0x3a,
+ 0x0b,0x06,0xbd,0xd1,0x59,0x25,0x85,0x4a,0xb9,0xe3,0xf1,0x56,0xeb,0x92,0x5b,0xf5),
+ .s = chunk_from_chars(
+ 0x05,0x93,0xb9,0xfd,0x44,0x21,0x45,0x23,0x76,0xd2,0x7b,0xc7,0xa2,0x80,0x10,0x1c,
+ 0xfd,0x6e,0x88,0xa6,0x72,0x7d,0x7d,0x77,0xcf,0x65,0xce,0xb7,0x23,0xec,0xd2,0x57,
+ 0xf3,0x2f,0xe1,0x02,0x77,0xe8,0x57,0x98,0xe0,0xda,0x75,0x91,0x77,0x36,0xda,0x1a,
+ 0x3b,0xfc,0x22,0xad,0xc7,0x65,0x8f,0xbb,0x84,0xda,0x6e,0xbe,0xa0,0xb0,0x7d,0x1c,
+ 0xc4,0x05,0x73,0x2f,0xb0,0x40,0xb5,0x85,0xc1,0xb6,0x3c,0x80,0x34,0x06,0x9b,0xff,
+ 0xb8,0x22,0x06,0x56,0xf1,0xac,0x54,0xce,0x69,0x37,0x20,0xd6,0xfb,0x1b,0x5a,0xec,
+ 0x67,0xb0,0x3c,0x88,0x7c,0x80,0x77,0xda,0x14,0x8d,0x10,0xf4,0x8a,0xf7,0xc0,0x28,
+ 0xf9,0x92,0xb1,0x8f,0x13,0xc0,0xe5,0x75,0x30,0xc0,0x86,0xd7,0x75,0x48,0x3d,0xa5,
+ 0xf6,0x6f,0x3a,0x6a,0x19,0x18,0x78,0x68,0x34,0x0a,0xc6,0x3c,0x62,0x12,0xbc,0xbd,
+ 0x6c,0xbb,0x7b,0xed,0xa8,0x62,0x0a,0xfd,0x9b,0x66,0xde,0x47,0x47,0x3e,0xf2,0x4d,
+ 0x1b,0x6a,0x36,0xf4,0xec,0xe9,0xad,0xd4,0x95,0x14,0xfd,0xf1,0xd8,0x4c,0x7a,0x78,
+ 0x5b,0x7f,0x0e,0x00,0xf3,0x82,0x23,0x58,0x99,0x79,0x0f,0x47,0x2d,0x13,0xf4,0x85,
+ 0x58,0xa4,0x31,0x47,0x42,0xf3,0x76,0x80,0x8d,0xec,0x96,0xed,0xd2,0xe2,0x29,0xe9,
+ 0x43,0xf7,0xb9,0x83,0xbe,0xa5,0xec,0x6e,0xdf,0xa5,0xe9,0xbb,0x37,0xf5,0x88,0xe5,
+ 0x5e,0xf6,0x2e,0xbc,0x92,0x14,0xbe,0xaf,0x9d,0xa5,0x02,0x43,0x4e,0x10,0x88,0xdf,
+ 0x27,0x2c,0x6c,0x77,0xc1,0xe1,0xd8,0x97,0xc4,0x7b,0xea,0xb7,0x7e,0x3b,0xbe,0x31,
+ 0x7f,0x8d,0x43,0xd2,0x1f,0xd7,0xe9,0x43,0x37,0xc7,0xe2,0x63,0xe2,0x86,0x7b,0xf5,
+ 0x80,0xa2,0xa8,0xec,0xb9,0xe3,0x6a,0xb7,0xd3,0xe1,0xd5,0xcf,0x9a,0x23,0x23,0x09,
+ 0x53,0xd5,0x9d,0xf0,0xd7,0xe2,0x35,0x58,0xfb,0x61,0x2b,0x79,0x18,0xab,0xba,0x31,
+ 0xb1,0x64,0xce,0x17,0x88,0x18,0xa1,0xa9,0xe6,0xb6,0x68,0x7f,0x4d,0xe6,0x85,0xd7,
+ 0x0e,0x16,0xbe,0xf6,0xe1,0x92,0xfa,0xed,0xfe,0x0b,0x2b,0x95,0x47,0x7d,0x37,0xb0,
+ 0xa3,0xa2,0xd0,0x02,0xf3,0x3e,0xf4,0x32,0x1c,0xb9,0x05,0x04,0x0c,0xe0,0x6f,0xda,
+ 0x1c,0x98,0xa0,0x08,0x76,0x7f,0xbc,0x78,0x1a,0x1e,0xaf,0x33,0x75,0xda,0xb8,0x66,
+ 0x4b,0x59,0x03,0x36,0xb9,0x9e,0x15,0x7b,0x86,0x87,0xa6,0x60,0x2f,0xef,0x6a,0x3b),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0xe1,0x53,0xcc,0xa4,0x43,0x1e,0xd9,0x71,0x3f,0x47,0x44,0xba,0x05,0x4f,0x5f,0x19,
+ 0x1c,0xb3,0x7b,0x28,0x01,0x08,0xae,0x3a,0x11,0x4a,0xd3,0x49,0xa8,0x72,0xd1,0x30,
+ 0x8b,0x46,0x21,0x1a,0x83,0x75,0x8a,0x3b,0x4b,0xe3,0x2f,0xbe,0xac,0x42,0xcc,0xfe,
+ 0xe7,0xe2,0x3d,0xf8,0x53,0xca,0x40,0x01,0x47,0x07,0x7b,0xb4,0x3a,0x44,0xc1,0x2f,
+ 0x29,0x9b,0x91,0x7f,0x3a,0xab,0xdf,0x58,0x9e,0xeb,0x17,0x09,0xbb,0x3d,0x60,0xb0,
+ 0x8b,0xc7,0x1e,0xaa,0x3f,0xfe,0xba,0x4e,0x29,0x03,0xa5,0xdb,0xd8,0x33,0x9a,0xae,
+ 0x85,0xfa,0x24,0xb9,0xae,0xe7,0x61,0x30,0x00,0x06,0x05,0x85,0x7a,0x6a,0xa1,0x97,
+ 0xd0,0x09,0x26,0x27,0x0d,0xcd,0xa5,0x8b,0x7d,0xe7,0x58,0xa6,0xca,0x67,0xe6,0x17),
+ .s = chunk_from_chars(
+ 0xa8,0x35,0xcd,0x41,0x46,0xbe,0xf4,0x65,0x64,0x2d,0x49,0x49,0x36,0x26,0x8a,0x31,
+ 0x1a,0x54,0x90,0xd2,0xc9,0xf9,0x16,0x6c,0x6c,0xe9,0x82,0x16,0xa9,0xa2,0x3a,0x64,
+ 0x35,0x97,0x30,0x0a,0x00,0x50,0xe6,0x44,0x5a,0xbd,0x5a,0x9b,0xfc,0x7a,0x2d,0x9b,
+ 0x70,0x72,0x6c,0x82,0x4c,0x38,0x3b,0xf5,0xac,0xad,0xdd,0xdc,0x34,0xd4,0x34,0xa3,
+ 0x1e,0x53,0x14,0xd2,0x5f,0xb5,0x8e,0x25,0x8f,0x51,0x88,0x66,0xc1,0x36,0xe5,0x28,
+ 0x55,0xc1,0x6f,0xe6,0x4f,0xf8,0xf1,0xc4,0xd6,0x6c,0x4e,0x9e,0x39,0xb8,0xcb,0x11,
+ 0x96,0xd8,0x09,0x44,0xd0,0x74,0x6c,0x0a,0x3e,0x17,0x69,0xcd,0x41,0x67,0xdf,0x72,
+ 0xab,0x5e,0x4c,0x9d,0xba,0xe9,0xcb,0x35,0xf4,0x82,0x8e,0x12,0x09,0x9f,0x9b,0x36,
+ 0xa5,0xa7,0x0c,0x48,0xd4,0xae,0xc9,0x87,0x2d,0x7b,0x19,0xe1,0x29,0x1b,0x33,0xcb,
+ 0xdf,0x08,0xa2,0x26,0x3d,0x50,0x0c,0x0a,0x83,0xb5,0x23,0x7e,0xf6,0xce,0x92,0xde,
+ 0x34,0x4b,0x3b,0x41,0xd0,0xd0,0x74,0x04,0xfc,0xd5,0x46,0x7b,0x04,0x6b,0x52,0xb8,
+ 0xf8,0x5f,0xc6,0xb5,0xd7,0xaf,0xc4,0x37,0xf1,0xee,0x9e,0x78,0x39,0x0c,0xa9,0xbb,
+ 0x6c,0xec,0x61,0x88,0x85,0xec,0xe2,0x97,0x58,0xf2,0xfd,0x6f,0x4e,0x5f,0x4f,0x89,
+ 0x69,0x35,0xde,0x5f,0x67,0xcc,0x04,0x05,0x5a,0x4c,0x4c,0x0f,0xba,0x5d,0xef,0x8d,
+ 0x2c,0xaa,0x17,0x93,0x31,0xa8,0x55,0x01,0xed,0x25,0x82,0x2a,0xe7,0x9d,0xa9,0xbc,
+ 0x81,0x5c,0xc3,0x9c,0x6a,0x97,0x92,0x11,0x08,0x3e,0x86,0x83,0x13,0x6c,0x94,0x2e,
+ 0x1e,0x17,0xe9,0xeb,0x8f,0x84,0xaa,0xcf,0x09,0x1a,0xa1,0xe5,0x16,0x65,0xfa,0xe4,
+ 0x46,0xbc,0x48,0xc3,0x04,0xaf,0x65,0x39,0x1f,0x27,0x9a,0xfb,0x98,0xb9,0x2e,0x04,
+ 0xc2,0xb7,0x3d,0x9d,0x94,0xe9,0x91,0x19,0x8f,0xe7,0x78,0x1f,0x0f,0x96,0x96,0xfc,
+ 0xba,0x2c,0x03,0x48,0x5f,0x76,0xe6,0xde,0x30,0xb9,0x53,0x5c,0xf3,0x90,0x3d,0xb2,
+ 0xf3,0xaf,0xa8,0x51,0xa4,0x7b,0xcd,0xe7,0x2d,0x4e,0xd2,0xe8,0xfa,0xbf,0x9b,0xb7,
+ 0xd4,0x69,0x6c,0xb4,0xab,0x8c,0x28,0x9b,0x0c,0x21,0xe1,0xf9,0x79,0xeb,0xc5,0x32,
+ 0xe2,0x80,0xcd,0x90,0x10,0xdf,0x4e,0xe7,0x2f,0x84,0xbb,0x9e,0x82,0x75,0x28,0x28,
+ 0xf1,0x67,0x03,0x0c,0x0f,0xe3,0x48,0xeb,0xc3,0x1e,0xc1,0x7b,0x8f,0x07,0xd9,0x4b),
+ },{
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x9c,0x63,0x89,0x9d,0xfc,0x7b,0xdc,0x0d,0xb3,0x84,0x72,0x72,0x44,0xca,0xf7,0x1e,
+ 0xcf,0xb9,0xb8,0x79,0x2b,0x9f,0x57,0xe9,0x36,0xb3,0xc2,0xf5,0x69,0x55,0x65,0xa9,
+ 0xb0,0x97,0x9f,0x3c,0x78,0xfd,0x73,0xf0,0x09,0x81,0x81,0x3a,0x16,0xda,0x34,0x23,
+ 0x92,0xfe,0x3c,0xee,0xc6,0xe6,0x3f,0xfb,0xa1,0x91,0xcb,0xeb,0x4f,0x4b,0x90,0x05,
+ 0x0d,0x2f,0xcc,0xd8,0x3b,0xeb,0x06,0x22,0xb2,0xc3,0xff,0xf1,0x59,0xd9,0xe6,0x08,
+ 0xf3,0xab,0xcb,0x84,0x3b,0xdd,0x56,0xc0,0x33,0x39,0xb9,0x75,0xb9,0xf4,0xe3,0x26,
+ 0x5b,0x32,0xf6,0xbb,0x6c,0xcd,0xfc,0x6c,0x57,0x52,0xd6,0xe0,0x34,0x4d,0x74,0x96,
+ 0x99,0xc7,0x4c,0x85,0xb3,0x0c,0x04,0xff,0x95,0xb2,0x72,0xdb,0xcf,0xd6,0xc7,0xd3),
+ .s = chunk_from_chars(
+ 0x4d,0x38,0xa2,0x97,0x30,0x2a,0xd0,0x77,0x0d,0x97,0x29,0xce,0x5b,0x72,0x12,0xee,
+ 0xf2,0x87,0xce,0x02,0x50,0xf4,0x03,0xe3,0x2b,0x4a,0xcc,0x36,0x17,0xdc,0x0d,0x2e,
+ 0xdc,0xcc,0xc2,0xd5,0x80,0xdd,0xbd,0xbc,0xa5,0x72,0x2b,0x70,0x70,0x40,0x58,0xa3,
+ 0xb8,0x07,0xf5,0x92,0xe4,0x00,0xbd,0x56,0x3f,0xca,0xa8,0xb0,0x66,0xa6,0x14,0xb4,
+ 0x90,0x6f,0x14,0x33,0x96,0x8e,0xd2,0xf5,0x20,0xa2,0xf6,0xb0,0x34,0xd4,0xb2,0xd6,
+ 0x89,0x0a,0x24,0x1a,0xfd,0x1a,0xdb,0x86,0x39,0xa6,0xca,0xd9,0xdb,0xfd,0x2e,0x27,
+ 0x8d,0xfe,0xbf,0x79,0x74,0x0d,0x75,0xf2,0x95,0x75,0x9d,0x29,0x13,0x0b,0x19,0xab,
+ 0x19,0x98,0x3d,0xd6,0x8f,0x77,0x9d,0xe4,0x1f,0xfe,0xfd,0x4e,0x82,0xb5,0xe6,0x2f,
+ 0x72,0xf9,0x0e,0xfb,0x73,0x43,0x7f,0x08,0xa2,0x50,0x3d,0xd9,0x81,0x9d,0xae,0x20,
+ 0xba,0x97,0x06,0xc1,0x99,0xde,0x9c,0xf8,0x84,0x43,0x3e,0xeb,0x75,0x62,0x86,0xa8,
+ 0x5e,0xae,0x14,0xbf,0x9f,0x6d,0xbe,0xb7,0x05,0x46,0x1d,0x91,0x82,0x22,0x82,0xf1,
+ 0x8e,0xfb,0xb1,0x05,0x89,0xa5,0x78,0xf2,0xc9,0xc3,0x45,0xb0,0x79,0xa7,0xe9,0xdd,
+ 0x07,0xfd,0x4b,0x34,0x05,0x1b,0x27,0x11,0x97,0x29,0x90,0x6c,0x77,0xdf,0xb7,0xd2,
+ 0xf8,0xfa,0x6b,0xdd,0x5f,0xaa,0x1e,0x13,0x2b,0xfb,0xa9,0xd3,0x91,0xe6,0x63,0x95,
+ 0xe6,0x7f,0x01,0x35,0x3f,0xa2,0x75,0xea,0xce,0x8b,0x53,0xaa,0x91,0xcb,0x6f,0xb6,
+ 0x93,0xe1,0x91,0x91,0xd4,0x2a,0x4c,0x1a,0x85,0xa0,0xc5,0x04,0xb1,0xc8,0x5f,0x49,
+ 0xa4,0xd6,0x09,0x36,0xde,0xe4,0x64,0x6a,0xca,0x62,0xa9,0x4a,0xa4,0xbc,0x78,0x28,
+ 0xc1,0xff,0xaf,0xde,0x8b,0xe6,0x56,0x31,0x7d,0x50,0x6a,0xbe,0xc1,0x79,0xcc,0x90,
+ 0x19,0x1d,0x12,0x35,0x6f,0xf5,0x06,0x44,0xd3,0xe0,0x1a,0xa5,0xbc,0xfd,0xd7,0x1d,
+ 0x3c,0x82,0x8d,0xc3,0x53,0x9d,0xc0,0xcf,0x3f,0xe8,0xb9,0xb9,0x1e,0x0c,0x25,0x24,
+ 0xf6,0xa3,0x71,0x03,0x79,0xc9,0x0a,0xff,0xd0,0xd0,0xa5,0x0d,0x74,0x38,0x7f,0x9c,
+ 0xa8,0x8b,0x46,0x46,0x3e,0xf1,0xbd,0xba,0x58,0xcc,0x9a,0x36,0xe5,0xc2,0xc4,0x35,
+ 0xa2,0x0d,0x96,0x83,0x50,0xd1,0x5d,0x94,0x1c,0x32,0x12,0xcd,0xce,0x81,0x55,0x92,
+ 0xb3,0x10,0xd2,0x59,0x86,0x0d,0xe1,0xdc,0x1a,0x3d,0x70,0xac,0x22,0x30,0x2a,0x51),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ .m = chunk_from_chars(
+ 0x04,0x84,0x6c,0x2e,0x67,0x6a,0xc7,0x31,0x60,0xbf,0x4e,0x45,0x65,0x2b,0xdc,0x6c,
+ 0xc4,0xd4,0xc9,0x28,0x45,0x77,0xb4,0x32,0x0a,0xb7,0x7f,0x6e,0xbb,0xb5,0x9a,0x1f,
+ 0xe0,0xe0,0x85,0x58,0x8e,0x0f,0x90,0xb3,0x46,0xcd,0xe6,0x44,0x1a,0xf3,0xc9,0xd0,
+ 0x11,0x7d,0x1f,0x3b,0xcd,0x96,0x2e,0x40,0x6b,0xf5,0xa4,0x65,0xab,0x6c,0xda,0x2d,
+ 0x51,0xbe,0x59,0x8f,0xcb,0xb2,0x9e,0xa7,0x13,0x65,0x1a,0xac,0xd7,0xe4,0x7d,0x22,
+ 0xd8,0xfa,0x34,0x50,0x90,0x47,0x30,0xf5,0x17,0x92,0xea,0x37,0x47,0x61,0xa4,0xdc,
+ 0x1f,0xc6,0xf1,0xbc,0x65,0x7b,0x77,0x76,0x8f,0x31,0xf4,0x63,0xe4,0x26,0x7f,0xc8,
+ 0xdf,0xf6,0x11,0x50,0xd4,0xb3,0x43,0xb9,0xd5,0x37,0x59,0xcd,0xd7,0xb9,0x80,0x94),
+ .s = chunk_from_chars(
+ 0x10,0x3b,0xee,0x57,0xe2,0x5b,0xe8,0xc3,0xa2,0xf7,0x74,0xe7,0x39,0xb4,0x7f,0x93,
+ 0x43,0x5e,0x41,0x49,0x32,0xc0,0x49,0x4b,0x6b,0x6a,0xa2,0x47,0x5b,0xf7,0xc9,0x30,
+ 0x5c,0x73,0x74,0x7e,0x0a,0xdf,0x82,0xc2,0x03,0x20,0x07,0xb3,0xf7,0x5a,0x69,0xc9,
+ 0x31,0x12,0x61,0x7a,0x62,0x56,0x6c,0x5a,0x2d,0xea,0xa2,0x5f,0xb9,0x52,0x09,0xda,
+ 0x49,0xfe,0x9c,0x16,0x1c,0xb2,0xff,0xa4,0x0f,0xd9,0xd7,0x7f,0x1f,0xf6,0x60,0xc8,
+ 0xb6,0xcd,0x3b,0x54,0xe3,0xe7,0x9a,0x75,0x9c,0x57,0xc5,0x71,0x98,0x02,0xc9,0x31,
+ 0x1d,0xb7,0x04,0xba,0x3c,0x67,0xb4,0xa3,0x11,0x37,0x54,0xa4,0x1b,0x8d,0xa5,0x9c,
+ 0x64,0x5b,0xe3,0x90,0x9e,0x7d,0xb7,0xe7,0xcf,0x72,0x94,0xda,0xb4,0x4f,0x74,0x24,
+ 0x0f,0x81,0xa2,0x81,0xee,0xcd,0x6e,0xf3,0x1c,0x7c,0xf1,0x8b,0x1a,0x19,0xc7,0xd0,
+ 0x2a,0x31,0x2b,0x91,0xd6,0xed,0xfa,0xa9,0x54,0x46,0x2d,0x34,0x74,0x0a,0xf5,0xab,
+ 0x70,0x8d,0xb5,0xa1,0x0b,0x00,0xc5,0x42,0xbe,0x82,0xfa,0x2b,0x20,0x26,0xb0,0x9e,
+ 0xf3,0x8a,0x40,0x01,0x45,0x7e,0x27,0xa6,0x02,0x37,0x70,0xe4,0xb4,0xd5,0x00,0x32,
+ 0x67,0xc8,0x5c,0x9e,0xea,0x1d,0x5f,0x8d,0x77,0x0b,0xd4,0x0b,0x55,0x4d,0x5b,0x4d,
+ 0xaf,0x14,0x6d,0xcc,0xab,0xac,0x3e,0xa8,0xa1,0x3a,0x05,0xc3,0xbd,0xdf,0xc9,0x71,
+ 0xc5,0x15,0x8f,0xac,0x02,0x7c,0xa1,0x9b,0x72,0x32,0x62,0x1e,0x9d,0x2e,0x37,0xb6,
+ 0xa6,0x55,0xaf,0x54,0x5e,0x44,0xa2,0x98,0xbe,0x78,0xcd,0x47,0x5c,0x22,0xa4,0x8b,
+ 0xff,0x7c,0x34,0x94,0xa5,0xf8,0xa6,0xab,0xdf,0x1a,0x46,0xf9,0xde,0x08,0x2e,0x37,
+ 0x4f,0xd5,0x98,0x86,0x7d,0x61,0xe4,0xd5,0x1d,0xae,0xd8,0x41,0x52,0xe4,0x3c,0xc6,
+ 0xa2,0xaf,0xfa,0xe2,0x05,0xed,0xc5,0x26,0x13,0x48,0x0d,0x41,0x1a,0xba,0x84,0xfc,
+ 0xc9,0xb6,0x9d,0x1c,0x28,0xf1,0x6f,0x76,0x83,0x69,0x01,0xa7,0xc5,0xb3,0xeb,0x2f,
+ 0x2c,0x94,0x0d,0x0a,0x3f,0xad,0x38,0xa8,0xef,0xab,0x96,0x8a,0x0c,0x85,0xeb,0x22,
+ 0xe1,0x1d,0x3d,0x08,0x61,0x13,0x6c,0xed,0x5f,0x06,0x73,0x4f,0xdf,0x8d,0x4f,0x15,
+ 0x1d,0x23,0x86,0x1b,0x1c,0xba,0x9b,0x9c,0x58,0x0d,0x33,0x50,0xc7,0x6d,0x4d,0xc8,
+ 0x08,0x46,0x1d,0x5f,0x87,0x2e,0xc5,0x48,0xb2,0xb4,0x27,0xdf,0xf7,0x4b,0x1d,0x1a),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xdb,0x6c,0x9d,0x4b,0xad,0xb1,0xd9,0xb7,0x4d,0x68,0x34,0x64,0x48,0xb4,0xd5,0x34,
+ 0x06,0x31,0x78,0x3b,0x5a,0x35,0xac,0x24,0x58,0x56,0x3e,0xd0,0x67,0x2c,0xf5,0x41,
+ 0x97,0x58,0x7f,0xb7,0x34,0xc4,0xac,0x18,0x9b,0x2d,0xda,0x95,0x4c,0xdf,0xb1,0x8b,
+ 0x41,0xc0,0x10,0xa7,0x7e,0x90,0x46,0x4e,0xea,0x6f,0x86,0x3c,0x5d,0xa0,0x95,0x6b,
+ 0xfa,0x8c,0xc6,0x36,0xbf,0x0a,0x28,0xbe,0x5a,0xdd,0xfe,0x8d,0x3e,0x7e,0x6f,0x79,
+ 0xf7,0x1d,0x7f,0xcb,0xba,0xe2,0x3e,0xa1,0x41,0x78,0x3f,0x91,0xd6,0xcc,0x4c,0x8f,
+ 0xad,0x12,0x58,0x11,0x76,0x0a,0xb5,0x71,0x33,0x81,0x88,0x92,0x47,0x1a,0x79,0xc6,
+ 0xd0,0x4e,0xaf,0xef,0x37,0xb2,0xfb,0xe5,0x06,0x78,0x53,0x18,0xf9,0x39,0x83,0x77),
+ .s = chunk_from_chars(
+ 0xd4,0x80,0xd5,0xa9,0x79,0xad,0x1a,0x0c,0x4c,0xa3,0x29,0xeb,0xd8,0x8a,0x4a,0xa6,
+ 0x94,0x8a,0x8c,0xf6,0x6a,0x3c,0x0b,0xfe,0xe2,0x25,0x44,0x09,0xc5,0x30,0x54,0xd6,
+ 0xff,0xf5,0x9f,0x72,0xa4,0x6f,0x02,0xc6,0x68,0x14,0x6a,0x14,0x4f,0x8f,0x2b,0xa7,
+ 0xc4,0xe6,0xb4,0xde,0x31,0x40,0x0e,0xba,0x00,0xae,0x3e,0xe8,0x75,0x89,0xdc,0xb6,
+ 0xea,0x13,0x9e,0x70,0xf7,0x70,0x4f,0x69,0x1b,0xc3,0x7d,0x72,0x2f,0x62,0xbb,0x3b,
+ 0x2c,0xd3,0x03,0xa3,0x4d,0x92,0xfd,0xe4,0xde,0xb5,0x4a,0x64,0xdd,0x39,0x18,0x43,
+ 0x82,0xd5,0x9c,0xca,0xf0,0xc0,0x7a,0x7e,0xa4,0x10,0x7d,0x08,0x08,0x26,0x0e,0xd8,
+ 0xd4,0x21,0xcb,0x8b,0x14,0x07,0xcd,0xf9,0xe9,0x15,0x15,0x92,0x82,0xb9,0xf7,0xbf,
+ 0xfd,0xbf,0x40,0xd8,0x77,0x88,0x5d,0xa7,0x39,0x9e,0xde,0xbd,0x30,0x0a,0x7e,0x77,
+ 0xa9,0x08,0xf7,0x56,0x65,0x9a,0x18,0x24,0xf9,0x5c,0x8a,0x81,0x2a,0xa5,0x40,0xeb,
+ 0xaa,0x64,0xab,0x54,0xa2,0x33,0x72,0x3d,0xb5,0x5c,0xaa,0x8b,0x44,0x66,0xea,0x9a,
+ 0xe6,0x61,0x4a,0xd1,0xbb,0x86,0x9e,0x9d,0x8e,0x0d,0x03,0x2f,0x39,0x01,0x67,0x1e,
+ 0x94,0xc0,0xb6,0x73,0xbe,0x65,0x37,0xcd,0x54,0x27,0x8e,0xd3,0xda,0x2e,0x1e,0xdb,
+ 0xc0,0x4e,0xe3,0xa9,0xe8,0x07,0x0d,0x73,0xba,0x0f,0xfb,0x93,0xe6,0x0f,0x30,0xb8,
+ 0x7f,0xf3,0x86,0x2e,0x9c,0x53,0x90,0x8f,0x2c,0x8e,0x99,0x91,0x56,0x68,0xc1,0xf4,
+ 0x66,0x35,0xe0,0x5b,0xf7,0x16,0x30,0x51,0xff,0x9d,0x92,0xbc,0x71,0xa6,0x26,0x55,
+ 0x3c,0x69,0xdf,0xdd,0x06,0xa4,0x9f,0x7f,0xf1,0xed,0x51,0xe9,0x18,0xf3,0xed,0x80,
+ 0x1d,0xae,0x62,0xca,0x27,0x6d,0x70,0x63,0xd7,0x2a,0x6e,0xbc,0x13,0x6b,0xa0,0x6c,
+ 0xfe,0xdf,0x5a,0xa2,0x32,0x77,0xe8,0x10,0x08,0xc6,0x3b,0x2e,0x00,0x83,0xd0,0xfd,
+ 0x68,0x14,0xf6,0xd4,0xb4,0xb4,0x0a,0x42,0xe8,0xc0,0x20,0x6f,0x3c,0x35,0x6a,0x5e,
+ 0xc7,0x09,0xb7,0xc8,0xa4,0xb7,0x4b,0x7b,0x48,0xd5,0x3c,0x9d,0x86,0x94,0xd2,0x73,
+ 0x59,0xc2,0xc7,0x70,0x19,0x38,0xd2,0xf0,0x16,0x17,0x21,0xa5,0x73,0x13,0xbb,0x1a,
+ 0x2e,0x11,0xda,0x21,0x58,0x72,0x49,0x81,0x82,0x49,0x3d,0x85,0x17,0x04,0x3b,0x4c,
+ 0x03,0xf9,0x34,0x46,0xaa,0xc9,0x38,0x30,0x27,0x65,0x42,0x02,0x6c,0xe8,0x30,0x55),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xd5,0xdd,0x3b,0x6c,0xe9,0x77,0x2d,0x9a,0x97,0xfe,0x21,0x64,0x84,0x97,0x78,0x3b,
+ 0xac,0x5b,0xb5,0x25,0x4a,0xad,0x82,0xb6,0xf7,0xcb,0xf4,0x3b,0x15,0xa4,0x0f,0x38,
+ 0x6e,0xea,0x8d,0x15,0x19,0x67,0xdb,0x14,0x9e,0x94,0x65,0x86,0x59,0x68,0x13,0x3f,
+ 0x24,0x6e,0x13,0x47,0x30,0x1a,0xda,0xd2,0x34,0x5d,0x65,0x72,0xca,0x77,0xc5,0x8c,
+ 0x15,0x0d,0xda,0x09,0xa8,0x7b,0x5f,0x4d,0xa3,0x6b,0x26,0x6d,0x1f,0xa7,0xa5,0x9c,
+ 0xcd,0x2b,0xb2,0xe7,0xd9,0x7f,0x8b,0x23,0x15,0x43,0x19,0x23,0x53,0x0b,0x76,0x2e,
+ 0x12,0x6e,0xac,0xaf,0x5e,0x5a,0xc0,0x2f,0xf1,0xaa,0xef,0x81,0x9e,0xfb,0x37,0x3c,
+ 0xf0,0xbb,0x19,0x6f,0x0e,0x82,0x9e,0x8f,0xe1,0xa6,0x98,0xb4,0x79,0x0a,0x2a,0x05),
+ .s = chunk_from_chars(
+ 0xbf,0x9e,0x8b,0x4f,0x2a,0xe5,0x13,0xf7,0x3d,0x78,0x89,0x58,0x00,0x37,0x33,0xdb,
+ 0xe2,0x09,0x57,0xb1,0x47,0xb1,0x7c,0x3f,0x4f,0xd6,0xd0,0x24,0xe8,0xe8,0x3f,0x07,
+ 0xb6,0x5d,0x9f,0x3d,0xbc,0x3b,0x1f,0xe8,0x4d,0xa0,0x21,0xce,0xab,0xfc,0xcd,0x8c,
+ 0x57,0xa0,0x14,0xfb,0xe5,0xa2,0xbc,0xe3,0xe4,0x05,0x1b,0x7d,0x03,0xe0,0x9f,0xc0,
+ 0x35,0x0b,0x6a,0x21,0xfa,0xd2,0x14,0xae,0x7a,0x07,0x32,0x77,0xc7,0x7a,0x40,0xdc,
+ 0x44,0xa5,0xae,0xea,0x51,0x94,0xa7,0x56,0xb6,0x9c,0x93,0x97,0x7b,0x69,0xee,0x92,
+ 0x94,0x36,0x0e,0xaa,0x73,0xa5,0x74,0x54,0x8f,0xa6,0xa9,0x74,0xa7,0xcd,0x5a,0x6a,
+ 0xdc,0xf0,0x9e,0x80,0x63,0x11,0x56,0xaf,0x85,0xa8,0xe5,0xc5,0x31,0x7e,0x18,0x9e,
+ 0xea,0xd4,0x7e,0x2e,0xad,0x65,0xc3,0x81,0x39,0x6b,0x5c,0xac,0xde,0x26,0x0e,0x93,
+ 0x72,0x84,0xa8,0xe9,0x0e,0xff,0x2c,0xbc,0xb9,0xde,0xe2,0x29,0x25,0xf2,0xf7,0x25,
+ 0x6f,0x74,0xc6,0x7c,0xf3,0xff,0xc7,0xb8,0xce,0x65,0x7e,0x8d,0x13,0x5f,0x0f,0x37,
+ 0x6d,0x9d,0x93,0x6a,0x79,0x79,0x2c,0x98,0x16,0x14,0xd9,0x8e,0x3f,0x7d,0x66,0x2a,
+ 0x4f,0xd4,0x6d,0xcd,0xa9,0x69,0x16,0xb3,0x2f,0x36,0x6e,0xd2,0x7d,0xab,0x18,0x8f,
+ 0x18,0x4b,0x98,0x4d,0xf0,0xb5,0x59,0x71,0x0d,0x8f,0xf2,0x04,0x0b,0xe4,0x62,0xf9,
+ 0x19,0x43,0x50,0x1b,0xda,0x48,0x40,0xfd,0xd5,0xc8,0xec,0x15,0xd1,0x89,0x06,0x4d,
+ 0xef,0x75,0x6e,0x54,0x5d,0xb3,0x19,0xe0,0x07,0xc4,0x33,0xf0,0x46,0x8a,0x67,0x23,
+ 0x35,0x7b,0xa4,0x7d,0x15,0x6a,0xb7,0x65,0x2b,0x06,0xae,0x2b,0x18,0x87,0x4f,0x07,
+ 0x71,0xc6,0x26,0x46,0x6d,0xbd,0x64,0x23,0xe6,0xcb,0xc5,0x18,0xb5,0xe4,0xae,0x7b,
+ 0x8f,0x15,0xe0,0xf2,0xd0,0x47,0x1a,0x95,0x16,0xdf,0xa9,0x59,0x16,0x97,0xf7,0x42,
+ 0x86,0x23,0x24,0xd8,0xd1,0x03,0xfb,0x63,0x1d,0x6c,0x20,0x73,0xd4,0x06,0xb6,0x5c,
+ 0xde,0xe7,0xbd,0xa5,0x43,0xe2,0xe9,0xeb,0xff,0x99,0x06,0x98,0x5d,0x1c,0xb3,0x65,
+ 0x17,0x2e,0xa6,0x23,0xed,0x7a,0xa4,0xc7,0xa3,0x22,0xf0,0x98,0x46,0x80,0xe3,0x4e,
+ 0x99,0xbc,0x62,0x31,0xb0,0x2e,0x3d,0x14,0x58,0x16,0x08,0xbc,0x55,0xbc,0xa7,0xfb,
+ 0xe2,0x2d,0x7f,0x03,0xe9,0x04,0xda,0x45,0x52,0xe0,0x09,0xe5,0x60,0x7f,0x04,0x18),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x59,0x16,0x52,0xb6,0xeb,0x1b,0x52,0xc9,0xbe,0xbd,0x58,0x32,0x56,0xc2,0x22,0x86,
+ 0x80,0x11,0x0b,0x87,0x89,0x17,0xde,0xa5,0xad,0x69,0xe8,0xc5,0xd2,0xab,0x51,0x42,
+ 0x77,0xb0,0xac,0x31,0xe7,0xe2,0xcc,0xea,0xb2,0xe5,0xd9,0xc4,0x5d,0x77,0xa4,0x1f,
+ 0x59,0x9b,0x38,0xa8,0x32,0xf6,0xb2,0xd8,0x09,0x79,0x52,0xbe,0x44,0x40,0xd1,0xff,
+ 0x84,0xba,0xf5,0x1b,0xd7,0x0b,0x64,0xf1,0x30,0xae,0xb6,0x86,0x14,0x5f,0xcd,0x02,
+ 0x95,0x38,0x69,0xfb,0x84,0x1a,0xf7,0xf6,0xe3,0x4e,0xaa,0x2b,0x99,0x6c,0xcd,0x89,
+ 0x69,0x7c,0x58,0xfa,0x25,0x5c,0xc1,0xe8,0x1f,0x62,0x14,0x00,0xe1,0x41,0x46,0x36,
+ 0x1e,0x31,0xc7,0x09,0xe8,0x4a,0x56,0x08,0x22,0x31,0x19,0x95,0x39,0xf7,0xed,0xe9),
+ .s = chunk_from_chars(
+ 0x1d,0xe7,0x9d,0x72,0x16,0xdd,0xe1,0x25,0xde,0xb7,0x7c,0x34,0xd9,0x0a,0xb3,0x21,
+ 0xa4,0xde,0x5f,0xb1,0x1c,0x29,0x66,0x56,0xad,0x9b,0xf9,0xa2,0x46,0x53,0x59,0x11,
+ 0x17,0xac,0xe4,0x15,0xe1,0x8e,0xad,0xce,0x92,0x82,0x3f,0x31,0xaf,0xe5,0x6f,0xc8,
+ 0xe2,0x94,0x94,0xe3,0x7c,0xf2,0xba,0x85,0xab,0xc3,0xba,0xc6,0x6e,0x01,0x95,0x84,
+ 0x79,0x9a,0xee,0x23,0x4a,0xd5,0x55,0x9e,0x21,0xc7,0xfd,0x4f,0xfd,0x24,0xd8,0x26,
+ 0x49,0xf6,0x79,0xb4,0xc0,0x5d,0x8c,0x15,0xd3,0xd4,0x57,0x4a,0x2e,0x76,0xb1,0xf3,
+ 0xee,0x9f,0x8d,0xec,0x0a,0xf6,0x0b,0x0c,0xed,0x1b,0xe8,0xa1,0x9c,0x2f,0xa7,0x1b,
+ 0xcb,0xc1,0xfb,0x19,0x08,0x99,0xec,0x85,0x56,0x95,0x8e,0x07,0x82,0xac,0xe7,0x19,
+ 0x6b,0x36,0x65,0x86,0x56,0xcf,0x36,0x4d,0x37,0x73,0xde,0x86,0x26,0x0f,0xd8,0x98,
+ 0x76,0x04,0xef,0x35,0xea,0xe8,0xf3,0x8e,0xc2,0xcb,0x0d,0xa8,0x64,0xcc,0xa7,0x19,
+ 0x21,0x9c,0x2a,0xd7,0x1c,0x08,0x50,0x6c,0x41,0x2e,0xc7,0x79,0x95,0xf3,0x74,0x39,
+ 0xc8,0x56,0x97,0x7b,0x71,0xdf,0xb9,0x64,0x79,0x90,0xef,0x70,0xfa,0xf4,0x32,0x73,
+ 0xae,0x60,0x83,0x9c,0xd0,0x67,0x9e,0xc9,0xaa,0x42,0xbf,0x91,0x4e,0x42,0x1b,0x79,
+ 0x7c,0xba,0x21,0x8a,0x40,0x0f,0xf9,0xdb,0xaa,0x20,0x6c,0xb9,0xc2,0xb0,0x59,0x6c,
+ 0x70,0x9a,0x32,0x2b,0x73,0xcb,0x82,0x72,0x1d,0x79,0xf9,0xdb,0x24,0x21,0x1b,0xf0,
+ 0x75,0xa1,0xce,0xf7,0x4e,0x8f,0x6d,0x2b,0xa0,0x7f,0xe0,0xdc,0x8a,0x60,0xf4,0x8a,
+ 0xf5,0x11,0xad,0x46,0x9d,0xcd,0x06,0xe0,0x7a,0x4c,0xe6,0x80,0x72,0x13,0x9c,0x46,
+ 0xd8,0xbe,0x5e,0x72,0x12,0x53,0xc3,0xb1,0x8b,0x3c,0x94,0x48,0x5c,0xe5,0x5c,0x0e,
+ 0x7c,0x1c,0xbc,0x39,0xb7,0x7b,0xc6,0xbb,0x7e,0x5e,0x9f,0x42,0xb1,0x53,0x9e,0x44,
+ 0x2d,0xa8,0x57,0x65,0x8c,0x9e,0x77,0x1c,0xcb,0x86,0xbe,0x73,0x97,0x64,0x7e,0xfb,
+ 0xc0,0xcc,0xb2,0xc3,0xad,0x31,0xac,0x4e,0x32,0xbf,0x24,0x8c,0xc0,0xce,0xd3,0xa4,
+ 0xf0,0x94,0x52,0x6b,0x25,0x63,0x1c,0xb5,0x02,0x47,0x09,0x61,0x29,0xb0,0x8a,0x9c,
+ 0x2c,0xdf,0xb7,0x75,0x97,0x8b,0x0f,0xee,0xe2,0x65,0xa6,0xc4,0x19,0x91,0xc1,0xdc,
+ 0x44,0x52,0x61,0x5b,0x78,0xc9,0x06,0xc7,0xed,0x1b,0xd2,0x07,0x96,0x9d,0x98,0xd0),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x8d,0xff,0xaa,0x91,0x51,0x27,0x1a,0xd2,0x26,0x22,0xf2,0x28,0xc8,0x92,0xe1,0xd9,
+ 0x74,0x8b,0x3c,0x39,0x43,0x97,0xf2,0xcb,0xb6,0xfe,0xbe,0xaa,0x92,0x44,0xa0,0x27,
+ 0xee,0xf2,0x8d,0xb4,0x8a,0x9a,0x66,0x01,0x62,0x15,0x27,0x64,0x83,0x0f,0x61,0x7e,
+ 0x1e,0xc6,0xea,0x1c,0xdb,0x0e,0xd2,0x5b,0x6f,0x99,0x9a,0x10,0x71,0x75,0xa1,0x66,
+ 0x69,0xd6,0xdf,0xc9,0x2b,0x16,0xd5,0x03,0x63,0xfa,0xc4,0xa5,0x70,0x37,0x1e,0xa9,
+ 0x76,0x34,0x3a,0x55,0xae,0x12,0x4b,0x63,0x01,0xea,0x93,0x5e,0xd6,0x55,0xd4,0x4f,
+ 0x28,0x32,0x08,0x99,0xdb,0xa3,0x51,0x22,0x50,0x59,0x33,0xb3,0x37,0x12,0x01,0xa2,
+ 0xa4,0x5f,0x95,0xae,0x65,0xab,0x44,0x2a,0x94,0x79,0x12,0x5e,0x68,0xed,0x21,0x2a),
+ .s = chunk_from_chars(
+ 0xb3,0x29,0xae,0xf8,0x3a,0x56,0xdd,0xc5,0x7c,0xd9,0xa0,0xe1,0x5e,0xb0,0xb0,0xb7,
+ 0xae,0xa7,0xd7,0x8d,0x5e,0x8c,0xa3,0x98,0x2b,0xd3,0x1c,0xc8,0x25,0xa0,0xcd,0x1c,
+ 0x44,0x4d,0x9f,0x7b,0xea,0x9e,0x7a,0x27,0xf3,0xbb,0xb3,0x76,0x10,0x60,0xff,0x95,
+ 0xfe,0xe1,0xa3,0xe8,0x64,0xd2,0x10,0x8f,0xc4,0x0b,0x64,0x78,0x6a,0x96,0xa6,0xd6,
+ 0x2d,0x20,0x12,0x17,0xe0,0x3a,0x8b,0xa2,0xc0,0x7e,0xe9,0x4c,0x26,0x71,0x49,0xd1,
+ 0xe7,0x2c,0xc5,0x77,0x9b,0x73,0x7e,0x85,0x47,0xac,0xd6,0xaa,0x4b,0xba,0x3f,0xf3,
+ 0x8b,0xf9,0x68,0x7e,0x9e,0x82,0xf5,0x11,0xb5,0x97,0xad,0x7e,0xc1,0xd7,0x95,0xc3,
+ 0x6a,0x98,0xbf,0x83,0xa9,0x0f,0xc8,0x6b,0x0c,0xad,0x41,0x95,0x33,0x60,0x73,0x89,
+ 0x21,0x93,0x6a,0x45,0x86,0x74,0xb2,0xe9,0xa7,0x01,0x2a,0xc3,0x02,0x9f,0xdb,0x0a,
+ 0x9d,0x12,0x31,0x82,0x02,0xd2,0x54,0x4a,0x0d,0x97,0x6e,0xe5,0x36,0xe0,0x3b,0x7e,
+ 0x8d,0x89,0x4b,0x3b,0x9c,0x76,0x2d,0xab,0x01,0x10,0x84,0x9c,0xc1,0xea,0xad,0x74,
+ 0x7e,0x3d,0x88,0xd7,0xdc,0xf4,0x9f,0x82,0x4d,0xf0,0x27,0xe6,0x45,0xc0,0xb9,0x29,
+ 0x4e,0x65,0x5d,0x9f,0xc9,0xe1,0xef,0x95,0xeb,0x53,0xaa,0xff,0x57,0x75,0xc3,0x49,
+ 0x48,0x6d,0x4b,0x5d,0x67,0xdb,0xa2,0x9b,0x62,0x17,0xf8,0xb9,0x97,0x66,0x12,0xb5,
+ 0x7e,0x16,0xfc,0x1f,0x99,0x98,0x3f,0x2a,0xf0,0x45,0x79,0x93,0x86,0x06,0x87,0x9b,
+ 0x7c,0x72,0x53,0xe8,0x70,0x71,0x4b,0x4f,0x0f,0x24,0xe2,0x6d,0xc8,0xc7,0xa6,0xfc,
+ 0xef,0xfb,0x5f,0x98,0xe3,0xb2,0xfb,0x5d,0xb9,0x49,0xd2,0xf9,0x8c,0xd1,0xae,0x1a,
+ 0xa5,0x52,0x69,0x6b,0x48,0xc3,0x9f,0x67,0x8e,0x15,0x43,0x51,0xcc,0x75,0x6d,0x3e,
+ 0x9a,0x97,0xf7,0x92,0x79,0x85,0x3e,0xbd,0x0d,0xb9,0xae,0x68,0x59,0xfb,0x2d,0x57,
+ 0x21,0x38,0x5d,0x06,0xf5,0x56,0x5a,0x3a,0x8f,0xf0,0x99,0x2d,0x51,0x7a,0xcd,0xa1,
+ 0xaf,0x69,0xa9,0x28,0x54,0xa1,0xb3,0x2a,0x79,0xcb,0x9e,0x44,0x2a,0x90,0xb0,0x55,
+ 0xbb,0x2e,0xc3,0xaf,0x8d,0x99,0x26,0xa0,0xd8,0x57,0xe3,0xcb,0x1e,0x7e,0x4a,0x73,
+ 0x00,0xd1,0xac,0xcb,0x94,0x92,0xec,0x78,0x32,0xaf,0x45,0x35,0x29,0xff,0x0f,0x4a,
+ 0x6a,0xd3,0x25,0x97,0x57,0xf7,0x07,0xf7,0x13,0xaa,0xa5,0xdf,0x23,0x1f,0x74,0x87),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x71,0xd4,0x16,0x3e,0x70,0x8c,0x12,0x1e,0x93,0x1b,0xb9,0x69,0x2b,0x21,0x7d,0xdd,
+ 0xd3,0x5c,0x73,0x46,0xf6,0x1c,0xfc,0x95,0x91,0xf7,0xa4,0x31,0x3a,0xbd,0x4a,0x92,
+ 0x62,0xaf,0x82,0x0b,0xd7,0xeb,0x37,0xe7,0x8c,0x2b,0x95,0xb8,0x9d,0xaf,0x25,0xec,
+ 0x8e,0x78,0x3a,0xa1,0xd4,0xb7,0x8d,0xbb,0x96,0x85,0x24,0x33,0xb4,0xd4,0x78,0xb1,
+ 0x09,0xa6,0xd6,0x5e,0xed,0x7d,0x06,0xf3,0xfe,0x12,0x2b,0x17,0x21,0x49,0xea,0xe7,
+ 0xc3,0x65,0xce,0xd6,0x65,0x78,0xeb,0xb7,0x57,0x1e,0xc2,0x18,0xc3,0x6b,0x65,0xd2,
+ 0xee,0x22,0xdc,0xde,0xbb,0x28,0xc6,0x6a,0x71,0x38,0x43,0x2c,0xbd,0xd7,0x12,0xf7,
+ 0xfb,0x8b,0xf7,0x8c,0xb1,0x48,0x60,0xb2,0x5c,0x2b,0x47,0x89,0x70,0x6b,0x5a,0x1b),
+ .s = chunk_from_chars(
+ 0x25,0x22,0xee,0x3b,0xda,0x30,0xc0,0x43,0x4e,0x54,0xb1,0x99,0xda,0x8c,0x97,0x33,
+ 0x96,0x4f,0xd4,0x02,0xb7,0x07,0xf5,0xb3,0x30,0xf4,0xf7,0x54,0xa0,0x50,0x2c,0x7a,
+ 0x71,0x3c,0x78,0x14,0xf0,0xe8,0x51,0xa4,0xa4,0xdb,0x72,0x69,0x0d,0xb9,0x6e,0xa8,
+ 0xb8,0x81,0x3b,0xd8,0x62,0x9a,0x94,0x8b,0xb3,0x0c,0x1b,0x82,0x72,0xa8,0x16,0xb3,
+ 0x0a,0x75,0x5f,0xc6,0xfb,0x17,0x54,0x16,0x7c,0x3e,0xb1,0xf1,0x94,0x39,0x59,0x07,
+ 0xa5,0x6c,0xf5,0xa7,0x3b,0x41,0x54,0x38,0x3a,0x05,0xb7,0x8b,0x73,0x1f,0xed,0xd9,
+ 0x07,0x7f,0x3c,0x22,0x67,0xa5,0xcf,0x92,0x66,0x97,0x87,0x1f,0xe0,0xa4,0xbe,0xd9,
+ 0xc2,0x19,0x55,0x2d,0xd1,0xc8,0x7a,0xff,0x50,0x61,0x30,0x94,0xbc,0xaa,0x2d,0xec,
+ 0x42,0xa3,0x53,0x80,0xa6,0xba,0xc6,0x73,0xda,0x25,0x94,0xf8,0x24,0xa8,0xf3,0x2f,
+ 0x21,0xd7,0x59,0x3a,0x3e,0x49,0xc7,0x8e,0xe2,0x80,0x19,0x3a,0x47,0x86,0x21,0xd3,
+ 0xb0,0x95,0xc1,0x6d,0xce,0x72,0x93,0x53,0x14,0xd4,0xa2,0x32,0x3e,0xeb,0xe7,0x85,
+ 0x5c,0xa4,0x73,0x8a,0x19,0xb5,0xa3,0x1a,0x5f,0x95,0xab,0x91,0xfb,0xe1,0x28,0x9c,
+ 0x02,0xfe,0xa7,0xa6,0x5b,0x91,0x32,0x7b,0x7b,0x97,0x90,0x55,0x62,0x89,0xe1,0xb9,
+ 0x88,0xe4,0x5d,0x50,0xeb,0x8c,0xea,0x15,0x81,0xde,0x5d,0x5d,0xfd,0x21,0x00,0x1c,
+ 0x73,0xb4,0x39,0x21,0xd8,0xb2,0x1b,0x96,0x44,0xb0,0xf2,0xb9,0x6e,0xe6,0xb0,0x9d,
+ 0x73,0x70,0x9c,0x33,0x33,0x81,0x43,0xd6,0xa2,0xfe,0xc5,0x59,0xa4,0x36,0xc5,0xec,
+ 0x86,0x5d,0x3a,0xcc,0xa5,0xfe,0xe6,0x54,0xf1,0x32,0x5a,0xe5,0x72,0x55,0xdf,0xd4,
+ 0x21,0x88,0xc8,0x4d,0xcb,0x1f,0x7c,0x1e,0x86,0x02,0x8a,0x74,0xe3,0x1d,0x73,0x60,
+ 0x78,0x74,0x1e,0xe9,0x7c,0x39,0xa5,0x6e,0x4d,0xe0,0x0f,0xc1,0x2b,0x80,0x51,0x83,
+ 0x5b,0xbd,0x0d,0x8f,0xca,0xe7,0x37,0x32,0x20,0x99,0xad,0xc1,0x01,0x71,0x07,0x02,
+ 0x2d,0xd1,0x5c,0x11,0x4d,0xa5,0x7e,0x78,0xb9,0x56,0x81,0xba,0x99,0x45,0x61,0x5b,
+ 0x59,0xda,0x90,0xf5,0xa2,0xa9,0x9a,0x25,0x2e,0xb4,0x2b,0x20,0x06,0xee,0xdd,0x6e,
+ 0x78,0x47,0x6c,0x29,0x05,0x47,0x3e,0xe6,0xb4,0xf2,0x3c,0x1c,0x5c,0xf0,0xb8,0x04,
+ 0x51,0xc5,0x42,0x6e,0xa0,0x09,0x14,0x1c,0xb3,0xfc,0xb0,0xdf,0x2d,0xed,0x92,0xbe),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xd0,0x0e,0x15,0x29,0x22,0x8c,0x79,0xa2,0x0a,0x1c,0x36,0x68,0xff,0xa4,0xa5,0x41,
+ 0x40,0xbb,0x17,0x0b,0xc5,0xc6,0x69,0xfd,0x75,0x60,0xd9,0x30,0x99,0x00,0x17,0x5e,
+ 0x91,0xd5,0xa0,0xe9,0xc5,0xf5,0x47,0x1f,0xdf,0xb7,0x14,0xbc,0x38,0x5d,0x52,0xb0,
+ 0x8f,0xf7,0xe4,0x23,0x01,0x84,0xd8,0xb7,0x35,0x59,0x3f,0x0d,0xd8,0xc7,0x3b,0x8a,
+ 0x49,0xf8,0x59,0x5b,0x95,0x1a,0x21,0xb6,0xa5,0xbf,0xec,0x63,0xb6,0x84,0xf6,0x7c,
+ 0x0a,0xf1,0xb4,0x71,0xdd,0xa1,0x68,0x4e,0x9b,0xa3,0xf2,0x41,0x50,0x1f,0xe9,0x57,
+ 0x60,0x3d,0xea,0x86,0x78,0x42,0x30,0xf0,0xc4,0xfd,0x65,0x66,0x63,0x61,0xb8,0x2b,
+ 0x18,0x73,0x30,0xfb,0x42,0x67,0x40,0x4c,0x0e,0x05,0x9b,0xd4,0xeb,0x52,0x49,0x4b),
+ .s = chunk_from_chars(
+ 0x18,0x35,0xdd,0x97,0xe5,0x09,0x3a,0x33,0xce,0x1e,0x62,0xd6,0x83,0x86,0x3f,0x6b,
+ 0x35,0x07,0xf3,0x58,0xa6,0x2f,0xc8,0x79,0xb5,0x24,0x35,0x0f,0xbc,0x73,0x30,0x68,
+ 0x1c,0xb0,0xc6,0x82,0xee,0xf4,0x33,0x04,0x19,0xca,0xf8,0x54,0x3b,0xd9,0x26,0x9b,
+ 0x6d,0x91,0xd8,0xe1,0x07,0xec,0x38,0xb6,0xe9,0xc6,0xea,0xab,0xf9,0x06,0x45,0x72,
+ 0x05,0xd5,0x2a,0x90,0x0e,0x05,0x57,0x9a,0xa1,0x1f,0xc5,0x81,0x37,0x52,0x64,0xe6,
+ 0x9a,0x92,0x57,0x98,0xe5,0xa3,0x48,0xe5,0xa1,0x6f,0x15,0x67,0xd5,0xd0,0xe4,0x08,
+ 0x53,0x38,0x0b,0x34,0xde,0xac,0x93,0xad,0x73,0x77,0xaa,0xe8,0xa2,0x7b,0x09,0x0d,
+ 0x0d,0x3a,0x92,0xbf,0x7a,0x82,0x4d,0x92,0x6e,0x2e,0x35,0xa0,0xc3,0xbd,0x0e,0x99,
+ 0x0b,0x59,0x11,0x20,0xd7,0x4d,0xd9,0xb0,0x52,0xa7,0x35,0x68,0xe3,0xc3,0xf2,0x9c,
+ 0x5a,0x77,0xfb,0x1c,0x92,0x1b,0xce,0x9c,0x1e,0x7f,0x76,0x4a,0xa6,0x7b,0xac,0x11,
+ 0x9f,0x58,0x39,0xa5,0x30,0x38,0x60,0xed,0xeb,0x63,0x48,0x14,0xc2,0x38,0x6c,0x83,
+ 0x1f,0xee,0x62,0x00,0xcf,0x55,0xb6,0xbf,0xea,0x05,0x8b,0x79,0x5a,0x0f,0xcf,0x26,
+ 0xeb,0x72,0x16,0xae,0x1b,0x75,0x87,0xc8,0x2e,0x56,0x85,0xe5,0x84,0x17,0x0c,0xbd,
+ 0xdc,0x89,0xa7,0x7e,0x09,0x89,0xd4,0xce,0x5c,0x3c,0x7f,0xdb,0x66,0x4a,0xae,0xaa,
+ 0xdb,0xce,0x1f,0x23,0x1e,0x64,0x79,0x8f,0x6f,0x9a,0x85,0x45,0x6b,0x5a,0x93,0xa5,
+ 0x02,0x12,0x6a,0x80,0xe2,0xd2,0x1f,0x46,0x92,0x1c,0xc3,0x60,0x1f,0x5e,0xcd,0xbd,
+ 0x56,0x99,0x8a,0x63,0xb8,0x65,0xfc,0xe7,0xeb,0x29,0x9f,0x76,0xaf,0x40,0xe9,0x12,
+ 0x81,0xbf,0xc0,0x19,0xf4,0x0e,0x0d,0x46,0x81,0x1e,0x38,0x36,0x91,0xe4,0x02,0x4c,
+ 0x94,0x56,0x6f,0x18,0x02,0x4f,0xf2,0xb2,0x2a,0xa7,0xe1,0x27,0x02,0x33,0xff,0x16,
+ 0xe9,0x2f,0x89,0xc6,0x85,0x09,0xea,0x0b,0xe2,0xd3,0x45,0x11,0x58,0x1d,0x47,0x22,
+ 0x07,0xd1,0xb6,0x5f,0x7e,0xde,0x45,0x13,0x3d,0xe8,0x7a,0x5f,0xfb,0x92,0x62,0xc1,
+ 0xff,0x84,0x08,0x8f,0xf0,0x4c,0x01,0x83,0xf4,0x84,0x67,0x99,0x6a,0x94,0xd8,0x2b,
+ 0xa7,0x51,0x0c,0xb0,0xb3,0x6c,0xf2,0x54,0x82,0x09,0xa5,0x06,0x03,0x37,0x5c,0xb8,
+ 0x2e,0x67,0x8f,0x51,0x49,0x33,0x45,0xca,0x33,0xf9,0x34,0x5f,0xfd,0xf5,0x4b,0xe9),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xa3,0x59,0x26,0x68,0x55,0x61,0xf0,0x9f,0x30,0x92,0x5e,0x94,0xd7,0x4e,0x56,0x61,
+ 0x89,0x2a,0x2d,0xdd,0x52,0x4f,0x75,0x1f,0x83,0x21,0x16,0x3d,0x61,0x1e,0xa1,0x59,
+ 0x1a,0x08,0xe0,0xdf,0xfd,0x46,0xb2,0x08,0xe9,0x88,0x15,0xa3,0x06,0xaa,0x85,0x14,
+ 0xb4,0xdb,0x85,0x9d,0xc1,0xfe,0x7b,0xdc,0xdf,0x50,0xc0,0x95,0x55,0x4b,0xf8,0xb2,
+ 0xf4,0xcb,0x9f,0x88,0x4d,0x70,0xe5,0x5c,0x21,0x43,0xbc,0x26,0x19,0x9c,0x2f,0x94,
+ 0xb7,0x43,0xf5,0x52,0x8d,0xd5,0x46,0x89,0xad,0x69,0xed,0xa6,0x60,0x74,0x9f,0x5c,
+ 0x1b,0xea,0x8b,0xec,0xae,0xa6,0x32,0xa4,0xbf,0x0c,0x79,0xa5,0x77,0xed,0xfc,0xea,
+ 0x7b,0xaa,0xa6,0x86,0x1e,0x9d,0x7f,0x2d,0xd5,0xb4,0xc4,0xf6,0xeb,0x5f,0x3d,0x5f),
+ .s = chunk_from_chars(
+ 0xb1,0xa9,0xc4,0x5a,0x26,0x4d,0x2c,0x9a,0xf4,0x41,0xa7,0xb2,0xd3,0x30,0xdd,0x78,
+ 0x80,0x89,0xcc,0xef,0x20,0x5d,0x5d,0x66,0x6b,0xfe,0x86,0x43,0x67,0xbe,0x97,0x38,
+ 0x12,0x4e,0x9d,0x74,0x64,0x8a,0xd9,0x91,0x60,0xbd,0x3a,0xf8,0x1a,0x81,0x85,0x8b,
+ 0xab,0xe6,0x67,0xa5,0xd9,0x5c,0x98,0x0f,0xe2,0xf6,0xac,0x34,0x86,0x1e,0xb2,0xec,
+ 0x9b,0x4b,0x4e,0x8b,0x64,0x2e,0xf3,0x82,0x0f,0x56,0xca,0x38,0x8a,0x55,0x65,0x30,
+ 0xd4,0x27,0x54,0xc4,0x72,0x12,0xe9,0xb2,0xf2,0x52,0x38,0xa1,0xef,0x5a,0xfe,0x29,
+ 0xbe,0x63,0x40,0x8c,0xf3,0x8c,0xaa,0x2d,0x23,0xa7,0x88,0x24,0xae,0x0b,0x92,0x59,
+ 0x75,0xd3,0xe9,0x83,0x55,0x8d,0xf6,0xd2,0xe9,0xb1,0xd3,0x4a,0x18,0xb1,0xd9,0x73,
+ 0xff,0xac,0xcc,0x74,0x5e,0x52,0x7c,0xe7,0x6c,0x66,0x3e,0x90,0x37,0x19,0x35,0x5e,
+ 0x45,0xcd,0x6d,0x11,0x8e,0xd0,0xb8,0x5b,0x70,0xcb,0xb8,0xe4,0x96,0x41,0x13,0x53,
+ 0xf8,0x4f,0x88,0x66,0xa0,0x1f,0xad,0xc8,0x19,0xca,0x0f,0xf9,0x5b,0xbe,0x2c,0xc6,
+ 0x8c,0x8c,0xf7,0x8d,0xa5,0x58,0x1b,0xec,0xc9,0x62,0x47,0xb9,0x11,0xd1,0x85,0xed,
+ 0x1f,0xae,0x36,0xc4,0xca,0xd2,0x62,0x08,0xeb,0x80,0x88,0x3f,0x42,0xa0,0x81,0x23,
+ 0xda,0xc6,0x8d,0x88,0xf2,0xf9,0x89,0x3c,0xde,0x02,0xef,0x5a,0x57,0x66,0x1d,0xb2,
+ 0xb3,0xe1,0xe9,0x26,0x9c,0xbb,0x0e,0x15,0xc4,0x07,0xbc,0xf5,0x5d,0x92,0xe6,0x79,
+ 0x38,0x3c,0x90,0x80,0x2c,0xd0,0xbf,0xfd,0x46,0x96,0x46,0xdc,0xb6,0x0c,0xa0,0x1a,
+ 0x1d,0xea,0xd4,0x32,0x28,0x93,0x40,0x18,0x39,0x1d,0xd8,0x1f,0x8b,0x7e,0x79,0x7e,
+ 0x52,0x7f,0xbe,0x18,0x15,0xb9,0x1b,0xf3,0xcd,0x6a,0x1f,0x2f,0xfb,0xf5,0xdd,0x16,
+ 0x6a,0xcd,0x55,0x26,0x76,0x1c,0xa8,0xba,0xb5,0xd4,0x63,0xfb,0x9f,0xb8,0x20,0x65,
+ 0x9f,0x5c,0xd5,0x0f,0x81,0x50,0xf1,0x2f,0x7e,0x8d,0x52,0xe7,0x77,0x73,0xc1,0xe6,
+ 0x48,0x0c,0x2c,0xc1,0x84,0xd4,0x11,0xd6,0x41,0xf7,0x1a,0x9d,0xed,0xc2,0xc5,0xfc,
+ 0x2e,0xc3,0x7a,0x27,0x70,0xa9,0x38,0x3b,0xfb,0xf6,0xa4,0x89,0xcf,0x32,0xb5,0x6a,
+ 0x12,0xcf,0x99,0x37,0x8e,0x39,0xb5,0x0b,0xda,0xdb,0x9f,0x05,0x91,0xb2,0x06,0x5f,
+ 0x9d,0x44,0xe5,0x11,0xc9,0xdf,0xb6,0x15,0x8f,0xdd,0xdd,0xd1,0xbc,0x2c,0xec,0xe6),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x12,0x71,0xa0,0xdd,0xb9,0x9a,0x0e,0x1e,0x9a,0x50,0x1c,0xa3,0x3c,0x13,0x1b,0x0a,
+ 0x1c,0x78,0x20,0xa3,0x97,0x79,0x08,0x69,0x09,0x0f,0xba,0x37,0x37,0x03,0xac,0x38,
+ 0xea,0x00,0xa9,0xa0,0xdd,0xee,0xd1,0x99,0xd9,0x7b,0xe1,0x80,0x1f,0xfa,0xb4,0x52,
+ 0x06,0x71,0x0a,0x61,0xe5,0xed,0x89,0x4c,0x33,0x19,0x01,0x2d,0xed,0x0f,0xf4,0x14,
+ 0x38,0x6e,0x56,0xb5,0x48,0xad,0x91,0x5d,0x80,0xaf,0xcc,0x2b,0xdb,0x97,0x6d,0x7c,
+ 0x8a,0xdd,0xdc,0xa7,0xdf,0xa2,0x8a,0xeb,0x69,0x40,0x33,0xa5,0x61,0x26,0x60,0xc6,
+ 0x44,0xe3,0x2f,0x85,0xc2,0x80,0x56,0x51,0xd7,0x13,0x66,0x0a,0x38,0x91,0x4d,0x70,
+ 0xf0,0xe4,0x1f,0xdc,0x4b,0x3d,0x16,0x2e,0xf3,0xac,0xd7,0x06,0x59,0xee,0xf6,0x37),
+ .s = chunk_from_chars(
+ 0xbf,0xfd,0x01,0x0b,0x2e,0xc4,0xe4,0xa3,0x27,0x77,0xb7,0x76,0x19,0xb8,0x76,0x22,
+ 0xf8,0x92,0x1d,0xab,0x56,0xe1,0x02,0xc8,0xd8,0x24,0xfe,0x52,0xb5,0xdf,0x7a,0x20,
+ 0x3f,0xe7,0x17,0x99,0xee,0xaf,0xdc,0xc0,0xc8,0x87,0x2d,0xba,0x6a,0x37,0x44,0x07,
+ 0xb5,0x63,0x9a,0xeb,0x5a,0x30,0xa9,0x04,0x71,0x2f,0x15,0x09,0x7d,0xba,0x0f,0x2d,
+ 0x62,0xe8,0x45,0x41,0x23,0x95,0xcf,0x09,0x54,0x0a,0xbd,0x6e,0x10,0xc1,0xa2,0xe2,
+ 0x3d,0xbf,0x2f,0xe1,0xdf,0xd2,0xb0,0x2a,0xf4,0xee,0xa4,0x75,0x15,0x95,0x7f,0xa3,
+ 0x73,0x8b,0x06,0x41,0x1a,0x55,0x1f,0x8f,0x8d,0xc4,0xb8,0x5e,0xa7,0xf5,0xa3,0xa1,
+ 0xe2,0x6c,0xcc,0x44,0x98,0xbd,0x64,0xaf,0x80,0x38,0xc1,0xda,0x5c,0xbd,0x8e,0x80,
+ 0xb3,0xcb,0xac,0xde,0xf1,0xa4,0x1e,0xc5,0xaf,0x20,0x55,0x66,0xc8,0xdd,0x80,0xb2,
+ 0xea,0xda,0xf9,0x7d,0xd0,0xaa,0x98,0x33,0xba,0x3f,0xd0,0xe4,0xb6,0x73,0xe2,0xf8,
+ 0x96,0x0b,0x04,0xed,0xa7,0x61,0x61,0x64,0x39,0x14,0x24,0x2b,0x96,0x1e,0x74,0xde,
+ 0xae,0x49,0x7c,0xaf,0x00,0x5b,0x00,0x51,0x5d,0x78,0x49,0x2e,0xc2,0xc2,0xde,0xb6,
+ 0x0a,0x57,0xb9,0xdc,0xe3,0x6e,0x68,0xdd,0x82,0x00,0x7d,0x94,0x2a,0xe7,0xc0,0x23,
+ 0xe1,0x21,0x0f,0x0b,0xe8,0xa3,0xeb,0x3f,0x00,0x48,0x24,0x07,0x4b,0x8f,0x72,0x5e,
+ 0xaf,0x8a,0xc7,0x73,0xe6,0x0f,0xbb,0xb7,0xcb,0xa9,0x63,0x0e,0x88,0xb6,0x9c,0x8b,
+ 0xcb,0x2d,0x74,0xdb,0xdb,0x29,0xbf,0xff,0x8b,0x22,0x54,0x5b,0x80,0xbb,0x63,0x4e,
+ 0x4c,0x05,0xf7,0x3e,0x00,0x2a,0x92,0x8e,0xfd,0x5a,0x6a,0xa4,0x56,0x21,0xce,0x1b,
+ 0x03,0x2a,0x22,0x44,0xde,0x48,0xf4,0xdf,0x43,0x58,0x15,0x66,0x78,0xcb,0xe0,0x39,
+ 0xc9,0xeb,0xe4,0xce,0xe9,0x45,0xa2,0x5b,0x90,0x38,0x46,0x9f,0xe0,0x0c,0x30,0x92,
+ 0x93,0x6a,0x8c,0xff,0x93,0x69,0x04,0x5f,0x90,0x67,0x33,0xa9,0xd2,0xab,0x36,0x60,
+ 0x18,0x20,0x69,0xb1,0x57,0xca,0x8f,0x9b,0x99,0xa7,0x1f,0xc1,0x53,0xc6,0x83,0x01,
+ 0xe9,0x7a,0x38,0xfc,0x3a,0x87,0xae,0x2b,0x6f,0x03,0x75,0x4e,0x6d,0xa8,0x2d,0x0b,
+ 0x07,0x26,0xe0,0x70,0x39,0x79,0xc9,0x32,0x02,0x89,0xfe,0xef,0xbc,0xdd,0xcd,0x9d,
+ 0x70,0x6b,0x71,0xb5,0x1e,0x9a,0x1b,0x9d,0xc1,0x41,0x2e,0x6e,0xd4,0xb5,0x66,0x76),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0xf3,0x0c,0x78,0x3b,0x4e,0xae,0xb4,0x65,0x76,0x7f,0xa1,0xb9,0x6d,0x0a,0xf5,0x24,
+ 0x35,0xd8,0x5f,0xab,0x91,0x2b,0x6a,0xba,0x10,0xef,0xa5,0xb9,0x46,0xed,0x01,0xe1,
+ 0x5d,0x42,0x7a,0x4e,0xcd,0x0f,0xf9,0x55,0x67,0x73,0x79,0x17,0x98,0xb6,0x69,0x56,
+ 0xec,0xc7,0x52,0x88,0xd1,0xe9,0xba,0x2a,0x9e,0xa9,0x48,0x57,0xd3,0x13,0x29,0x99,
+ 0xa2,0x25,0xb1,0xff,0xaf,0x84,0x46,0x70,0x15,0x6e,0x7a,0x3e,0xa9,0xf0,0x77,0xfe,
+ 0x82,0x59,0xa0,0x98,0xb9,0xee,0x75,0x9a,0x6d,0xdf,0xb7,0xd2,0x0a,0x7a,0xcd,0x1b,
+ 0xcb,0x9f,0x67,0x77,0x7e,0x74,0x61,0x5e,0x88,0x59,0xea,0x56,0x28,0x1f,0xe5,0xc4,
+ 0x00,0x74,0x8f,0x02,0xd1,0xa2,0x63,0xb1,0x86,0x7a,0x3b,0x51,0x74,0x8a,0xb7,0x0f),
+ .s = chunk_from_chars(
+ 0x34,0x5e,0x2f,0x60,0xf7,0xc8,0x2c,0x89,0xef,0x7d,0xfd,0x7d,0xff,0x2b,0xc2,0x34,
+ 0x8b,0xab,0x02,0x04,0x79,0x33,0x08,0x99,0xd4,0x41,0x02,0x13,0xb3,0x5e,0x98,0xd9,
+ 0xba,0xc9,0x2f,0xd8,0xae,0x80,0x6b,0x5b,0xce,0x8a,0x6c,0x4b,0xd8,0x27,0x5b,0x0f,
+ 0xac,0xb4,0xdd,0x13,0xf9,0xd6,0x8b,0xa6,0x71,0x41,0xfa,0x50,0x85,0x26,0x4d,0xa6,
+ 0xdd,0x68,0x5a,0x6d,0x21,0x21,0x70,0xa2,0xc9,0xcb,0xf2,0xcf,0x59,0x30,0x18,0x0e,
+ 0xff,0xc2,0x50,0x86,0x8c,0x98,0x4b,0xf5,0x0f,0xf6,0x9d,0x60,0x69,0xea,0x28,0xf5,
+ 0xbc,0x1b,0x63,0x70,0x5d,0x07,0x32,0x41,0x6f,0xd8,0x29,0xa5,0xf5,0xd6,0x21,0x74,
+ 0x62,0xc2,0x2a,0x33,0xfd,0x46,0x52,0xf7,0xc1,0xd1,0x98,0x79,0x46,0x46,0xc0,0x84,
+ 0x06,0x02,0x4e,0x81,0x63,0xa7,0xeb,0xe3,0x9c,0xfb,0x51,0x4c,0x54,0x43,0x89,0x7b,
+ 0x58,0x94,0xdd,0x19,0xa2,0x13,0xe0,0x37,0xf2,0x7e,0x0f,0xfb,0xd6,0xc5,0x44,0x7a,
+ 0x80,0x5a,0x54,0xdf,0xdf,0x4f,0x65,0x81,0x9d,0x4e,0x0f,0xbe,0xe2,0x5e,0x3d,0xac,
+ 0x47,0xfb,0x6b,0x63,0x6e,0x8d,0xe6,0x19,0x0a,0xdc,0xcb,0xce,0xe9,0x37,0xd0,0x97,
+ 0x7b,0x35,0xb9,0x73,0x60,0x6b,0x0c,0xa3,0x48,0x75,0x8b,0x50,0xcd,0xbb,0xa0,0x28,
+ 0xb7,0x3d,0x0e,0xf0,0x1c,0x56,0x01,0x4c,0x03,0x1c,0x59,0x8f,0xe8,0xdb,0x87,0xd2,
+ 0xca,0x46,0x44,0x77,0x0a,0xaa,0x04,0x51,0xc3,0x76,0xde,0xd8,0x2f,0xf5,0xc6,0xb8,
+ 0xe7,0xd2,0xed,0x9d,0x1c,0x8a,0x17,0xc3,0x12,0x2c,0x12,0x82,0x73,0xc6,0x0f,0xd1,
+ 0xb0,0x08,0x8d,0xfb,0xc9,0xc9,0x27,0xf1,0x62,0xe4,0x38,0x79,0x40,0x59,0x64,0xcb,
+ 0x11,0xef,0x78,0x99,0x12,0x3f,0xeb,0x8f,0x88,0xdd,0x27,0x34,0xdf,0x98,0xaa,0x69,
+ 0x6d,0x93,0x6a,0x8d,0xf0,0x70,0x00,0xe8,0x4a,0xf9,0x01,0x01,0xf7,0x00,0x6a,0x9b,
+ 0xd2,0x54,0x9f,0xdd,0x0a,0xd3,0xf9,0xde,0x09,0x30,0x12,0xd3,0x2d,0x2a,0xfa,0xa8,
+ 0x28,0x01,0x7e,0xe9,0xc6,0x07,0xcb,0xf5,0xb5,0x4f,0x22,0x36,0x66,0xd4,0xb5,0xf3,
+ 0xe2,0x6e,0x0d,0xfe,0xc0,0x03,0x96,0x1b,0x83,0xd8,0x3d,0xe3,0x9f,0xf6,0xa0,0xe8,
+ 0x1e,0x18,0x83,0xc1,0xdb,0x4a,0xaa,0xf0,0x82,0xfe,0xc5,0xaa,0x30,0xa7,0xe5,0x78,
+ 0x55,0x3d,0x89,0x77,0x4c,0x67,0x90,0x77,0x90,0xc9,0x6d,0xc4,0xf5,0xbe,0x4c,0x8c),
+ },
+ {
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ .m = chunk_from_chars(
+ 0x13,0x2c,0xf5,0x0c,0x66,0xac,0x4c,0xc5,0x43,0x39,0x75,0x1a,0x0e,0xbb,0x86,0x5e,
+ 0x1d,0x3d,0x32,0x05,0x62,0xfc,0x90,0x5c,0x4a,0xbd,0x1e,0x78,0xe4,0x64,0x06,0x6c,
+ 0x46,0xc3,0xa0,0xc0,0x2d,0xb0,0x37,0x1e,0xe3,0x5a,0x10,0x4d,0x66,0xdd,0xa8,0x64,
+ 0xc6,0x13,0x3e,0x37,0xcf,0xad,0x91,0x16,0xe8,0x83,0xeb,0xb7,0x3b,0x29,0x5e,0x70,
+ 0x16,0xc3,0x4e,0xa9,0x91,0x1a,0x30,0x92,0x72,0xef,0x90,0x11,0x4d,0x8f,0x59,0xff,
+ 0xf0,0xa7,0x51,0x93,0xfe,0x5a,0xe3,0x1e,0xd9,0x91,0x21,0xf9,0xc5,0x92,0x09,0xbc,
+ 0x4b,0xd5,0x07,0xb1,0xdc,0x12,0xbc,0x89,0xb7,0x9f,0xfe,0x4d,0x0d,0xf9,0x20,0x97,
+ 0x62,0xa1,0x73,0x01,0x36,0x29,0x0c,0xde,0xe5,0x8e,0xc8,0x28,0xcc,0xc8,0x8e,0xba),
+ .s = chunk_from_chars(
+ 0xb1,0x25,0x03,0xb7,0xb2,0xf7,0x83,0x61,0x88,0x84,0x17,0x4b,0xcb,0x9b,0xe1,0x08,
+ 0x77,0x96,0x04,0x31,0xed,0x63,0x63,0xc8,0x07,0xe1,0x2d,0xb7,0x1b,0x8b,0x6b,0xd9,
+ 0xd6,0x40,0x1d,0x06,0x4e,0x25,0x37,0x40,0x15,0x8e,0x8b,0x90,0x01,0x52,0xd3,0x7f,
+ 0xaf,0x20,0x33,0x3a,0x7d,0x80,0xb3,0xd4,0x7c,0x7c,0x7a,0x3f,0xa1,0x20,0x91,0xce,
+ 0x31,0xcd,0x8a,0xae,0x27,0x2a,0x4d,0xa1,0x5f,0xe2,0xcb,0x5c,0xfd,0xea,0x54,0x11,
+ 0x95,0xa4,0x69,0xc9,0x6b,0xcf,0x69,0x5e,0x0b,0x52,0x6d,0xfa,0x48,0xa5,0x90,0x03,
+ 0xc6,0x76,0x3a,0xf8,0x13,0x63,0x92,0xc4,0xb8,0xd2,0x4d,0xb3,0x14,0x74,0x6f,0x42,
+ 0xac,0xa5,0x50,0xac,0xc6,0x5e,0x07,0x49,0x13,0xab,0x82,0x23,0x2e,0xb8,0x59,0x35,
+ 0x09,0x15,0x8a,0x8b,0xa3,0x4b,0xc0,0xf0,0xe3,0x12,0x5a,0x83,0x4a,0x3e,0xd2,0xd6,
+ 0xa8,0xcb,0x1d,0x08,0x5f,0x23,0x4a,0xe8,0x68,0xb8,0x6a,0xea,0x8d,0x6f,0x82,0xe1,
+ 0x3a,0x08,0x84,0x24,0x85,0x06,0x6e,0x48,0xaa,0xe4,0x83,0x78,0x73,0x15,0x0f,0x44,
+ 0x47,0x5e,0x12,0x60,0x2b,0x55,0x2d,0xcb,0x34,0xd1,0xf9,0xfd,0xaa,0xdb,0xc6,0xbf,
+ 0xf5,0x13,0x4c,0x6f,0xc7,0x62,0x63,0x88,0x8b,0xe6,0x7e,0xfe,0x63,0xee,0x18,0x40,
+ 0xfa,0x08,0xc4,0x99,0x38,0x85,0x8a,0x9d,0x48,0xb1,0x05,0x8d,0x18,0x97,0x6b,0xf2,
+ 0xe3,0xbf,0xc6,0x25,0x55,0x2f,0x75,0xb3,0xea,0x44,0xeb,0x91,0xdd,0x36,0x68,0x65,
+ 0xf2,0x40,0xa0,0xc3,0x36,0xa0,0x11,0x0e,0x0f,0xa0,0x9d,0x09,0xcd,0x94,0xc7,0x0c,
+ 0xbc,0x88,0x95,0xae,0x3d,0x44,0xae,0x3d,0xff,0x54,0x5f,0x0e,0x8c,0x8c,0xc6,0x62,
+ 0xec,0xd4,0x0f,0x90,0x99,0xa9,0x52,0x49,0x43,0x96,0xc6,0xb4,0x23,0xeb,0xb4,0x63,
+ 0x40,0x99,0x69,0x28,0x1c,0xdd,0x54,0xad,0x87,0xa3,0x08,0xe4,0x87,0xce,0x19,0x74,
+ 0x5b,0x30,0xd5,0xda,0x76,0xb9,0x8d,0x2a,0xa9,0xa0,0x07,0xa5,0x57,0x83,0xb3,0x03,
+ 0x7e,0x5b,0x86,0x62,0x32,0x28,0x10,0xbd,0xd1,0x1d,0x86,0xdc,0x3f,0x61,0x45,0x11,
+ 0x49,0x39,0x1f,0xb2,0xf1,0x4e,0xd9,0xc1,0x7c,0x75,0x16,0x23,0xa4,0x04,0x2c,0xe7,
+ 0xed,0xb8,0x75,0xee,0x27,0xbc,0xd1,0xf1,0x9d,0x6d,0xc9,0x28,0x3a,0xd0,0x6d,0x15,
+ 0xe0,0x97,0xe2,0xb0,0xb1,0x5a,0x7e,0xb7,0x12,0x8a,0xdb,0xca,0x0a,0xa6,0xad,0xcc),
+ },
+};
+
+START_TEST(test_sign_pkcs15_3072)
+{
+ signature_scheme_t scheme = pkcs15_3072[_i].scheme;
+ chunk_t sig;
+
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, scheme)) ||
+ !lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, scheme)))
+ {
+ warn("%N not supported, skip test", signature_scheme_names, scheme);
+ return;
+ }
+ fail_unless(privkey_3072->sign(privkey_3072, scheme, NULL, pkcs15_3072[_i].m, &sig),
+ "sign %N", signature_scheme_names, scheme);
+ ck_assert_chunk_eq(pkcs15_3072[_i].s, sig);
+ fail_unless(pubkey_3072->verify(pubkey_3072, scheme, NULL, pkcs15_3072[_i].m, sig),
+ "verify %N", signature_scheme_names, scheme);
+ free(sig.ptr);
+}
+END_TEST
+
+/**
+ * Keys for the FIPS 186-4 SigGen RSASSA-PSS test vectors
+ */
+static private_key_t *privpss_2048, *privpss_3072;
+static public_key_t *pubpss_2048, *pubpss_3072;
+static bool pss_salt_supported;
+
+static void pss_salt_test()
+{
+ chunk_t sig_salt = chunk_from_chars(
+ 0x3c,0x34,0xa4,0x56,0xdb,0x84,0x7b,0x7b,0xbb,0xbb,0xb0,0x15,0x5c,0xe2,0xe2,0x26,
+ 0xde,0xa9,0x27,0xb8,0x71,0x1b,0x28,0x0d,0xe3,0xe4,0xc2,0x6b,0x44,0x39,0xae,0x78,
+ 0x3a,0x93,0x68,0x6c,0xa0,0x91,0x19,0xd3,0x15,0x3b,0x93,0x15,0x92,0x13,0xaa,0x22,
+ 0x76,0x18,0xfd,0xbf,0x53,0x7f,0x2c,0xa7,0x24,0x5d,0xfa,0x93,0x78,0xff,0xdf,0x25,
+ 0x25,0x6c,0x65,0x2d,0xc1,0x6c,0xfd,0x43,0x87,0x3c,0x83,0x5b,0xe0,0x76,0xaf,0x99,
+ 0xa7,0xe4,0x11,0x3d,0xa6,0xa7,0xa4,0x50,0x0c,0xb8,0x4b,0x9b,0xd7,0x29,0xa6,0x6c,
+ 0x39,0x15,0xef,0xd9,0x46,0x5d,0x64,0x7e,0xf9,0x90,0x4a,0x7e,0x53,0xeb,0xfd,0x2f,
+ 0x32,0xdc,0x38,0xdf,0x3d,0xef,0xf7,0xa5,0x87,0xf0,0x5c,0x33,0x78,0x61,0x40,0x36,
+ 0x8d,0x16,0x14,0xf3,0xeb,0xfb,0x58,0x99,0x06,0xe9,0x48,0x67,0x93,0xe7,0x84,0x3c,
+ 0x6c,0x4a,0x3c,0x7e,0x0b,0xcc,0x62,0xcf,0xdb,0x7b,0x85,0xff,0x6c,0x3d,0x9f,0x7c,
+ 0x22,0x9e,0x0a,0x83,0x0b,0x3a,0x6a,0xe9,0xc2,0xbe,0x2f,0xd2,0xab,0x66,0xcb,0x1a,
+ 0x52,0x27,0x71,0x72,0x46,0xbf,0xed,0x8d,0xaa,0x47,0xaf,0x88,0x3a,0xf2,0xc2,0x6d,
+ 0xf4,0x24,0x01,0x4c,0x21,0xa1,0x40,0x63,0x93,0xeb,0xd9,0x56,0xf5,0xd2,0x74,0xe6,
+ 0x16,0x94,0x89,0x74,0x31,0x71,0xba,0xbd,0x6a,0x89,0x4a,0x52,0x9a,0x79,0x07,0x68,
+ 0x34,0x24,0x54,0xfd,0x21,0x54,0x7d,0xbe,0x3a,0x46,0xa6,0x28,0xa5,0xbc,0xea,0x30,
+ 0xb6,0x85,0xda,0x7e,0x45,0x24,0xc9,0xba,0x5f,0x0d,0xee,0xea,0x1b,0x54,0x67,0xc6);
+ chunk_t sig_zero = chunk_from_chars(
+ 0xb0,0x7e,0x08,0xf4,0xb7,0x02,0xf7,0x91,0x7a,0x81,0x65,0xc3,0x87,0x39,0xe7,0x67,
+ 0xfa,0x28,0x4d,0xe5,0x65,0xe3,0x95,0x94,0xfd,0x30,0x1d,0x94,0x98,0x81,0xce,0x0c,
+ 0x0e,0x8d,0x40,0xc1,0x37,0x43,0x9b,0xbd,0x81,0x0e,0x19,0x8c,0xee,0xd8,0xd9,0x7a,
+ 0x95,0x96,0x76,0x57,0x0b,0x86,0xc5,0x69,0xe9,0x4d,0x9a,0x82,0x80,0xd5,0xf7,0x95,
+ 0x15,0x7c,0xfc,0x82,0xe6,0x0a,0x1a,0x13,0x84,0xb3,0xbc,0xe6,0xe3,0xc0,0xd4,0x84,
+ 0xcf,0xd4,0xdd,0xbd,0x5a,0x53,0x49,0x1f,0x72,0x47,0xbf,0x93,0x59,0xf4,0xf2,0xfb,
+ 0xcf,0xf8,0x42,0xb6,0xdb,0xb4,0xfb,0xea,0xa6,0x2e,0xdc,0xb5,0x3c,0x41,0x73,0xaa,
+ 0xba,0x0a,0xb3,0x7b,0x23,0x03,0x0a,0x71,0x7f,0x49,0xba,0x17,0xaa,0x35,0x15,0xeb,
+ 0xd0,0xea,0xae,0xb2,0x7a,0xf2,0xed,0x58,0x74,0xb0,0xe5,0xa8,0x1e,0x59,0x10,0x88,
+ 0xe6,0xe6,0xf7,0xc6,0x41,0x78,0xf5,0x88,0x35,0x03,0xf9,0x82,0x42,0xb5,0x42,0x43,
+ 0xc6,0x4f,0xeb,0xbf,0xa0,0x3b,0xef,0x61,0x35,0x80,0x2c,0xcb,0x3f,0x3a,0x3e,0x3d,
+ 0x7a,0x75,0x5e,0x0b,0xdb,0xc8,0xdf,0xc1,0x2f,0x73,0x55,0xec,0x2b,0x20,0xd0,0xf3,
+ 0xa3,0x8a,0xaf,0x3a,0xb3,0xe5,0xad,0xa2,0x9c,0x4f,0x6b,0x64,0x6b,0xb0,0x54,0x38,
+ 0x96,0xaa,0xb6,0x9c,0x8b,0xe9,0x7d,0x41,0xa5,0x0a,0xde,0x24,0x4d,0x5a,0x37,0xe6,
+ 0xe3,0xbd,0xbb,0x1c,0x00,0x8a,0x22,0xd5,0x51,0x70,0x18,0xaf,0x13,0x05,0x6e,0x32,
+ 0xf7,0xef,0xc3,0xe5,0x4b,0x6f,0x94,0xa0,0x59,0xa8,0xf8,0x7f,0x42,0x08,0x3b,0x51);
+ chunk_t sig;
+ rsa_pss_params_t params = {
+ .hash = HASH_SHA256,
+ .mgf1_hash = HASH_SHA256,
+ .salt = chunk_from_chars(0x01,0x02,0x03,0x04),
+ };
+
+ pss_salt_supported = FALSE;
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS)))
+ {
+ return;
+ }
+ /* we should get one of two signatures, either one without a salt or
+ * one with the configured salt */
+ fail_unless(privpss_2048->sign(privpss_2048, SIGN_RSA_EMSA_PSS,
+ &params, chunk_from_chars(0x04,0x03,0x02,0x01), &sig),
+ "sign %N", signature_scheme_names, SIGN_RSA_EMSA_PSS);
+
+ if (chunk_equals(sig, sig_salt))
+ { /* matches signature with passed salt */
+ pss_salt_supported = TRUE;
+ }
+ else if (!chunk_equals(sig, sig_zero))
+ { /* does not match signature without salt */
+ fail("unexpected signature received: %B", &sig);
+ }
+ free(sig.ptr);
+}
+
+START_SETUP(setup_keys_pss)
+{
+ create_key(chunk_from_chars(
+ 0xc5,0x06,0x2b,0x58,0xd8,0x53,0x9c,0x76,0x5e,0x1e,0x5d,0xba,0xf1,0x4c,0xf7,0x5d,
+ 0xd5,0x6c,0x2e,0x13,0x10,0x5f,0xec,0xfd,0x1a,0x93,0x0b,0xbb,0x59,0x48,0xff,0x32,
+ 0x8f,0x12,0x6a,0xbe,0x77,0x93,0x59,0xca,0x59,0xbc,0xa7,0x52,0xc3,0x08,0xd2,0x81,
+ 0x57,0x3b,0xc6,0x17,0x8b,0x6c,0x0f,0xef,0x7d,0xc4,0x45,0xe4,0xf8,0x26,0x43,0x04,
+ 0x37,0xb9,0xf9,0xd7,0x90,0x58,0x1d,0xe5,0x74,0x9c,0x2c,0xb9,0xcb,0x26,0xd4,0x2b,
+ 0x2f,0xee,0x15,0xb6,0xb2,0x6f,0x09,0xc9,0x96,0x70,0x33,0x64,0x23,0xb8,0x6b,0xc5,
+ 0xbe,0xc7,0x11,0x13,0x15,0x7b,0xe2,0xd9,0x44,0xd7,0xff,0x3e,0xeb,0xff,0xb2,0x84,
+ 0x13,0x14,0x3e,0xa3,0x67,0x55,0xdb,0x0a,0xe6,0x2f,0xf5,0xb7,0x24,0xee,0xcb,0x3d,
+ 0x31,0x6b,0x6b,0xac,0x67,0xe8,0x9c,0xac,0xd8,0x17,0x19,0x37,0xe2,0xab,0x19,0xbd,
+ 0x35,0x3a,0x89,0xac,0xea,0x8c,0x36,0xf8,0x1c,0x89,0xa6,0x20,0xd5,0xfd,0x2e,0xff,
+ 0xea,0x89,0x66,0x01,0xc7,0xf9,0xda,0xca,0x7f,0x03,0x3f,0x63,0x5a,0x3a,0x94,0x33,
+ 0x31,0xd1,0xb1,0xb4,0xf5,0x28,0x87,0x90,0xb5,0x3a,0xf3,0x52,0xf1,0x12,0x1c,0xa1,
+ 0xbe,0xf2,0x05,0xf4,0x0d,0xc0,0x12,0xc4,0x12,0xb4,0x0b,0xdd,0x27,0x58,0x5b,0x94,
+ 0x64,0x66,0xd7,0x5f,0x7e,0xe0,0xa7,0xf9,0xd5,0x49,0xb4,0xbe,0xce,0x6f,0x43,0xac,
+ 0x3e,0xe6,0x5f,0xe7,0xfd,0x37,0x12,0x33,0x59,0xd9,0xf1,0xa8,0x50,0xad,0x45,0x0a,
+ 0xaf,0x5c,0x94,0xeb,0x11,0xde,0xa3,0xfc,0x0f,0xc6,0xe9,0x85,0x6b,0x18,0x05,0xef),
+ chunk_from_chars(
+ 0x86,0xc9,0x4f),
+ chunk_from_chars(
+ 0x49,0xe5,0x78,0x6b,0xb4,0xd3,0x32,0xf9,0x45,0x86,0x32,0x7b,0xde,0x08,0x88,0x75,
+ 0x37,0x9b,0x75,0xd1,0x28,0x48,0x8f,0x08,0xe5,0x74,0xab,0x47,0x15,0x30,0x2a,0x87,
+ 0xee,0xa5,0x2d,0x4c,0x4a,0x23,0xd8,0xb9,0x7a,0xf7,0x94,0x48,0x04,0x33,0x7c,0x5f,
+ 0x55,0xe1,0x6b,0xa9,0xff,0xaf,0xc0,0xc9,0xfd,0x9b,0x88,0xec,0xa4,0x43,0xf3,0x9b,
+ 0x79,0x67,0x17,0x0d,0xdb,0x8c,0xe7,0xdd,0xb9,0x3c,0x60,0x87,0xc8,0x06,0x6c,0x4a,
+ 0x95,0x53,0x8a,0x44,0x1b,0x9d,0xc8,0x0d,0xc9,0xf7,0x81,0x00,0x54,0xfd,0x1e,0x5c,
+ 0x9d,0x02,0x50,0xc9,0x78,0xbb,0x2d,0x74,0x8a,0xbe,0x1e,0x94,0x65,0xd7,0x1a,0x81,
+ 0x65,0xd3,0x12,0x6d,0xce,0x5d,0xb2,0xad,0xac,0xc0,0x03,0xe9,0x06,0x2b,0xa3,0x7a,
+ 0x54,0xb6,0x3e,0x5f,0x49,0xa4,0xea,0xfe,0xbd,0x7e,0x4b,0xf5,0xb0,0xa7,0x96,0xc2,
+ 0xb3,0xa9,0x50,0xfa,0x09,0xc7,0x98,0xd3,0xfa,0x3e,0x86,0xc4,0xb6,0x2c,0x33,0xba,
+ 0x93,0x65,0xed,0xa0,0x54,0xe5,0xfe,0x74,0xa4,0x1f,0x21,0xb5,0x95,0x02,0x6a,0xcf,
+ 0x10,0x93,0xc9,0x0a,0x8c,0x71,0x72,0x2f,0x91,0xaf,0x1e,0xd2,0x9a,0x41,0xa2,0x44,
+ 0x9a,0x32,0x0f,0xc7,0xba,0x31,0x20,0xe3,0xe8,0xc3,0xe4,0x24,0x0c,0x04,0x92,0x5c,
+ 0xc6,0x98,0xec,0xd6,0x6c,0x7c,0x90,0x6b,0xdf,0x24,0x0a,0xda,0xd9,0x72,0xb4,0xdf,
+ 0xf4,0x86,0x9d,0x40,0x0b,0x5d,0x13,0xe3,0x3e,0xeb,0xa3,0x8e,0x07,0x5e,0x87,0x2b,
+ 0x0e,0xd3,0xe9,0x1c,0xc9,0xc2,0x83,0x86,0x7a,0x4f,0xfc,0x39,0x01,0xd2,0x06,0x9f),
+ &privpss_2048, &pubpss_2048);
+
+ create_key(chunk_from_chars(
+ 0xa7,0xa1,0x88,0x2a,0x7f,0xb8,0x96,0x78,0x60,0x34,0xd0,0x7f,0xb1,0xb9,0xf6,0x32,
+ 0x7c,0x27,0xbd,0xd7,0xce,0x6f,0xe3,0x9c,0x28,0x5a,0xe3,0xb6,0xc3,0x42,0x59,0xad,
+ 0xc0,0xdc,0x4f,0x7b,0x9c,0x7d,0xec,0x3c,0xa4,0xa2,0x0d,0x34,0x07,0x33,0x9e,0xed,
+ 0xd7,0xa1,0x2a,0x42,0x1d,0xa1,0x8f,0x59,0x54,0x67,0x3c,0xac,0x2f,0xf0,0x59,0x15,
+ 0x6e,0xcc,0x73,0xc6,0x86,0x1e,0xc7,0x61,0xe6,0xa0,0xf2,0xa5,0xa0,0x33,0xa6,0x76,
+ 0x8c,0x6a,0x42,0xd8,0xb4,0x59,0xe1,0xb4,0x93,0x23,0x49,0xe8,0x4e,0xfd,0x92,0xdf,
+ 0x59,0xb4,0x59,0x35,0xf3,0xd0,0xe3,0x08,0x17,0xc6,0x62,0x01,0xaa,0x99,0xd0,0x7a,
+ 0xe3,0x6c,0x5d,0x74,0xf4,0x08,0xd6,0x9c,0xc0,0x8f,0x04,0x41,0x51,0xff,0x49,0x60,
+ 0xe5,0x31,0x36,0x0c,0xb1,0x90,0x77,0x83,0x3a,0xdf,0x7b,0xce,0x77,0xec,0xfa,0xa1,
+ 0x33,0xc0,0xcc,0xc6,0x3c,0x93,0xb8,0x56,0x81,0x45,0x69,0xe0,0xb9,0x88,0x4e,0xe5,
+ 0x54,0x06,0x1b,0x9a,0x20,0xab,0x46,0xc3,0x82,0x63,0xc0,0x94,0xda,0xe7,0x91,0xaa,
+ 0x61,0xa1,0x7f,0x8d,0x16,0xf0,0xe8,0x5b,0x7e,0x5c,0xe3,0xb0,0x67,0xec,0xe8,0x9e,
+ 0x20,0xbc,0x4e,0x8f,0x1a,0xe8,0x14,0xb2,0x76,0xd2,0x34,0xe0,0x4f,0x4e,0x76,0x6f,
+ 0x50,0x1d,0xa7,0x4e,0xa7,0xe3,0x81,0x7c,0x24,0xea,0x35,0xd0,0x16,0x67,0x6c,0xec,
+ 0xe6,0x52,0xb8,0x23,0xb0,0x51,0x62,0x55,0x73,0xca,0x92,0x75,0x7f,0xc7,0x20,0xd2,
+ 0x54,0xec,0xf1,0xdc,0xbb,0xfd,0x21,0xd9,0x83,0x07,0x56,0x1e,0xca,0xab,0x54,0x54,
+ 0x80,0xc7,0xc5,0x2a,0xd7,0xe9,0xfa,0x6b,0x59,0x7f,0x5f,0xe5,0x50,0x55,0x9c,0x2f,
+ 0xe9,0x23,0x20,0x5a,0xc1,0x76,0x1a,0x99,0x73,0x7c,0xa0,0x2d,0x7b,0x19,0x82,0x2e,
+ 0x00,0x8a,0x89,0x69,0x34,0x9c,0x87,0xfb,0x87,0x4c,0x81,0x62,0x0e,0x38,0xf6,0x13,
+ 0xc8,0x52,0x1f,0x03,0x81,0xfe,0x5b,0xa5,0x5b,0x74,0x82,0x7d,0xad,0x3e,0x1c,0xf2,
+ 0xaa,0x29,0xc6,0x93,0x36,0x29,0xf2,0xb2,0x86,0xad,0x11,0xbe,0x88,0xfa,0x64,0x36,
+ 0xe7,0xe3,0xf6,0x4a,0x75,0xe3,0x59,0x52,0x90,0xdc,0x0d,0x1c,0xd5,0xee,0xe7,0xaa,
+ 0xac,0x54,0x95,0x9c,0xc5,0x3b,0xd5,0xa9,0x34,0xa3,0x65,0xe7,0x2d,0xd8,0x1a,0x2b,
+ 0xd4,0xfb,0x9a,0x67,0x82,0x1b,0xff,0xed,0xf2,0xef,0x2b,0xd9,0x49,0x13,0xde,0x8b),
+ chunk_from_chars(
+ 0x14,0x15,0xa7),
+ chunk_from_chars(
+ 0x07,0x3a,0x5f,0xc4,0xcd,0x64,0x2f,0x61,0x13,0xdf,0xfc,0x4f,0x84,0x03,0x5c,0xee,
+ 0x3a,0x2b,0x8a,0xcc,0x54,0x97,0x03,0x75,0x1a,0x1d,0x6a,0x5e,0xaa,0x13,0x48,0x72,
+ 0x29,0xa5,0x8e,0xf7,0xd7,0xa5,0x22,0xbb,0x9f,0x4f,0x25,0x51,0x0f,0x1a,0xa0,0xf7,
+ 0x4c,0x6a,0x8f,0xc8,0xa5,0xc5,0xbe,0x8b,0x91,0xa6,0x74,0xed,0xe5,0x0e,0x92,0xf7,
+ 0xe3,0x4a,0x90,0xa3,0xc9,0xda,0x99,0x9f,0xff,0xb1,0xd6,0x95,0xe4,0x58,0x8f,0x45,
+ 0x12,0x56,0xc1,0x63,0x48,0x4c,0x15,0x13,0x50,0xcb,0x9c,0x78,0x25,0xa7,0xd9,0x10,
+ 0x84,0x5e,0xe5,0xcf,0x82,0x6f,0xec,0xf9,0xa7,0xc0,0xfb,0xbb,0xba,0x22,0xbb,0x4a,
+ 0x53,0x1c,0x13,0x1d,0x2e,0x77,0x61,0xba,0x89,0x8f,0x00,0x2e,0xbe,0xf8,0xab,0x87,
+ 0x21,0x85,0x11,0xf8,0x1d,0x32,0x66,0xe1,0xec,0x07,0xa7,0xca,0x86,0x22,0x51,0x4c,
+ 0x6d,0xfd,0xc8,0x6c,0x67,0x67,0x9a,0x2c,0x8f,0x5f,0x03,0x1d,0xe9,0xa0,0xc2,0x2b,
+ 0x5a,0x88,0x06,0x0b,0x46,0xee,0x0c,0x64,0xd3,0xb9,0xaf,0x3c,0x0a,0x37,0x9b,0xcd,
+ 0x9c,0x6a,0x1b,0x51,0xcf,0x64,0x80,0x45,0x6d,0x3f,0xd6,0xde,0xf9,0x4c,0xd2,0xa6,
+ 0xc1,0x71,0xdd,0x3f,0x01,0x0e,0x3c,0x9d,0x66,0x2b,0xc8,0x57,0x20,0x82,0x48,0xc9,
+ 0x4e,0xbc,0xb9,0xfd,0x99,0x7b,0x9f,0xf4,0xa7,0xe5,0xfd,0x95,0x55,0x85,0x69,0x90,
+ 0x65,0x25,0xe7,0x41,0xd7,0x83,0x44,0xf6,0xf6,0xcf,0xdb,0xd5,0x9d,0x4f,0xaa,0x52,
+ 0xee,0x3f,0xa9,0x64,0xfb,0x7c,0xcc,0xb2,0xd6,0xbe,0x19,0x35,0xd2,0x11,0xfe,0x14,
+ 0x98,0x21,0x77,0x16,0x27,0x39,0x39,0xa9,0x46,0x08,0x1f,0xd8,0x50,0x99,0x13,0xfd,
+ 0x47,0x74,0x7c,0x5c,0x2f,0x03,0xef,0xd4,0xd6,0xfc,0x9c,0x6f,0xcf,0xd8,0x40,0x2e,
+ 0x9f,0x40,0xa0,0xa5,0xb3,0xde,0x3c,0xa2,0xb3,0xc0,0xfa,0xc9,0x45,0x69,0x38,0xfa,
+ 0xa6,0xcf,0x2c,0x20,0xe3,0x91,0x2e,0x59,0x81,0xc9,0x87,0x6d,0x8c,0xa1,0xff,0x29,
+ 0xb8,0x7a,0x15,0xee,0xae,0x0c,0xcc,0xe3,0xf8,0xa8,0xf1,0xe4,0x05,0x09,0x1c,0x08,
+ 0x3b,0x98,0xbc,0xc5,0xfe,0x0d,0x0d,0xea,0xae,0x33,0xc6,0x7c,0x03,0x94,0x43,0x7f,
+ 0x0e,0xcc,0xb3,0x85,0xb7,0xef,0xb1,0x7a,0xee,0xbb,0xa8,0xaf,0xae,0xcc,0xa3,0x0a,
+ 0x2f,0x63,0xea,0xc8,0xf0,0xac,0x8f,0x1e,0xac,0xad,0x85,0xbb,0xca,0xf3,0x96,0x0b),
+ &privpss_3072, &pubpss_3072);
+
+ pss_salt_test();
+}
+END_SETUP
+
+START_TEARDOWN(teardown_keys_pss)
+{
+ pubpss_2048->destroy(pubpss_2048);
+ privpss_2048->destroy(privpss_2048);
+ pubpss_3072->destroy(pubpss_3072);
+ privpss_3072->destroy(privpss_3072);
+}
+END_TEARDOWN
+
+/**
+ * SigGen test vectors from FIPS 186-4 (first two for each hash algo)
+ */
+static struct {
+ rsa_pss_params_t params;
+ chunk_t m;
+ chunk_t s;
+} pss_sign_2048[] = {
+ {
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256,
+ .salt_len = 20,
+ .salt = chunk_from_chars(
+ 0xe1,0x25,0x6f,0xc1,0xee,0xef,0x81,0x77,0x3f,0xdd,0x54,0x65,0x7e,0x40,0x07,0xfd,
+ 0xe6,0xbc,0xb9,0xb1),
+ },
+ .m = chunk_from_chars(
+ 0xdf,0xc2,0x26,0x04,0xb9,0x5d,0x15,0x32,0x80,0x59,0x74,0x5c,0x6c,0x98,0xeb,0x9d,
+ 0xfb,0x34,0x7c,0xf9,0xf1,0x70,0xaf,0xf1,0x9d,0xee,0xec,0x55,0x5f,0x22,0x28,0x5a,
+ 0x67,0x06,0xc4,0xec,0xbf,0x0f,0xb1,0x45,0x8c,0x60,0xd9,0xbf,0x91,0x3f,0xba,0xe6,
+ 0xf4,0xc5,0x54,0xd2,0x45,0xd9,0x46,0xb4,0xbc,0x5f,0x34,0xae,0xc2,0xac,0x6b,0xe8,
+ 0xb3,0x3d,0xc8,0xe0,0xe3,0xa9,0xd6,0x01,0xdf,0xd5,0x36,0x78,0xf5,0x67,0x44,0x43,
+ 0xf6,0x7d,0xf7,0x8a,0x3a,0x9e,0x09,0x33,0xe5,0xf1,0x58,0xb1,0x69,0xac,0x8d,0x1c,
+ 0x4c,0xd0,0xfb,0x87,0x2c,0x14,0xca,0x8e,0x00,0x1e,0x54,0x2e,0xa0,0xf9,0xcf,0xda,
+ 0x88,0xc4,0x2d,0xca,0xd8,0xa7,0x40,0x97,0xa0,0x0c,0x22,0x05,0x5b,0x0b,0xd4,0x1f),
+ .s = chunk_from_chars(
+ 0x8b,0x46,0xf2,0xc8,0x89,0xd8,0x19,0xf8,0x60,0xaf,0x0a,0x6c,0x4c,0x88,0x9e,0x4d,
+ 0x14,0x36,0xc6,0xca,0x17,0x44,0x64,0xd2,0x2a,0xe1,0x1b,0x9c,0xcc,0x26,0x5d,0x74,
+ 0x3c,0x67,0xe5,0x69,0xac,0xcb,0xc5,0xa8,0x0d,0x4d,0xd5,0xf1,0xbf,0x40,0x39,0xe2,
+ 0x3d,0xe5,0x2a,0xec,0xe4,0x02,0x91,0xc7,0x5f,0x89,0x36,0xc5,0x8c,0x9a,0x2f,0x77,
+ 0xa7,0x80,0xbb,0xe7,0xad,0x31,0xeb,0x76,0x74,0x2f,0x7b,0x2b,0x8b,0x14,0xca,0x1a,
+ 0x71,0x96,0xaf,0x7e,0x67,0x3a,0x3c,0xfc,0x23,0x7d,0x50,0xf6,0x15,0xb7,0x5c,0xf4,
+ 0xa7,0xea,0x78,0xa9,0x48,0xbe,0xda,0xf9,0x24,0x24,0x94,0xb4,0x1e,0x1d,0xb5,0x1f,
+ 0x43,0x7f,0x15,0xfd,0x25,0x51,0xbb,0x5d,0x24,0xee,0xfb,0x1c,0x3e,0x60,0xf0,0x36,
+ 0x94,0xd0,0x03,0x3a,0x1e,0x0a,0x9b,0x9f,0x5e,0x4a,0xb9,0x7d,0x45,0x7d,0xff,0x9b,
+ 0x9d,0xa5,0x16,0xdc,0x22,0x6d,0x6d,0x65,0x29,0x50,0x03,0x08,0xed,0x74,0xa2,0xe6,
+ 0xd9,0xf3,0xc1,0x05,0x95,0x78,0x8a,0x52,0xa1,0xbc,0x06,0x64,0xae,0xdf,0x33,0xef,
+ 0xc8,0xba,0xdd,0x03,0x7e,0xb7,0xb8,0x80,0x77,0x2b,0xdb,0x04,0xa6,0x04,0x6e,0x9e,
+ 0xde,0xee,0x41,0x97,0xc2,0x55,0x07,0xfb,0x0f,0x11,0xab,0x1c,0x9f,0x63,0xf5,0x3c,
+ 0x88,0x20,0xea,0x84,0x05,0xcf,0xd7,0x72,0x16,0x92,0x47,0x5b,0x4d,0x72,0x35,0x5f,
+ 0xa9,0xa3,0x80,0x4f,0x29,0xe6,0xb6,0xa7,0xb0,0x59,0xc4,0x44,0x1d,0x54,0xb2,0x8e,
+ 0x4e,0xed,0x25,0x29,0xc6,0x10,0x3b,0x54,0x32,0xc7,0x13,0x32,0xce,0x74,0x2b,0xcc),
+ },
+ {
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256,
+ .salt_len = 20,
+ .salt = chunk_from_chars(
+ 0xe1,0x25,0x6f,0xc1,0xee,0xef,0x81,0x77,0x3f,0xdd,0x54,0x65,0x7e,0x40,0x07,0xfd,
+ 0xe6,0xbc,0xb9,0xb1),
+ },
+ .m = chunk_from_chars(
+ 0xfd,0x6a,0x06,0x3e,0x61,0xc2,0xb3,0x54,0xfe,0x8c,0xb3,0x7a,0x5f,0x37,0x88,0xb5,
+ 0xc0,0x1f,0xf1,0x5a,0x72,0x5f,0x6b,0x81,0x81,0xe6,0xf6,0xb7,0x95,0xce,0x1c,0xf3,
+ 0x16,0xe9,0x30,0xcc,0x93,0x9c,0xd4,0xe8,0x65,0xf0,0xbd,0xb8,0x8f,0xe6,0xbb,0x62,
+ 0xe9,0x0b,0xf3,0xff,0x7e,0x4d,0x6f,0x07,0x32,0x0d,0xda,0x09,0xa8,0x75,0x84,0xa0,
+ 0x62,0x0c,0xad,0xa2,0x2a,0x87,0xff,0x9a,0xb1,0xe3,0x5c,0x79,0x77,0xb0,0xda,0x88,
+ 0xea,0xb0,0x0c,0xa1,0xd2,0xa0,0x84,0x9f,0xec,0x56,0x95,0x13,0xd5,0x0c,0x5e,0x39,
+ 0x2a,0xfc,0x03,0x2a,0xee,0x2d,0x3e,0x52,0x2c,0x8c,0x17,0x25,0xdd,0x3e,0xef,0x0e,
+ 0x0b,0x35,0xc3,0xa8,0x37,0x01,0xaf,0x31,0xf9,0xe9,0xb1,0x3c,0xe6,0x3b,0xb0,0xa5),
+ .s = chunk_from_chars(
+ 0x49,0x2b,0x6f,0x68,0x84,0xdf,0x46,0x1f,0xe1,0x05,0x16,0xb6,0xb8,0xcc,0x20,0x53,
+ 0x85,0xc2,0x01,0x08,0xec,0x47,0xd5,0xdb,0x69,0x28,0x3f,0x4a,0x76,0x88,0xe3,0x18,
+ 0xcf,0xdc,0x3c,0x49,0x1f,0xb2,0x92,0x25,0x32,0x5a,0xeb,0x46,0xef,0xc7,0x5e,0x85,
+ 0x58,0x40,0x91,0x0b,0xba,0xf0,0xd1,0xc8,0xd4,0x78,0x45,0x42,0xb9,0x70,0x75,0x4a,
+ 0xaa,0x84,0xbf,0xe4,0x7c,0x77,0xb3,0xa1,0xb5,0x03,0x7d,0x4d,0x79,0x75,0x94,0x71,
+ 0xe9,0x6c,0xc7,0xa5,0x27,0xa0,0xed,0x06,0x7e,0x21,0x70,0x9e,0xf7,0xf4,0xc4,0x11,
+ 0x1b,0x60,0xb8,0xc0,0x80,0x82,0xc8,0x18,0x0c,0x7c,0x96,0xb6,0x1c,0x0f,0x71,0x02,
+ 0xed,0x9b,0x90,0xe2,0x4d,0xe1,0x1e,0x62,0x98,0xbb,0x24,0x45,0x18,0xf9,0xb4,0x46,
+ 0xce,0x64,0x1f,0xe9,0x95,0xe9,0xcc,0x29,0x9e,0xd4,0x11,0xb6,0x5e,0xb2,0x5e,0xaa,
+ 0xe9,0xe5,0x53,0x48,0x4a,0x0a,0x7e,0x95,0x6e,0xad,0xf0,0x84,0x08,0x88,0xc7,0x0e,
+ 0x5c,0xa6,0xeb,0xc3,0xe4,0x79,0xf8,0xc6,0x9c,0x53,0xcf,0x31,0x37,0x0a,0xb3,0x85,
+ 0xe8,0xb6,0x73,0xdc,0x45,0xa0,0xc1,0x96,0x4e,0xc4,0x94,0x68,0xd1,0x82,0x46,0x21,
+ 0x3a,0x8f,0x93,0xa2,0xa9,0x6a,0xad,0x5a,0x27,0x01,0xc1,0x91,0xa1,0x4a,0x31,0x51,
+ 0x9e,0x4f,0x36,0x54,0x4d,0x66,0x87,0x08,0xff,0x37,0xbe,0x54,0x81,0xcb,0x0f,0xfa,
+ 0x2b,0x0e,0x1f,0x14,0x5e,0x29,0xf8,0x57,0x5d,0xfa,0x9e,0xc3,0x0c,0x6c,0xb4,0x1c,
+ 0x39,0x34,0x39,0x29,0x22,0x10,0xea,0x80,0x6a,0x50,0x55,0x98,0xeb,0xdf,0x08,0x33),
+ },
+ {
+ .params = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384,
+ .salt_len = 25,
+ .salt = chunk_from_chars(
+ 0xb7,0x50,0x58,0x76,0x71,0xaf,0xd7,0x68,0x86,0xe8,0xff,0xb7,0x86,0x5e,0x78,0xf7,
+ 0x06,0x64,0x1b,0x2e,0x42,0x51,0xb4,0x87,0x06),
+ },
+ .m = chunk_from_chars(
+ 0x83,0x3a,0xa2,0xb1,0xdc,0xc7,0x76,0x07,0xa4,0x4e,0x80,0x4e,0xe7,0x7d,0x45,0x40,
+ 0x85,0x86,0xc5,0x36,0x86,0x1f,0x66,0x48,0xad,0xcd,0x2f,0xb6,0x50,0x63,0x36,0x87,
+ 0x67,0xc5,0x5c,0x6f,0xe2,0xf2,0x37,0xf6,0x40,0x42,0x50,0xd7,0x5d,0xec,0x8f,0xa6,
+ 0x8b,0xca,0xf3,0xb6,0xe5,0x61,0x86,0x3a,0xe0,0x1c,0x91,0xaa,0x23,0xd8,0x0c,0x69,
+ 0x99,0xa5,0x58,0xa4,0xc4,0xcb,0x31,0x7d,0x54,0x0c,0xde,0x69,0xf8,0x29,0xaa,0xd6,
+ 0x74,0xa8,0x98,0x12,0xf4,0xd3,0x53,0x68,0x9f,0x04,0x64,0x8c,0x70,0x20,0xa7,0x39,
+ 0x41,0x62,0x00,0x18,0x29,0x5a,0x4a,0xe4,0x08,0x35,0x90,0xcc,0x60,0x3e,0x80,0x18,
+ 0x67,0xa5,0x1c,0x10,0x5a,0x7f,0xb3,0x19,0x13,0x0f,0x10,0x22,0xde,0x44,0xf1,0x3e),
+ .s = chunk_from_chars(
+ 0x2c,0xa3,0x7a,0x3d,0x6a,0xbd,0x28,0xc1,0xea,0xf9,0xbd,0xe5,0xe7,0xac,0x17,0xf1,
+ 0xfa,0x79,0x9c,0xe1,0xb4,0xb8,0x99,0xd1,0x99,0x85,0xc2,0xff,0x7c,0x8b,0xa9,0x59,
+ 0xfe,0x54,0xe5,0xaf,0xb8,0xbc,0x40,0x21,0xa1,0xf1,0xc6,0x87,0xee,0xbb,0x8c,0xba,
+ 0x80,0x0d,0x1c,0x51,0x63,0x6b,0x1f,0x68,0xdc,0x3e,0x48,0xf6,0x3e,0x2d,0xa6,0xbc,
+ 0x6d,0x09,0xc6,0x66,0x8f,0x68,0xe5,0x08,0xc5,0xd8,0xc1,0x9b,0xef,0x15,0x47,0x59,
+ 0xe2,0xf8,0x9a,0xde,0x15,0x27,0x17,0x37,0x0a,0x89,0x44,0xf5,0x37,0x57,0x82,0x96,
+ 0x38,0x0d,0x1f,0xe6,0xbe,0x80,0x9e,0x8b,0x11,0x3d,0x2b,0x9d,0x89,0xe6,0xa4,0x6f,
+ 0x5c,0x33,0x3d,0x4f,0xd4,0x87,0x70,0xfc,0x1e,0xa1,0xc5,0x48,0x10,0x45,0x75,0xb8,
+ 0x4c,0xf0,0x71,0x04,0x2b,0xfe,0x5a,0xcf,0x49,0x63,0x92,0xbe,0x83,0x51,0xa4,0x1c,
+ 0x46,0xa2,0xca,0xb0,0x86,0x4c,0x4c,0x1c,0x5b,0x5e,0x0c,0x7b,0x27,0xe7,0xb8,0x8c,
+ 0x69,0xf3,0x7f,0xfa,0x7e,0x1a,0x8c,0xd9,0x8f,0x34,0x3a,0xc8,0x4a,0x4a,0xd6,0x70,
+ 0x25,0xa4,0x0e,0xd8,0xf6,0x64,0xe9,0xd6,0x30,0x33,0x7d,0xe6,0xe4,0x8b,0xb2,0x12,
+ 0x5e,0x25,0x52,0x12,0x36,0x09,0x49,0x1f,0x18,0x3a,0xfd,0x92,0x63,0x44,0x87,0xf0,
+ 0xb2,0xcf,0x97,0x1f,0x26,0x26,0xe8,0x88,0x58,0x87,0x9d,0x45,0xa2,0x9b,0x0f,0xef,
+ 0xb6,0x6c,0xd4,0x1b,0x2e,0x4e,0x96,0x83,0x85,0xbd,0x9f,0xc8,0xc7,0x21,0x19,0x76,
+ 0xbc,0x6b,0xd3,0xe1,0xad,0x6d,0xf6,0x08,0x56,0x98,0x5a,0x82,0x5f,0x47,0x26,0xd2),
+ },
+ {
+ .params = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384,
+ .salt_len = 25,
+ .salt = chunk_from_chars(
+ 0xb7,0x50,0x58,0x76,0x71,0xaf,0xd7,0x68,0x86,0xe8,0xff,0xb7,0x86,0x5e,0x78,0xf7,
+ 0x06,0x64,0x1b,0x2e,0x42,0x51,0xb4,0x87,0x06),
+ },
+ .m = chunk_from_chars(
+ 0x89,0x25,0xb8,0x7e,0x9d,0x1d,0x73,0x9d,0x8f,0x97,0x54,0x50,0xb7,0x9d,0x09,0x19,
+ 0xdd,0xe6,0x3e,0x8a,0x9e,0xaa,0x1c,0xb5,0x11,0xb4,0x0f,0xe3,0xab,0xb9,0xcd,0x89,
+ 0x60,0xe8,0x94,0x77,0x0b,0xc2,0xb2,0x53,0x10,0x2c,0x4b,0x46,0x40,0xc3,0x57,0xf5,
+ 0xfd,0x6f,0xea,0xb3,0x9e,0x3b,0xb8,0xf4,0x15,0x64,0xd8,0x05,0xce,0xaf,0xc8,0xfb,
+ 0xdb,0x00,0xb2,0xea,0x4f,0x29,0xed,0x57,0xe7,0x00,0xc7,0xef,0xf0,0xb4,0x82,0x79,
+ 0x64,0x61,0x9c,0x09,0x57,0xe1,0x54,0x76,0x91,0xe6,0x69,0x0f,0x7d,0x45,0x25,0x8a,
+ 0x42,0x95,0x9a,0x3d,0x2f,0xf9,0x2c,0x91,0x5c,0x3a,0x4f,0xb3,0x8e,0x19,0x92,0x8c,
+ 0x5c,0xe3,0xdd,0xf4,0x90,0x45,0xf6,0x22,0xd0,0x62,0x4a,0x67,0x7e,0x23,0xeb,0x1d),
+ .s = chunk_from_chars(
+ 0x43,0xef,0x93,0xd1,0x4e,0x89,0xb0,0x5d,0x5e,0x0d,0xb2,0xdb,0xd5,0x7a,0x12,0x40,
+ 0x39,0x10,0x64,0x6b,0x4b,0x0a,0x24,0xd9,0xb8,0x0d,0x94,0x79,0x54,0x59,0x1a,0xfa,
+ 0x6e,0x98,0x09,0xe9,0x6d,0x7d,0x3e,0x71,0x10,0x03,0xee,0x0a,0x91,0x86,0xab,0x3d,
+ 0x8e,0x0b,0x4d,0x34,0x25,0xc6,0xda,0x4b,0x5f,0x78,0x99,0x53,0x7e,0x73,0x7b,0x71,
+ 0xdf,0x9e,0xd6,0x35,0x55,0x29,0xaa,0xce,0x77,0xa7,0xcb,0xa9,0x6b,0x5b,0x0a,0x86,
+ 0x39,0x92,0x52,0xf1,0x28,0x6a,0x6f,0xca,0xb1,0x80,0xb5,0x98,0x45,0x5d,0xfe,0x1d,
+ 0xe4,0xb8,0x04,0x70,0xd0,0x63,0x18,0xd5,0xf7,0xa5,0x2e,0x45,0xb6,0xd0,0xbc,0xc0,
+ 0x0b,0xd3,0x65,0x81,0x9a,0x4a,0x14,0x2b,0x83,0x07,0x27,0x75,0xf4,0x85,0xf6,0x3c,
+ 0x80,0x04,0xf5,0x33,0x78,0xa9,0xa0,0xd2,0x34,0x5d,0x07,0xb1,0xb3,0x26,0x23,0x8e,
+ 0xd0,0x70,0xd1,0xe6,0x9f,0xc0,0xb5,0xcf,0x85,0x3a,0x80,0x7c,0xfb,0x72,0x35,0x62,
+ 0xd1,0xf5,0x68,0x24,0x82,0xe8,0xa4,0x84,0x05,0x88,0xbc,0xc7,0x15,0x4c,0xe0,0x74,
+ 0x0c,0x76,0x86,0x16,0xcf,0x04,0xd7,0xaa,0x10,0x36,0x42,0x91,0x7e,0xc5,0xb4,0xb5,
+ 0x14,0xa3,0x73,0x4d,0x9e,0x0c,0x58,0x42,0x7c,0xff,0x42,0xf2,0x7f,0x43,0xfd,0xfc,
+ 0x85,0x99,0x1e,0x04,0x5a,0xcd,0x17,0xaf,0x6f,0xba,0x7b,0xda,0xb8,0x18,0xe9,0x0e,
+ 0xb4,0x11,0x76,0x84,0xe8,0x9f,0x91,0x63,0xdf,0xf7,0xb9,0x8b,0x82,0xa0,0x8b,0xaa,
+ 0x2b,0x49,0xac,0xde,0x48,0x0c,0x57,0x02,0xc3,0x35,0x23,0x7d,0x1b,0xe7,0x71,0xb7),
+ },
+ {
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512,
+ .salt_len = 30,
+ .salt = chunk_from_chars(
+ 0xaa,0x10,0xfe,0xc3,0xf8,0x3b,0x7a,0x97,0xe0,0x92,0x87,0x7a,0x5b,0xf9,0x08,0x12,
+ 0x83,0xf5,0x02,0xa0,0xa4,0x6b,0x50,0xe3,0x95,0xab,0x98,0x3a,0x49,0xac),
+ },
+ .m = chunk_from_chars(
+ 0x5f,0x0f,0xe2,0xaf,0xa6,0x1b,0x62,0x8c,0x43,0xea,0x3b,0x6b,0xa6,0x05,0x67,0xb1,
+ 0xae,0x95,0xf6,0x82,0x07,0x6f,0x01,0xdf,0xb6,0x4d,0xe0,0x11,0xf2,0x5e,0x9c,0x4b,
+ 0x36,0x02,0xa7,0x8b,0x94,0xce,0xcb,0xc1,0x4c,0xd7,0x61,0x33,0x9d,0x2d,0xc3,0x20,
+ 0xdb,0xa5,0x04,0xa3,0xc2,0xdc,0xde,0xdb,0x0a,0x78,0xeb,0x49,0x3b,0xb1,0x18,0x79,
+ 0xc3,0x11,0x58,0xe5,0x46,0x77,0x95,0x16,0x35,0x62,0xec,0x0c,0xa2,0x6c,0x19,0xe0,
+ 0x53,0x15,0x30,0xa8,0x15,0xc2,0x8f,0x9b,0x52,0x06,0x10,0x76,0xe6,0x1f,0x83,0x1e,
+ 0x2f,0xc4,0x5b,0x86,0x63,0x1e,0xa7,0xd3,0x27,0x14,0x44,0xbe,0x5d,0xcb,0x51,0x3a,
+ 0x3d,0x6d,0xe4,0x57,0xa7,0x2a,0xfb,0x67,0xb7,0x7d,0xb6,0x5f,0x9b,0xb1,0xc3,0x80),
+ .s = chunk_from_chars(
+ 0x5e,0x07,0x12,0xbb,0x36,0x3e,0x50,0x34,0xef,0x6b,0x23,0xc1,0x19,0xe3,0xb4,0x98,
+ 0x64,0x44,0x45,0xfa,0xab,0x5a,0x4c,0x0b,0x4e,0x21,0x7e,0x4c,0x83,0x2a,0xb3,0x4c,
+ 0x14,0x2d,0x7f,0x81,0xdb,0xf8,0xaf,0xfd,0xb2,0xda,0xce,0xfa,0xbb,0x2f,0x83,0x52,
+ 0x4c,0x5a,0xa8,0x83,0xfc,0x5f,0x06,0xe5,0x28,0xb2,0x32,0xd9,0x0f,0xbe,0xa9,0xca,
+ 0x08,0xae,0x5a,0xc1,0x80,0xd4,0x77,0xea,0xed,0x27,0xd1,0x37,0xe2,0xb5,0x1b,0xd6,
+ 0x13,0xb6,0x9c,0x54,0x3d,0x55,0x5b,0xfc,0x7c,0xd8,0x1a,0x4f,0x79,0x57,0x53,0xc8,
+ 0xc6,0x4c,0x6b,0x5d,0x2a,0xcd,0x9e,0x26,0xd6,0x22,0x5f,0x5b,0x26,0xe4,0xe6,0x6a,
+ 0x94,0x5f,0xd6,0x47,0x7a,0x27,0x7b,0x58,0x0d,0xbe,0xaa,0x46,0xd0,0xbe,0x49,0x8d,
+ 0xf9,0xa0,0x93,0x39,0x29,0x26,0xc9,0x05,0x64,0x19,0x45,0xec,0x5b,0x95,0x97,0x52,
+ 0x5e,0x44,0x9a,0xf3,0x74,0x3f,0x80,0x55,0x47,0x88,0xfc,0x35,0x8b,0xc0,0x40,0x1a,
+ 0x96,0x8f,0xf9,0x8a,0xaf,0x34,0xe5,0x0b,0x35,0x27,0x51,0xf3,0x22,0x74,0x75,0x0f,
+ 0xf5,0xc1,0xfb,0xa5,0x03,0x05,0x02,0x04,0xce,0xc9,0xc7,0x7d,0xee,0xde,0x7f,0x8f,
+ 0xa2,0x08,0x45,0xd9,0x5f,0x51,0x77,0x03,0x0b,0xc9,0x1d,0x51,0xf2,0x6f,0x29,0xd2,
+ 0xa6,0x5b,0x87,0x0d,0xc7,0x2b,0x81,0xe5,0xef,0x9e,0xee,0xf9,0x90,0xd7,0xc7,0x14,
+ 0x5b,0xbf,0x1a,0x3b,0xc7,0xae,0xdd,0x19,0xfa,0x7c,0xbb,0x02,0x07,0x56,0x52,0x5f,
+ 0x18,0x02,0x21,0x6c,0x13,0x29,0x6f,0xd6,0xaa,0xc1,0x1b,0xf2,0xd2,0xd9,0x04,0x94),
+ },
+ {
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512,
+ .salt_len = 30,
+ .salt = chunk_from_chars(
+ 0xaa,0x10,0xfe,0xc3,0xf8,0x3b,0x7a,0x97,0xe0,0x92,0x87,0x7a,0x5b,0xf9,0x08,0x12,
+ 0x83,0xf5,0x02,0xa0,0xa4,0x6b,0x50,0xe3,0x95,0xab,0x98,0x3a,0x49,0xac),
+ },
+ .m = chunk_from_chars(
+ 0x9e,0x88,0x0c,0xe5,0x9f,0x54,0x7d,0x59,0x2c,0x30,0x9c,0x22,0xa2,0x97,0x4b,0xa5,
+ 0xa5,0x2c,0xf1,0xc1,0x64,0xf2,0xd8,0xa8,0x1e,0xbb,0xd4,0xed,0xe6,0xe3,0x26,0xde,
+ 0xa3,0x3d,0x9f,0x13,0x5a,0x4e,0x09,0x47,0xb0,0xb9,0xc2,0x67,0xaa,0xfb,0xaa,0xe9,
+ 0xb8,0x58,0x3f,0x5f,0xf2,0x15,0x07,0x4c,0xa1,0xe8,0x2f,0x36,0x01,0xad,0x71,0xfc,
+ 0x45,0x5a,0x3b,0x6a,0xdc,0x35,0x0d,0x0b,0xf3,0x45,0x22,0x3e,0x3b,0x06,0x54,0x8c,
+ 0xec,0x61,0x3a,0x39,0x0a,0xda,0x93,0x19,0xe7,0x0c,0xe7,0xa5,0xe9,0x52,0x6b,0x4e,
+ 0x8d,0xc8,0x26,0x12,0xac,0x72,0x52,0x4c,0xfd,0xba,0x05,0xd0,0xdc,0x20,0x10,0x37,
+ 0x49,0x2d,0x27,0x78,0x34,0xa8,0x43,0xb9,0xf8,0x0d,0x45,0x64,0x25,0x3b,0xdc,0x7c),
+ .s = chunk_from_chars(
+ 0x8c,0x4f,0x81,0x9e,0x68,0x20,0x81,0xbb,0x16,0xdd,0xd4,0x59,0x66,0x2a,0x80,0x78,
+ 0xbc,0xa4,0x79,0x3e,0x18,0x11,0x00,0x33,0x53,0x94,0x60,0xb4,0x08,0xc0,0xaf,0x74,
+ 0x7e,0xa5,0xd9,0x41,0xf7,0x12,0x69,0x1f,0x5d,0x9d,0xdb,0x64,0x31,0x66,0xfd,0x96,
+ 0x5f,0x5b,0x51,0xb8,0x19,0xd5,0x51,0x41,0xd6,0x7c,0x15,0x53,0xb2,0x7a,0x46,0x82,
+ 0xe6,0x7d,0x55,0x55,0xb6,0x4d,0x7c,0xd3,0xdb,0x7f,0xc5,0xc2,0xe7,0x01,0xdd,0x26,
+ 0xe4,0x22,0xaf,0x8a,0x1f,0xb5,0x2c,0xd5,0xf5,0xa0,0x9e,0x0d,0x6d,0xb9,0x00,0xa9,
+ 0x92,0xf3,0x18,0xde,0xeb,0x6f,0x6e,0x39,0xdf,0xd6,0xaf,0x44,0xcb,0x21,0x7c,0x68,
+ 0x54,0x08,0x9c,0xea,0xa1,0x6e,0x3f,0x9b,0x10,0x0e,0xf8,0xe7,0x8f,0x6b,0x45,0x34,
+ 0x58,0xb8,0xef,0x6d,0x71,0x49,0x3e,0x7c,0x6e,0x45,0x28,0x2c,0x61,0x7f,0xa8,0x7c,
+ 0xcd,0xd4,0xa0,0xf2,0xf9,0xf7,0x16,0x62,0x81,0x80,0x6f,0xb4,0x1d,0x0f,0xe1,0x88,
+ 0xe0,0x0c,0x40,0xaf,0xea,0xa0,0x7d,0x2d,0xa0,0x9a,0x2c,0xd7,0x80,0x52,0xf8,0xd5,
+ 0x6b,0x7a,0xf4,0x0d,0x4c,0x73,0x14,0xcc,0xf0,0x2e,0x49,0x0d,0x5e,0x21,0x23,0xbf,
+ 0x67,0x6f,0x2b,0xcb,0xda,0xbe,0xff,0xcf,0x58,0x79,0x29,0x98,0xdd,0x0f,0x67,0xed,
+ 0x24,0xe4,0x83,0xd8,0x97,0x6b,0x00,0xd6,0x15,0x1a,0x6e,0x0b,0xa7,0x40,0xbd,0xb5,
+ 0x7c,0x9b,0xc2,0x7f,0xe5,0xdf,0x91,0x26,0xa4,0x70,0x20,0x07,0x5e,0xb2,0x22,0xd5,
+ 0xca,0x24,0x70,0x72,0x44,0x60,0xc5,0xad,0xf0,0x67,0xb5,0x75,0x02,0x87,0xcd,0x00),
+ },
+};
+
+START_TEST(test_sign_pss_2048)
+{
+ chunk_t sig;
+
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS)) ||
+ !lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS)))
+ {
+ warn("%N not supported, skip test", signature_scheme_names,
+ SIGN_RSA_EMSA_PSS);
+ return;
+ }
+ if (!pss_salt_supported)
+ {
+ warn("static salt for %N not supported, skip test",
+ signature_scheme_names, SIGN_RSA_EMSA_PSS);
+ return;
+ }
+ fail_unless(privpss_2048->sign(privpss_2048, SIGN_RSA_EMSA_PSS,
+ &pss_sign_2048[_i].params, pss_sign_2048[_i].m, &sig),
+ "sign %N", signature_scheme_names, SIGN_RSA_EMSA_PSS);
+ ck_assert_chunk_eq(pss_sign_2048[_i].s, sig);
+ fail_unless(pubpss_2048->verify(pubpss_2048, SIGN_RSA_EMSA_PSS,
+ &pss_sign_2048[_i].params, pss_sign_2048[_i].m, sig),
+ "verify %N", signature_scheme_names, SIGN_RSA_EMSA_PSS);
+ free(sig.ptr);
+}
+END_TEST
+
+/**
+ * SigGen test vectors from FIPS 186-4 (first two for each hash algo)
+ */
+static struct {
+ rsa_pss_params_t params;
+ chunk_t m;
+ chunk_t s;
+} pss_sign_3072[] = {
+ {
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256,
+ .salt_len = 32,
+ .salt = chunk_from_chars(
+ 0x3e,0x07,0xad,0xe7,0x2a,0x3f,0x52,0x53,0x0f,0x53,0x13,0x5a,0x5d,0x7d,0x93,0x21,
+ 0x74,0x35,0xba,0x00,0x1e,0xa5,0x5a,0x8f,0x5d,0x5d,0x13,0x04,0x68,0x48,0x74,0xbc),
+ },
+ .m = chunk_from_chars(
+ 0xc1,0x64,0x99,0x11,0x0e,0xd5,0x77,0x20,0x2a,0xed,0x2d,0x3e,0x4d,0x51,0xde,0xd6,
+ 0xc6,0x63,0x73,0xfa,0xef,0x65,0x33,0xa8,0x60,0xe1,0x93,0x4c,0x63,0x48,0x4f,0x87,
+ 0xa8,0xd9,0xb9,0x2f,0x3a,0xc4,0x51,0x97,0xb2,0x90,0x97,0x10,0xab,0xba,0x1d,0xaf,
+ 0x75,0x9f,0xe0,0x51,0x0e,0x9b,0xd8,0xdd,0x4d,0x73,0xce,0xc9,0x61,0xf0,0x6e,0xe0,
+ 0x7a,0xcd,0x9d,0x42,0xc6,0xd4,0x0d,0xac,0x9f,0x43,0x0e,0xf9,0x03,0x74,0xa7,0xe9,
+ 0x44,0xbd,0xe5,0x22,0x00,0x96,0x73,0x74,0x54,0xf9,0x6b,0x61,0x4d,0x0f,0x6c,0xdd,
+ 0x9f,0x08,0xed,0x52,0x9a,0x4a,0xd0,0xe7,0x59,0xcf,0x3a,0x02,0x3d,0xc8,0xa3,0x0b,
+ 0x9a,0x87,0x29,0x74,0xaf,0x9b,0x2a,0xf6,0xdc,0x3d,0x11,0x1d,0x0f,0xeb,0x70,0x06),
+ .s = chunk_from_chars(
+ 0x43,0x35,0x70,0x7d,0xa7,0x35,0xcf,0xd1,0x04,0x11,0xc9,0xc0,0x48,0xca,0x9b,0x60,
+ 0xbb,0x46,0xe2,0xfe,0x36,0x1e,0x51,0xfb,0xe3,0x36,0xf9,0x50,0x8d,0xc9,0x45,0xaf,
+ 0xe0,0x75,0x50,0x3d,0x24,0xf8,0x36,0x61,0x0f,0x21,0x78,0x99,0x6b,0x52,0xc4,0x11,
+ 0x69,0x30,0x52,0xd5,0xd7,0xae,0xd9,0x76,0x54,0xa4,0x00,0x74,0xed,0x20,0xed,0x66,
+ 0x89,0xc0,0x50,0x1b,0x7f,0xba,0xc2,0x1d,0xc4,0x6b,0x66,0x5a,0xc0,0x79,0x76,0x00,
+ 0x86,0x41,0x44,0x06,0xcd,0x66,0xf8,0x53,0x7d,0x1e,0xbf,0x0d,0xce,0x4c,0xf0,0xc9,
+ 0x8d,0x4c,0x30,0xc7,0x1d,0xa3,0x59,0xe9,0xcd,0x40,0x1f,0xf4,0x97,0x18,0xfd,0xd4,
+ 0xd0,0xf9,0x9e,0xfe,0x70,0xad,0x8d,0xd8,0xba,0x13,0x04,0xce,0xfb,0x88,0xf2,0x4b,
+ 0x0e,0xed,0xf7,0x01,0x16,0xda,0x15,0x93,0x2c,0x76,0xf0,0x06,0x95,0x51,0xa2,0x45,
+ 0xb5,0xfc,0x3b,0x91,0xec,0x10,0x1f,0x1d,0x63,0xb9,0x85,0x3b,0x59,0x8c,0x6f,0xa1,
+ 0xc1,0xac,0xdb,0xac,0xf9,0x62,0x63,0x56,0xc7,0x60,0x11,0x9b,0xe0,0x95,0x56,0x44,
+ 0x30,0x18,0x96,0xd9,0xd0,0xd3,0xea,0x5e,0x64,0x43,0xcb,0x72,0xca,0x29,0xf4,0xd4,
+ 0x52,0x46,0xd1,0x6d,0x74,0xd0,0x05,0x68,0xc2,0x19,0x18,0x2f,0xeb,0x19,0x11,0x79,
+ 0xe4,0x59,0x3d,0xc1,0x52,0xc6,0x08,0xfd,0x80,0x53,0x63,0x29,0xa5,0x33,0xb3,0xa6,
+ 0x31,0x56,0x68,0x14,0xcd,0x65,0x4f,0x58,0x7c,0x2d,0x8c,0xe6,0x96,0x08,0x5e,0x6e,
+ 0xd1,0xb0,0xb0,0x27,0x8e,0x60,0xa0,0x49,0xec,0x7a,0x39,0x9f,0x94,0xfc,0xca,0xe6,
+ 0x46,0x23,0x71,0xa6,0x96,0x95,0xef,0x52,0x5e,0x00,0x93,0x6f,0xa7,0xd9,0x78,0x1f,
+ 0x9e,0xe2,0x89,0xd4,0x10,0x5e,0xe8,0x27,0xa2,0x79,0x96,0x58,0x30,0x33,0xce,0xdb,
+ 0x2f,0x29,0x7e,0x7b,0x49,0x26,0xd9,0x06,0xce,0x0d,0x09,0xd8,0x41,0x28,0x40,0x6a,
+ 0xb3,0x3d,0x7d,0xa0,0xf8,0xa1,0xd4,0xd2,0xf6,0x66,0x56,0x86,0x86,0xc3,0x94,0xd1,
+ 0x39,0xb0,0xe5,0xe9,0x93,0x37,0x75,0x8d,0xe8,0x59,0x10,0xa5,0xfa,0x25,0xca,0x2a,
+ 0xa6,0xd8,0xfb,0x1c,0x77,0x72,0x44,0xe7,0xd9,0x8d,0xe4,0xc7,0x9b,0xbd,0x42,0x6a,
+ 0x5e,0x6f,0x65,0x7e,0x37,0x47,0x7e,0x01,0x24,0x74,0x32,0xf8,0x37,0x97,0xfb,0xf3,
+ 0x1b,0x50,0xd0,0x2b,0x83,0xf6,0x9d,0xed,0x26,0xd4,0x94,0x5b,0x2b,0xc3,0xf8,0x6e),
+ },
+ {
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256,
+ .salt_len = 32,
+ .salt = chunk_from_chars(
+ 0x3e,0x07,0xad,0xe7,0x2a,0x3f,0x52,0x53,0x0f,0x53,0x13,0x5a,0x5d,0x7d,0x93,0x21,
+ 0x74,0x35,0xba,0x00,0x1e,0xa5,0x5a,0x8f,0x5d,0x5d,0x13,0x04,0x68,0x48,0x74,0xbc),
+ },
+ .m = chunk_from_chars(
+ 0x60,0x40,0x2d,0xed,0x89,0xd0,0x97,0x9a,0xfb,0x49,0xf8,0x50,0x8e,0xb9,0x78,0xa8,
+ 0x41,0xab,0xc2,0xae,0xc5,0x9c,0xac,0xef,0x40,0xb3,0x1a,0xd3,0x4b,0xac,0x1f,0x2d,
+ 0x3c,0x16,0x66,0x11,0xab,0xbe,0xd1,0xe6,0x2f,0x6b,0x5f,0xbb,0x69,0xcb,0x53,0xdf,
+ 0x44,0xae,0x93,0xab,0x7a,0x72,0x4e,0xa3,0x5b,0xbe,0xe1,0xbe,0xca,0x74,0xfc,0x01,
+ 0x88,0xe0,0x00,0x52,0xb5,0x36,0xac,0x8c,0x93,0x3b,0xf9,0xcf,0x8e,0x42,0x42,0x1a,
+ 0x79,0x5a,0xa8,0x1b,0x1b,0xc6,0xb5,0x45,0xea,0xad,0x40,0x24,0x16,0x13,0x90,0xed,
+ 0xc9,0x08,0xc4,0x5a,0xae,0x1f,0x71,0xb4,0xb0,0x22,0x8e,0x31,0x04,0x04,0x8d,0x81,
+ 0x69,0x17,0xcb,0xa4,0xae,0x7f,0x2a,0xfe,0x75,0xe7,0xfc,0xad,0x38,0x73,0x24,0x1a),
+ .s = chunk_from_chars(
+ 0x5f,0x18,0x30,0x09,0x70,0x8b,0x37,0x96,0x37,0xda,0xc2,0xb1,0x42,0x93,0x70,0x9a,
+ 0xa6,0xd7,0xe8,0x6c,0x26,0x7a,0x0b,0x69,0x0a,0x3c,0x27,0x50,0x31,0x13,0x98,0x91,
+ 0x26,0x7c,0x64,0xe5,0xed,0xec,0xdf,0xf1,0x4c,0x2c,0xc2,0xf2,0xd9,0x85,0xb6,0x2f,
+ 0x90,0x0a,0xee,0x6e,0x04,0xca,0x51,0xa7,0x0a,0x5f,0x94,0x64,0x63,0x69,0x1c,0xf1,
+ 0x6c,0x2d,0x45,0x54,0x7c,0x53,0x74,0xf1,0x5b,0xdb,0x88,0x81,0x64,0x1d,0x30,0x40,
+ 0xef,0x57,0x80,0x75,0x32,0xcf,0x5b,0x2c,0xed,0x07,0x62,0x3d,0x0f,0x63,0x8b,0x39,
+ 0xeb,0xc2,0xf2,0xce,0x28,0x3e,0xea,0x22,0x47,0xe1,0xdf,0x3a,0xf5,0x43,0x05,0x54,
+ 0xd1,0xd4,0xb8,0x8b,0x7b,0x21,0x62,0x29,0x93,0x41,0x99,0x71,0xb7,0xd0,0xd5,0x44,
+ 0x91,0x22,0xa1,0x0f,0xc3,0x1b,0x2d,0xdc,0xc5,0x3f,0xf7,0x51,0xff,0x4b,0xf4,0xd3,
+ 0x36,0xfa,0xc6,0x67,0xb6,0x46,0x78,0x02,0x72,0xdb,0x89,0xa3,0xea,0x42,0x26,0xaf,
+ 0xa2,0x08,0x77,0xbf,0xb8,0x6b,0xa3,0xff,0x42,0x04,0xe5,0xcd,0x56,0xe1,0x3a,0x1d,
+ 0xc9,0xd5,0x3f,0x5c,0x94,0x65,0xb9,0x7a,0x18,0x2b,0x2b,0xf6,0x71,0x51,0x2e,0xf8,
+ 0x9e,0x6c,0x39,0x69,0xf9,0x73,0x07,0xa3,0xe4,0xbe,0xba,0x39,0xa7,0x8e,0x0a,0xd1,
+ 0xbb,0x97,0x99,0xcd,0xa9,0x29,0x76,0xca,0x39,0xd9,0x9d,0xb4,0xac,0x14,0x9c,0x84,
+ 0xbb,0x9b,0xc8,0x99,0x7e,0x8d,0x5e,0x05,0x6d,0x67,0xca,0x23,0xfe,0x4b,0xe2,0x8e,
+ 0x66,0xc4,0xbc,0x00,0xa2,0x5d,0x65,0xbb,0x9d,0x7d,0x62,0x3f,0xea,0x2d,0x3b,0x9c,
+ 0xf8,0x59,0xdf,0xd9,0xef,0xa9,0xe5,0x22,0x68,0xbf,0xa2,0x97,0xaf,0xb1,0xcc,0x28,
+ 0x83,0xdb,0x0c,0x9c,0x42,0xfc,0x04,0x18,0x0e,0x2e,0xc6,0xf4,0x96,0x57,0xc7,0x00,
+ 0x8e,0x40,0x25,0x06,0x1f,0x89,0x68,0x86,0x61,0x38,0x95,0xa3,0x5b,0xc2,0xd3,0x65,
+ 0x5a,0x8f,0x50,0xa9,0xfc,0xa2,0xac,0x64,0x8f,0x35,0x2e,0xb0,0x6b,0xfb,0xa2,0xfc,
+ 0x34,0x0a,0xae,0xea,0xd4,0xa8,0x45,0x7c,0x65,0xe2,0xe8,0xfd,0xba,0x56,0x8c,0x60,
+ 0xa6,0xd8,0xd3,0x81,0xf5,0xd9,0xca,0xa3,0x01,0x27,0x77,0x1f,0x4a,0x94,0xfd,0xb8,
+ 0xcd,0xe7,0xbe,0x4f,0xa7,0xb4,0xf8,0x9f,0xe3,0x79,0xdd,0x3e,0x1c,0xa6,0x6a,0xe1,
+ 0xfd,0xd6,0x3b,0xeb,0xdc,0x00,0x15,0x44,0x8e,0x61,0xef,0x16,0x66,0x59,0x4b,0x8f),
+ },
+ {
+ .params = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384,
+ .salt_len = 48,
+ .salt = chunk_from_chars(
+ 0x61,0xa7,0x62,0xf8,0x96,0x8d,0x5f,0x36,0x7e,0x2d,0xbc,0xac,0xb4,0x02,0x16,0x53,
+ 0xdc,0x75,0x43,0x7d,0x90,0x00,0xe3,0x16,0x9d,0x94,0x37,0x29,0x70,0x38,0x37,0xa5,
+ 0xcb,0xf4,0xde,0x62,0xbd,0xed,0xc9,0x5f,0xd0,0xd1,0x00,0x4e,0x84,0x75,0x14,0x52),
+ },
+ .m = chunk_from_chars(
+ 0x92,0x21,0xf0,0xfe,0x91,0x15,0x84,0x35,0x54,0xd5,0x68,0x5d,0x9f,0xe6,0x9d,0xc4,
+ 0x9e,0x95,0xce,0xb5,0x79,0x39,0x86,0xe4,0x28,0xb8,0xa1,0x0b,0x89,0x4c,0x01,0xd6,
+ 0xaf,0x87,0x82,0xfd,0x7d,0x95,0x2f,0xaf,0x74,0xc2,0xb6,0x37,0xca,0x3b,0x19,0xda,
+ 0xbc,0x19,0xa7,0xfe,0x25,0x9b,0x2b,0x92,0x4e,0xb3,0x63,0xa9,0x08,0xc5,0xb3,0x68,
+ 0xf8,0xab,0x1b,0x23,0x33,0xfc,0x67,0xc3,0x0b,0x8e,0xa5,0x6b,0x28,0x39,0xdc,0x5b,
+ 0xda,0xde,0xfb,0x14,0xad,0xa8,0x10,0xbc,0x3e,0x92,0xba,0xc5,0x4e,0x2a,0xe1,0xca,
+ 0x15,0x94,0xa4,0xb9,0xd8,0xd1,0x93,0x37,0xbe,0x42,0x1f,0x40,0xe0,0x67,0x4e,0x0e,
+ 0x9f,0xed,0xb4,0x3d,0x3a,0xe8,0x9e,0x2c,0xa0,0x5d,0x90,0xa6,0x82,0x03,0xf2,0xc2),
+ .s = chunk_from_chars(
+ 0x96,0x87,0x11,0x5b,0xe4,0x78,0xe4,0xb6,0x42,0xcd,0x36,0x93,0x92,0xb9,0xdd,0x0f,
+ 0x35,0x76,0xe7,0x04,0xaf,0x72,0x18,0xb1,0xf9,0x4d,0x7f,0x8f,0xe7,0xf0,0x70,0x73,
+ 0xe3,0xe8,0xe1,0x18,0x6f,0xa7,0x68,0x97,0x7d,0x6b,0x51,0x4e,0x51,0x34,0x59,0xf2,
+ 0x37,0x3d,0xf6,0xec,0x52,0xe3,0xde,0x9b,0xd8,0x3f,0xcc,0x5c,0xc3,0xe6,0xb9,0x7f,
+ 0x8b,0x3f,0xb5,0x34,0x16,0x3c,0x64,0xf5,0x26,0x76,0x20,0x70,0x0e,0x9d,0x8c,0x52,
+ 0xb3,0xdf,0x61,0xa7,0xc3,0x74,0x8e,0xf1,0x59,0xd6,0xb3,0x90,0x89,0x5a,0xfa,0x3a,
+ 0xf5,0x91,0x09,0xa5,0x47,0x8d,0x01,0x6d,0x96,0xc4,0x9f,0x68,0xdf,0xc7,0x35,0xba,
+ 0x2a,0xaf,0xd5,0x01,0x2c,0x13,0x51,0x5e,0xd6,0x64,0x4f,0x0d,0x41,0x09,0xc4,0x55,
+ 0x56,0xe1,0x4a,0x38,0x21,0xe1,0xaa,0x24,0xbe,0xb8,0xa8,0x1a,0x48,0xda,0x27,0xf1,
+ 0x31,0xde,0x84,0xf7,0xba,0x51,0x58,0x1d,0x81,0xb8,0xff,0x31,0xba,0x92,0xb8,0xa1,
+ 0xfd,0xe8,0x67,0xf0,0x7e,0x32,0xe6,0xc2,0x70,0x92,0x53,0x44,0x81,0x74,0xdd,0x31,
+ 0x32,0x4d,0xbc,0x32,0xb0,0x5f,0x07,0x58,0x7f,0x76,0xa9,0x99,0x7d,0xec,0xb8,0x0f,
+ 0x38,0xd8,0xc1,0x3d,0x0f,0x6e,0xb3,0xc1,0x0e,0x3d,0x96,0xa2,0x29,0x3f,0x74,0x64,
+ 0xf1,0xe0,0x46,0x02,0xef,0x6e,0x84,0xc2,0xd0,0x24,0x5d,0x7d,0xb2,0x56,0xa6,0x7d,
+ 0x13,0x2a,0x47,0xca,0xe9,0xab,0xe0,0x6b,0x61,0xa8,0x96,0x8f,0x50,0xa1,0x74,0x99,
+ 0x95,0xdc,0x15,0xef,0x0d,0xcb,0x1d,0x5f,0x59,0x59,0xe4,0xd4,0x54,0xc8,0x54,0x7b,
+ 0xbb,0x4d,0x19,0x56,0x98,0xf4,0x84,0x61,0x7b,0xfd,0x12,0x2a,0xca,0xae,0x2d,0x0e,
+ 0x8c,0x76,0xd2,0x8b,0x24,0x00,0x5a,0xb0,0x3c,0xaa,0x78,0x1e,0xa9,0x7b,0x1c,0x4d,
+ 0x93,0x96,0xa1,0x6f,0x79,0x98,0xee,0xe7,0xdd,0xd9,0xde,0x4c,0xab,0xe5,0x70,0x32,
+ 0xd9,0x43,0x8a,0x5d,0x99,0xc6,0xb3,0x4a,0x95,0x61,0x22,0x35,0x02,0x63,0xc7,0xe9,
+ 0x98,0xbc,0x61,0xde,0xc9,0x13,0x81,0x01,0x2e,0x68,0x6d,0x07,0x9e,0x39,0xe9,0x6b,
+ 0x1e,0xa4,0xbf,0xdb,0x7c,0xdf,0x63,0x0d,0xdb,0x42,0x2c,0x6b,0x58,0x0e,0x55,0x06,
+ 0xc9,0xcc,0x3d,0x6c,0x10,0x0f,0x20,0x41,0xd1,0x7c,0xea,0xaa,0xa5,0x45,0x89,0x24,
+ 0x9f,0x04,0xa1,0x37,0x0f,0xfa,0x3b,0xf3,0xff,0x1a,0xde,0xb8,0x90,0x68,0x86,0x98),
+ },
+ {
+ .params = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384,
+ .salt_len = 48,
+ .salt = chunk_from_chars(
+ 0x61,0xa7,0x62,0xf8,0x96,0x8d,0x5f,0x36,0x7e,0x2d,0xbc,0xac,0xb4,0x02,0x16,0x53,
+ 0xdc,0x75,0x43,0x7d,0x90,0x00,0xe3,0x16,0x9d,0x94,0x37,0x29,0x70,0x38,0x37,0xa5,
+ 0xcb,0xf4,0xde,0x62,0xbd,0xed,0xc9,0x5f,0xd0,0xd1,0x00,0x4e,0x84,0x75,0x14,0x52),
+ },
+ .m = chunk_from_chars(
+ 0x75,0x2a,0x99,0x16,0xf4,0x49,0xae,0xbf,0x81,0x4c,0xe5,0x9c,0xa6,0xe8,0x2f,0xa8,
+ 0x03,0x8e,0x46,0x85,0x41,0x92,0x41,0xc1,0x48,0x8c,0x66,0x59,0xb2,0xff,0x3f,0x7b,
+ 0x7f,0x38,0xf0,0x90,0x0a,0x79,0xc7,0x7a,0x3b,0x57,0x15,0x1a,0xff,0x61,0x3c,0x16,
+ 0xf5,0x02,0x0a,0xd9,0x6b,0xa9,0x45,0xdb,0x88,0x26,0x87,0x22,0xca,0x58,0x4c,0x09,
+ 0xb4,0x05,0x4a,0x40,0xc0,0x09,0x01,0x14,0x9b,0xb3,0x92,0xf0,0x91,0x6c,0xd4,0x24,
+ 0x46,0x99,0xa5,0xe6,0xa8,0xc3,0x7e,0x96,0x21,0xf5,0x4b,0x47,0x11,0x66,0x79,0x7a,
+ 0x7b,0x58,0x50,0x2c,0xff,0x40,0x83,0x14,0x08,0x27,0x05,0x26,0x46,0x50,0x1f,0x5b,
+ 0x5f,0x1b,0xc0,0xb4,0xe1,0x29,0x14,0x7d,0x7c,0xc1,0x57,0xcf,0x6e,0x73,0xec,0x58),
+ .s = chunk_from_chars(
+ 0x66,0x46,0xa8,0x8e,0xe4,0xb8,0x45,0xda,0x49,0x31,0x27,0x4c,0x23,0x84,0x0d,0xad,
+ 0xa6,0x14,0x5f,0xe0,0xaf,0x95,0x48,0x29,0xd1,0xd5,0x66,0x61,0x54,0x6a,0x25,0xe4,
+ 0x63,0x16,0xe2,0x16,0xbb,0x6b,0x94,0x46,0xb3,0x68,0x88,0x4b,0xa1,0x49,0x69,0xa6,
+ 0xf6,0x8c,0xcb,0xc1,0xcf,0x5b,0x4e,0x7a,0x6d,0x3a,0xab,0xec,0x67,0xf6,0x49,0x63,
+ 0xf6,0x3b,0x08,0x8f,0xa8,0x17,0xc8,0x55,0xd7,0x76,0xdd,0xca,0xda,0x57,0xe5,0xda,
+ 0xa5,0x0f,0xc1,0xc8,0x77,0x38,0x9c,0x3c,0xb9,0xd9,0x90,0x95,0xa8,0x69,0xa9,0x63,
+ 0xbc,0x91,0xec,0x24,0xb2,0x42,0x2e,0xf6,0xb8,0xdd,0x18,0xfd,0x20,0xd2,0xb2,0x15,
+ 0xfe,0xe6,0xe9,0x8c,0xda,0x41,0x5a,0xe4,0x4d,0x2d,0x26,0x16,0xfe,0x17,0x08,0x29,
+ 0x2a,0x3e,0xf5,0x0a,0x07,0x51,0x70,0xb3,0xa7,0xeb,0xab,0x02,0x91,0x8a,0xb0,0x30,
+ 0x17,0x94,0xc1,0x7f,0xb3,0x5e,0x20,0x38,0xf3,0x69,0xd9,0x4d,0xd4,0x95,0x69,0xc0,
+ 0x66,0xf7,0xc3,0x92,0x88,0x9d,0xc4,0xb8,0x78,0xc5,0x0c,0x7e,0x52,0x58,0x6b,0x50,
+ 0x81,0x11,0x4d,0x20,0x23,0x38,0xd2,0x33,0x04,0xf1,0x6f,0x91,0x2d,0x51,0x9a,0x9a,
+ 0xd2,0x1b,0xaf,0xf0,0xe3,0xd2,0x17,0x61,0xf3,0x73,0xd0,0x84,0x21,0xe1,0x01,0x08,
+ 0xa9,0x83,0x04,0x8f,0xcb,0x90,0xeb,0x2a,0xdc,0x7c,0x7f,0x12,0xff,0xa1,0x57,0x1b,
+ 0x09,0x1c,0x78,0x1b,0x25,0x5a,0x77,0xa8,0x80,0xe9,0x79,0x75,0xf1,0x4f,0x42,0xba,
+ 0xf5,0xaa,0x28,0x5e,0xcc,0x14,0x21,0x57,0xc3,0xe1,0xad,0xdd,0x6a,0xa0,0xc0,0x92,
+ 0x53,0xa1,0x1c,0x59,0x14,0x4a,0xbd,0x3b,0x1e,0x21,0x2d,0x89,0xe2,0x7e,0xd9,0x6f,
+ 0xb7,0x57,0x56,0xaf,0xc2,0x0e,0xc6,0x74,0x23,0xb1,0x51,0x19,0x4c,0xb0,0xb0,0x64,
+ 0x8c,0x65,0x99,0x87,0xa5,0x58,0x3c,0xb7,0x75,0x77,0x79,0xd8,0xa3,0x9e,0x20,0x5e,
+ 0x71,0x01,0xa5,0x35,0x1c,0xe1,0xaf,0x2c,0x9c,0x6b,0x08,0x47,0xcc,0xa5,0x7a,0xf5,
+ 0x25,0x93,0x32,0x39,0x05,0xe3,0xd2,0x29,0x7c,0x0d,0x54,0x54,0x1a,0x01,0x25,0x62,
+ 0x16,0x40,0xfe,0x1d,0xee,0xf1,0x3e,0x75,0x9f,0x8f,0x6c,0x56,0xa2,0xec,0x2a,0x94,
+ 0x83,0x1a,0xc2,0xc6,0x14,0xb9,0x11,0xe7,0x9e,0xdd,0x54,0x2f,0xef,0x65,0x1f,0x5a,
+ 0x82,0x7f,0x48,0x05,0x75,0xae,0x22,0x0c,0x49,0x5f,0x2a,0x28,0x42,0xf9,0x9e,0xc4),
+ },
+ {
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512,
+ .salt_len = 62,
+ .salt = chunk_from_chars(
+ 0x2d,0x0c,0x49,0xb2,0x07,0x89,0xf3,0x95,0x02,0xee,0xfd,0x09,0x2a,0x2b,0x6a,0x9b,
+ 0x27,0x57,0xc1,0x45,0x61,0x47,0x56,0x9a,0x68,0x5f,0xca,0x44,0x92,0xa8,0xd5,0xb0,
+ 0xe6,0x23,0x43,0x08,0x38,0x5d,0x3d,0x62,0x96,0x44,0xca,0x37,0xe3,0x39,0x96,0x16,
+ 0xc2,0x66,0xf1,0x99,0xb6,0x52,0x1a,0x99,0x87,0xb2,0xbe,0x9e,0xe7,0x83),
+ },
+ .m = chunk_from_chars(
+ 0x44,0x24,0x0c,0xe5,0x19,0xf0,0x02,0x39,0xbd,0x66,0xba,0x03,0xc8,0x4d,0x31,0x60,
+ 0xb1,0xce,0x39,0xe3,0x93,0x28,0x66,0xe5,0x31,0xa6,0x2b,0x1c,0x37,0xcf,0x41,0x70,
+ 0xc3,0xdc,0x48,0x09,0x23,0x6f,0xb1,0xad,0xe1,0x81,0xdb,0x49,0xfc,0x9c,0x7c,0xcd,
+ 0x79,0x4b,0x43,0x3d,0x1a,0xd0,0xbc,0x05,0x6e,0x14,0x73,0x8e,0x0a,0xe4,0x5c,0x0e,
+ 0x15,0x59,0x72,0xa4,0x0a,0x98,0x9f,0xa4,0xb9,0xbc,0xdc,0x30,0x8f,0x11,0x99,0x08,
+ 0x18,0x83,0x5f,0xa2,0xc2,0x56,0xb4,0x7e,0xe4,0x17,0x3f,0xb4,0xfe,0xd2,0x2c,0xcf,
+ 0x43,0x85,0xd2,0xdd,0x54,0xd5,0x93,0xc7,0x4f,0x00,0x04,0xdf,0x08,0x13,0x4e,0xb8,
+ 0x96,0x5d,0xd5,0x3a,0x12,0x23,0x17,0xf5,0x9b,0x95,0xd6,0xb6,0x9d,0x01,0x79,0x58),
+ .s = chunk_from_chars(
+ 0x8f,0x47,0xab,0xc2,0x32,0x6e,0x22,0xcf,0x62,0x40,0x45,0x08,0xb4,0x42,0xe8,0x1a,
+ 0xd4,0x5a,0xff,0xf7,0x27,0x40,0x96,0xb9,0xa1,0x3e,0x47,0x8c,0xdd,0x0a,0x72,0xf9,
+ 0x9a,0x76,0xbf,0x51,0x7f,0x1b,0xb0,0xf8,0x72,0xa5,0x23,0xd8,0xc5,0x88,0xd4,0x40,
+ 0x25,0x69,0xe9,0x48,0xfd,0x6a,0x10,0x8a,0xe1,0xa4,0x5c,0x65,0x83,0x08,0x28,0xa1,
+ 0x0e,0x94,0xd4,0x32,0x76,0x53,0x14,0xba,0x82,0xea,0xd3,0x10,0xfc,0x87,0xac,0x99,
+ 0xa5,0xb3,0x9f,0x30,0xab,0x88,0x20,0xbf,0x69,0xe6,0x93,0x4a,0x9c,0x1c,0x91,0x5c,
+ 0x19,0xf3,0x6e,0xa7,0x71,0x7e,0xaf,0xf7,0xaf,0x67,0xb4,0x99,0x13,0x15,0xb1,0x87,
+ 0x3b,0xa9,0x29,0xbe,0xdf,0x18,0xa9,0x75,0xbe,0x80,0x8e,0x7a,0xa1,0x4a,0x67,0x26,
+ 0x12,0x6c,0x79,0xcc,0x93,0xf6,0x95,0x41,0xc5,0xce,0xfd,0xeb,0x5b,0x67,0xec,0x27,
+ 0x9d,0x8f,0x5a,0x44,0x65,0x83,0xe4,0xb4,0xfa,0xed,0x16,0x85,0x14,0x0e,0xe4,0xb3,
+ 0xb7,0x57,0xc8,0xff,0x4a,0x1e,0xf9,0xcd,0x76,0xa8,0x8e,0x05,0x31,0x9e,0xe6,0x20,
+ 0x03,0xd2,0xd7,0x72,0x90,0xc9,0x4c,0x57,0x9b,0x0c,0xa2,0xab,0x0d,0xeb,0x31,0x76,
+ 0xef,0x10,0xa3,0xfd,0xb8,0x5c,0x80,0xff,0xbc,0x9e,0x2a,0x66,0x5a,0x23,0x74,0x4f,
+ 0xc8,0x36,0xf9,0xa9,0xa1,0x03,0xcd,0x9f,0xb7,0x56,0x95,0x23,0x56,0xa2,0xf1,0xac,
+ 0xdd,0x68,0xa6,0x45,0xe2,0x01,0x79,0x00,0x65,0x58,0xb5,0xd4,0xd0,0xb9,0xb0,0xbd,
+ 0x3a,0xdf,0x5e,0x29,0x0f,0x49,0xda,0xe6,0x0b,0x9d,0x19,0x92,0x09,0x53,0xea,0x8b,
+ 0xb2,0x37,0xd5,0xb3,0xdc,0xfe,0x14,0x9a,0x60,0xf1,0x2a,0x4e,0xe3,0xa8,0x89,0xb3,
+ 0x3b,0xcd,0x3a,0x3b,0x75,0x3d,0x61,0x07,0x57,0xcb,0xcd,0x09,0x3d,0xd5,0xa7,0x34,
+ 0x25,0x53,0x33,0x68,0x96,0x95,0xab,0x63,0x69,0x63,0xe3,0xd2,0x15,0xa8,0xe7,0x7f,
+ 0xf3,0x19,0x73,0x71,0x8a,0x49,0x44,0xa1,0xe9,0xe4,0x4f,0x45,0x75,0x4d,0x39,0xf6,
+ 0xfa,0x43,0x1c,0x53,0xf9,0xa2,0xef,0x36,0xe1,0x6a,0x5f,0x70,0x63,0x6e,0xb5,0xfb,
+ 0xa5,0x4e,0x15,0xc2,0x0a,0x71,0x4f,0x28,0x09,0xa7,0xcf,0xf4,0xb8,0xdc,0x11,0x65,
+ 0xf8,0x36,0x60,0x7e,0xb5,0xa5,0xa3,0xbb,0x0c,0x45,0x67,0xee,0xe2,0x69,0x41,0xfe,
+ 0xf4,0x6f,0xb4,0x1e,0x73,0xb5,0x65,0xc0,0xcf,0x8c,0x72,0xe4,0x04,0x22,0x12,0x64),
+ },
+ {
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512,
+ .salt_len = 62,
+ .salt = chunk_from_chars(
+ 0x2d,0x0c,0x49,0xb2,0x07,0x89,0xf3,0x95,0x02,0xee,0xfd,0x09,0x2a,0x2b,0x6a,0x9b,
+ 0x27,0x57,0xc1,0x45,0x61,0x47,0x56,0x9a,0x68,0x5f,0xca,0x44,0x92,0xa8,0xd5,0xb0,
+ 0xe6,0x23,0x43,0x08,0x38,0x5d,0x3d,0x62,0x96,0x44,0xca,0x37,0xe3,0x39,0x96,0x16,
+ 0xc2,0x66,0xf1,0x99,0xb6,0x52,0x1a,0x99,0x87,0xb2,0xbe,0x9e,0xe7,0x83),
+ },
+ .m = chunk_from_chars(
+ 0x06,0xd5,0x53,0x4b,0x77,0x69,0x25,0x6e,0x8c,0xf6,0x5c,0x6c,0xe5,0x2a,0x3e,0x86,
+ 0x96,0x5a,0x1f,0xd1,0x2c,0x75,0x82,0xd2,0xeb,0x36,0x82,0x4a,0x5a,0x9d,0x70,0x53,
+ 0x02,0x9f,0xbe,0xac,0x72,0x1d,0x1b,0x52,0x86,0x13,0xe0,0x50,0xe9,0x12,0xab,0xd7,
+ 0xd9,0xf0,0x49,0x91,0x2a,0xbe,0xda,0x33,0x8e,0xfa,0x2f,0x52,0x13,0x06,0x77,0x77,
+ 0xed,0xd9,0x1b,0x75,0x76,0xf5,0xe6,0xfa,0x73,0x98,0x69,0x65,0x99,0x37,0x9e,0xd7,
+ 0x50,0x28,0xcb,0x8d,0xb6,0x9f,0xa9,0x6d,0xe7,0xdb,0xc6,0xde,0x7c,0xa1,0x28,0xdd,
+ 0x51,0xea,0x33,0x4e,0x8c,0xd9,0xcd,0x8f,0xda,0xef,0xbf,0x53,0xfc,0x82,0x5e,0xae,
+ 0x83,0x6b,0x6c,0x6c,0xd7,0x00,0x39,0xa7,0x7e,0x42,0x0d,0x99,0x9b,0x57,0xca,0xae),
+ .s = chunk_from_chars(
+ 0x91,0x3f,0xc1,0x18,0xd5,0xac,0x1e,0xdf,0xfb,0x4b,0x8f,0xcf,0xa4,0xe8,0x59,0x86,
+ 0xb4,0x62,0x31,0xce,0xf3,0xda,0xd9,0x11,0xd5,0xe9,0x53,0x4c,0xc8,0x82,0x61,0xf6,
+ 0xb6,0x96,0x9b,0x75,0xa3,0xf2,0x5d,0x83,0xec,0xe7,0xec,0x20,0x34,0xb0,0x1d,0x3b,
+ 0x2b,0xe6,0xc5,0xbd,0x95,0x8c,0xc4,0xaf,0xcd,0x44,0x83,0x9e,0x39,0x53,0xf0,0x1e,
+ 0x4a,0x15,0xea,0x5e,0xf6,0xe1,0xb4,0xb0,0xe8,0xae,0x90,0xbd,0xfd,0x40,0x41,0x99,
+ 0xe8,0xf8,0x65,0x47,0xf6,0x7f,0xf6,0xb8,0x4f,0x21,0x62,0xc4,0x31,0x1c,0xc9,0xee,
+ 0xe0,0x6b,0xfb,0x2f,0xe4,0x61,0x98,0xaf,0xb9,0x74,0x5d,0x9c,0x44,0x38,0x33,0xbf,
+ 0x23,0x87,0xeb,0x92,0x40,0x6a,0x63,0x39,0x52,0x13,0x96,0xf2,0xcb,0xda,0x55,0xd9,
+ 0x8f,0xe6,0x40,0x74,0xd2,0xf2,0xe2,0x7b,0x8b,0xc6,0xa7,0x9b,0xe3,0xd1,0xcc,0x56,
+ 0x88,0x69,0xb0,0xb5,0x0f,0xcb,0xf7,0x02,0xb0,0x83,0x16,0x68,0xfb,0xfd,0xed,0xc2,
+ 0xd1,0xb5,0x49,0x1e,0x8e,0xc6,0x23,0xed,0xeb,0x60,0xac,0x87,0x0e,0x6e,0x8d,0x05,
+ 0x85,0x93,0xfb,0xbc,0x93,0x8f,0xbf,0x74,0x17,0x00,0xef,0xc2,0xb2,0x46,0x7e,0x7e,
+ 0xb2,0x54,0xae,0x00,0x85,0x09,0xe9,0x16,0x07,0xf8,0xe5,0x0a,0xa1,0x6a,0x4e,0x85,
+ 0x1a,0xbc,0xa7,0xc8,0xd2,0x0c,0x6f,0xf6,0x1c,0xfe,0xe6,0xc1,0xfb,0x67,0x60,0x98,
+ 0xe5,0xcd,0xf1,0x27,0xc9,0xb7,0x95,0x38,0xfd,0x1e,0x6c,0x01,0x41,0x61,0x05,0x4c,
+ 0xaf,0x43,0xb7,0x34,0xfa,0x69,0xfe,0x06,0xa0,0x0d,0x76,0xf7,0x10,0xac,0xc1,0x98,
+ 0xf3,0xda,0x90,0x6a,0x7d,0x2e,0x73,0xa2,0xca,0x88,0x25,0x26,0xcc,0x35,0x4d,0xd7,
+ 0x63,0x0a,0x30,0x3d,0x8f,0x32,0xc6,0x55,0xb5,0xb3,0x3c,0xf7,0x88,0x59,0xbe,0xea,
+ 0xba,0x3f,0x9a,0xe0,0x52,0xc8,0xd7,0x47,0x1c,0xd2,0xbd,0x9e,0xdf,0x42,0xfd,0x8f,
+ 0x70,0xc3,0xb0,0xaa,0x79,0xc0,0x76,0x92,0x80,0x68,0xca,0x97,0x70,0x95,0x9a,0xfa,
+ 0x63,0x2c,0xa6,0xaa,0xba,0x66,0x79,0xe4,0x5d,0x68,0x88,0xc5,0x01,0x25,0xa7,0x3b,
+ 0x9d,0xeb,0x00,0xd4,0x2a,0x12,0x5f,0x25,0xdf,0x54,0x34,0xbe,0xff,0x0d,0x5b,0x0e,
+ 0xe1,0x3a,0x16,0xb1,0x70,0x45,0xce,0xce,0x0f,0x2d,0xa7,0x57,0x7d,0x79,0xd7,0xcd,
+ 0x75,0xa4,0xb6,0xc5,0xbc,0x34,0x5f,0x46,0x0a,0x17,0x34,0x87,0xb5,0x1b,0xc6,0xa6),
+ },
+};
+
+START_TEST(test_sign_pss_3072)
+{
+ chunk_t sig;
+
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS)) ||
+ !lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS)))
+ {
+ warn("%N not supported, skip test", signature_scheme_names,
+ SIGN_RSA_EMSA_PSS);
+ return;
+ }
+ if (!pss_salt_supported)
+ {
+ warn("static salt for %N not supported, skip test",
+ signature_scheme_names, SIGN_RSA_EMSA_PSS);
+ return;
+ }
+ fail_unless(privpss_3072->sign(privpss_3072, SIGN_RSA_EMSA_PSS,
+ &pss_sign_3072[_i].params, pss_sign_3072[_i].m, &sig),
+ "sign %N", signature_scheme_names, SIGN_RSA_EMSA_PSS);
+ ck_assert_chunk_eq(pss_sign_3072[_i].s, sig);
+ fail_unless(pubpss_3072->verify(pubpss_3072, SIGN_RSA_EMSA_PSS,
+ &pss_sign_3072[_i].params, pss_sign_3072[_i].m, sig),
+ "verify %N", signature_scheme_names, SIGN_RSA_EMSA_PSS);
+ free(sig.ptr);
+}
+END_TEST
+
+/**
+ * Test vectors from FIPS 186-4 (those with 0 salt are 3072-bit verify vectors)
+ */
+static struct {
+ rsa_pss_params_t params;
+ chunk_t n;
+ chunk_t d;
+ chunk_t e;
+ chunk_t m;
+ chunk_t s;
+} pss_sign_ns[] = {
+ {
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, },
+ .n = chunk_from_chars(
+ 0xce,0x49,0x24,0xff,0x47,0x0f,0xb9,0x9d,0x17,0xf6,0x65,0x95,0x56,0x1a,0x74,0xde,
+ 0xd2,0x20,0x92,0xd1,0xdc,0x27,0x12,0x2a,0xe1,0x5c,0xa8,0xca,0xc4,0xbf,0xae,0x11,
+ 0xda,0xa9,0xe3,0x7a,0x94,0x14,0x30,0xdd,0x1b,0x81,0xaa,0xf4,0x72,0xf3,0x20,0x83,
+ 0x5e,0xe2,0xfe,0x74,0x4c,0x83,0xf1,0x32,0x08,0x82,0xa8,0xa0,0x23,0x16,0xce,0xb3,
+ 0x75,0xf5,0xc4,0x90,0x92,0x32,0xbb,0x2c,0x65,0x20,0xb2,0x49,0xc8,0x8b,0xe4,0xf4,
+ 0x7b,0x8b,0x86,0xfd,0xd9,0x36,0x78,0xc6,0x9e,0x64,0xf5,0x00,0x89,0xe9,0x07,0xa5,
+ 0x50,0x4f,0xdd,0x43,0xf0,0xca,0xd2,0x4a,0xaa,0x9e,0x31,0x7e,0xf2,0xec,0xad,0xe3,
+ 0xb5,0xc1,0xfd,0x31,0xf3,0xc3,0x27,0xd7,0x0a,0x0e,0x2d,0x48,0x67,0xe6,0xfe,0x3f,
+ 0x26,0x27,0x2e,0x8b,0x6a,0x3c,0xce,0x17,0x84,0x3e,0x35,0x9b,0x82,0xeb,0x7a,0x4c,
+ 0xad,0x8c,0x42,0x46,0x01,0x79,0xcb,0x6c,0x07,0xfa,0x25,0x2e,0xfa,0xec,0x42,0x8f,
+ 0xd5,0xca,0xe5,0x20,0x8b,0x29,0x8b,0x25,0x51,0x09,0x02,0x6e,0x21,0x27,0x24,0x24,
+ 0xec,0x0c,0x52,0xe1,0xe5,0xf7,0x2c,0x5a,0xb0,0x6f,0x5d,0x2a,0x05,0xe7,0x7c,0x19,
+ 0x3b,0x64,0x7e,0xc9,0x48,0xbb,0x84,0x4e,0x0c,0x2e,0xf1,0x30,0x7f,0x53,0xcb,0x80,
+ 0x0d,0x4f,0x55,0x52,0x3d,0x86,0x03,0x8b,0xb9,0xe2,0x10,0x99,0xa8,0x61,0xb6,0xb9,
+ 0xbc,0xc9,0x69,0xe5,0xdd,0xdb,0xdf,0x71,0x71,0xb3,0x7d,0x61,0x63,0x81,0xb7,0x8c,
+ 0x3b,0x22,0xef,0x66,0x51,0x0b,0x27,0x65,0xd9,0x61,0x75,0x56,0xb1,0x75,0x59,0x98,
+ 0x79,0xd8,0x55,0x81,0x00,0xad,0x90,0xb8,0x30,0xe8,0x7a,0xd4,0x60,0xa2,0x21,0x08,
+ 0xba,0xa5,0xed,0x0f,0x2b,0xa9,0xdf,0xc0,0x51,0x67,0xf8,0xab,0x61,0xfc,0x9f,0x8a,
+ 0xe0,0x16,0x03,0xf9,0xdd,0x5e,0x66,0xce,0x1e,0x64,0x2b,0x60,0x4b,0xca,0x92,0x94,
+ 0xb5,0x7f,0xb7,0xc0,0xd8,0x3f,0x05,0x4b,0xac,0xf4,0x45,0x4c,0x29,0x8a,0x27,0x2c,
+ 0x44,0xbc,0x71,0x8f,0x54,0x60,0x5b,0x91,0xe0,0xbf,0xaf,0xd7,0x72,0xae,0xba,0xf3,
+ 0x82,0x88,0x46,0xc9,0x30,0x18,0xf9,0x8e,0x31,0x57,0x08,0xd5,0x0b,0xe8,0x40,0x1e,
+ 0xb9,0xa8,0x77,0x8d,0xcb,0xd0,0xd6,0xdb,0x93,0x70,0x86,0x04,0x11,0xb0,0x04,0xcd,
+ 0x37,0xfb,0xb8,0xb5,0xdf,0x87,0xed,0xee,0x7a,0xae,0x94,0x9f,0xff,0x34,0x60,0x7b),
+ .d = chunk_from_chars(
+ 0x25,0x8f,0x08,0x40,0x36,0xb7,0xff,0xda,0x1d,0x0a,0xa0,0x37,0x3a,0x50,0x01,0x1d,
+ 0xd9,0x76,0xb7,0xfd,0x0e,0xe4,0xb8,0x89,0x65,0x4b,0x04,0x4a,0xb2,0x41,0xfb,0x75,
+ 0x46,0x75,0x46,0x69,0x09,0x42,0x9b,0x1a,0xcb,0xa9,0xd9,0xc1,0xab,0xf2,0xe9,0xbb,
+ 0x49,0x4c,0xea,0x81,0xc4,0xba,0x10,0xdc,0xd1,0x03,0x6f,0x36,0xea,0x81,0xdc,0x24,
+ 0xce,0x98,0x3e,0x3a,0xe7,0xda,0x7c,0xf8,0x10,0xdd,0xc0,0x5c,0x96,0xf9,0xcc,0x3a,
+ 0x90,0x46,0xfd,0xf5,0x8c,0x99,0x02,0x17,0x2c,0x7e,0x53,0xa1,0xbc,0xed,0x1b,0x78,
+ 0x84,0xf7,0x28,0x13,0x3b,0xe9,0xb4,0xa9,0x11,0x02,0x3e,0x31,0x59,0xd5,0xf2,0x52,
+ 0xf4,0x07,0xa8,0x08,0x0c,0x88,0xf1,0x22,0xcf,0x4a,0x9e,0x53,0xf1,0x03,0xae,0xcb,
+ 0x41,0x2c,0xd4,0x4d,0x9d,0x53,0xc1,0x45,0x75,0x7b,0x14,0xeb,0x85,0xa5,0xb0,0xd7,
+ 0xf8,0xbe,0x88,0xc5,0x6b,0xb0,0x0e,0x73,0x57,0xd4,0x3d,0x6a,0x82,0x89,0x53,0xf9,
+ 0x31,0x24,0xd1,0xb3,0x9c,0x0c,0xc1,0x37,0xdf,0xf2,0x97,0x2a,0x40,0x2e,0xbf,0xe2,
+ 0x9e,0xb6,0x14,0xc6,0x57,0x8e,0x10,0x2c,0x61,0xa6,0x00,0x18,0x33,0x32,0x3d,0x4b,
+ 0x79,0xbe,0xe1,0x01,0xe7,0x6a,0x9c,0x59,0xa3,0x58,0x47,0x1b,0x62,0x25,0x68,0x85,
+ 0x84,0xfb,0xdd,0x79,0x0a,0x1e,0x38,0xa6,0x0a,0x5f,0x8b,0xf6,0x47,0xf7,0x37,0x46,
+ 0x80,0xaa,0x1d,0x6c,0xc0,0x37,0x2f,0xd1,0x2e,0xf2,0x33,0xbf,0x6b,0xf7,0x26,0xfa,
+ 0x4a,0xf4,0x5e,0x1e,0xad,0x9b,0x58,0xdf,0x08,0xf6,0x2a,0xa7,0x6f,0xe9,0xfd,0x9b,
+ 0xb1,0xa9,0x75,0xbb,0x1c,0x4d,0xdb,0x9b,0x00,0x54,0x53,0xf9,0x57,0xdf,0xe4,0x14,
+ 0x8d,0x26,0x44,0xc1,0xc4,0x90,0x87,0x74,0x31,0xb6,0x7e,0x97,0x5c,0x5e,0x02,0xb2,
+ 0xdc,0x40,0x8d,0xe0,0x9e,0x53,0x1c,0x05,0xc0,0x51,0x73,0x11,0xa5,0xcf,0xeb,0x41,
+ 0x65,0xb5,0xf4,0x40,0x60,0xbb,0x34,0x33,0xff,0xf6,0xee,0x8f,0x0a,0xd3,0xf5,0x59,
+ 0xb8,0x45,0x8f,0x20,0xcb,0xdc,0xa8,0x46,0x49,0xf0,0xc8,0xa3,0xb6,0x98,0x9f,0x67,
+ 0x6b,0xc0,0xfe,0x46,0x91,0x03,0x2d,0x2a,0x08,0x97,0x8f,0x90,0x53,0xab,0xf2,0x1c,
+ 0x1d,0x08,0x1f,0x8e,0xc3,0x27,0x35,0xdd,0x1f,0xf0,0x40,0x7c,0x33,0x02,0xbf,0x55,
+ 0xd1,0x67,0x19,0x7d,0xbe,0x92,0xc6,0x78,0x29,0x4d,0x5f,0x1f,0x83,0x2d,0xa5,0xbb),
+ .e = chunk_from_chars(0x73,0xb1,0x93),
+ .m = chunk_from_chars(
+ 0x08,0x97,0xd4,0x0e,0x7c,0x0f,0x2d,0xfc,0x07,0xb0,0xc7,0xfd,0xda,0xf5,0xfd,0x8f,
+ 0xcc,0x6a,0xf9,0xc1,0xfd,0xc1,0x7b,0xeb,0xb9,0x23,0xd5,0x9c,0x9f,0xc4,0x3b,0xd4,
+ 0x02,0xba,0x39,0x73,0x8f,0x0f,0x85,0xf2,0x30,0x15,0xf7,0x51,0x31,0xf9,0xd6,0x50,
+ 0xa2,0x9b,0x55,0xe2,0xfc,0x9d,0x5d,0xdf,0x07,0xbb,0x8d,0xf9,0xfa,0x5a,0x80,0xf1,
+ 0xe4,0x63,0x4e,0x0b,0x4c,0x51,0x55,0xbf,0x14,0x89,0x39,0xb1,0xa4,0xea,0x29,0xe3,
+ 0x44,0xa6,0x64,0x29,0xc8,0x50,0xfc,0xde,0x73,0x36,0xda,0xd6,0x16,0xf0,0x03,0x93,
+ 0x78,0x39,0x1a,0xbc,0xfa,0xfe,0x25,0xca,0x7b,0xb5,0x94,0x05,0x7a,0xf0,0x7f,0xaf,
+ 0x7a,0x32,0x2f,0x7f,0xab,0x01,0xe0,0x51,0xc6,0x3c,0xc5,0x1b,0x39,0xaf,0x4d,0x23),
+ .s = chunk_from_chars(
+ 0x8e,0xbe,0xd0,0x02,0xd4,0xf5,0x4d,0xe5,0x89,0x8a,0x5f,0x2e,0x69,0xd7,0x70,0xed,
+ 0x5a,0x5c,0xe1,0xd4,0x5a,0xd6,0xdd,0x9c,0xe5,0xf1,0x17,0x9d,0x1c,0x46,0xda,0xa4,
+ 0xd0,0x39,0x4e,0x21,0xa9,0x9d,0x80,0x33,0x58,0xd9,0xab,0xfd,0x23,0xbb,0x53,0x16,
+ 0x63,0x94,0xf9,0x97,0xb9,0x09,0xe6,0x75,0x66,0x20,0x66,0x32,0x4c,0xa1,0xf2,0xb7,
+ 0x31,0xde,0xba,0x17,0x05,0x25,0xc4,0xee,0x8f,0xa7,0x52,0xd2,0xd7,0xf2,0x01,0xb1,
+ 0x02,0x19,0x48,0x9f,0x57,0x84,0xe3,0x99,0xd9,0x16,0x30,0x2f,0xd4,0xb7,0xad,0xf8,
+ 0x84,0x90,0xdf,0x87,0x65,0x01,0xc4,0x67,0x42,0xa9,0x3c,0xfb,0x3a,0xaa,0xb9,0x60,
+ 0x2e,0x65,0xd7,0xe6,0x0d,0x7c,0x4c,0xea,0xdb,0x7e,0xb6,0x7e,0x42,0x1d,0x18,0x03,
+ 0x23,0xa6,0xd3,0x8f,0x38,0xb9,0xf9,0x99,0x21,0x3e,0xbf,0xcc,0xc7,0xe0,0x4f,0x06,
+ 0x0f,0xbd,0xb7,0xc2,0x10,0x20,0x65,0x22,0xb4,0x94,0xe1,0x99,0xe9,0x8c,0x6c,0x24,
+ 0xe4,0x57,0xf8,0x69,0x66,0x44,0xfd,0xca,0xeb,0xc1,0xb9,0x03,0x1c,0x81,0x83,0x22,
+ 0xc2,0x9d,0x13,0x5e,0x11,0x72,0xfa,0x0f,0xdf,0x7b,0xe1,0x00,0x7d,0xab,0xca,0xab,
+ 0x49,0x66,0x33,0x2e,0x7e,0xa1,0x45,0x6b,0x6c,0xe8,0x79,0xcd,0x91,0x0c,0x91,0x10,
+ 0x10,0x4f,0xc7,0xd3,0xdc,0xab,0x07,0x6f,0x2b,0xd1,0x82,0xbb,0x83,0x27,0xa8,0x63,
+ 0x25,0x45,0x70,0xcd,0xf2,0xab,0x38,0xe0,0xcd,0xa3,0x17,0x79,0xde,0xaa,0xd6,0x16,
+ 0xe3,0x43,0x7e,0xd6,0x59,0xd7,0x4e,0x5a,0x4e,0x04,0x5a,0x70,0x13,0x38,0x90,0xb8,
+ 0x1b,0xc4,0xf2,0x4a,0xb6,0xda,0x67,0xa2,0xee,0x0c,0xe1,0x5b,0xab,0xa3,0x37,0xd0,
+ 0x91,0xcb,0x5a,0x1c,0x44,0xda,0x69,0x0f,0x81,0x14,0x5b,0x02,0x52,0xa6,0x54,0x9b,
+ 0xbb,0x20,0xcd,0x5c,0xc4,0x7a,0xfe,0xc7,0x55,0xeb,0x37,0xfe,0xd5,0x5a,0x9a,0x33,
+ 0xd3,0x65,0x57,0x42,0x45,0x03,0xd8,0x05,0xa0,0xa1,0x20,0xb7,0x69,0x41,0xf4,0x15,
+ 0x0d,0x89,0x34,0x2d,0x7a,0x7f,0xa3,0xa2,0xb0,0x8c,0x51,0x5e,0x6f,0x68,0x42,0x9c,
+ 0xf7,0xaf,0xd1,0xa3,0xfc,0xe0,0xf4,0x28,0x35,0x1a,0x6f,0x9e,0xda,0x3a,0xb2,0x4a,
+ 0x7e,0xf5,0x91,0x99,0x4c,0x21,0xfb,0xf1,0x00,0x1f,0x99,0x23,0x9e,0x88,0x34,0x0f,
+ 0x9b,0x35,0x9e,0xc7,0x2e,0x8a,0x21,0x2a,0x19,0x20,0xe6,0xcf,0x99,0x3f,0xf8,0x48),
+ },
+ {
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, },
+ .n = chunk_from_chars(
+ 0x9c,0x21,0x3e,0xa3,0x73,0x63,0x1f,0x57,0x2e,0x5e,0x46,0x22,0x5b,0x95,0xa0,0xf5,
+ 0xea,0x8a,0xb0,0xa5,0xec,0x70,0x90,0xa3,0xb0,0x18,0x1c,0x59,0x06,0xdc,0x22,0xfd,
+ 0x1b,0xd7,0x3d,0x11,0x47,0x12,0x42,0xa2,0xed,0x18,0x24,0xe6,0x01,0x01,0x7f,0x5b,
+ 0x53,0x54,0xb9,0x2f,0xdb,0x43,0xd4,0xda,0x00,0xa8,0x24,0x27,0xd0,0x53,0x66,0xa4,
+ 0xd5,0x52,0xc4,0x0d,0x69,0xd2,0x00,0x48,0x5d,0x5d,0x5d,0xb8,0x3c,0xf5,0x23,0xe6,
+ 0x1a,0x83,0x4b,0x40,0xcc,0xd4,0x01,0x08,0x7f,0xbb,0x93,0xd8,0x1d,0xbe,0xd7,0xb2,
+ 0xee,0x23,0x81,0xa1,0x24,0x1a,0xc6,0x8f,0x2a,0xfc,0x02,0x15,0x7e,0xe0,0xc7,0x3c,
+ 0xc6,0x6c,0x02,0xa6,0xc6,0xeb,0x2d,0xc3,0x51,0x45,0xae,0x55,0xd7,0x70,0x84,0x12,
+ 0xa3,0x41,0x0f,0x20,0x4c,0x49,0x23,0x76,0xd6,0x31,0x5c,0xed,0xf2,0x53,0xaf,0x91,
+ 0xf3,0x1d,0xca,0xb3,0x4f,0x72,0xc2,0x06,0xad,0x81,0xe8,0x00,0x50,0x98,0x64,0xfe,
+ 0x92,0x55,0xd0,0x46,0xac,0x25,0xdb,0xdf,0x49,0x54,0xd2,0x35,0x03,0x24,0x72,0x2e,
+ 0x73,0xc1,0xf2,0x5d,0x08,0x9f,0x87,0x54,0x2a,0xd9,0x07,0xfb,0x37,0xec,0xea,0xef,
+ 0xb3,0x30,0xf4,0x32,0x5e,0x97,0xf5,0xea,0xbc,0x04,0x09,0x6a,0x8f,0xab,0xba,0x97,
+ 0x85,0x89,0xe3,0x55,0x44,0x5d,0x95,0x43,0x27,0x4c,0x1c,0x38,0xff,0x84,0x9b,0xa8,
+ 0xc2,0x91,0x1f,0x07,0x03,0x06,0x34,0xc1,0x32,0xcc,0xaf,0x4e,0x4f,0x57,0xa5,0xad,
+ 0x92,0x44,0xf5,0xdf,0x0e,0xe2,0x5a,0xf8,0xef,0x2f,0xc7,0xb2,0x9f,0xdf,0x7c,0xc1,
+ 0x84,0x04,0xe2,0x0e,0xfa,0xaf,0xfa,0x45,0x1e,0xc4,0x1a,0xb8,0x38,0xd5,0x94,0x90,
+ 0x6f,0xf2,0xca,0xd5,0x2d,0xcb,0xd0,0xe9,0xa6,0x8e,0xf7,0xb0,0x6c,0x25,0x37,0x10,
+ 0xe1,0x31,0x8d,0x09,0xad,0x07,0x01,0x27,0x67,0xa8,0x91,0x24,0x17,0x7d,0xf5,0x0d,
+ 0x16,0x84,0x67,0x9e,0x14,0x30,0x68,0x89,0xd9,0xa7,0xac,0x51,0x43,0xd4,0x86,0x1b,
+ 0x7d,0x6a,0xe7,0x79,0x92,0xef,0xa7,0x3e,0x0a,0xba,0x9d,0xa0,0xad,0x9a,0x68,0x88,
+ 0xbc,0x80,0x4d,0xbd,0x07,0xbc,0x26,0xa8,0xa5,0xdf,0xbd,0x29,0x2a,0x0e,0xfa,0x96,
+ 0x86,0x7f,0xdb,0x92,0xe8,0x45,0xc3,0x6e,0x34,0x33,0xcf,0x29,0x2e,0x0e,0x31,0x66,
+ 0x24,0x80,0x25,0x7f,0xcf,0x46,0x6f,0x7f,0x65,0xd8,0x14,0xbb,0x3e,0x33,0x99,0x2f),
+ .d = chunk_from_chars(
+ 0x3e,0xac,0x18,0x66,0xe2,0x35,0xd6,0x4b,0x9a,0x04,0xd7,0x3c,0x3f,0x49,0x70,0x7f,
+ 0x53,0x06,0xef,0x23,0x6f,0xcd,0xdb,0x7d,0xec,0x19,0x14,0x8a,0x4b,0xf3,0x48,0x28,
+ 0xc2,0x9b,0xc5,0x0e,0x75,0xa0,0xdc,0x38,0xd2,0x67,0x1b,0x50,0x28,0x59,0x61,0x8b,
+ 0xf3,0xf7,0xe5,0xf8,0x71,0x30,0x5a,0xd1,0xdf,0x49,0x72,0x75,0xb6,0x2d,0x36,0x03,
+ 0x1d,0xf6,0xc9,0x5c,0x9b,0x9d,0x68,0x73,0xa4,0x20,0x66,0x40,0x48,0x26,0x40,0x78,
+ 0x80,0x19,0x4c,0x61,0x13,0x2c,0x03,0x3c,0x76,0xac,0x16,0x9a,0xd4,0x01,0xcb,0x6e,
+ 0xd7,0x16,0xe7,0x02,0xbb,0xe3,0x16,0x11,0x72,0x9f,0x3a,0xca,0x1f,0x54,0x38,0xc6,
+ 0xb7,0x25,0xd9,0x01,0x17,0xca,0x53,0xe2,0x59,0xce,0x65,0xad,0x2f,0xbc,0x8a,0x1a,
+ 0x30,0xfa,0xa6,0x06,0xc3,0xb9,0x7f,0x1a,0xba,0xc5,0xa9,0x01,0x0f,0xa0,0x78,0x8e,
+ 0x9d,0x74,0x04,0xfd,0xcf,0xdc,0x55,0xf9,0xec,0x8e,0x91,0xaa,0x5f,0xdd,0x54,0xec,
+ 0x93,0x25,0xf0,0x21,0x48,0xc7,0xc5,0xdb,0x18,0xfe,0x52,0xed,0x62,0x75,0x8f,0xcd,
+ 0xb9,0x63,0x72,0x69,0x3f,0x99,0x8b,0x53,0x46,0x5a,0x97,0xca,0xcb,0x3b,0xbd,0x4d,
+ 0x0b,0xc3,0xd8,0x73,0x16,0x18,0xa2,0x78,0xe8,0x42,0x26,0x0e,0xaa,0xe8,0xdf,0x65,
+ 0xbe,0x8b,0xb9,0xf6,0xf0,0x85,0x22,0x0a,0x06,0x2a,0x11,0x77,0xf1,0x09,0x2a,0x9e,
+ 0xbd,0x46,0x71,0x35,0x0f,0xb0,0x5d,0x0c,0x89,0x3c,0x07,0xd8,0x36,0xe3,0x7e,0x73,
+ 0xc0,0x92,0xac,0x42,0x6e,0x63,0x0e,0x9b,0x6c,0xde,0xf3,0x6d,0x32,0x6c,0xd3,0x0e,
+ 0x5e,0xd8,0xff,0x37,0xce,0xd3,0x5c,0x4a,0xc4,0x7c,0xf0,0x12,0x61,0x61,0x6e,0xdd,
+ 0xb1,0x91,0x95,0x7e,0xaa,0x38,0xb2,0x60,0x0e,0x08,0xe7,0x84,0xb2,0x18,0x92,0x48,
+ 0xcf,0x40,0xf9,0xde,0xe6,0x5f,0x06,0x6a,0x8f,0x1e,0xe1,0x02,0x8d,0xe6,0x01,0xb6,
+ 0xbc,0x29,0x91,0x5b,0x9c,0xba,0xee,0xc2,0xdc,0x4f,0xe7,0xb1,0x3b,0x84,0x0c,0xf7,
+ 0x9a,0x4d,0x93,0xb0,0xc9,0xf4,0x7b,0x64,0x47,0xc3,0xf1,0xf8,0x32,0xdc,0x8c,0xf7,
+ 0xe5,0xf9,0x8f,0x68,0xf9,0x7c,0xc5,0xd9,0x93,0x46,0xb1,0x24,0x23,0x52,0xf7,0x4d,
+ 0x94,0xa7,0x27,0xa5,0x30,0x3b,0x99,0x67,0x0b,0xb8,0x34,0x19,0x25,0x5a,0xc5,0x12,
+ 0x70,0xbb,0xe5,0xd8,0x13,0x28,0x40,0x26,0x14,0xba,0xe1,0xc8,0x23,0x64,0x08,0xd9),
+ .e = chunk_from_chars(0xef,0xab,0xb9),
+ .m = chunk_from_chars(
+ 0x3a,0xbd,0x43,0xf1,0xd7,0x41,0xdd,0xf0,0xb7,0x52,0xdd,0x94,0x19,0x7a,0xb6,0x56,
+ 0x28,0x8f,0xf4,0x65,0xe5,0xdb,0xcc,0xec,0x61,0x79,0xf8,0x93,0x2f,0x02,0xc2,0x48,
+ 0x19,0x6a,0x5e,0x3f,0x12,0x24,0x7c,0x37,0x6c,0x8d,0x1e,0x00,0x4b,0x87,0xa7,0x3a,
+ 0x5a,0x64,0x35,0x5f,0xbc,0x07,0x31,0x04,0x46,0x45,0x25,0x5b,0xeb,0x91,0xcd,0xfd,
+ 0x77,0xd9,0x70,0xe6,0x81,0xab,0x70,0xc1,0x9a,0x9c,0x21,0x67,0xcb,0xea,0xd7,0xa2,
+ 0x3f,0x60,0x43,0x36,0x3c,0x7a,0xff,0x22,0x58,0xca,0x67,0x23,0xe9,0x9a,0xab,0x7a,
+ 0xbd,0xd3,0x22,0xef,0x0b,0x1e,0xe1,0x16,0xaa,0x48,0x8d,0xd1,0x81,0xeb,0x6d,0x16,
+ 0x3f,0x4b,0xc3,0xf2,0x4c,0x7e,0x5d,0xce,0xff,0xd0,0x67,0xf2,0x11,0x65,0x83,0x47),
+ .s = chunk_from_chars(
+ 0x47,0x40,0x11,0x5f,0x25,0x1b,0x35,0xcf,0xe1,0x9d,0x38,0x16,0xcc,0x1f,0xbf,0x02,
+ 0xb9,0xa4,0xd9,0x47,0x0d,0xc6,0x2b,0x41,0xcd,0xb7,0x22,0x84,0xc3,0x0f,0xff,0xd3,
+ 0x4e,0x70,0x57,0x55,0x9a,0x73,0xb4,0x4a,0xc4,0x9f,0xa7,0x28,0x5f,0x3e,0x9a,0x68,
+ 0x0b,0xf1,0x94,0x95,0x62,0xa4,0x7f,0x01,0xbf,0xc5,0x5e,0xb7,0xbd,0xa9,0xe2,0x91,
+ 0xc9,0xa5,0xce,0x1a,0x5d,0x7b,0x61,0x95,0x90,0xc0,0xe1,0xbd,0x36,0x94,0x3f,0xa4,
+ 0x1b,0x9c,0xc9,0xb2,0xa3,0xa7,0x42,0xc2,0x94,0x2c,0x53,0xec,0x3e,0x45,0xc7,0x71,
+ 0x76,0xe4,0xbf,0x32,0xb7,0x10,0x1a,0xb4,0xb0,0x5a,0x99,0x6a,0x21,0xfe,0x12,0x92,
+ 0x18,0x41,0xf8,0xf0,0xfa,0xd1,0xe7,0x1b,0xde,0xff,0x5a,0x7f,0x53,0xe8,0x76,0x63,
+ 0x67,0x31,0x1a,0x98,0xb9,0xd8,0x61,0x8a,0x61,0x98,0xaa,0x16,0x62,0xe5,0x87,0x33,
+ 0x2c,0x24,0x28,0x3f,0x9e,0xcf,0x2b,0xb2,0xd8,0x25,0xf5,0x97,0xd1,0x82,0x56,0xce,
+ 0x9c,0x58,0x64,0xf1,0xff,0xca,0x37,0xc4,0xec,0x8d,0xf4,0xf9,0x45,0xcf,0x22,0xc9,
+ 0x74,0xf5,0xef,0x3d,0xbb,0x9f,0x17,0x0b,0x39,0x78,0xbd,0xdc,0xc9,0x1b,0x13,0xb9,
+ 0xe8,0x55,0x0b,0xfc,0xdb,0x74,0xac,0x73,0x49,0xd5,0x31,0xe1,0xe3,0x28,0x0f,0xc0,
+ 0x05,0xac,0x34,0xc0,0x36,0x08,0x99,0x3b,0x78,0x76,0xca,0xf2,0x7c,0x8b,0xd5,0xa9,
+ 0x73,0x06,0x29,0x20,0x82,0xf7,0x7d,0x91,0x44,0x00,0x5b,0xcd,0x10,0x46,0xf2,0x73,
+ 0x03,0x18,0x5b,0x6a,0x7c,0xac,0x53,0x9f,0x1e,0x05,0x80,0x5e,0xe8,0xd0,0x77,0x2f,
+ 0x37,0xac,0xc3,0xe7,0xfa,0x09,0x20,0x17,0x1c,0x19,0xec,0x92,0x66,0xc4,0xdd,0x6d,
+ 0x9e,0x51,0x76,0x6c,0x44,0x33,0xa2,0x83,0x1c,0x3e,0x5f,0xb7,0xd8,0x43,0x41,0x62,
+ 0x4e,0xa9,0xa2,0x5e,0x1a,0x2e,0xb2,0x7e,0xf2,0xc7,0xe8,0xde,0x49,0x1d,0x94,0xd8,
+ 0xa8,0xa3,0x19,0x19,0xbd,0xd7,0xcd,0xf6,0x07,0x3a,0x1d,0x88,0xf4,0x52,0xff,0x8d,
+ 0x15,0xe5,0x7c,0xf6,0x50,0x4a,0x81,0x84,0x3c,0x24,0x35,0x1c,0x61,0xa3,0x73,0xb7,
+ 0x3a,0xcd,0x84,0xc7,0x6d,0xe9,0x16,0xf2,0x90,0xe0,0xe9,0xbd,0xf5,0x1d,0x8f,0xfa,
+ 0x63,0xf8,0x67,0xaf,0x58,0x7b,0x5c,0x75,0x91,0x11,0x67,0x10,0x79,0xea,0x28,0x84,
+ 0x64,0x66,0xcc,0x33,0xdf,0x76,0x83,0x63,0x9d,0x01,0x83,0x37,0xeb,0xe1,0x3c,0xb8),
+ },
+ {
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, },
+ .n = chunk_from_chars(
+ 0xcd,0x61,0x41,0xe4,0xc8,0xdc,0x69,0x97,0xfc,0x65,0x30,0x0a,0x6e,0x2c,0x74,0x6f,
+ 0x39,0x10,0x22,0xf1,0x56,0x61,0x23,0x1a,0x83,0x2b,0xe9,0x66,0xaa,0x49,0x8e,0x67,
+ 0x87,0x77,0x76,0x69,0x44,0xdb,0x54,0xa5,0x99,0xcd,0x6d,0xdb,0xda,0xf7,0x53,0x3f,
+ 0x42,0x9e,0x6e,0x11,0x97,0xb7,0xeb,0x06,0x19,0x13,0xf5,0x0b,0x09,0xbe,0x04,0xab,
+ 0x70,0xb1,0xb7,0x02,0xfc,0xe9,0xad,0xa2,0x79,0xea,0x80,0x89,0x67,0x7a,0x37,0x70,
+ 0x1e,0x64,0x19,0x0f,0x24,0x3d,0xfa,0xbe,0x7c,0xc2,0x54,0xf0,0x8a,0x61,0x43,0xc9,
+ 0xc5,0x89,0xac,0x4a,0x90,0x88,0x1c,0x0d,0x2b,0x62,0xe9,0x80,0x13,0xe9,0x2d,0x04,
+ 0x9e,0xe9,0xca,0x11,0xa4,0x25,0xad,0x45,0x0e,0xc5,0xa6,0x99,0xae,0x17,0x67,0x2d,
+ 0x86,0xef,0xde,0x3f,0xbc,0x81,0x20,0x3f,0x2b,0x50,0x0e,0xf4,0x17,0x46,0xb9,0xe9,
+ 0xaf,0x26,0x42,0xb3,0x0c,0xbf,0x75,0xe7,0x88,0x9e,0x50,0x08,0x36,0xd6,0xdd,0x32,
+ 0xbc,0xc5,0xd8,0xb6,0x90,0x21,0xb7,0x64,0xa5,0x91,0xd6,0x85,0x07,0x76,0xcd,0xdf,
+ 0x0b,0x72,0x40,0xc7,0x5d,0xda,0x9e,0x2d,0x19,0x7f,0x2c,0xd9,0xc6,0x78,0x7b,0x16,
+ 0x44,0x5b,0x55,0xea,0xec,0xcd,0xfd,0xd1,0x7f,0xb7,0x2d,0x7f,0xe5,0x18,0x9a,0xa1,
+ 0xa2,0xa6,0xad,0x06,0xb4,0xf2,0xbf,0xc8,0xf6,0xc9,0x1c,0x3a,0x2a,0x80,0xa8,0x3a,
+ 0x31,0x13,0xe0,0xb4,0x20,0xb7,0x06,0x54,0xd6,0xa5,0x07,0x5d,0x38,0xd9,0xa1,0x2d,
+ 0x1e,0x0f,0xdd,0xd2,0xcb,0x23,0xb7,0xf3,0xef,0x94,0x99,0x91,0xbf,0x49,0x04,0x8d,
+ 0xc4,0x00,0x20,0xdc,0xf0,0x42,0xca,0xf0,0x08,0x83,0x36,0x35,0x91,0xdd,0x6a,0x90,
+ 0x78,0x9a,0xc2,0x12,0xa0,0xce,0xd9,0x5f,0xb4,0x0b,0xca,0xda,0xac,0x2c,0x97,0xee,
+ 0x7f,0xf3,0x02,0xc3,0x7c,0xf2,0xaa,0x72,0x98,0x31,0x1d,0xb8,0x5a,0x2d,0x4d,0x1b,
+ 0x9f,0x03,0x70,0x23,0xc2,0x1b,0xf2,0xe9,0xb9,0xab,0xec,0xc7,0x80,0xa7,0x0c,0xf2,
+ 0xa5,0x40,0x02,0x63,0x42,0x72,0xd7,0xdc,0xf2,0x5e,0xe4,0xc7,0xdb,0xb0,0x44,0x37,
+ 0xf3,0x0f,0x50,0xbd,0xcf,0x49,0x62,0xd4,0x32,0x48,0x4a,0x5d,0xab,0x7b,0x60,0xb3,
+ 0x1d,0x80,0x25,0xb9,0x84,0xc8,0x21,0xfa,0xdb,0xf2,0xb6,0x23,0xf2,0xf9,0x2a,0x65,
+ 0x31,0xdc,0xe1,0x1a,0x1f,0x25,0x2e,0x60,0x30,0x16,0x07,0x8f,0x39,0x86,0xe0,0x81),
+ .d = chunk_from_chars(
+ 0x1c,0xc4,0x40,0x8e,0x92,0xd1,0xae,0xd2,0x2f,0x6c,0x04,0x3d,0x82,0x14,0x03,0x04,
+ 0xe7,0x82,0x5e,0x74,0xeb,0xaa,0x10,0x40,0x8d,0x33,0x95,0x46,0x30,0xb6,0x3b,0x02,
+ 0x3a,0xc2,0x13,0x6e,0xaf,0x45,0x16,0xd7,0x3a,0xe5,0x4f,0x7f,0xf6,0xf8,0xeb,0x34,
+ 0x1f,0x1d,0x39,0xae,0xd5,0xc9,0x8d,0x92,0xf1,0x85,0x8a,0xe4,0x11,0xb9,0xe0,0xe2,
+ 0x06,0xe0,0xe2,0xb2,0x25,0x19,0xbc,0x20,0xd3,0x04,0xbc,0xb4,0x7d,0x81,0xc4,0xf4,
+ 0x9e,0x59,0x9b,0x86,0x95,0x26,0xb7,0x58,0x88,0xb0,0x2f,0x29,0xdc,0x59,0x58,0xe8,
+ 0x21,0x6f,0x6a,0xe4,0x75,0xbf,0xf7,0x15,0xa7,0x41,0x63,0x32,0x04,0xbf,0xed,0x27,
+ 0xbd,0xc6,0x25,0x22,0x60,0x99,0x9f,0xf1,0x77,0xf1,0xa4,0xf7,0xa0,0x60,0x57,0x18,
+ 0xe9,0xad,0x45,0xb8,0x99,0x2b,0x59,0x46,0x6c,0x11,0xb4,0xda,0x7e,0x0e,0x1a,0x97,
+ 0x4c,0x28,0xc0,0xe1,0x54,0xe0,0x78,0x68,0xa0,0x1e,0x3f,0xa7,0x4e,0x6c,0xde,0x47,
+ 0x95,0x26,0xc4,0x6b,0x73,0x18,0xed,0x5f,0x12,0xe7,0xa2,0x27,0x01,0xf7,0x39,0xa3,
+ 0x10,0xec,0xcd,0x59,0x94,0xd4,0xbc,0x7f,0x8d,0xf6,0xe1,0x5e,0x3b,0x84,0xe1,0x83,
+ 0x93,0x64,0x62,0x32,0xfe,0x6e,0xc4,0x8b,0xe9,0xed,0x26,0xca,0xb8,0x74,0x96,0x00,
+ 0x9d,0x25,0xa5,0xbb,0x3c,0xdd,0xbd,0x32,0xb1,0xda,0x3f,0x07,0x03,0x8f,0xfc,0x78,
+ 0x14,0xdf,0x10,0x33,0xff,0xda,0x30,0xab,0x05,0xf0,0x75,0x5e,0x33,0x00,0x22,0xc9,
+ 0xcb,0x6b,0x78,0xdf,0xb4,0x75,0x02,0xb6,0x29,0xeb,0x4b,0xad,0xaf,0xf3,0x44,0x25,
+ 0x96,0x28,0x9f,0xa3,0x29,0xd5,0x08,0x7b,0xf7,0x0f,0x53,0x4f,0x50,0xff,0xa6,0x5e,
+ 0xeb,0x64,0x14,0x1d,0x0d,0xb4,0x31,0xa4,0x15,0x9d,0x39,0x0f,0x82,0x33,0x98,0x12,
+ 0x71,0xf4,0x8c,0x66,0x6c,0x50,0xab,0x7f,0xa4,0xf1,0xe7,0xe3,0x96,0x34,0x71,0x84,
+ 0xe1,0xd9,0x77,0xa0,0x8d,0xae,0xb2,0xfa,0xbe,0x8d,0xca,0x0c,0x2f,0xb9,0x41,0xd3,
+ 0xe5,0x39,0x8a,0x0d,0x1d,0xb9,0x18,0xee,0x59,0x3c,0x4b,0x4d,0xc9,0x67,0x13,0x1a,
+ 0x4b,0xc1,0x80,0x80,0xad,0x57,0xa9,0x42,0x8e,0x72,0x69,0x1b,0x0d,0xd6,0xb1,0xd5,
+ 0x66,0xe0,0x2a,0xd4,0x5f,0x30,0x8b,0xe8,0xbc,0x37,0xf3,0xfe,0xd6,0xc8,0x8d,0x28,
+ 0x38,0x56,0x67,0x33,0x57,0x04,0xa4,0xa5,0x50,0xf8,0x70,0xea,0x59,0xca,0x18,0x4f),
+ .e = chunk_from_chars(0x2c,0xc9,0x2f),
+ .m = chunk_from_chars(
+ 0xd1,0xac,0xd4,0xa6,0x03,0x5f,0x23,0xbf,0xe6,0x70,0x06,0x13,0x2a,0x1c,0xd4,0x74,
+ 0xef,0x58,0xc0,0x11,0x36,0x70,0xf5,0x3c,0x95,0xee,0xe5,0x70,0x30,0xbd,0xdd,0x92,
+ 0xe4,0x8e,0xdd,0x77,0xc5,0x7b,0xa8,0xa7,0xcb,0xea,0x17,0x60,0xc8,0xb5,0xb2,0xde,
+ 0x9d,0x88,0x81,0xda,0xae,0x8a,0x20,0x51,0x93,0x3f,0x12,0x86,0x11,0xad,0x57,0x4a,
+ 0x48,0xbd,0x41,0x7b,0x2d,0xe5,0x83,0xcb,0x3b,0x04,0x8b,0xc2,0x66,0x8d,0x12,0x07,
+ 0x51,0xe8,0xf1,0xdb,0xc0,0x15,0x36,0xe6,0x50,0x93,0x77,0x36,0x66,0x80,0x66,0x85,
+ 0x65,0x01,0xa6,0xba,0x24,0xe4,0xdd,0xb3,0x9f,0x84,0x0b,0x42,0xec,0xed,0x1a,0x75,
+ 0x71,0x41,0xb6,0x1b,0x55,0x5b,0x5e,0x83,0x34,0xb1,0xbb,0x87,0x17,0x7f,0x31,0xc9),
+ .s = chunk_from_chars(
+ 0x55,0x61,0x3f,0x64,0x33,0x1a,0xbd,0x97,0x1e,0x82,0x2c,0xc3,0xd9,0x72,0xf6,0x7e,
+ 0x78,0x2b,0x6a,0xf8,0x1a,0xac,0x0b,0x80,0xe2,0xf6,0x32,0x4d,0xa6,0xd9,0xf3,0x3c,
+ 0x46,0xf8,0xb7,0xe2,0x4c,0x94,0xde,0xee,0x7e,0x98,0x52,0x5a,0xaf,0x4c,0xa6,0x84,
+ 0x37,0x53,0xdf,0x3d,0x44,0x4e,0x1e,0x05,0x40,0xf9,0xc1,0x96,0xff,0xbb,0xcb,0x4f,
+ 0xca,0x7a,0xad,0x4b,0xa9,0x42,0x88,0xf9,0x11,0x65,0x0e,0x3c,0xaf,0x6d,0xd2,0x2f,
+ 0x87,0x92,0x3f,0xa4,0xb1,0x2e,0x2d,0x6b,0x11,0x5f,0x2f,0xe7,0x73,0xaf,0x25,0x63,
+ 0xcc,0x76,0x0d,0xe8,0x8c,0xfa,0x6e,0x16,0x87,0x8d,0xd9,0xc0,0x7f,0x0d,0x45,0xb1,
+ 0x0a,0x22,0x4d,0x1a,0x7e,0xe1,0xd2,0x6f,0xfa,0xdf,0xd3,0x8b,0x78,0x00,0x4a,0x20,
+ 0x45,0xb3,0x5d,0x9c,0xb9,0xfc,0xcd,0xc7,0x15,0x66,0x8a,0x74,0x01,0xdb,0x7a,0xde,
+ 0xf1,0x09,0xeb,0xca,0xaf,0xc5,0x26,0x9d,0x37,0x7c,0x1e,0x8f,0x7d,0x42,0x92,0x45,
+ 0x9c,0x80,0x1a,0x93,0xc4,0xd0,0x7e,0xf4,0x77,0xf8,0x71,0x75,0xaa,0x35,0xe0,0x02,
+ 0xa0,0x3c,0x20,0x51,0x98,0x5f,0xcb,0x69,0x63,0xe9,0xbf,0x96,0xe2,0x8e,0x55,0xeb,
+ 0x52,0xa3,0x55,0x44,0x75,0xf9,0x09,0x5f,0x24,0xa9,0xe4,0x22,0xfa,0x84,0xb6,0x05,
+ 0x90,0xe8,0xb8,0xd6,0xec,0x91,0xdc,0xf6,0xa5,0x84,0xcc,0x8a,0x93,0x4e,0x55,0x1b,
+ 0xef,0xee,0xdc,0x0f,0x0f,0x48,0xda,0xdf,0x29,0x3f,0x0f,0x92,0x60,0xee,0x22,0xd7,
+ 0x2e,0xa4,0x6e,0x27,0x10,0x45,0xb6,0x65,0x16,0xb2,0xbe,0xbe,0xed,0x52,0x72,0x2a,
+ 0xec,0x5f,0x08,0x40,0x85,0xf8,0xfa,0xa6,0x89,0x30,0x8b,0xc1,0x3f,0xa5,0xb9,0xe5,
+ 0xb0,0xaa,0xdf,0x27,0x66,0x25,0x8e,0x01,0xd4,0xb8,0xdd,0xbe,0x0d,0x32,0x8a,0xa1,
+ 0x12,0x23,0x7e,0xc1,0x0b,0x11,0x5b,0xe8,0x3f,0xae,0x8a,0x01,0x13,0xf8,0x89,0x0e,
+ 0xda,0xb7,0x9d,0x04,0x63,0xc9,0xec,0x6e,0x2d,0xb4,0x50,0x46,0x93,0x53,0x5d,0xcf,
+ 0x76,0x95,0xf8,0x44,0x25,0xe9,0xf7,0xb7,0x3e,0x4f,0x18,0xbc,0x07,0x2f,0x51,0x31,
+ 0x98,0x9b,0x0c,0xdb,0x07,0xf4,0x96,0xf1,0x5e,0x56,0x2d,0x07,0xf0,0x71,0x1c,0xf9,
+ 0x79,0xf1,0xaa,0x4d,0x14,0x0d,0x97,0x83,0xef,0xd6,0xf9,0x6c,0x41,0xfe,0x5f,0xb7,
+ 0x9e,0x5d,0x5d,0x68,0x9d,0xd5,0xa7,0x05,0xf1,0xff,0x83,0x77,0x54,0x03,0x1a,0x39),
+ },
+ {
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, },
+ .n = chunk_from_chars(
+ 0x99,0xa5,0xc8,0xd0,0x94,0xa5,0xf9,0x17,0x03,0x46,0x67,0xa0,0x40,0x8b,0x7e,0xcf,
+ 0xca,0xac,0xc3,0xf9,0x78,0x44,0x44,0xe2,0x17,0x73,0xc3,0x46,0x1e,0xc3,0x55,0xf0,
+ 0xd0,0xf5,0x2a,0x5d,0xb0,0x56,0x8a,0x71,0xd3,0x88,0x69,0x67,0x88,0xef,0x66,0xae,
+ 0x73,0x40,0xc6,0xb2,0x8d,0xbf,0x92,0x5f,0xe8,0x35,0x57,0x98,0x65,0x75,0xf7,0x9c,
+ 0xca,0x69,0x21,0x72,0x21,0x39,0x7e,0xd5,0x80,0x8a,0x26,0xf7,0xe7,0xe7,0x14,0xc9,
+ 0x32,0x35,0xf9,0x14,0xd4,0x5c,0x4a,0x9a,0xf4,0x61,0x9b,0x20,0xf5,0x11,0xad,0x64,
+ 0x4b,0xd3,0x41,0x2d,0xfd,0xf0,0xff,0x71,0x7f,0x7a,0xac,0x74,0x6f,0x31,0x0b,0xfa,
+ 0x9a,0x14,0x1a,0xc3,0xdb,0xf0,0x1c,0x1f,0xc7,0x4f,0xeb,0xd1,0x97,0x93,0x84,0x19,
+ 0xc2,0x62,0x29,0x35,0x05,0xc3,0x5f,0x40,0x2f,0x90,0x53,0xad,0x13,0xc5,0x1a,0x59,
+ 0x60,0xec,0xde,0x55,0xec,0x82,0x9e,0x95,0x3f,0x94,0x1a,0xf7,0x33,0xe5,0x87,0x05,
+ 0x91,0x37,0x67,0xe7,0xa7,0x20,0x0d,0x1d,0x09,0xe7,0xe7,0xe2,0xd2,0x69,0xfa,0x29,
+ 0xa5,0x58,0xbb,0x16,0x30,0x4b,0x05,0x9f,0x13,0xf4,0xca,0x56,0x0a,0x81,0x01,0xfe,
+ 0x37,0x20,0xb4,0xa7,0x79,0xec,0x12,0x64,0x27,0x32,0x6c,0xaa,0x13,0x2a,0x3d,0x36,
+ 0x11,0xd7,0xdb,0xc5,0x03,0x36,0xfa,0xc7,0x89,0xec,0x40,0x6b,0x39,0x7e,0x1e,0x36,
+ 0xd7,0xda,0xf9,0xb6,0x24,0xbf,0x63,0x9c,0x82,0xb8,0x59,0x28,0x87,0x47,0x69,0x0c,
+ 0x73,0x0c,0x98,0x0b,0x2f,0x5a,0x23,0x9d,0xd9,0x5a,0xd5,0x38,0x9a,0x2e,0xc9,0x0c,
+ 0x57,0x78,0x60,0x47,0x13,0x71,0x03,0x83,0xae,0x55,0xd4,0xd2,0x8c,0x06,0xd4,0xac,
+ 0x26,0xf0,0xd1,0x23,0x1f,0x1d,0x67,0x62,0xc8,0xe0,0xd9,0x18,0x11,0x81,0x56,0xbc,
+ 0x63,0x77,0x60,0xda,0xea,0x18,0x47,0x46,0xb8,0xdc,0xf6,0xf6,0x1d,0xb2,0x74,0xa7,
+ 0xdd,0xce,0xaa,0x07,0x49,0x37,0xab,0xab,0xad,0x45,0x49,0xb9,0x7a,0xb9,0x92,0x49,
+ 0x4a,0x80,0x72,0x08,0xab,0xd7,0x89,0x82,0x3f,0x5d,0x75,0xc4,0xb9,0x94,0x08,0x9c,
+ 0x80,0x72,0xcf,0xc2,0x54,0xe0,0xd8,0x20,0x2f,0xd8,0x96,0x47,0x6e,0x96,0xad,0x9d,
+ 0x30,0x9a,0x0e,0x8e,0x73,0x01,0x28,0x2f,0x07,0xeb,0x2a,0xe8,0xed,0xef,0xb7,0xdb,
+ 0xbe,0x13,0xb9,0x6e,0x8b,0x40,0x24,0xc6,0xb8,0x4d,0xe0,0xa0,0x5e,0x15,0x02,0x85),
+ .d = chunk_from_chars(
+ 0x03,0xb1,0x90,0x5b,0x88,0x3e,0xa9,0xd3,0x2a,0x37,0x96,0x4c,0xf2,0xb3,0x19,0x9c,
+ 0xb1,0xee,0x5f,0x61,0x1f,0xf2,0xaa,0x16,0x32,0x69,0x94,0x2b,0x35,0x43,0x6a,0x4a,
+ 0x70,0x8e,0x73,0x71,0x85,0x7b,0x60,0x3f,0xe8,0x4e,0x43,0x7f,0xea,0x0f,0xb9,0xc1,
+ 0x9c,0xb0,0x9b,0x3c,0x39,0xac,0x82,0xfa,0xf7,0x3f,0x12,0x0a,0xb2,0xdd,0x49,0x57,
+ 0x0e,0xd9,0xc4,0x3c,0x70,0xf4,0x30,0x20,0x4f,0x77,0x74,0x3b,0x29,0x51,0x23,0x21,
+ 0x8a,0x5b,0x12,0x83,0xda,0xdf,0x93,0xcf,0xe3,0x73,0x75,0x00,0x0f,0xbe,0x64,0xa5,
+ 0x3f,0xa4,0xe4,0x0f,0x9a,0x8e,0x40,0x37,0x3f,0x75,0x92,0x35,0x66,0x5a,0xb1,0xf8,
+ 0x4d,0xd2,0xc8,0xa8,0x0a,0x8c,0x18,0x30,0xe7,0xd6,0x82,0xbd,0xba,0xbc,0xed,0xf3,
+ 0x22,0xe6,0xc7,0x87,0xcd,0x20,0x84,0xab,0x75,0x27,0x04,0x0e,0x78,0x5a,0x8e,0xf8,
+ 0x62,0xe0,0x25,0x66,0x99,0x5e,0x3a,0x3c,0x1d,0xb9,0xff,0x04,0x60,0xee,0xdf,0x80,
+ 0x78,0x39,0xb8,0x01,0x70,0xfd,0x4f,0xcb,0xd0,0x85,0x04,0x24,0x90,0x7d,0x8f,0x28,
+ 0x65,0x2c,0xb7,0xe9,0xd3,0x7e,0x1b,0xda,0x2e,0xad,0xb8,0x89,0xe5,0x55,0x0f,0x3c,
+ 0x49,0x01,0xdb,0x4d,0xb5,0x77,0x5d,0xd9,0xd1,0xe8,0x63,0xda,0xc1,0xe5,0xd9,0x47,
+ 0xef,0x0b,0x7b,0xcf,0x74,0x6c,0xbf,0xd3,0xe6,0x00,0x0f,0x40,0x92,0xb0,0xb1,0xee,
+ 0xa7,0x3d,0x15,0x43,0x11,0xb5,0x1b,0xde,0x7e,0x4d,0xff,0x4a,0x5f,0xcd,0x89,0xb8,
+ 0x28,0x53,0x45,0x65,0x4c,0x4f,0xc6,0x97,0x53,0x4c,0x79,0x41,0x35,0xfd,0x85,0xe8,
+ 0x73,0x65,0x6e,0xfe,0x2d,0x90,0x28,0xc7,0x36,0xb4,0x6c,0x59,0x1f,0x4d,0x5b,0xa1,
+ 0x3b,0x44,0xba,0xce,0x0b,0x39,0x7c,0xc1,0x7f,0x5d,0x77,0x93,0x95,0x05,0x9c,0x59,
+ 0xd3,0x64,0x52,0x93,0xab,0x0d,0x63,0xca,0xe4,0x39,0x20,0x23,0x61,0x9e,0xc5,0x7d,
+ 0xc4,0x33,0x93,0x23,0x94,0xa9,0xf5,0x9a,0x69,0x0c,0x0d,0xd1,0xe1,0x1c,0xf0,0x92,
+ 0xba,0x54,0x1c,0x55,0xf3,0xfa,0x89,0x24,0xd2,0x55,0xa1,0x68,0xc3,0xad,0x26,0xe6,
+ 0xb4,0xe5,0xe0,0x50,0x02,0x6f,0x65,0x0a,0x2a,0xcb,0xb1,0xee,0xc5,0x74,0xcc,0x8b,
+ 0x14,0x47,0x0b,0x7d,0x3b,0x12,0x2b,0x00,0x95,0x72,0x0f,0x97,0xc6,0x17,0x5c,0x53,
+ 0xe7,0x60,0x36,0xd5,0xe9,0xb6,0xa2,0xaa,0xba,0x76,0x31,0xab,0x3b,0x7b,0x8a,0xe9),
+ .e = chunk_from_chars(0x08,0xa6,0x49),
+ .m = chunk_from_chars(
+ 0xcc,0x21,0x59,0x3a,0x6a,0x0f,0x73,0x7e,0x29,0x70,0xb7,0xc0,0x79,0x84,0xb0,0x70,
+ 0xd7,0x61,0x72,0x62,0x96,0xa0,0x7e,0x24,0xe0,0x56,0xe6,0x8f,0xf8,0x46,0xb2,0x9c,
+ 0xc1,0x54,0x81,0x79,0x84,0x3d,0x74,0xdc,0xee,0x86,0x47,0x98,0x58,0xb2,0xc1,0x6e,
+ 0x4c,0xb8,0x4f,0x25,0x44,0xb4,0xec,0xdc,0xb4,0xdd,0x43,0xa0,0x4b,0xb7,0x18,0x3a,
+ 0x76,0x8a,0xe4,0x4a,0x27,0x12,0xbf,0x9a,0xd4,0x78,0x83,0xac,0xc2,0x81,0x2f,0x95,
+ 0x83,0x06,0x89,0x0e,0xbe,0xa4,0x08,0xc9,0x2e,0xb4,0xf0,0x01,0xed,0x7d,0xbf,0x55,
+ 0xf3,0xa9,0xc8,0xd6,0xd9,0xf6,0x1e,0x5f,0xe3,0x2e,0xb3,0x25,0x3e,0x59,0xc1,0x8e,
+ 0x86,0x31,0x69,0x47,0x8c,0xd6,0x9b,0x91,0x55,0xc3,0x35,0xdb,0x66,0x01,0x6f,0x96),
+ .s = chunk_from_chars(
+ 0x0a,0xa5,0x72,0xa6,0x84,0x5b,0x87,0x0b,0x89,0x09,0xa6,0x83,0xbb,0x7e,0x6e,0x76,
+ 0x16,0xf7,0x7b,0xef,0xf2,0x87,0x46,0x11,0x6d,0x8b,0xc4,0xb7,0x33,0x55,0x46,0xb5,
+ 0x1e,0x80,0x06,0xed,0x0f,0xc9,0xa0,0xd6,0x6f,0x63,0xce,0x0b,0x9e,0xbf,0x79,0x2d,
+ 0x7e,0xfd,0x43,0x05,0xd7,0x62,0x4d,0x54,0x54,0x00,0xa5,0xfd,0x6a,0x06,0xb7,0x8f,
+ 0x17,0x4b,0x86,0x80,0x3f,0x7c,0xd1,0xcc,0x93,0xe3,0xa9,0x72,0x86,0xf0,0xea,0x59,
+ 0x0e,0x40,0xff,0x26,0x19,0x5a,0xa2,0x19,0xfe,0x15,0x10,0xa0,0x16,0x78,0x52,0x23,
+ 0x60,0x6d,0x93,0x11,0xa1,0x6c,0x59,0xa8,0xfe,0x4a,0x6d,0xa6,0xec,0xd0,0xc1,0xd7,
+ 0x77,0x50,0x39,0x29,0x0c,0x2a,0xaa,0x17,0xed,0x1e,0xb1,0xb5,0x43,0x74,0xf7,0xe5,
+ 0x72,0xdb,0x13,0xcc,0xa3,0xa6,0x38,0x57,0x5f,0x80,0x04,0xaa,0x54,0xa2,0xfa,0x98,
+ 0x42,0x2f,0xc0,0x7e,0x43,0xad,0x3a,0x20,0xdd,0x93,0x00,0x14,0x93,0x44,0x26,0x77,
+ 0xd8,0x83,0x91,0x4d,0xc7,0x4e,0xc1,0xcb,0xeb,0xbb,0xd3,0xd2,0xb6,0xba,0xd4,0x66,
+ 0x6d,0x91,0x45,0x7b,0x69,0xb4,0x6a,0x1a,0x61,0xf2,0x12,0x98,0xf1,0xa6,0x79,0x42,
+ 0xec,0x86,0xc8,0x76,0x32,0x2d,0xd3,0x66,0xed,0x16,0x78,0x14,0xe9,0xc8,0xfc,0x90,
+ 0x40,0xc5,0xb4,0xb7,0xa8,0x59,0xbb,0xd8,0x80,0xcb,0x6b,0xc2,0x41,0xb9,0xe3,0x27,
+ 0xce,0x77,0x9e,0x07,0x83,0xb1,0xcf,0x44,0x5e,0x0b,0x2f,0x57,0x71,0xb3,0xf5,0x82,
+ 0x2a,0x13,0x64,0x39,0x1c,0x15,0x4d,0xc5,0x06,0xff,0xf1,0xfb,0x9d,0x9a,0x35,0xf8,
+ 0x01,0x99,0xa6,0xb3,0x0b,0x4b,0x92,0xb9,0x26,0x19,0xa4,0x0e,0x21,0xae,0xa1,0x92,
+ 0x84,0x01,0x58,0x63,0xc4,0x48,0x66,0xc6,0x1e,0xd9,0x04,0xa7,0xad,0x19,0xee,0x04,
+ 0xd9,0x66,0xc0,0xaa,0xe3,0x90,0x63,0x62,0x43,0x56,0x55,0x81,0xff,0x20,0xbd,0x6e,
+ 0x3c,0xfb,0x6e,0x31,0xf5,0xaf,0xba,0x96,0x4b,0x31,0x1d,0xc2,0xd0,0x23,0xa2,0x19,
+ 0x98,0xc8,0xdd,0x50,0xca,0x45,0x36,0x99,0x19,0x0b,0xd4,0x67,0x42,0x9e,0x2f,0x88,
+ 0xac,0xe2,0x9c,0x4d,0x1d,0xa4,0xda,0x61,0xaa,0xc1,0xed,0xa2,0x38,0x02,0x30,0xaa,
+ 0x8d,0xbb,0x63,0xc7,0x5a,0x3c,0x1e,0xc0,0x4d,0xa3,0xa1,0xf8,0x80,0xc9,0xc7,0x47,
+ 0xac,0xdb,0x74,0xa8,0x39,0x5a,0xf5,0x8f,0x5f,0x04,0x40,0x15,0xcc,0xaf,0x6e,0x94),
+ },
+ {
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, },
+ .n = chunk_from_chars(
+ 0xb4,0x3d,0x4a,0x44,0x6d,0xe4,0x5a,0xa8,0xf3,0x36,0xb9,0x3a,0x4c,0x59,0x23,0xf3,
+ 0xa5,0x38,0x6e,0xf8,0xdd,0x1e,0x94,0xc4,0x23,0x00,0xde,0x08,0x80,0xe9,0xbd,0x08,
+ 0x28,0xfb,0x32,0xe3,0x6e,0x4c,0x50,0xcb,0xf6,0x66,0x03,0x7a,0x8f,0x2e,0x05,0xf4,
+ 0x57,0x73,0x89,0x6c,0x10,0xae,0xa9,0x75,0xb3,0xdb,0xf4,0xc4,0xcd,0xfc,0x24,0xa0,
+ 0x38,0xc5,0xc0,0x6d,0x36,0x1b,0xaf,0x84,0xc3,0x8f,0xc2,0x2c,0x03,0xa3,0x6b,0x9d,
+ 0xce,0x38,0xe0,0x90,0x11,0x1d,0x9c,0x13,0x23,0xd7,0xa7,0x7d,0x3e,0x04,0xb7,0x13,
+ 0xfa,0xf7,0x40,0x96,0x5a,0x9e,0x18,0x83,0xee,0x37,0x75,0x48,0x9a,0xb5,0x14,0xce,
+ 0x48,0x07,0x86,0xf9,0xeb,0x74,0x1c,0x60,0xab,0x89,0x6a,0x9d,0x6e,0xae,0x3a,0x53,
+ 0xed,0x92,0x68,0x76,0x8c,0x21,0xf7,0x9e,0x30,0x75,0x9e,0x0b,0x01,0xab,0x7f,0xa2,
+ 0x24,0xea,0x82,0x29,0xc2,0x93,0x78,0x00,0x58,0xf2,0x58,0xe9,0x22,0x6d,0x73,0x74,
+ 0xac,0x42,0x5e,0xf1,0xd2,0xb6,0xe0,0x6e,0x5b,0x26,0x3d,0xf0,0xc6,0xd6,0x6c,0x00,
+ 0xed,0x26,0xcb,0xf2,0x46,0xa5,0xaf,0x0a,0x01,0x63,0x33,0x68,0x86,0xef,0x8d,0x92,
+ 0x9b,0x37,0x74,0x9a,0x08,0xf0,0xec,0x1d,0xb0,0x59,0x73,0xa8,0xaf,0xc8,0x17,0x78,
+ 0xb6,0xcc,0x91,0x06,0xf9,0x2b,0x14,0x53,0xf1,0x52,0x86,0x97,0xb1,0xdc,0x8d,0xd0,
+ 0xb2,0x55,0xe8,0x01,0x06,0x0f,0xe1,0x79,0xb2,0xd1,0x0a,0x9c,0x4c,0x3e,0x13,0xf3,
+ 0xc5,0x6f,0xa6,0xd5,0x51,0x66,0xf6,0x46,0x1a,0xf4,0xaa,0xf4,0xf4,0x16,0x8f,0xd5,
+ 0xea,0x6d,0xad,0xed,0xaa,0x3f,0x9f,0x1d,0xe4,0xde,0x99,0x3d,0x88,0x44,0x35,0x7c,
+ 0x0a,0xf7,0x9a,0x09,0x0e,0xcc,0x80,0x57,0x0c,0x64,0x15,0x45,0xbe,0xb4,0x2a,0x12,
+ 0x48,0xa5,0x2d,0xe6,0x12,0xf2,0xe0,0xf8,0x83,0x44,0x96,0x33,0x1a,0x73,0x54,0xf7,
+ 0xeb,0x91,0xa1,0x94,0x3b,0x5c,0xb3,0xb6,0xcf,0x19,0x84,0x51,0x73,0x5f,0xb5,0x54,
+ 0x92,0x2f,0x04,0xf0,0x09,0xa5,0x2a,0x15,0xd9,0x93,0x69,0xad,0xc2,0xe4,0x6b,0x09,
+ 0xbb,0x87,0x1f,0x4f,0x3e,0xc1,0x90,0x5a,0xcd,0x79,0x2b,0x8c,0x81,0xa3,0xd7,0x4b,
+ 0x31,0x6f,0xf9,0xd2,0x0b,0x93,0xf4,0x88,0x17,0xae,0x61,0x86,0x77,0xdc,0x94,0x51,
+ 0xf5,0x82,0xec,0x99,0x95,0xf4,0x45,0x52,0xf4,0x24,0x49,0x53,0xcd,0xe8,0x3f,0x11),
+ .d = chunk_from_chars(
+ 0x05,0x50,0x8e,0x4a,0xec,0x1e,0x7e,0xad,0xdd,0x40,0x20,0x4c,0x8a,0x3a,0x38,0x90,
+ 0x48,0x79,0x2b,0x4d,0x1f,0x15,0x0d,0xc5,0x3a,0x10,0x9a,0xc8,0x05,0x5f,0xa9,0x49,
+ 0x22,0x78,0x2c,0x43,0xc3,0x07,0x12,0x36,0x65,0x8b,0x1c,0x7b,0x5d,0x07,0xb2,0xef,
+ 0xae,0xef,0x39,0x44,0x9e,0x02,0x80,0x97,0x98,0x0b,0x0a,0x3a,0x20,0x40,0x68,0x47,
+ 0xed,0x3f,0x79,0x5d,0x03,0xd5,0xfc,0xed,0x2a,0x39,0x08,0x24,0x58,0x9f,0x57,0x1f,
+ 0x5d,0xbb,0x79,0x5d,0x97,0x7e,0x8b,0x76,0x9a,0xdd,0x7f,0x4e,0xe7,0x65,0x82,0x9d,
+ 0x59,0xb4,0xb5,0xb5,0x8e,0xf0,0xda,0xa6,0xc8,0x68,0x2f,0x13,0x84,0x49,0xd8,0x7a,
+ 0xd4,0x30,0x7f,0xc0,0x46,0xcc,0xf6,0x36,0x03,0xef,0xf9,0xee,0xb1,0x48,0x2d,0xd7,
+ 0x4d,0xa2,0x55,0x98,0x4f,0x2b,0xd3,0x00,0xab,0xa6,0xb9,0x54,0x9d,0x5d,0x6e,0xab,
+ 0x02,0x7f,0x73,0xa8,0xf9,0x69,0x5a,0x81,0x40,0xdd,0x6c,0x83,0x9e,0xd6,0xf0,0x48,
+ 0x19,0xc3,0x8e,0xac,0xd8,0x75,0x3b,0xbb,0xbd,0x66,0xf3,0x4d,0xd1,0x6d,0xa4,0x04,
+ 0x4f,0x93,0xa5,0x00,0xc4,0x80,0x3f,0x33,0xf6,0xbc,0x20,0xbe,0x75,0xd1,0x30,0x25,
+ 0x46,0x1f,0xc5,0xb7,0x83,0xd9,0xc7,0x64,0x64,0xe8,0x95,0xaa,0x82,0x3f,0x18,0xd7,
+ 0xfe,0x7b,0xac,0xd8,0x91,0xe7,0xf9,0x60,0xfe,0xd6,0xf7,0xe8,0x77,0x41,0x3d,0x46,
+ 0x0a,0x1d,0xdc,0x4e,0x47,0xe7,0xde,0xcb,0x3f,0xae,0xf4,0x1c,0x34,0x74,0xfc,0x9b,
+ 0xb4,0x33,0x03,0xb8,0x02,0x71,0x30,0xb4,0x86,0x21,0x58,0xd0,0x17,0xf0,0x57,0x0b,
+ 0x51,0x9b,0x3f,0x87,0x55,0xe6,0x8b,0xba,0x10,0x38,0xca,0x25,0x0a,0x1c,0x7c,0xda,
+ 0x22,0xc3,0xbd,0xa9,0xaa,0xca,0x24,0xa5,0x0a,0x56,0x8c,0xca,0x52,0xab,0x72,0x21,
+ 0x41,0xbf,0x8b,0xdc,0x07,0x77,0x0e,0x69,0x32,0x96,0x64,0x52,0x72,0x58,0x25,0x90,
+ 0x32,0x8e,0x4f,0x11,0x69,0xac,0x57,0xab,0xa7,0x74,0xa9,0x81,0x89,0x89,0xc4,0xa0,
+ 0x69,0x10,0x4a,0x9d,0xcc,0xe8,0x72,0xea,0x45,0xb2,0x39,0x2a,0xf7,0x56,0xd9,0x72,
+ 0x06,0xac,0x90,0x7c,0x6f,0xde,0x9c,0xe5,0x33,0x08,0x3f,0x54,0x68,0xc3,0x04,0xff,
+ 0x2e,0x4d,0xef,0xca,0xfb,0xd5,0xe2,0x35,0xa2,0x41,0x56,0xee,0xf6,0x05,0x94,0xe9,
+ 0xf2,0xf4,0x97,0x40,0xa6,0x0f,0xf3,0x62,0x37,0xc1,0x7e,0x93,0x7c,0x27,0x51,0xf5),
+ .e = chunk_from_chars(0x09,0x8f,0xfb),
+ .m = chunk_from_chars(
+ 0xdd,0xdb,0x05,0xcb,0x9b,0xf1,0x0c,0x14,0xe7,0xdd,0x1e,0x9f,0x3b,0x3d,0x2b,0x32,
+ 0x9a,0x17,0xf3,0x16,0x76,0x28,0x10,0x11,0xd2,0x78,0x37,0x94,0xa4,0x32,0xbb,0x34,
+ 0x7d,0xb3,0x52,0x5e,0x6b,0xe1,0x1c,0x47,0x1f,0xbe,0xe1,0x23,0x4b,0x3d,0x9b,0x97,
+ 0x4e,0x54,0x34,0x70,0x13,0x52,0x90,0x95,0x36,0x73,0xce,0x3a,0x69,0xb1,0xcb,0x57,
+ 0x17,0xde,0xe8,0x59,0x47,0xf0,0x0e,0x17,0xc2,0x9c,0xef,0x07,0x78,0x26,0x8e,0xb2,
+ 0x20,0x77,0x01,0x65,0x1f,0x70,0x75,0x2a,0xab,0x7e,0x74,0xf6,0x30,0x6e,0x63,0x24,
+ 0xf2,0x83,0x4f,0x22,0xf5,0xc6,0xe9,0x6b,0x1a,0x9e,0xce,0xb5,0x8a,0xa0,0x0c,0x6b,
+ 0x57,0xa8,0xe2,0x5d,0x61,0x29,0xc8,0xb7,0x77,0xc1,0xaf,0x2f,0xbf,0x11,0x8a,0x83),
+ .s = chunk_from_chars(
+ 0x11,0x10,0x7c,0x6d,0xa7,0xa7,0x6d,0xba,0x8c,0xe8,0xde,0x3d,0x5c,0x90,0xc6,0xbc,
+ 0xca,0xf3,0x3f,0xb9,0xa7,0xec,0x4d,0x40,0xa9,0x7f,0xbc,0xde,0xba,0xf6,0xe6,0x5c,
+ 0x09,0x5b,0x67,0xdf,0xa1,0x71,0xc5,0x4a,0x33,0x64,0xa6,0xde,0xd7,0x18,0xe1,0xbe,
+ 0xbb,0xb4,0x97,0xd1,0x5f,0x1d,0xe1,0x33,0xb5,0x82,0x97,0xe0,0x8c,0x1b,0x20,0x0f,
+ 0x84,0x66,0x57,0x9c,0xb8,0xe9,0xc3,0xdb,0xe5,0xf7,0x24,0x28,0x2e,0x5b,0xb2,0x85,
+ 0x70,0xa4,0x1d,0x8d,0x35,0xad,0x6e,0x13,0x1e,0xb2,0xa1,0xd3,0x29,0xd8,0xb0,0x8d,
+ 0x10,0xfa,0xf7,0x6f,0xdb,0xe7,0x42,0x17,0xa2,0x76,0x93,0x6b,0x15,0x93,0xb1,0xd3,
+ 0xa1,0x18,0x91,0xd1,0x86,0x41,0xc0,0xbe,0xe0,0xc3,0x7e,0x68,0xbf,0x75,0xad,0xd9,
+ 0xe7,0xdc,0xf3,0xb9,0xb4,0x41,0x3f,0xa3,0xec,0x90,0x67,0x60,0x38,0x16,0x1f,0x68,
+ 0xfe,0x3a,0xf6,0x4d,0x69,0xa1,0x6f,0xc2,0x2c,0x8e,0xa7,0xc0,0x6f,0x86,0xbc,0xbb,
+ 0xa6,0x67,0x9b,0x6f,0xa4,0x58,0x58,0xc8,0x7e,0xc2,0xda,0x88,0x96,0x92,0x0d,0xfd,
+ 0x77,0xfd,0x16,0xd9,0x53,0xe9,0x84,0x62,0x42,0x03,0xcc,0x21,0x78,0xd2,0x20,0xfa,
+ 0x47,0xba,0x9a,0x6d,0xdb,0xe7,0x59,0xdb,0x3d,0xc4,0x22,0x4c,0x7c,0xcb,0x09,0xb2,
+ 0x9e,0x20,0x07,0x22,0xa7,0x45,0xd3,0x32,0x92,0x09,0x32,0x3a,0x08,0x2a,0x3f,0x7a,
+ 0x2c,0x62,0x4b,0x40,0x53,0xfa,0x42,0x18,0x3d,0xd2,0x2b,0x7f,0x49,0xc4,0x56,0x9f,
+ 0x8c,0x3d,0x49,0x51,0x57,0x53,0xb9,0x93,0xef,0x81,0x22,0xc3,0x69,0x85,0xe9,0x6a,
+ 0x32,0x89,0xaf,0x8d,0x6e,0x22,0x93,0x4b,0xbc,0xf7,0x55,0x1b,0x15,0x70,0x92,0x31,
+ 0x58,0xd1,0xb5,0x54,0xc1,0x3f,0x4f,0xe0,0x8f,0xaf,0xf4,0x89,0x8b,0xe9,0x2f,0x6e,
+ 0x66,0xff,0x74,0xa8,0x0b,0x13,0x70,0x3e,0x0d,0x26,0x65,0xdb,0x71,0x5c,0x55,0x9e,
+ 0x68,0xbe,0xad,0x6f,0x6b,0x75,0x93,0xf0,0x2e,0xfb,0xd6,0x8c,0x67,0x62,0x56,0xae,
+ 0x86,0x95,0xa5,0x1d,0xab,0x90,0xe3,0x29,0x86,0x69,0x7f,0x4e,0xde,0x07,0x66,0x28,
+ 0x17,0x6c,0xa6,0xb6,0x51,0x91,0x8d,0x74,0x9f,0xd0,0x1a,0x16,0xa8,0x7a,0xda,0xad,
+ 0x4a,0xae,0x93,0xb8,0xc0,0x5d,0x92,0x56,0x5e,0xc6,0x82,0x17,0xaa,0xab,0x96,0x76,
+ 0x23,0xda,0x3e,0x5a,0x50,0x95,0x64,0x2c,0xc1,0x7d,0x73,0x0a,0x6d,0x95,0x9c,0xfa),
+ },
+ {
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, },
+ .n = chunk_from_chars(
+ 0xb4,0x3d,0x4a,0x44,0x6d,0xe4,0x5a,0xa8,0xf3,0x36,0xb9,0x3a,0x4c,0x59,0x23,0xf3,
+ 0xa5,0x38,0x6e,0xf8,0xdd,0x1e,0x94,0xc4,0x23,0x00,0xde,0x08,0x80,0xe9,0xbd,0x08,
+ 0x28,0xfb,0x32,0xe3,0x6e,0x4c,0x50,0xcb,0xf6,0x66,0x03,0x7a,0x8f,0x2e,0x05,0xf4,
+ 0x57,0x73,0x89,0x6c,0x10,0xae,0xa9,0x75,0xb3,0xdb,0xf4,0xc4,0xcd,0xfc,0x24,0xa0,
+ 0x38,0xc5,0xc0,0x6d,0x36,0x1b,0xaf,0x84,0xc3,0x8f,0xc2,0x2c,0x03,0xa3,0x6b,0x9d,
+ 0xce,0x38,0xe0,0x90,0x11,0x1d,0x9c,0x13,0x23,0xd7,0xa7,0x7d,0x3e,0x04,0xb7,0x13,
+ 0xfa,0xf7,0x40,0x96,0x5a,0x9e,0x18,0x83,0xee,0x37,0x75,0x48,0x9a,0xb5,0x14,0xce,
+ 0x48,0x07,0x86,0xf9,0xeb,0x74,0x1c,0x60,0xab,0x89,0x6a,0x9d,0x6e,0xae,0x3a,0x53,
+ 0xed,0x92,0x68,0x76,0x8c,0x21,0xf7,0x9e,0x30,0x75,0x9e,0x0b,0x01,0xab,0x7f,0xa2,
+ 0x24,0xea,0x82,0x29,0xc2,0x93,0x78,0x00,0x58,0xf2,0x58,0xe9,0x22,0x6d,0x73,0x74,
+ 0xac,0x42,0x5e,0xf1,0xd2,0xb6,0xe0,0x6e,0x5b,0x26,0x3d,0xf0,0xc6,0xd6,0x6c,0x00,
+ 0xed,0x26,0xcb,0xf2,0x46,0xa5,0xaf,0x0a,0x01,0x63,0x33,0x68,0x86,0xef,0x8d,0x92,
+ 0x9b,0x37,0x74,0x9a,0x08,0xf0,0xec,0x1d,0xb0,0x59,0x73,0xa8,0xaf,0xc8,0x17,0x78,
+ 0xb6,0xcc,0x91,0x06,0xf9,0x2b,0x14,0x53,0xf1,0x52,0x86,0x97,0xb1,0xdc,0x8d,0xd0,
+ 0xb2,0x55,0xe8,0x01,0x06,0x0f,0xe1,0x79,0xb2,0xd1,0x0a,0x9c,0x4c,0x3e,0x13,0xf3,
+ 0xc5,0x6f,0xa6,0xd5,0x51,0x66,0xf6,0x46,0x1a,0xf4,0xaa,0xf4,0xf4,0x16,0x8f,0xd5,
+ 0xea,0x6d,0xad,0xed,0xaa,0x3f,0x9f,0x1d,0xe4,0xde,0x99,0x3d,0x88,0x44,0x35,0x7c,
+ 0x0a,0xf7,0x9a,0x09,0x0e,0xcc,0x80,0x57,0x0c,0x64,0x15,0x45,0xbe,0xb4,0x2a,0x12,
+ 0x48,0xa5,0x2d,0xe6,0x12,0xf2,0xe0,0xf8,0x83,0x44,0x96,0x33,0x1a,0x73,0x54,0xf7,
+ 0xeb,0x91,0xa1,0x94,0x3b,0x5c,0xb3,0xb6,0xcf,0x19,0x84,0x51,0x73,0x5f,0xb5,0x54,
+ 0x92,0x2f,0x04,0xf0,0x09,0xa5,0x2a,0x15,0xd9,0x93,0x69,0xad,0xc2,0xe4,0x6b,0x09,
+ 0xbb,0x87,0x1f,0x4f,0x3e,0xc1,0x90,0x5a,0xcd,0x79,0x2b,0x8c,0x81,0xa3,0xd7,0x4b,
+ 0x31,0x6f,0xf9,0xd2,0x0b,0x93,0xf4,0x88,0x17,0xae,0x61,0x86,0x77,0xdc,0x94,0x51,
+ 0xf5,0x82,0xec,0x99,0x95,0xf4,0x45,0x52,0xf4,0x24,0x49,0x53,0xcd,0xe8,0x3f,0x11),
+ .d = chunk_from_chars(
+ 0x05,0x50,0x8e,0x4a,0xec,0x1e,0x7e,0xad,0xdd,0x40,0x20,0x4c,0x8a,0x3a,0x38,0x90,
+ 0x48,0x79,0x2b,0x4d,0x1f,0x15,0x0d,0xc5,0x3a,0x10,0x9a,0xc8,0x05,0x5f,0xa9,0x49,
+ 0x22,0x78,0x2c,0x43,0xc3,0x07,0x12,0x36,0x65,0x8b,0x1c,0x7b,0x5d,0x07,0xb2,0xef,
+ 0xae,0xef,0x39,0x44,0x9e,0x02,0x80,0x97,0x98,0x0b,0x0a,0x3a,0x20,0x40,0x68,0x47,
+ 0xed,0x3f,0x79,0x5d,0x03,0xd5,0xfc,0xed,0x2a,0x39,0x08,0x24,0x58,0x9f,0x57,0x1f,
+ 0x5d,0xbb,0x79,0x5d,0x97,0x7e,0x8b,0x76,0x9a,0xdd,0x7f,0x4e,0xe7,0x65,0x82,0x9d,
+ 0x59,0xb4,0xb5,0xb5,0x8e,0xf0,0xda,0xa6,0xc8,0x68,0x2f,0x13,0x84,0x49,0xd8,0x7a,
+ 0xd4,0x30,0x7f,0xc0,0x46,0xcc,0xf6,0x36,0x03,0xef,0xf9,0xee,0xb1,0x48,0x2d,0xd7,
+ 0x4d,0xa2,0x55,0x98,0x4f,0x2b,0xd3,0x00,0xab,0xa6,0xb9,0x54,0x9d,0x5d,0x6e,0xab,
+ 0x02,0x7f,0x73,0xa8,0xf9,0x69,0x5a,0x81,0x40,0xdd,0x6c,0x83,0x9e,0xd6,0xf0,0x48,
+ 0x19,0xc3,0x8e,0xac,0xd8,0x75,0x3b,0xbb,0xbd,0x66,0xf3,0x4d,0xd1,0x6d,0xa4,0x04,
+ 0x4f,0x93,0xa5,0x00,0xc4,0x80,0x3f,0x33,0xf6,0xbc,0x20,0xbe,0x75,0xd1,0x30,0x25,
+ 0x46,0x1f,0xc5,0xb7,0x83,0xd9,0xc7,0x64,0x64,0xe8,0x95,0xaa,0x82,0x3f,0x18,0xd7,
+ 0xfe,0x7b,0xac,0xd8,0x91,0xe7,0xf9,0x60,0xfe,0xd6,0xf7,0xe8,0x77,0x41,0x3d,0x46,
+ 0x0a,0x1d,0xdc,0x4e,0x47,0xe7,0xde,0xcb,0x3f,0xae,0xf4,0x1c,0x34,0x74,0xfc,0x9b,
+ 0xb4,0x33,0x03,0xb8,0x02,0x71,0x30,0xb4,0x86,0x21,0x58,0xd0,0x17,0xf0,0x57,0x0b,
+ 0x51,0x9b,0x3f,0x87,0x55,0xe6,0x8b,0xba,0x10,0x38,0xca,0x25,0x0a,0x1c,0x7c,0xda,
+ 0x22,0xc3,0xbd,0xa9,0xaa,0xca,0x24,0xa5,0x0a,0x56,0x8c,0xca,0x52,0xab,0x72,0x21,
+ 0x41,0xbf,0x8b,0xdc,0x07,0x77,0x0e,0x69,0x32,0x96,0x64,0x52,0x72,0x58,0x25,0x90,
+ 0x32,0x8e,0x4f,0x11,0x69,0xac,0x57,0xab,0xa7,0x74,0xa9,0x81,0x89,0x89,0xc4,0xa0,
+ 0x69,0x10,0x4a,0x9d,0xcc,0xe8,0x72,0xea,0x45,0xb2,0x39,0x2a,0xf7,0x56,0xd9,0x72,
+ 0x06,0xac,0x90,0x7c,0x6f,0xde,0x9c,0xe5,0x33,0x08,0x3f,0x54,0x68,0xc3,0x04,0xff,
+ 0x2e,0x4d,0xef,0xca,0xfb,0xd5,0xe2,0x35,0xa2,0x41,0x56,0xee,0xf6,0x05,0x94,0xe9,
+ 0xf2,0xf4,0x97,0x40,0xa6,0x0f,0xf3,0x62,0x37,0xc1,0x7e,0x93,0x7c,0x27,0x51,0xf5),
+ .e = chunk_from_chars(0x09,0x8f,0xfb),
+ .m = chunk_from_chars(
+ 0xdd,0xdb,0x05,0xcb,0x9b,0xf1,0x0c,0x14,0xe7,0xdd,0x1e,0x9f,0x3b,0x3d,0x2b,0x32,
+ 0x9a,0x17,0xf3,0x16,0x76,0x28,0x10,0x11,0xd2,0x78,0x37,0x94,0xa4,0x32,0xbb,0x34,
+ 0x7d,0xb3,0x52,0x5e,0x6b,0xe1,0x1c,0x47,0x1f,0xbe,0xe1,0x23,0x4b,0x3d,0x9b,0x97,
+ 0x4e,0x54,0x34,0x70,0x13,0x52,0x90,0x95,0x36,0x73,0xce,0x3a,0x69,0xb1,0xcb,0x57,
+ 0x17,0xde,0xe8,0x59,0x47,0xf0,0x0e,0x17,0xc2,0x9c,0xef,0x07,0x78,0x26,0x8e,0xb2,
+ 0x20,0x77,0x01,0x65,0x1f,0x70,0x75,0x2a,0xab,0x7e,0x74,0xf6,0x30,0x6e,0x63,0x24,
+ 0xf2,0x83,0x4f,0x22,0xf5,0xc6,0xe9,0x6b,0x1a,0x9e,0xce,0xb5,0x8a,0xa0,0x0c,0x6b,
+ 0x57,0xa8,0xe2,0x5d,0x61,0x29,0xc8,0xb7,0x77,0xc1,0xaf,0x2f,0xbf,0x11,0x8a,0x83),
+ .s = chunk_from_chars(
+ 0x11,0x10,0x7c,0x6d,0xa7,0xa7,0x6d,0xba,0x8c,0xe8,0xde,0x3d,0x5c,0x90,0xc6,0xbc,
+ 0xca,0xf3,0x3f,0xb9,0xa7,0xec,0x4d,0x40,0xa9,0x7f,0xbc,0xde,0xba,0xf6,0xe6,0x5c,
+ 0x09,0x5b,0x67,0xdf,0xa1,0x71,0xc5,0x4a,0x33,0x64,0xa6,0xde,0xd7,0x18,0xe1,0xbe,
+ 0xbb,0xb4,0x97,0xd1,0x5f,0x1d,0xe1,0x33,0xb5,0x82,0x97,0xe0,0x8c,0x1b,0x20,0x0f,
+ 0x84,0x66,0x57,0x9c,0xb8,0xe9,0xc3,0xdb,0xe5,0xf7,0x24,0x28,0x2e,0x5b,0xb2,0x85,
+ 0x70,0xa4,0x1d,0x8d,0x35,0xad,0x6e,0x13,0x1e,0xb2,0xa1,0xd3,0x29,0xd8,0xb0,0x8d,
+ 0x10,0xfa,0xf7,0x6f,0xdb,0xe7,0x42,0x17,0xa2,0x76,0x93,0x6b,0x15,0x93,0xb1,0xd3,
+ 0xa1,0x18,0x91,0xd1,0x86,0x41,0xc0,0xbe,0xe0,0xc3,0x7e,0x68,0xbf,0x75,0xad,0xd9,
+ 0xe7,0xdc,0xf3,0xb9,0xb4,0x41,0x3f,0xa3,0xec,0x90,0x67,0x60,0x38,0x16,0x1f,0x68,
+ 0xfe,0x3a,0xf6,0x4d,0x69,0xa1,0x6f,0xc2,0x2c,0x8e,0xa7,0xc0,0x6f,0x86,0xbc,0xbb,
+ 0xa6,0x67,0x9b,0x6f,0xa4,0x58,0x58,0xc8,0x7e,0xc2,0xda,0x88,0x96,0x92,0x0d,0xfd,
+ 0x77,0xfd,0x16,0xd9,0x53,0xe9,0x84,0x62,0x42,0x03,0xcc,0x21,0x78,0xd2,0x20,0xfa,
+ 0x47,0xba,0x9a,0x6d,0xdb,0xe7,0x59,0xdb,0x3d,0xc4,0x22,0x4c,0x7c,0xcb,0x09,0xb2,
+ 0x9e,0x20,0x07,0x22,0xa7,0x45,0xd3,0x32,0x92,0x09,0x32,0x3a,0x08,0x2a,0x3f,0x7a,
+ 0x2c,0x62,0x4b,0x40,0x53,0xfa,0x42,0x18,0x3d,0xd2,0x2b,0x7f,0x49,0xc4,0x56,0x9f,
+ 0x8c,0x3d,0x49,0x51,0x57,0x53,0xb9,0x93,0xef,0x81,0x22,0xc3,0x69,0x85,0xe9,0x6a,
+ 0x32,0x89,0xaf,0x8d,0x6e,0x22,0x93,0x4b,0xbc,0xf7,0x55,0x1b,0x15,0x70,0x92,0x31,
+ 0x58,0xd1,0xb5,0x54,0xc1,0x3f,0x4f,0xe0,0x8f,0xaf,0xf4,0x89,0x8b,0xe9,0x2f,0x6e,
+ 0x66,0xff,0x74,0xa8,0x0b,0x13,0x70,0x3e,0x0d,0x26,0x65,0xdb,0x71,0x5c,0x55,0x9e,
+ 0x68,0xbe,0xad,0x6f,0x6b,0x75,0x93,0xf0,0x2e,0xfb,0xd6,0x8c,0x67,0x62,0x56,0xae,
+ 0x86,0x95,0xa5,0x1d,0xab,0x90,0xe3,0x29,0x86,0x69,0x7f,0x4e,0xde,0x07,0x66,0x28,
+ 0x17,0x6c,0xa6,0xb6,0x51,0x91,0x8d,0x74,0x9f,0xd0,0x1a,0x16,0xa8,0x7a,0xda,0xad,
+ 0x4a,0xae,0x93,0xb8,0xc0,0x5d,0x92,0x56,0x5e,0xc6,0x82,0x17,0xaa,0xab,0x96,0x76,
+ 0x23,0xda,0x3e,0x5a,0x50,0x95,0x64,0x2c,0xc1,0x7d,0x73,0x0a,0x6d,0x95,0x9c,0xfa),
+ },
+ {
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, },
+ .n = chunk_from_chars(
+ 0xa3,0xf2,0x23,0x5a,0xd2,0x05,0x3b,0x4c,0x83,0xfa,0x38,0xf8,0x28,0x4e,0xd8,0x05,
+ 0x42,0x16,0x21,0xfe,0x98,0x84,0x5f,0xb0,0x1b,0x68,0x9f,0x5b,0x82,0xb3,0x25,0x11,
+ 0xb6,0xd1,0x61,0x73,0xe7,0xb4,0x0a,0x66,0xa3,0xa9,0x99,0xc1,0x89,0xbe,0xb9,0xe0,
+ 0x68,0x22,0x15,0x0a,0xc8,0xbe,0x67,0x71,0x86,0x37,0x0c,0x82,0x3b,0x52,0x77,0xd9,
+ 0x09,0xde,0x07,0x56,0x4e,0x28,0x1c,0xca,0x2f,0x13,0x87,0x3d,0x9d,0x07,0xb7,0xbd,
+ 0x85,0xa2,0xb9,0xac,0x66,0xf4,0xce,0x4f,0x5e,0x38,0xb8,0xe9,0xee,0xbe,0xc0,0x4c,
+ 0x8c,0xaf,0x31,0x1e,0x37,0x5d,0x69,0xe8,0x08,0x51,0xd5,0x59,0xb8,0xe9,0x0e,0x85,
+ 0xba,0x6b,0x96,0x47,0x67,0x90,0xf7,0x27,0xc2,0x5a,0xa8,0x16,0x30,0x62,0xec,0x85,
+ 0x43,0xfc,0xc7,0x75,0x9b,0xe6,0x2c,0x77,0x68,0xec,0xc3,0x7f,0x34,0x0b,0xb0,0x61,
+ 0x02,0x76,0x2b,0xf0,0x44,0x1c,0xa1,0xaa,0x2c,0x7a,0x81,0xbf,0x37,0xdc,0x8b,0x27,
+ 0x43,0x9d,0x3a,0xbb,0xa9,0x38,0x12,0xc9,0xbb,0x44,0xfe,0x4d,0x6a,0x94,0xba,0xae,
+ 0x70,0x93,0x79,0xf5,0xce,0x5d,0x0c,0x8f,0x81,0xd0,0x00,0x86,0xb9,0xca,0xa3,0x02,
+ 0x68,0x19,0x58,0x8f,0x49,0x1b,0x52,0x58,0x07,0x89,0x9c,0xda,0xb3,0x3d,0x8e,0x99,
+ 0x21,0x50,0xd2,0xb1,0x05,0xd3,0xaa,0xb6,0x15,0x21,0x7c,0x6a,0x3d,0x74,0x08,0x31,
+ 0xc7,0xdc,0x76,0xfa,0xab,0xd9,0xc9,0xb9,0x81,0x7e,0xad,0x0b,0x49,0x45,0x66,0xde,
+ 0x14,0x33,0xff,0xf5,0xba,0x46,0x04,0xc6,0xb8,0x44,0x6f,0x6f,0xc3,0x5e,0x74,0x6a,
+ 0xff,0x84,0xff,0x8b,0xd7,0x50,0x04,0x10,0xd1,0x0e,0x82,0xbf,0x4c,0x90,0x36,0x48,
+ 0x9d,0xe4,0x7d,0xee,0x9a,0x32,0x7a,0x5c,0x45,0x10,0xd8,0x56,0x13,0x21,0xb9,0x1d,
+ 0x55,0x55,0x9a,0x4c,0xba,0x85,0xe0,0xc3,0x61,0x76,0x70,0x84,0xb2,0x52,0x17,0xe8,
+ 0xa6,0x3c,0x4e,0x15,0x1a,0x1e,0x88,0x68,0x9f,0xee,0xcf,0xfd,0x16,0xfa,0x0a,0x65,
+ 0xae,0x41,0xd2,0xba,0xbc,0xa9,0x9c,0xf1,0xb9,0x59,0xc3,0xc0,0x76,0xc0,0xf7,0x59,
+ 0x74,0x14,0x6f,0x2c,0xc4,0x94,0x12,0x6f,0xbe,0xca,0xd4,0x21,0x7b,0x9a,0xaa,0x00,
+ 0xf1,0x69,0xfa,0x51,0x25,0x27,0xff,0x5a,0x0b,0x50,0xda,0x46,0xd6,0xbe,0x87,0x0e,
+ 0xce,0xf2,0xaf,0x7a,0x1e,0x6c,0x45,0x56,0xf6,0xf7,0xa0,0xa0,0x0b,0x9f,0x47,0xcb),
+ .d = chunk_from_chars(
+ 0x3c,0x27,0x68,0x73,0x67,0xeb,0xd2,0x14,0x0b,0x4f,0x4f,0x20,0x24,0xae,0x38,0xe3,
+ 0xac,0xde,0xe1,0xfa,0x8a,0xb7,0xce,0xa9,0x91,0x4e,0xec,0xb5,0x80,0x11,0x30,0x15,
+ 0x1b,0x87,0x9f,0x7d,0xd9,0xc8,0xc5,0x23,0xfb,0xeb,0x16,0xea,0x4c,0x35,0x8b,0xfb,
+ 0x2b,0x6e,0x49,0x2b,0x46,0x66,0xb4,0xff,0x3f,0x2d,0xce,0xae,0x50,0xc3,0x3e,0xd5,
+ 0xb2,0x84,0x45,0x40,0x52,0x15,0xb6,0x4d,0xd8,0xd9,0x20,0x06,0xe6,0x81,0xa4,0x5f,
+ 0x78,0x98,0x34,0x31,0xc0,0xdb,0x66,0x4a,0x78,0x75,0x59,0x47,0x9a,0x3a,0x27,0x9b,
+ 0xd6,0xab,0x71,0xf9,0xd1,0x5f,0x01,0x09,0x37,0x05,0x47,0xcb,0x12,0xb7,0xaa,0x90,
+ 0xa8,0x4c,0x1d,0x16,0x51,0xb9,0xbe,0xe5,0xd2,0xe6,0x22,0x60,0x11,0x49,0x18,0x97,
+ 0xeb,0xf8,0x91,0xfa,0x67,0xcd,0x19,0xfa,0x4f,0xed,0x77,0xcc,0xd5,0xf9,0x63,0x43,
+ 0x74,0x3d,0x8b,0xd2,0x2e,0x46,0xda,0xbd,0xab,0x46,0x9a,0xdc,0x46,0x4a,0xcf,0x29,
+ 0xc3,0xa0,0x8f,0x57,0x48,0xf4,0xb0,0x0b,0xb1,0x55,0x87,0xee,0x44,0x4b,0x76,0x5c,
+ 0x06,0x9d,0xe3,0xe7,0x1d,0x09,0xe2,0x4a,0x69,0xb6,0x27,0xac,0x6f,0xc3,0x49,0x7d,
+ 0x9d,0x32,0xd7,0x97,0x1f,0xc4,0x47,0x1d,0x5d,0xd4,0x39,0x65,0x2d,0x73,0x93,0xfa,
+ 0x3b,0x43,0x4b,0x52,0x54,0xa4,0xcb,0x10,0x64,0xde,0xa1,0xd1,0xba,0x41,0x18,0x1a,
+ 0x6c,0x36,0x72,0xe3,0xe0,0xf6,0xa2,0x84,0xf2,0x31,0x21,0xdc,0x7a,0x14,0xa4,0xc7,
+ 0xa7,0x6e,0xbc,0x2b,0xfd,0x09,0xcb,0x69,0x84,0x1c,0xa9,0x59,0x07,0xcc,0x30,0xc9,
+ 0x4e,0x69,0x27,0x51,0x1c,0x72,0xe9,0x7d,0xd3,0x33,0x0b,0xb4,0x56,0x48,0x8d,0x91,
+ 0x9f,0xaf,0xd6,0xd8,0xf1,0x97,0x59,0xab,0x4c,0x37,0x46,0x63,0x14,0x75,0x1e,0x53,
+ 0xab,0x13,0x92,0x72,0xe8,0xd6,0x7c,0x0d,0xc0,0x42,0x49,0xd3,0x00,0xee,0x63,0x5a,
+ 0x20,0xa4,0xf6,0x5e,0xd7,0xcf,0xb3,0x0d,0x18,0x13,0xd0,0xb7,0x58,0x58,0xf2,0xf8,
+ 0xf9,0x10,0xc0,0x5b,0xcc,0x20,0x13,0xba,0x5c,0x93,0x21,0xc4,0x95,0xe1,0x41,0xa6,
+ 0x17,0xfa,0x73,0x18,0x19,0x18,0x90,0x9d,0xab,0xc3,0xf9,0xde,0x59,0x4a,0x19,0x33,
+ 0x12,0xe1,0x47,0x72,0xb4,0xa5,0x9b,0x4f,0xb7,0x2e,0x73,0x15,0xc0,0x55,0x23,0x6a,
+ 0x78,0x9e,0xb4,0xd2,0x24,0x60,0x97,0x45,0x72,0x1e,0x73,0x03,0x1c,0x91,0x13,0xe7),
+ .e = chunk_from_chars(0xb3,0xf5,0x7f),
+ .m = chunk_from_chars(
+ 0xbe,0x2f,0x3e,0x1d,0xc8,0xa3,0x71,0x15,0x70,0x40,0x1b,0xd5,0x35,0x18,0x54,0x26,
+ 0x94,0x4d,0x09,0x4e,0x84,0x81,0xa1,0x2a,0x43,0x8d,0xe0,0x7d,0x54,0x76,0x0c,0x88,
+ 0xc9,0x9d,0x4f,0xdb,0xbe,0x35,0x5d,0x6a,0x26,0xfa,0x56,0xe3,0xca,0x20,0xee,0x3f,
+ 0x8e,0x8a,0xcb,0x98,0xf6,0x3d,0x2f,0x3a,0xea,0x14,0xd6,0xfc,0xb6,0xb5,0x22,0xd1,
+ 0x55,0xc3,0x75,0x9a,0xef,0x56,0xde,0x3e,0xa0,0xa8,0xf9,0xfd,0x7b,0x11,0x10,0x01,
+ 0xcf,0x35,0x86,0x36,0xa8,0x7c,0x76,0x5c,0x99,0xc2,0x97,0x5b,0xb9,0x50,0x63,0xd6,
+ 0xec,0x0b,0x78,0x02,0x64,0xec,0x3e,0xb9,0x67,0xb0,0xca,0xca,0x52,0xd1,0x02,0x94,
+ 0xde,0xb4,0x02,0xd3,0xa2,0x24,0xbf,0xb9,0xd9,0xff,0xea,0x41,0x66,0x2f,0x18,0xc0),
+ .s = chunk_from_chars(
+ 0x78,0x7c,0xdd,0x6e,0x1d,0x4f,0xdf,0x9a,0x0d,0x9f,0x96,0x5e,0xb8,0x57,0x25,0x23,
+ 0x2a,0x9e,0xfc,0xc1,0x2a,0xbf,0xa1,0xef,0x25,0xa8,0x1e,0x09,0x83,0x11,0x1d,0x90,
+ 0x00,0xd4,0x94,0xfc,0x7d,0x32,0x01,0xeb,0x3b,0xba,0x32,0x73,0x02,0x72,0x7f,0x70,
+ 0x86,0x14,0x7a,0x75,0x5b,0x48,0x27,0x03,0x0c,0x72,0x76,0x53,0x6f,0x42,0x55,0x93,
+ 0xab,0x2e,0x91,0x27,0xa1,0x49,0xe7,0x54,0xde,0x7a,0xd7,0x7f,0x8c,0x20,0x43,0x26,
+ 0x7d,0xb4,0x9f,0x8a,0x35,0x03,0x1d,0x83,0xf1,0x3d,0x14,0x0d,0x5d,0xf4,0xd4,0x24,
+ 0xb4,0x74,0x54,0x04,0x1a,0x23,0xb9,0x2f,0xf6,0x81,0x8e,0x74,0x9d,0x65,0xd0,0x1f,
+ 0xc5,0x0b,0xeb,0xf6,0x91,0x52,0xf3,0xf5,0xfc,0xb4,0x87,0x3b,0x10,0x36,0x21,0x9e,
+ 0x22,0xb1,0xe7,0x4f,0x83,0x68,0xc8,0xc5,0x01,0xce,0x65,0xf2,0xc9,0x29,0xd9,0x0a,
+ 0x8e,0xc8,0x99,0x63,0x0e,0x80,0x25,0x47,0xa7,0xca,0x6e,0xf1,0x8a,0xb3,0xcb,0x3e,
+ 0xb4,0xa6,0x91,0xee,0x68,0xae,0xbe,0xaf,0x1b,0x9c,0x05,0x5a,0xd1,0x22,0x18,0x03,
+ 0x9c,0xf4,0x80,0xcd,0x8d,0x29,0x43,0x32,0xc5,0xe1,0x6e,0xbb,0xe6,0xaf,0x11,0xf8,
+ 0xf4,0xbf,0x49,0xf9,0xb4,0xed,0x2f,0x51,0x11,0x26,0xae,0x78,0x0a,0x3b,0x78,0x4b,
+ 0xe8,0xf4,0x42,0x6a,0xbd,0x17,0xf8,0x60,0x00,0x74,0x48,0x3f,0x2a,0xf3,0xb7,0x1a,
+ 0x89,0x64,0xc6,0xe0,0xfa,0x00,0x04,0x9a,0x1d,0x94,0x0d,0x34,0xcc,0x08,0x83,0x9e,
+ 0x0c,0x59,0x25,0x3d,0x99,0xe9,0x0d,0x17,0x87,0x1d,0x48,0x96,0x74,0x69,0x56,0x63,
+ 0x62,0x61,0x66,0xd3,0x6f,0xf9,0x1d,0x8c,0x22,0x99,0xa2,0xf0,0x51,0xea,0xe2,0xd6,
+ 0x0e,0x8e,0xd0,0xbc,0x3f,0xac,0x1e,0x49,0x0b,0x47,0x0c,0x12,0xf3,0xd6,0x97,0xf6,
+ 0xfb,0xfd,0x88,0x0d,0xe2,0xe9,0x0e,0x9f,0xcb,0xd4,0x85,0xfa,0x33,0x93,0x19,0x83,
+ 0x72,0xfb,0x01,0xe4,0xce,0xc5,0xc1,0x59,0x17,0xec,0xdd,0x42,0xe5,0x7c,0x43,0xec,
+ 0xf5,0x5a,0x8c,0x0e,0xcb,0xdc,0xef,0x1b,0xce,0x4e,0x36,0xd9,0x6d,0x46,0xb1,0x12,
+ 0x57,0x0b,0x53,0xf8,0x2f,0x3d,0x20,0x64,0xb0,0x8a,0xc7,0x86,0x13,0x67,0x0a,0x28,
+ 0xea,0x69,0xd7,0x9c,0x71,0x7e,0xb1,0xc2,0x94,0x09,0x0d,0xbd,0x56,0x1f,0xa6,0xe5,
+ 0x04,0xd0,0x9d,0x26,0x57,0x24,0xe3,0x7a,0x2d,0xc6,0xf4,0x45,0xf6,0xf5,0x28,0xc9),
+ },
+};
+
+START_TEST(test_sign_pss_no_salt)
+{
+ private_key_t *privkey;
+ public_key_t *pubkey;
+ chunk_t sig;
+
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS)) ||
+ !lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS)))
+ {
+ warn("%N not supported, skip test", signature_scheme_names,
+ SIGN_RSA_EMSA_PSS);
+ return;
+ }
+ privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ BUILD_RSA_MODULUS, pss_sign_ns[_i].n,
+ BUILD_RSA_PUB_EXP, pss_sign_ns[_i].e,
+ BUILD_RSA_PRIV_EXP, pss_sign_ns[_i].d, BUILD_END);
+ ck_assert(privkey != NULL);
+ pubkey = privkey->get_public_key(privkey);
+ ck_assert(pubkey != NULL);
+ fail_unless(privkey->sign(privkey, SIGN_RSA_EMSA_PSS,
+ &pss_sign_ns[_i].params, pss_sign_ns[_i].m, &sig),
+ "sign %N", signature_scheme_names, SIGN_RSA_EMSA_PSS);
+ ck_assert_chunk_eq(pss_sign_ns[_i].s, sig);
+ fail_unless(pubkey->verify(pubkey, SIGN_RSA_EMSA_PSS,
+ &pss_sign_ns[_i].params, pss_sign_ns[_i].m, sig),
+ "verify %N", signature_scheme_names, SIGN_RSA_EMSA_PSS);
+ free(sig.ptr);
+ pubkey->destroy(pubkey);
+ privkey->destroy(privkey);
+}
+END_TEST
+
+/**
+ * Test vectors from FIPS 186-4 (only SHA-256)
+ */
+static struct {
+ signature_scheme_t scheme;
+ chunk_t n;
+ struct {
+ bool exp;
+ chunk_t e;
+ chunk_t m;
+ chunk_t s;
+ } tests[6];
+} pkcs15_verify[] = {
+{
+ .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ .n = chunk_from_chars(
+ 0xc4,0x7a,0xba,0xcc,0x2a,0x84,0xd5,0x6f,0x36,0x14,0xd9,0x2f,0xd6,0x2e,0xd3,0x6d,
+ 0xdd,0xe4,0x59,0x66,0x4b,0x93,0x01,0xdc,0xd1,0xd6,0x17,0x81,0xcf,0xcc,0x02,0x6b,
+ 0xcb,0x23,0x99,0xbe,0xe7,0xe7,0x56,0x81,0xa8,0x0b,0x7b,0xf5,0x00,0xe2,0xd0,0x8c,
+ 0xea,0xe1,0xc4,0x2e,0xc0,0xb7,0x07,0x92,0x7f,0x2b,0x2f,0xe9,0x2a,0xe8,0x52,0x08,
+ 0x7d,0x25,0xf1,0xd2,0x60,0xcc,0x74,0x90,0x5e,0xe5,0xf9,0xb2,0x54,0xed,0x05,0x49,
+ 0x4a,0x9f,0xe0,0x67,0x32,0xc3,0x68,0x09,0x92,0xdd,0x6f,0x0d,0xc6,0x34,0x56,0x8d,
+ 0x11,0x54,0x2a,0x70,0x5f,0x83,0xae,0x96,0xd2,0xa4,0x97,0x63,0xd5,0xfb,0xb2,0x43,
+ 0x98,0xed,0xf3,0x70,0x2b,0xc9,0x4b,0xc1,0x68,0x19,0x01,0x66,0x49,0x2b,0x86,0x71,
+ 0xde,0x87,0x4b,0xb9,0xce,0xcb,0x05,0x8c,0x6c,0x83,0x44,0xaa,0x8c,0x93,0x75,0x4d,
+ 0x6e,0xff,0xcd,0x44,0xa4,0x1e,0xd7,0xde,0x0a,0x9d,0xcd,0x91,0x44,0x43,0x7f,0x21,
+ 0x2b,0x18,0x88,0x1d,0x04,0x2d,0x33,0x1a,0x46,0x18,0xa9,0xe6,0x30,0xef,0x9b,0xb6,
+ 0x63,0x05,0xe4,0xfd,0xf8,0xf0,0x39,0x1b,0x3b,0x23,0x13,0xfe,0x54,0x9f,0x01,0x89,
+ 0xff,0x96,0x8b,0x92,0xf3,0x3c,0x26,0x6a,0x4b,0xc2,0xcf,0xfc,0x89,0x7d,0x19,0x37,
+ 0xee,0xb9,0xe4,0x06,0xf5,0xd0,0xea,0xa7,0xa1,0x47,0x82,0xe7,0x6a,0xf3,0xfc,0xe9,
+ 0x8f,0x54,0xed,0x23,0x7b,0x4a,0x04,0xa4,0x15,0x9a,0x5f,0x62,0x50,0xa2,0x96,0xa9,
+ 0x02,0x88,0x02,0x04,0xe6,0x1d,0x89,0x1c,0x4d,0xa2,0x9f,0x2d,0x65,0xf3,0x4c,0xbb),
+ .tests = {
+ {
+ .exp = TRUE,
+ .e = chunk_from_chars(0x49,0xd2,0xa1),
+ .m = chunk_from_chars(
+ 0x95,0x12,0x3c,0x8d,0x1b,0x23,0x65,0x40,0xb8,0x69,0x76,0xa1,0x1c,0xea,0x31,0xf8,
+ 0xbd,0x4e,0x6c,0x54,0xc2,0x35,0x14,0x7d,0x20,0xce,0x72,0x2b,0x03,0xa6,0xad,0x75,
+ 0x6f,0xbd,0x91,0x8c,0x27,0xdf,0x8e,0xa9,0xce,0x31,0x04,0x44,0x4c,0x0b,0xbe,0x87,
+ 0x73,0x05,0xbc,0x02,0xe3,0x55,0x35,0xa0,0x2a,0x58,0xdc,0xda,0x30,0x6e,0x63,0x2a,
+ 0xd3,0x0b,0x3d,0xc3,0xce,0x0b,0xa9,0x7f,0xdf,0x46,0xec,0x19,0x29,0x65,0xdd,0x9c,
+ 0xd7,0xf4,0xa7,0x1b,0x02,0xb8,0xcb,0xa3,0xd4,0x42,0x64,0x6e,0xee,0xc4,0xaf,0x59,
+ 0x08,0x24,0xca,0x98,0xd7,0x4f,0xbc,0xa9,0x34,0xd0,0xb6,0x86,0x7a,0xa1,0x99,0x1f,
+ 0x30,0x40,0xb7,0x07,0xe8,0x06,0xde,0x6e,0x66,0xb5,0x93,0x4f,0x05,0x50,0x9b,0xea),
+ .s = chunk_from_chars(
+ 0x51,0x26,0x5d,0x96,0xf1,0x1a,0xb3,0x38,0x76,0x28,0x91,0xcb,0x29,0xbf,0x3f,0x1d,
+ 0x2b,0x33,0x05,0x10,0x70,0x63,0xf5,0xf3,0x24,0x5a,0xf3,0x76,0xdf,0xcc,0x70,0x27,
+ 0xd3,0x93,0x65,0xde,0x70,0xa3,0x1d,0xb0,0x5e,0x9e,0x10,0xeb,0x61,0x48,0xcb,0x7f,
+ 0x64,0x25,0xf0,0xc9,0x3c,0x4f,0xb0,0xe2,0x29,0x1a,0xdb,0xd2,0x2c,0x77,0x65,0x6a,
+ 0xfc,0x19,0x68,0x58,0xa1,0x1e,0x1c,0x67,0x0d,0x9e,0xeb,0x59,0x26,0x13,0xe6,0x9e,
+ 0xb4,0xf3,0xaa,0x50,0x17,0x30,0x74,0x3a,0xc4,0x46,0x44,0x86,0xc7,0xae,0x68,0xfd,
+ 0x50,0x9e,0x89,0x6f,0x63,0x88,0x4e,0x94,0x24,0xf6,0x9c,0x1c,0x53,0x97,0x95,0x9f,
+ 0x1e,0x52,0xa3,0x68,0x66,0x7a,0x59,0x8a,0x1f,0xc9,0x01,0x25,0x27,0x3d,0x93,0x41,
+ 0x29,0x5d,0x2f,0x8e,0x1c,0xc4,0x96,0x9b,0xf2,0x28,0xc8,0x60,0xe0,0x7a,0x35,0x46,
+ 0xbe,0x2e,0xed,0xa1,0xcd,0xe4,0x8e,0xe9,0x4d,0x06,0x28,0x01,0xfe,0x66,0x6e,0x4a,
+ 0x7a,0xe8,0xcb,0x9c,0xd7,0x92,0x62,0xc0,0x17,0xb0,0x81,0xaf,0x87,0x4f,0xf0,0x04,
+ 0x53,0xca,0x43,0xe3,0x4e,0xfd,0xb4,0x3f,0xff,0xb0,0xbb,0x42,0xa4,0xe2,0xd3,0x2a,
+ 0x5e,0x5c,0xc9,0xe8,0x54,0x6a,0x22,0x1f,0xe9,0x30,0x25,0x0e,0x5f,0x53,0x33,0xe0,
+ 0xef,0xe5,0x8f,0xfe,0xbf,0x19,0x36,0x9a,0x3b,0x8a,0xe5,0xa6,0x7f,0x6a,0x04,0x8b,
+ 0xc9,0xef,0x91,0x5b,0xda,0x25,0x16,0x07,0x29,0xb5,0x08,0x66,0x7a,0xda,0x84,0xa0,
+ 0xc2,0x7e,0x7e,0x26,0xcf,0x2a,0xbc,0xa4,0x13,0xe5,0xe4,0x69,0x3f,0x4a,0x94,0x05),
+ },
+ {
+ .exp = FALSE,
+ .e = chunk_from_chars(0x49,0xd2,0xa1),
+ .m = chunk_from_chars(
+ 0xf8,0x9f,0xd2,0xf6,0xc4,0x5a,0x8b,0x50,0x66,0xa6,0x51,0x41,0x0b,0x8e,0x53,0x4b,
+ 0xfe,0xc0,0xd9,0xa3,0x6f,0x3e,0x2b,0x88,0x74,0x57,0xaf,0xd4,0x4d,0xd6,0x51,0xd1,
+ 0xec,0x79,0x27,0x4d,0xb5,0xa4,0x55,0xf1,0x82,0x57,0x2f,0xce,0xea,0x5e,0x9e,0x39,
+ 0xc3,0xc7,0xc5,0xd9,0xe5,0x99,0xe4,0xfe,0x31,0xc3,0x7c,0x34,0xd2,0x53,0xb4,0x19,
+ 0xc3,0xe8,0xfb,0x6b,0x91,0x6a,0xef,0x65,0x63,0xf8,0x7d,0x4c,0x37,0x22,0x4a,0x45,
+ 0x6e,0x59,0x52,0x69,0x8b,0xa3,0xd0,0x1b,0x38,0x94,0x5d,0x99,0x8a,0x79,0x5b,0xd2,
+ 0x85,0xd6,0x94,0x78,0xe3,0x13,0x1f,0x55,0x11,0x72,0x84,0xe2,0x7b,0x44,0x1f,0x16,
+ 0x09,0x5d,0xca,0x7c,0xe9,0xc5,0xb6,0x88,0x90,0xb0,0x9a,0x2b,0xfb,0xb0,0x10,0xa5),
+ .s = chunk_from_chars(
+ 0xba,0x48,0x53,0x87,0x08,0x51,0x2d,0x45,0xc0,0xed,0xca,0xc5,0x7a,0x9b,0x4f,0xb6,
+ 0x37,0xe9,0x72,0x1f,0x72,0x00,0x3c,0x60,0xf1,0x3f,0x5c,0x9a,0x36,0xc9,0x68,0xce,
+ 0xf9,0xbe,0x8f,0x54,0x66,0x54,0x18,0x14,0x1c,0x3d,0x9e,0xcc,0x02,0xa5,0xbf,0x95,
+ 0x2c,0xfc,0x05,0x5f,0xb5,0x1e,0x18,0x70,0x5e,0x9d,0x88,0x50,0xf4,0xe1,0xf5,0xa3,
+ 0x44,0xaf,0x55,0x0d,0xe8,0x4f,0xfd,0x08,0x05,0xe2,0x7e,0x55,0x7f,0x6a,0xa5,0x0d,
+ 0x26,0x45,0x31,0x4c,0x64,0xc1,0xc7,0x1a,0xa6,0xbb,0x44,0xfa,0xf8,0xf2,0x9c,0xa6,
+ 0x57,0x8e,0x24,0x41,0xd4,0x51,0x0e,0x36,0x05,0x2f,0x46,0x55,0x1d,0xf3,0x41,0xb2,
+ 0xdc,0xf4,0x3f,0x76,0x1f,0x08,0xb9,0x46,0xca,0x0b,0x70,0x81,0xda,0xdb,0xb8,0x8e,
+ 0x95,0x5e,0x82,0x0f,0xd7,0xf6,0x57,0xc4,0xdd,0x9f,0x45,0x54,0xd1,0x67,0xdd,0x7c,
+ 0x9a,0x48,0x7e,0xd4,0x1c,0xed,0x2b,0x40,0x06,0x80,0x98,0xde,0xed,0xc9,0x51,0x06,
+ 0x0f,0xaf,0x7e,0x15,0xb1,0xf0,0xf8,0x0a,0xe6,0x7f,0xf2,0xee,0x28,0xa2,0x38,0xd8,
+ 0x0b,0xf7,0x2d,0xd7,0x1c,0x8d,0x95,0xc7,0x9b,0xc1,0x56,0x11,0x4e,0xce,0x8e,0xc8,
+ 0x37,0x57,0x3a,0x4b,0x66,0x89,0x8d,0x45,0xb4,0x5a,0x5e,0xac,0xd0,0xb0,0xe4,0x14,
+ 0x47,0xd8,0xfa,0x08,0xa3,0x67,0xf4,0x37,0x64,0x5e,0x50,0xc9,0x92,0x0b,0x88,0xa1,
+ 0x6b,0xc0,0x88,0x01,0x47,0xac,0xfb,0x9a,0x79,0xde,0x9e,0x35,0x1b,0x3f,0xa0,0x0b,
+ 0x3f,0x4e,0x9f,0x18,0x2f,0x45,0x55,0x3d,0xff,0xca,0x55,0xe3,0x93,0xc5,0xea,0xb6),
+ },
+ {
+ .exp = FALSE,
+ .e = chunk_from_chars(0x49,0xd2,0xa1),
+ .m = chunk_from_chars(
+ 0x91,0x5c,0x5e,0x4c,0x16,0xac,0xfa,0x0f,0x49,0xde,0x43,0xd6,0x49,0x1f,0x00,0x60,
+ 0xa9,0x44,0x03,0x44,0x75,0xba,0x51,0x85,0x72,0xc0,0x83,0x66,0xa8,0xd3,0x6c,0x7f,
+ 0x1e,0x6a,0xfc,0x11,0xe5,0xe4,0x64,0x97,0x57,0xbf,0x7b,0x9d,0xa1,0x0a,0x61,0xd5,
+ 0x7f,0x1d,0x62,0x68,0x47,0x87,0x1d,0x8a,0x29,0x48,0xe5,0x51,0xb5,0x41,0x67,0xc7,
+ 0x9d,0xe8,0x8d,0x3e,0xbd,0x40,0xa3,0xe3,0x58,0x09,0xb9,0x96,0xa5,0x33,0x48,0xf9,
+ 0x8a,0x99,0x18,0xc7,0xa7,0xec,0x60,0x68,0x96,0xed,0x30,0xc2,0x71,0xe0,0x0c,0x51,
+ 0x95,0x3d,0xd9,0x7a,0xa6,0xa8,0xfe,0x1c,0xd4,0x23,0xc3,0x69,0x5c,0x83,0xfc,0xf4,
+ 0x51,0x20,0xec,0x0a,0x9c,0xd1,0x64,0x46,0x42,0x18,0x2b,0x60,0xe5,0x99,0xa2,0x46),
+ .s = chunk_from_chars(
+ 0x3d,0x57,0xea,0x59,0x61,0xdb,0x8f,0xc1,0x44,0x30,0x1c,0xa4,0x27,0x8f,0x79,0x99,
+ 0x11,0x22,0x9d,0x86,0x5e,0xa3,0xe9,0x92,0xc7,0xfb,0xc4,0xd0,0x3c,0x65,0x51,0x72,
+ 0x9e,0x26,0x03,0x4e,0x95,0xdd,0x71,0xda,0x31,0x23,0x40,0xe4,0x05,0x1c,0x9d,0xd9,
+ 0xb1,0x2f,0x77,0x00,0xa8,0x21,0xfe,0x3b,0x7c,0x37,0x78,0x5d,0x51,0x06,0x35,0x0b,
+ 0x66,0x7a,0xc2,0x55,0xa5,0x7c,0x13,0xda,0x58,0x42,0xd9,0x0b,0xca,0xde,0xa9,0xe6,
+ 0xb1,0xf7,0x20,0xc6,0x07,0xd6,0x89,0x3a,0x2c,0xaa,0x3c,0x5f,0x3c,0x40,0x74,0xe9,
+ 0x14,0x45,0x1a,0x45,0x38,0x0a,0x76,0x7c,0x29,0x1a,0x67,0xca,0xc3,0xf1,0xca,0xb1,
+ 0xfb,0xd0,0x5a,0xdc,0x37,0x03,0x68,0x56,0xa8,0x40,0x4e,0x7c,0xea,0x36,0x54,0x01,
+ 0x94,0x66,0xde,0x44,0x9a,0xd6,0xe9,0x2b,0x27,0x25,0x4f,0x3d,0x25,0x94,0x9b,0x1b,
+ 0x86,0x00,0x65,0x40,0x64,0x55,0xa1,0x3d,0xb7,0xc5,0xfe,0x25,0xd1,0xaf,0x7a,0x84,
+ 0xcd,0xdf,0x77,0x92,0xc6,0x4e,0x16,0x26,0x0c,0x95,0x0d,0x60,0xbd,0x86,0xd0,0x05,
+ 0x92,0x41,0x48,0xad,0x09,0x7c,0x12,0x6b,0x84,0x94,0x7a,0xb6,0xe8,0x9d,0x48,0xf6,
+ 0x1e,0x71,0x1d,0x62,0x52,0x2b,0x6e,0x48,0xf1,0x61,0x86,0xd1,0x33,0x9e,0x6a,0xb3,
+ 0xf5,0x8c,0x35,0x9e,0xb2,0x4c,0xb6,0x80,0x43,0x73,0x75,0x91,0xcd,0x7d,0x93,0x90,
+ 0xa4,0x68,0xc0,0x02,0x2b,0x3b,0x25,0x3b,0xe5,0x2f,0x1a,0x7f,0xc4,0x08,0xf8,0x4e,
+ 0x9f,0xfb,0x4c,0x34,0xfa,0x9e,0x01,0x60,0x58,0x51,0xd6,0x58,0x3a,0xa1,0x30,0x32),
+ },
+ {
+ .exp = FALSE,
+ .e = chunk_from_chars(0x07,0x48,0x5b),
+ .m = chunk_from_chars(
+ 0x03,0xd2,0xf0,0x69,0x35,0x17,0xcf,0xfb,0x2b,0x72,0x4c,0x1f,0x30,0x50,0x2c,0x53,
+ 0x59,0xc0,0x51,0xc1,0xbc,0xd8,0x8d,0xc1,0xdd,0x54,0xb8,0x9e,0x69,0x81,0x00,0x9d,
+ 0x27,0x5a,0x81,0x3b,0x2b,0xf0,0x16,0xb7,0x4d,0x0f,0x6e,0xd0,0xd9,0x1e,0x62,0xd0,
+ 0x88,0x47,0x85,0xc9,0xaf,0xd8,0xfd,0x1f,0xb7,0xe9,0x92,0x46,0xcd,0x40,0x05,0xcd,
+ 0xda,0x71,0xa3,0x9c,0xb6,0x49,0x19,0x7a,0x99,0x6d,0x8a,0xd2,0xd2,0x3f,0xdf,0xb6,
+ 0xbb,0x01,0x5f,0x24,0xec,0x3d,0x7f,0x88,0xaf,0x64,0xfb,0x83,0xb4,0xb5,0x25,0xeb,
+ 0x06,0x60,0x7d,0x13,0x3e,0xec,0x83,0x4c,0xf7,0xd6,0xc9,0xab,0x81,0x7b,0x4c,0x0d,
+ 0xda,0x37,0x04,0x59,0xd9,0xcf,0xba,0x05,0xad,0x0c,0x1a,0xdc,0x86,0xa9,0x09,0xfe),
+ .s = chunk_from_chars(
+ 0x51,0x1a,0xbd,0x82,0x21,0x8c,0xab,0x34,0x49,0x79,0xb2,0x88,0x7b,0x02,0x60,0x0d,
+ 0x24,0x27,0xf1,0xeb,0x12,0xac,0x01,0xd9,0x76,0x84,0xc2,0xa4,0x43,0xa9,0x27,0x28,
+ 0x34,0xc3,0xf7,0x9c,0xde,0xd0,0x7a,0x39,0xdb,0xee,0x37,0x70,0xdd,0xe8,0x27,0xa7,
+ 0x4d,0xc9,0x94,0xb1,0x7b,0xfd,0x8a,0x26,0xd0,0x7b,0x23,0x9d,0x26,0xd5,0x8c,0x42,
+ 0xf7,0x9d,0x56,0x02,0x64,0xc3,0x1b,0x7e,0x1c,0x3d,0xdd,0xef,0x6d,0x75,0x56,0xf2,
+ 0x28,0xc3,0x94,0x41,0x4f,0x4c,0xec,0x56,0x1c,0x3d,0xa2,0x68,0x6a,0x8e,0xeb,0xec,
+ 0x77,0x02,0xf3,0x28,0x50,0x80,0x9a,0x93,0xde,0xeb,0x84,0xb2,0xa0,0x2f,0xcd,0xba,
+ 0x22,0x4d,0x2f,0xd9,0xef,0xb8,0xe0,0x56,0xe7,0x96,0xf4,0x9b,0x57,0xd5,0x6e,0x9f,
+ 0x3e,0x90,0xd0,0xb4,0x9b,0x08,0xbd,0xee,0x93,0xa2,0xe1,0x2e,0x67,0x6f,0xb4,0xd4,
+ 0xfa,0x83,0x8c,0x5b,0xd8,0x8e,0xda,0x00,0x8f,0x1b,0x59,0x2a,0x72,0x46,0x55,0x87,
+ 0xbe,0x0a,0xe1,0x7d,0x9b,0x15,0x6b,0x90,0x4f,0x44,0xa7,0xe0,0x4d,0x3b,0x58,0xd2,
+ 0x4a,0xd6,0x7b,0x71,0xb0,0xf4,0xc6,0x99,0xfa,0x51,0x63,0x95,0x46,0xb6,0x2b,0x9f,
+ 0x83,0x59,0x7f,0xf0,0x3d,0x46,0x5f,0x1b,0xb3,0x96,0xae,0x15,0xe9,0x2d,0x0e,0x92,
+ 0xe8,0x56,0x47,0xd5,0xdf,0x11,0x3e,0x2c,0x75,0x18,0xd0,0xe3,0xad,0x2e,0x7a,0xa7,
+ 0xda,0xc7,0x20,0xc9,0x83,0x47,0xaa,0x15,0x1e,0x4f,0x37,0xfe,0xa0,0x81,0xdb,0xed,
+ 0x35,0x0c,0xc9,0xc9,0x3f,0x60,0x6b,0x38,0xf2,0x1a,0x3e,0x5d,0xe6,0xd1,0x40,0xd2),
+ },
+ {
+ .exp = FALSE,
+ .e = chunk_from_chars(0x49,0xd2,0xa1),
+ .m = chunk_from_chars(
+ 0xdf,0xfe,0x42,0xbf,0xda,0x88,0x6e,0x1a,0x73,0xfe,0x8a,0x8d,0xfc,0xf7,0x1c,0x9f,
+ 0xb4,0x4d,0xeb,0x05,0x45,0x88,0xa9,0xbb,0x91,0x99,0xd5,0x54,0xae,0xcc,0xe0,0x8f,
+ 0x2f,0xf8,0x8f,0x2a,0xa6,0xf8,0xa0,0xfb,0x67,0x5f,0xb0,0x3c,0x8e,0x68,0x5c,0x27,
+ 0x43,0x2c,0xa7,0xc3,0x3c,0x18,0x9b,0xfd,0x84,0x9d,0x34,0xfa,0x7b,0x29,0x79,0xac,
+ 0x1f,0x57,0xec,0xa3,0x89,0x63,0x24,0x26,0xba,0xe0,0xb9,0x83,0x98,0xad,0x60,0xa3,
+ 0x34,0x25,0x57,0xe1,0x4e,0x96,0x04,0x1c,0x1b,0xf4,0xd9,0x0b,0x46,0xcf,0x7a,0xd1,
+ 0x34,0x83,0x22,0xd2,0x8c,0xaf,0x43,0xc4,0xf7,0xe8,0x6c,0x09,0x24,0xae,0x70,0x3c,
+ 0x10,0x9e,0xc5,0x0a,0x84,0xea,0x2a,0x43,0xdf,0x07,0x8c,0x30,0x15,0xa5,0x2b,0x28),
+ .s = chunk_from_chars(
+ 0x8f,0x4d,0xd4,0x79,0x23,0x9f,0x2d,0x08,0xdc,0x05,0xd7,0xd4,0x05,0x39,0x28,0x8b,
+ 0x67,0xc4,0xd7,0x72,0x10,0xec,0xb1,0x6b,0xe7,0x6f,0x0b,0x19,0x25,0xe8,0xb0,0x88,
+ 0x57,0x08,0x31,0xe3,0x61,0xa1,0xca,0x57,0x89,0x31,0x35,0xf8,0xaf,0x64,0xb8,0xe2,
+ 0x99,0x6b,0x8d,0x63,0x58,0x99,0xda,0x4e,0x04,0xc6,0x8a,0xcb,0x9b,0x1b,0x38,0x13,
+ 0x69,0x7d,0x57,0xda,0x90,0xc5,0x7f,0x18,0x50,0x9e,0x0a,0xb6,0x70,0x5c,0x70,0x4f,
+ 0xeb,0x44,0x8c,0xca,0x5c,0x07,0xd2,0x58,0xec,0xd8,0x84,0xab,0x93,0xf5,0x08,0xce,
+ 0xfd,0xb2,0x5f,0x2b,0xc3,0x06,0x1c,0x40,0x06,0x09,0x9e,0x2e,0x33,0xb2,0x79,0x72,
+ 0xc3,0xed,0xb0,0xa0,0xa3,0x31,0x14,0xd3,0x81,0xc8,0x2a,0xb5,0x06,0xd0,0x41,0xff,
+ 0x68,0x0a,0xf5,0x95,0xef,0x34,0x00,0xa8,0xbb,0x67,0x74,0x03,0x0d,0x2e,0x38,0xdd,
+ 0x30,0x42,0x72,0x09,0x2b,0xd3,0x2a,0x55,0x30,0x17,0xf7,0xbd,0xa4,0xb9,0x98,0xb2,
+ 0x7a,0xa8,0xac,0xa1,0x2d,0xef,0x32,0x7b,0x1f,0x11,0x06,0x3a,0x53,0x42,0xb0,0xd5,
+ 0x57,0x38,0x18,0x34,0x17,0xd3,0x21,0xc5,0x68,0x2f,0xc4,0xab,0x64,0xe7,0x91,0x74,
+ 0x21,0x6f,0xee,0xbb,0x98,0x95,0x21,0xe1,0xe3,0xd8,0x27,0x64,0x70,0x68,0x00,0x3b,
+ 0xe3,0x4f,0xe1,0xd0,0x93,0x96,0x4d,0x28,0xf4,0x87,0x7c,0x49,0xb4,0x06,0x56,0x72,
+ 0x44,0x85,0x97,0xa8,0x9b,0x91,0x91,0x9c,0xfb,0x55,0xca,0x13,0x83,0x6e,0x7e,0x6f,
+ 0x3b,0x3f,0xd0,0x4f,0x41,0x7c,0xf1,0xc1,0x6d,0x98,0x72,0x53,0x8b,0xf4,0xe8,0x7a),
+ },
+ {
+ .exp = FALSE,
+ .e = chunk_from_chars(0x49,0xd2,0xa1),
+ .m = chunk_from_chars(
+ 0xcf,0xe9,0x97,0x88,0xf5,0x5e,0xc6,0x94,0x49,0x42,0xbd,0x0a,0x18,0x7d,0x51,0xb8,
+ 0x0f,0xd8,0xbd,0x40,0x51,0xbd,0x4f,0x07,0xc7,0x3e,0x61,0x4e,0xb7,0x5a,0x8b,0x9f,
+ 0x99,0x7b,0x17,0x6b,0x26,0x42,0xb5,0xf1,0xb1,0x87,0x70,0x61,0xba,0x9c,0xe1,0x42,
+ 0xc1,0xd2,0xa3,0x11,0x58,0x3f,0x07,0x2b,0x7c,0xbe,0x08,0xed,0x25,0x36,0x81,0x19,
+ 0x1c,0x20,0x9d,0x7b,0x0d,0x43,0x8f,0xcd,0xdd,0xc2,0x84,0xd9,0x3d,0x59,0xd6,0xdd,
+ 0x80,0xe4,0x83,0x33,0xa9,0x21,0xdd,0x31,0xc9,0xb6,0x83,0x4f,0x88,0x76,0x8f,0x87,
+ 0x01,0xe0,0x11,0x02,0xd3,0xe8,0xbd,0xf0,0x74,0xfb,0xe0,0xb8,0xc9,0x3d,0x99,0x51,
+ 0xf4,0x15,0x45,0xef,0x6e,0xeb,0x3b,0xe3,0x55,0x30,0xba,0xbc,0x07,0x9f,0x1f,0xb3),
+ .s = chunk_from_chars(
+ 0x9f,0xd6,0xf6,0x10,0x7e,0x83,0x81,0x07,0xf9,0x06,0xc2,0x6c,0xb2,0x91,0x07,0x04,
+ 0x59,0x9f,0x17,0x5b,0x6a,0x84,0xdb,0x48,0x5f,0xbc,0x30,0x77,0x6e,0xb7,0xfd,0x53,
+ 0xbf,0xe2,0x0c,0x38,0xc5,0x37,0xb1,0x54,0xa3,0xe5,0x19,0xb6,0x62,0xbd,0x9f,0xdc,
+ 0x8e,0x30,0x45,0xe2,0x1f,0x6e,0x5a,0xe9,0x7d,0x0f,0xf6,0xa9,0xd8,0x63,0x28,0x25,
+ 0x54,0x45,0x25,0xd8,0x4f,0x99,0xf8,0x0e,0x3e,0xd4,0xe6,0x9d,0xc5,0xe2,0x19,0xd5,
+ 0x9c,0xcf,0xbb,0x37,0xc2,0x3c,0x84,0xfe,0x3b,0x3e,0x6f,0xb2,0x2f,0x40,0x2f,0x94,
+ 0xe5,0x22,0x5c,0x63,0x87,0xfd,0xf8,0xbc,0xdb,0x35,0x08,0xf8,0x83,0x29,0x08,0xfe,
+ 0x05,0x77,0x15,0x21,0xe9,0x22,0x34,0x34,0x80,0x04,0xe8,0xfe,0x19,0xa8,0xf2,0x4b,
+ 0xeb,0xca,0xb9,0xf0,0x74,0x32,0x7c,0x88,0xd0,0x66,0xbc,0x12,0x08,0x17,0x48,0xd6,
+ 0x96,0xbe,0x61,0x35,0xc6,0xae,0xa3,0x22,0x20,0xea,0x78,0x6e,0xbd,0x78,0x00,0xe6,
+ 0x93,0x63,0x65,0xff,0x25,0x83,0x1c,0x28,0xcb,0x6c,0x8a,0x59,0x23,0x7f,0xf8,0x4f,
+ 0x5c,0xf8,0x90,0x36,0xcf,0xf1,0x88,0xee,0x0f,0x9a,0x61,0x95,0xf2,0xb1,0xac,0xa2,
+ 0xe4,0x44,0x2a,0xf8,0x36,0x9f,0x1b,0x49,0x32,0x2f,0xa2,0xf8,0x91,0xb8,0x3a,0x14,
+ 0xa9,0x7b,0x60,0xc6,0xae,0xaf,0xd6,0xc2,0x92,0x80,0x47,0xaf,0xfd,0xa9,0xc8,0xd8,
+ 0x69,0xff,0x52,0x94,0xbb,0x59,0x43,0xad,0x14,0xa6,0xd6,0x4e,0x78,0x4d,0x12,0x6c,
+ 0x46,0x9d,0x51,0xe2,0x92,0xb9,0xce,0x33,0xe1,0xd8,0x37,0x1b,0xa5,0xf4,0x67,0xb3),
+ },
+ },
+},
+};
+
+START_TEST(test_verify_pkcs15)
+{
+ signature_scheme_t scheme = pkcs15_verify[_i].scheme;
+ public_key_t *pubkey;
+ bool result;
+ int i;
+
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, scheme)))
+ {
+ warn("%N not supported, skip test", signature_scheme_names, scheme);
+ return;
+ }
+ for (i = 0; i < countof(pkcs15_verify[_i].tests); i++)
+ {
+ pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ BUILD_RSA_MODULUS, pkcs15_verify[_i].n,
+ BUILD_RSA_PUB_EXP, pkcs15_verify[_i].tests[i].e,
+ BUILD_END);
+ ck_assert(pubkey != NULL);
+ result = pubkey->verify(pubkey, scheme, NULL,
+ pkcs15_verify[_i].tests[i].m,
+ pkcs15_verify[_i].tests[i].s);
+ fail_unless(result == pkcs15_verify[_i].tests[i].exp,
+ "verify %N [%d]", signature_scheme_names, scheme, i);
+ pubkey->destroy(pubkey);
+ }
+}
+END_TEST
+
+/**
+ * Test vectors from FIPS 186-4
+ */
+static struct {
+ rsa_pss_params_t params;
+ chunk_t n;
+ struct {
+ bool exp;
+ chunk_t e;
+ chunk_t m;
+ chunk_t s;
+ } tests[6];
+} pss_verify[] = {
+{
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 32, },
+ .n = chunk_from_chars(
+ 0xa4,0x7d,0x04,0xe7,0xca,0xcd,0xba,0x4e,0xa2,0x6e,0xca,0x8a,0x4c,0x6e,0x14,0x56,
+ 0x3c,0x2c,0xe0,0x3b,0x62,0x3b,0x76,0x8c,0x0d,0x49,0x86,0x8a,0x57,0x12,0x13,0x01,
+ 0xdb,0xf7,0x83,0xd8,0x2f,0x4c,0x05,0x5e,0x73,0x96,0x0e,0x70,0x55,0x01,0x87,0xd0,
+ 0xaf,0x62,0xac,0x34,0x96,0xf0,0xa3,0xd9,0x10,0x3c,0x2e,0xb7,0x91,0x9a,0x72,0x75,
+ 0x2f,0xa7,0xce,0x8c,0x68,0x8d,0x81,0xe3,0xae,0xe9,0x94,0x68,0x88,0x7a,0x15,0x28,
+ 0x8a,0xfb,0xb7,0xac,0xb8,0x45,0xb7,0xc5,0x22,0xb5,0xc6,0x4e,0x67,0x8f,0xcd,0x3d,
+ 0x22,0xfe,0xb8,0x4b,0x44,0x27,0x27,0x00,0xbe,0x52,0x7d,0x2b,0x20,0x25,0xa3,0xf8,
+ 0x3c,0x23,0x83,0xbf,0x6a,0x39,0xcf,0x5b,0x4e,0x48,0xb3,0xcf,0x2f,0x56,0xee,0xf0,
+ 0xdf,0xff,0x18,0x55,0x5e,0x31,0x03,0x7b,0x91,0x52,0x48,0x69,0x48,0x76,0xf3,0x04,
+ 0x78,0x14,0x41,0x51,0x64,0xf2,0xc6,0x60,0x88,0x1e,0x69,0x4b,0x58,0xc2,0x80,0x38,
+ 0xa0,0x32,0xad,0x25,0x63,0x4a,0xad,0x7b,0x39,0x17,0x1d,0xee,0x36,0x8e,0x3d,0x59,
+ 0xbf,0xb7,0x29,0x9e,0x46,0x01,0xd4,0x58,0x7e,0x68,0xca,0xaf,0x8d,0xb4,0x57,0xb7,
+ 0x5a,0xf4,0x2f,0xc0,0xcf,0x1a,0xe7,0xca,0xce,0xd2,0x86,0xd7,0x7f,0xac,0x6c,0xed,
+ 0xb0,0x3a,0xd9,0x4f,0x14,0x33,0xd2,0xc9,0x4d,0x08,0xe6,0x0b,0xc1,0xfd,0xef,0x05,
+ 0x43,0xcd,0x29,0x51,0xe7,0x65,0xb3,0x82,0x30,0xfd,0xd1,0x8d,0xe5,0xd2,0xca,0x62,
+ 0x7d,0xdc,0x03,0x2f,0xe0,0x5b,0xbd,0x2f,0xf2,0x1e,0x2d,0xb1,0xc2,0xf9,0x4d,0x8b),
+ .tests = {
+ { /* Format of the EM is incorrect - hash moved to left */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x10,0xe4,0x3f),
+ .m = chunk_from_chars(
+ 0x75,0x18,0xc8,0x5b,0x67,0xe7,0xae,0xf7,0xf2,0x6b,0xf0,0x06,0x89,0x9f,0xae,0xf7,
+ 0x6e,0x07,0x6f,0x0c,0x6c,0x94,0x6e,0x5d,0xc9,0xc8,0x35,0x21,0x77,0x1a,0x6d,0x29,
+ 0x8a,0x9c,0xf5,0xad,0xef,0xdb,0x31,0x4b,0x5a,0x07,0xa5,0x4d,0x80,0x54,0xc2,0x2b,
+ 0x87,0x9f,0xff,0x50,0xba,0x55,0x2c,0x21,0x82,0x91,0x03,0x3c,0x91,0x84,0x01,0xfd,
+ 0x61,0x1a,0x74,0x47,0xdd,0xda,0xd4,0x81,0x5e,0x0f,0x56,0xde,0xd8,0x25,0xbf,0xe2,
+ 0x56,0x55,0x76,0x22,0xa3,0x85,0xde,0x4b,0x4a,0x69,0xe2,0x65,0xc1,0xef,0xd2,0x59,
+ 0xe2,0xda,0x6d,0xb1,0x9a,0xac,0x3f,0xa0,0xe5,0xca,0x2d,0x42,0xfa,0xdb,0x4e,0x24,
+ 0xc2,0x71,0xfc,0x07,0x8f,0xeb,0x2b,0xe1,0x0b,0x9a,0xfa,0x25,0x6f,0x22,0x88,0x44),
+ .s = chunk_from_chars(
+ 0x99,0x2d,0x48,0xb2,0x1b,0xb3,0xd2,0x21,0x9b,0x44,0xe8,0xfc,0xc8,0x63,0x3c,0xf3,
+ 0xae,0xb5,0x91,0xde,0x90,0xf4,0x38,0x64,0x96,0xac,0x7e,0xcd,0x28,0x4c,0xb6,0x3d,
+ 0x7d,0xff,0x81,0xa5,0x0b,0x8c,0x4f,0xed,0x9f,0x2e,0xf7,0x37,0x69,0x2e,0xa6,0xbe,
+ 0x05,0x24,0x8c,0xa1,0x38,0x94,0x7b,0x49,0xb4,0xe7,0xf3,0xcc,0xe6,0x64,0x0e,0x04,
+ 0x9a,0xc2,0x15,0x4c,0x40,0xf5,0x7e,0x22,0xfa,0x14,0xf9,0x7e,0x7a,0x95,0x07,0xe1,
+ 0xdc,0x98,0xb2,0x06,0xce,0x6e,0xa0,0xe1,0x80,0x03,0x91,0x99,0xd1,0xbe,0x0a,0x15,
+ 0xd1,0xf5,0x09,0x3a,0x45,0x9e,0x51,0x01,0xaa,0xca,0x2a,0x23,0xcb,0x1f,0x59,0xca,
+ 0xd2,0xf1,0xfb,0x99,0xdc,0x95,0x6b,0x9d,0x43,0x44,0xba,0xd2,0xc1,0x12,0x1d,0x63,
+ 0xb9,0x15,0x00,0x4a,0xcb,0xfc,0x7a,0xc6,0x0a,0xc9,0xa7,0xb0,0xb1,0xc6,0x81,0x2b,
+ 0x30,0xbf,0xe0,0x87,0xf7,0xf0,0xc7,0xd1,0x62,0x5f,0x9c,0x4f,0x45,0x85,0x15,0xe1,
+ 0x14,0x78,0xe3,0x60,0x4a,0xa3,0x9d,0x14,0xd0,0x8b,0xea,0x30,0xb0,0x1f,0xcd,0x61,
+ 0x89,0xe6,0xf9,0xb7,0x01,0xd3,0x60,0xe4,0x71,0x4d,0x45,0x55,0x6b,0x29,0x81,0x5c,
+ 0x8d,0x8f,0xa8,0xe4,0x6e,0x10,0x74,0x9b,0xa5,0xe8,0xd4,0x45,0xa4,0xc0,0xf4,0x87,
+ 0xe7,0x0a,0xb5,0x89,0x0b,0x7c,0xcc,0x16,0x51,0x28,0x2a,0x54,0xe8,0x7e,0x7d,0xb4,
+ 0xbb,0x2f,0x7d,0x4a,0x67,0x1e,0x71,0xc4,0x3c,0x55,0xcf,0x64,0x86,0x41,0x6f,0x17,
+ 0x1d,0x19,0x55,0x03,0x74,0x74,0xd0,0x6a,0x71,0xdd,0x07,0x87,0x67,0x84,0x8e,0x5d),
+ },
+ {
+ .exp = TRUE,
+ .e = chunk_from_chars(0x10,0xe4,0x3f),
+ .m = chunk_from_chars(
+ 0xe0,0x02,0x37,0x7a,0xff,0xb0,0x4f,0x0f,0xe4,0x59,0x8d,0xe9,0xd9,0x2d,0x31,0xd6,
+ 0xc7,0x86,0x04,0x0d,0x57,0x76,0x97,0x65,0x56,0xa2,0xcf,0xc5,0x5e,0x54,0xa1,0xdc,
+ 0xb3,0xcb,0x1b,0x12,0x6b,0xd6,0xa4,0xbe,0xd2,0xa1,0x84,0x99,0x0c,0xce,0xa7,0x73,
+ 0xfc,0xc7,0x9d,0x24,0x65,0x53,0xe6,0xc6,0x4f,0x68,0x6d,0x21,0xad,0x41,0x52,0x67,
+ 0x3c,0xaf,0xec,0x22,0xae,0xb4,0x0f,0x6a,0x08,0x4e,0x8a,0x5b,0x49,0x91,0xf4,0xc6,
+ 0x4c,0xf8,0xa9,0x27,0xef,0xfd,0x0f,0xd7,0x75,0xe7,0x1e,0x83,0x29,0xe4,0x1f,0xdd,
+ 0x44,0x57,0xb3,0x91,0x11,0x73,0x18,0x7b,0x4f,0x09,0xa8,0x17,0xd7,0x9e,0xa2,0x39,
+ 0x7f,0xc1,0x2d,0xfe,0x3d,0x9c,0x9a,0x02,0x90,0xc8,0xea,0xd3,0x1b,0x66,0x90,0xa6),
+ .s = chunk_from_chars(
+ 0x4f,0x9b,0x42,0x5c,0x20,0x58,0x46,0x0e,0x4a,0xb2,0xf5,0xc9,0x63,0x84,0xda,0x23,
+ 0x27,0xfd,0x29,0x15,0x0f,0x01,0x95,0x5a,0x76,0xb4,0xef,0xe9,0x56,0xaf,0x06,0xdc,
+ 0x08,0x77,0x9a,0x37,0x4e,0xe4,0x60,0x7e,0xab,0x61,0xa9,0x3a,0xdc,0x56,0x08,0xf4,
+ 0xec,0x36,0xe4,0x7f,0x2a,0x0f,0x75,0x4e,0x8f,0xf8,0x39,0xa8,0xa1,0x9b,0x1d,0xb1,
+ 0xe8,0x84,0xea,0x4c,0xf3,0x48,0xcd,0x45,0x50,0x69,0xeb,0x87,0xaf,0xd5,0x36,0x45,
+ 0xb4,0x4e,0x28,0xa0,0xa5,0x68,0x08,0xf5,0x03,0x1d,0xa5,0xba,0x91,0x12,0x76,0x8d,
+ 0xfb,0xfc,0xa4,0x4e,0xbe,0x63,0xa0,0xc0,0x57,0x2b,0x73,0x1d,0x66,0x12,0x2f,0xb7,
+ 0x16,0x09,0xbe,0x14,0x80,0xfa,0xa4,0xe4,0xf7,0x5e,0x43,0x95,0x51,0x59,0xd7,0x0f,
+ 0x08,0x1e,0x2a,0x32,0xfb,0xb1,0x9a,0x48,0xb9,0xf1,0x62,0xcf,0x6b,0x2f,0xb4,0x45,
+ 0xd2,0xd6,0x99,0x4b,0xc5,0x89,0x10,0xa2,0x6b,0x59,0x43,0x47,0x78,0x03,0xcd,0xaa,
+ 0xa1,0xbd,0x74,0xb0,0xda,0x0a,0x5d,0x05,0x3d,0x8b,0x1d,0xc5,0x93,0x09,0x1d,0xb5,
+ 0x38,0x83,0x83,0xc2,0x60,0x79,0xf3,0x44,0xe2,0xae,0xa6,0x00,0xd0,0xe3,0x24,0x16,
+ 0x4b,0x45,0x0f,0x7b,0x9b,0x46,0x51,0x11,0xb7,0x26,0x5f,0x3b,0x1b,0x06,0x30,0x89,
+ 0xae,0x7e,0x26,0x23,0xfc,0x0f,0xda,0x80,0x52,0xcf,0x4b,0xf3,0x37,0x91,0x02,0xfb,
+ 0xf7,0x1d,0x7c,0x98,0xe8,0x25,0x86,0x64,0xce,0xed,0x63,0x7d,0x20,0xf9,0x5f,0xf0,
+ 0x11,0x18,0x81,0xe6,0x50,0xce,0x61,0xf2,0x51,0xd9,0xc3,0xa6,0x29,0xef,0x22,0x2d),
+ },
+ { /* Message changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x10,0xe4,0x3f),
+ .m = chunk_from_chars(
+ 0xa3,0xbf,0x44,0xca,0xe8,0xaa,0x83,0x47,0xfd,0x07,0xd8,0x4a,0x33,0xee,0xc5,0xdb,
+ 0xbd,0xd7,0xb6,0x43,0x13,0x68,0x88,0x7c,0x98,0x8c,0x4b,0xe7,0x79,0xc5,0x47,0x3d,
+ 0xd8,0xc3,0x3e,0xc8,0x2a,0x35,0xf1,0xd3,0xdd,0xdf,0xe5,0x5f,0x3e,0xed,0x67,0x17,
+ 0x9b,0x87,0xce,0x86,0xa4,0xa5,0x00,0x88,0x17,0x25,0x38,0xfe,0x9d,0x1b,0x06,0xc6,
+ 0xef,0x68,0x97,0xeb,0x3c,0x8e,0x36,0x18,0xcf,0xc2,0x13,0x53,0xed,0x43,0x43,0xe7,
+ 0xfc,0xeb,0x09,0xa2,0xeb,0x03,0x54,0x41,0xcd,0x5c,0x88,0x29,0xc7,0x9b,0x81,0x58,
+ 0x2d,0xd5,0xd6,0x9a,0xe8,0x5c,0x5a,0x00,0x1b,0xd8,0xe9,0x8e,0x06,0x99,0x61,0x34,
+ 0x2a,0x2b,0xee,0x00,0xad,0x2b,0x8b,0x91,0x01,0x5a,0xc5,0xcf,0xc1,0xf0,0xc2,0xd9),
+ .s = chunk_from_chars(
+ 0x87,0x7f,0x20,0xee,0xd6,0x0f,0x8c,0xe2,0x86,0x10,0x8a,0x5d,0xde,0x9b,0x68,0x28,
+ 0xb3,0x7e,0x3f,0xbd,0xb0,0x8f,0xe1,0x53,0xe5,0x91,0x51,0x38,0x97,0x44,0x0f,0x21,
+ 0xf8,0x12,0x14,0x59,0x8f,0xba,0x08,0xea,0x07,0x73,0x94,0xba,0x8c,0x2a,0x44,0xaa,
+ 0x4f,0x0d,0x8f,0x3a,0x5f,0xba,0xec,0x3d,0xc6,0x9b,0x3b,0xdd,0xfb,0xe2,0x83,0x97,
+ 0xc9,0x0a,0xdf,0x35,0xd0,0x8e,0xa7,0x71,0xc7,0xaa,0xa3,0x1e,0xb0,0x64,0x13,0xc1,
+ 0xc6,0x2b,0x77,0x61,0x8a,0xf9,0x40,0xf4,0xc7,0x18,0x59,0xfa,0x43,0x84,0xd2,0x9b,
+ 0x48,0xe5,0xcf,0xc9,0x41,0xd6,0x9b,0xf0,0xa3,0x80,0x4d,0x20,0x08,0xe7,0x58,0x74,
+ 0x2b,0x8e,0xd6,0x87,0x54,0xbc,0x71,0xd2,0x31,0x62,0x3d,0x18,0x13,0x47,0xc3,0x68,
+ 0x33,0xa7,0xd7,0x16,0x0f,0x74,0x2a,0x37,0xce,0x7d,0x43,0x2d,0x74,0x8e,0x51,0x4a,
+ 0xa7,0xd8,0x15,0x6b,0x50,0xc5,0x32,0x15,0x13,0x90,0xd0,0x86,0xcd,0xcf,0x9d,0x59,
+ 0xf1,0x22,0xc6,0xd9,0x7f,0x4c,0xcb,0x73,0x72,0x89,0xf7,0xb0,0x0a,0x23,0x7c,0xb6,
+ 0xb4,0xaa,0xe6,0xba,0x79,0xd4,0x1f,0xf7,0x3d,0x01,0x9a,0x26,0xb5,0x9a,0xde,0x04,
+ 0xc9,0x67,0x35,0x6e,0x2a,0xad,0x52,0xf1,0x15,0x35,0x7f,0xfb,0x76,0x76,0xf1,0x90,
+ 0xdb,0x38,0xdc,0xfc,0x98,0x66,0x6e,0x5b,0x25,0x85,0x59,0xc8,0xc8,0x5f,0xa3,0x29,
+ 0x42,0xcb,0xcb,0x99,0xd7,0x57,0xe8,0x84,0x7e,0x56,0xa1,0x68,0x7b,0x33,0x02,0x41,
+ 0x56,0x98,0x70,0x81,0x91,0xb1,0x36,0xd9,0x23,0x34,0x9b,0x02,0xfe,0x38,0xb6,0xbe),
+ },
+ { /* Signature changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x10,0xe4,0x3f),
+ .m = chunk_from_chars(
+ 0xe1,0xc4,0x6c,0x30,0x9b,0x63,0x66,0xfb,0x4d,0x56,0xac,0x08,0xc9,0x39,0x3c,0xee,
+ 0x9a,0x7c,0x95,0xbb,0xe7,0xb7,0xc0,0xe7,0x9a,0x3d,0x91,0x87,0xc0,0xf4,0x2b,0xc3,
+ 0x33,0x64,0xc2,0x8a,0x77,0x0d,0xa5,0x85,0xe3,0xfe,0x7b,0x49,0x01,0xa3,0xcc,0xd0,
+ 0x37,0xdf,0xc4,0x2a,0xa6,0x5a,0x34,0x70,0x52,0x1d,0xda,0xfa,0x83,0x5c,0xe2,0xd1,
+ 0x6c,0x92,0xac,0x67,0x0b,0xd4,0xd0,0x86,0x50,0x5e,0x60,0x87,0x81,0x73,0x6d,0xc4,
+ 0xdd,0x64,0xcc,0x50,0x80,0xee,0x19,0xe5,0x86,0xc8,0xfd,0x1d,0x73,0x7d,0xad,0xe5,
+ 0xd3,0x78,0xb3,0x2f,0x1d,0x5d,0xf1,0xe8,0xdd,0xa0,0xe3,0x2a,0x12,0x50,0x24,0xb2,
+ 0xd5,0x33,0x34,0x94,0x3c,0x18,0x78,0x2d,0x7e,0x69,0x82,0x5a,0x58,0x00,0x93,0xe7),
+ .s = chunk_from_chars(
+ 0x8e,0xd1,0xf2,0x8f,0xd1,0x6d,0x45,0xd4,0x16,0xa2,0x15,0x54,0xe1,0x04,0xc0,0x06,
+ 0xfd,0x78,0x68,0xe5,0x89,0x5e,0x8b,0x99,0x83,0x1a,0xe0,0x93,0x81,0x35,0xb5,0x43,
+ 0x61,0x0d,0xf6,0x4a,0x8c,0x35,0x74,0xd0,0x81,0x18,0xbf,0xe3,0x96,0xf9,0xa5,0x60,
+ 0x9a,0x8d,0xbd,0xa2,0x1b,0x9a,0x85,0x30,0xff,0x0b,0xa9,0x0e,0x62,0x9d,0x6a,0xbe,
+ 0x30,0xd2,0xc1,0xb5,0x90,0x60,0x0d,0xb9,0x71,0xfc,0xda,0x80,0xe6,0xea,0xa8,0x40,
+ 0x17,0xe2,0x09,0xb9,0xbd,0x3b,0x64,0x1f,0x3c,0x81,0xd5,0xd2,0x7f,0x84,0x2b,0xec,
+ 0x80,0x19,0x79,0x0e,0xd9,0x9a,0x0e,0x5d,0xb4,0xae,0xdc,0x1c,0x07,0x0b,0x04,0x7c,
+ 0x19,0x41,0x0c,0xbc,0x56,0xe9,0xa0,0xff,0x12,0xd8,0xf6,0xe5,0xd7,0x37,0x1b,0x10,
+ 0x11,0xec,0xfe,0xcf,0x7b,0xe7,0xa7,0x4f,0x94,0x40,0x35,0x90,0xa5,0x2f,0x95,0x23,
+ 0x8d,0xd6,0x9e,0x0b,0x5f,0x4c,0x1f,0xcd,0xe9,0x7e,0xcf,0xdb,0x1a,0xcc,0x38,0x03,
+ 0xe5,0x9a,0xd8,0xb3,0x08,0x8b,0x2b,0xc5,0x09,0xe3,0xdd,0x12,0xd4,0x0d,0x87,0x56,
+ 0x25,0xdc,0x83,0x62,0xc5,0x79,0x17,0x67,0x99,0xc7,0x5e,0x4f,0xad,0xcd,0xb3,0x92,
+ 0xc6,0x8f,0x40,0x1f,0x68,0xd8,0x54,0xe4,0x63,0x77,0xf0,0x84,0xc0,0x81,0xf9,0xd8,
+ 0x37,0x43,0x03,0x9f,0x69,0x34,0x72,0x2e,0x30,0xef,0x3f,0x02,0x26,0xbc,0x84,0x1d,
+ 0x79,0xa4,0xeb,0x68,0xc5,0xcc,0xcb,0xb6,0xae,0x0e,0x92,0x00,0x44,0x4e,0x50,0xff,
+ 0x0d,0x09,0x53,0x04,0x7e,0xf9,0x55,0xd2,0xd3,0x9a,0x70,0xc3,0xb8,0x37,0xc5,0xf4),
+ },
+ { /* Format of the EM is incorrect - 00 on end of pad removed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x10,0xe4,0x3f),
+ .m = chunk_from_chars(
+ 0x92,0x5d,0x59,0xf9,0x53,0xcb,0x3f,0xfb,0x6d,0x5a,0x3a,0x55,0xc0,0x79,0xcb,0x10,
+ 0x83,0x99,0x75,0x36,0xe3,0x3d,0x7c,0x8a,0xed,0x50,0xed,0x76,0xae,0xbc,0xde,0x45,
+ 0x99,0x38,0xf7,0x92,0x29,0x61,0x32,0x00,0xc7,0x0d,0xde,0x2c,0xed,0xdc,0xea,0xe0,
+ 0x8c,0x10,0x60,0x8a,0xab,0x9e,0x30,0xec,0x51,0x84,0x2f,0x14,0xa6,0x5e,0x5f,0x8f,
+ 0x55,0x34,0x71,0xda,0x34,0x97,0x88,0x19,0x27,0xec,0x40,0x0b,0x42,0x07,0xef,0x3e,
+ 0x2d,0xfc,0x2b,0x7f,0xcd,0x31,0x8c,0x95,0x20,0xb8,0xb2,0x2f,0x69,0xdc,0x8a,0x1a,
+ 0x8e,0xfa,0xce,0xb7,0xbe,0x93,0xcb,0xad,0x56,0x9e,0x67,0xdb,0x06,0x23,0x62,0x91,
+ 0x30,0x05,0xdc,0xff,0x90,0x20,0x18,0xed,0x22,0x93,0x7f,0xad,0x40,0x5f,0xe8,0x4e),
+ .s = chunk_from_chars(
+ 0x62,0xb0,0x7f,0x6d,0x1b,0x8f,0x13,0x65,0x1d,0x7f,0x22,0xce,0x2c,0xe0,0x10,0x61,
+ 0x09,0x00,0x29,0xdb,0x5a,0xf7,0xdc,0xec,0xfe,0xaf,0xef,0x20,0x62,0x1d,0xd9,0xe2,
+ 0x54,0xa0,0xfb,0x91,0x4f,0x76,0xa3,0xd7,0x96,0x62,0x25,0x74,0x89,0xcb,0x81,0x22,
+ 0x70,0x85,0x83,0xd3,0x07,0x78,0x79,0x1a,0x77,0xda,0x83,0xc7,0xbe,0xa8,0x11,0x40,
+ 0xc6,0x1e,0x4d,0x04,0x84,0x80,0x6e,0x20,0xfb,0x85,0xf2,0x4d,0x1b,0xbf,0x77,0x4e,
+ 0xf2,0xed,0x38,0x80,0x9c,0x9b,0x14,0xf2,0xa5,0x8c,0x6e,0x86,0x49,0xb7,0x60,0xba,
+ 0xa9,0x01,0x54,0x45,0x22,0xed,0x94,0xbd,0x40,0x5c,0x77,0x20,0x1d,0x07,0xc8,0xd1,
+ 0x28,0x64,0xa8,0xd1,0xe9,0x7a,0x4d,0x32,0x2c,0x29,0x99,0x4b,0x21,0x4f,0xc8,0x3c,
+ 0x2e,0xcd,0x5c,0x95,0x5b,0x9b,0xde,0xc4,0x24,0xe7,0xca,0x5a,0x13,0x25,0xec,0x0a,
+ 0xae,0x4a,0xb0,0xc2,0x02,0xb9,0x80,0xa2,0x18,0x7f,0x09,0x6a,0xaa,0xaa,0x5e,0x85,
+ 0x55,0x0e,0xbd,0x32,0x57,0x99,0xf4,0xf3,0x0e,0xf2,0xea,0xd0,0x7e,0x79,0xc7,0xa4,
+ 0x75,0x66,0x7f,0x59,0x65,0xe6,0xb5,0x02,0x69,0x51,0x36,0x59,0xab,0x59,0x62,0xa3,
+ 0x91,0xc4,0x3c,0xbc,0x3a,0x3d,0xa3,0x4c,0x0f,0xdd,0x15,0x46,0xc4,0x0e,0xa7,0xe2,
+ 0xeb,0x53,0x52,0xce,0x6a,0x06,0xce,0x6a,0x63,0x85,0xca,0x0d,0xdd,0x5d,0x16,0x2c,
+ 0x13,0x78,0x36,0xdf,0x9e,0xa1,0xf8,0x9c,0xfa,0x00,0xc3,0xeb,0x16,0x71,0xa4,0x3b,
+ 0xd6,0x25,0x52,0x6f,0x3b,0x6b,0xa8,0xe4,0x8a,0x7a,0x2d,0x56,0xfb,0x4f,0x01,0xc6),
+ },
+ { /* Public Key e changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x3c,0x6c,0xd1),
+ .m = chunk_from_chars(
+ 0x08,0xd3,0xac,0x24,0xa5,0x95,0xda,0x81,0x1c,0xc9,0xbb,0xa7,0x88,0x28,0xf1,0x45,
+ 0x2f,0xf3,0x90,0xae,0x65,0x3f,0x22,0xd1,0xad,0x91,0xef,0x6b,0x22,0xaa,0x7b,0x7b,
+ 0x15,0xa4,0x4f,0xf7,0xf8,0x3e,0xfc,0xbd,0x7a,0x75,0x5e,0xcc,0xf4,0x54,0x1e,0xb4,
+ 0x04,0x0c,0x7a,0x4b,0x77,0x47,0x49,0xa2,0x6d,0xba,0x39,0x37,0xb7,0xf9,0x5c,0x6c,
+ 0x84,0x90,0xe3,0x38,0x3d,0x4f,0x29,0x1d,0xad,0xe5,0xf3,0x5a,0x65,0xb1,0xf6,0x61,
+ 0x5f,0xd4,0x99,0x8b,0xe1,0x8b,0xfd,0x0b,0xa4,0xbc,0x3a,0x21,0x36,0xce,0xec,0x90,
+ 0x9d,0xbe,0xef,0x51,0x3d,0x6f,0x66,0x89,0xfc,0x42,0x02,0xb9,0xa3,0xe7,0x81,0x34,
+ 0x87,0x73,0x74,0xd7,0x6a,0xb2,0x46,0xf4,0x9c,0xbe,0x7a,0x8f,0x65,0xd0,0x34,0xcd),
+ .s = chunk_from_chars(
+ 0x72,0xea,0x7d,0x66,0x9a,0xc6,0x99,0xa1,0x49,0xc1,0x3a,0xa1,0x68,0xeb,0x3e,0x14,
+ 0x8f,0x59,0x0b,0xbc,0x04,0x24,0x95,0x1f,0x1c,0x31,0x44,0xc5,0x41,0x91,0x55,0x73,
+ 0xec,0xf0,0x5c,0xab,0xb5,0x27,0x54,0x88,0xc9,0x8d,0x0e,0xbe,0x55,0xb1,0xf1,0xaf,
+ 0x49,0xef,0x8c,0xc7,0x2c,0xf0,0x0e,0x84,0x98,0x97,0xc6,0xaf,0xa5,0x38,0x33,0xca,
+ 0xf9,0xff,0xc0,0x0e,0xb8,0x4c,0xfe,0x55,0xb8,0x27,0x7e,0x93,0xa6,0xac,0x3e,0x04,
+ 0xb1,0x11,0xc9,0xd0,0x7a,0xd6,0x20,0x82,0xca,0x32,0x85,0x4c,0x40,0xde,0x1e,0x09,
+ 0x56,0xa1,0x8f,0x84,0x60,0x43,0x84,0x84,0x40,0x3a,0xbb,0x91,0xe6,0xfa,0xd1,0x2b,
+ 0x28,0xf1,0x14,0x15,0x7f,0x1b,0x6e,0xf5,0x63,0xd2,0xfa,0x43,0x8c,0xcb,0x8a,0x16,
+ 0xaa,0x3a,0xfe,0x6e,0xc5,0xe9,0x83,0x65,0xc3,0x0d,0x9a,0x35,0x5e,0x7e,0x14,0xb0,
+ 0x39,0xbb,0xde,0xcf,0x59,0xf9,0x12,0x48,0xd0,0xf1,0xe3,0x17,0xd2,0xe3,0xc8,0x19,
+ 0x09,0x6e,0xd6,0x8c,0xf9,0x83,0x61,0xd7,0xf9,0x31,0x0b,0x35,0x4f,0x4f,0x45,0xe2,
+ 0xf7,0xc4,0xdf,0xb8,0x2c,0x21,0x8c,0xd4,0x38,0xf3,0x17,0x4a,0x6f,0x01,0x7f,0x0f,
+ 0x14,0x8a,0x71,0xc4,0x0a,0xd5,0xb7,0xe2,0xc8,0x08,0x1d,0xdb,0xae,0xaa,0x76,0x4d,
+ 0x60,0x1b,0xb2,0xe0,0x75,0xeb,0x36,0x18,0xaa,0xba,0xa4,0xb5,0x06,0x00,0x22,0xc6,
+ 0xd2,0x3e,0xf0,0x72,0x64,0x36,0x86,0xa7,0x59,0x22,0x7d,0xae,0xf0,0x33,0x1b,0x28,
+ 0xee,0x76,0xda,0x4a,0xb3,0xb5,0xad,0x5d,0xda,0x89,0x91,0xb9,0x93,0x7d,0x1a,0x59),
+ },
+ },
+},{
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, .salt_len = 64, },
+ .n = chunk_from_chars(
+ 0xa6,0x77,0x52,0x5e,0x1a,0x69,0x54,0x6a,0x96,0xdc,0x7b,0x11,0x23,0x50,0xd5,0xe4,
+ 0x86,0x4f,0x0f,0x82,0xe9,0x99,0xa7,0x14,0xfa,0x9f,0x43,0xac,0x68,0x15,0x17,0xd3,
+ 0x97,0x59,0x10,0xc2,0xd8,0x06,0xbb,0x3e,0xe6,0xdb,0xf5,0xdb,0xa1,0xd9,0x69,0xb3,
+ 0x88,0x89,0xe1,0x13,0xc2,0xda,0x76,0xee,0xf4,0x41,0x2a,0x60,0xcb,0xd8,0x9f,0xaf,
+ 0x35,0xb2,0xbd,0xcb,0x0d,0xe3,0x6a,0x2c,0xb7,0x62,0xcd,0x8f,0x2f,0x29,0xae,0xd9,
+ 0x98,0x2a,0x9a,0xb6,0x08,0x86,0xcc,0x8f,0xbf,0xee,0x9b,0x2a,0xe0,0x9c,0x88,0x16,
+ 0x1e,0x91,0x59,0xd4,0xfc,0x83,0x3a,0xdc,0x4f,0x80,0xe4,0xbf,0x62,0x9d,0x5a,0x95,
+ 0x51,0xac,0xce,0x7a,0x39,0x38,0x63,0x0c,0x2b,0xf9,0x95,0x60,0x97,0x64,0x2e,0x3b,
+ 0xc6,0x0a,0xc6,0x52,0x20,0x17,0x84,0x1b,0x65,0xc7,0xa2,0x51,0x97,0x86,0x5e,0x69,
+ 0x77,0x53,0xb0,0x81,0x69,0x85,0x36,0x81,0x91,0x14,0x43,0xa2,0xb2,0x5f,0x1b,0x7c,
+ 0x46,0x96,0xf9,0x46,0x15,0x5b,0x26,0x64,0xb6,0x7b,0x40,0x87,0x8d,0x3b,0x45,0xc3,
+ 0xe0,0xd7,0x03,0x4d,0x5b,0x5e,0xe6,0xf5,0xba,0x8f,0xb3,0xca,0xe7,0x79,0x7e,0x85,
+ 0x78,0x99,0x02,0xcf,0x8f,0x9f,0x86,0xed,0x3e,0xf2,0x5a,0xe0,0x73,0x61,0x78,0xaa,
+ 0xe2,0x60,0xfe,0x87,0x5b,0xfe,0xf5,0xbc,0xde,0x9e,0xc0,0x5f,0x11,0xe1,0x8f,0xc7,
+ 0x37,0x5e,0xdc,0xd4,0xa5,0x53,0x36,0x18,0xe6,0xf9,0x91,0xdd,0x48,0xaa,0x30,0x62,
+ 0xe6,0x03,0x1e,0x29,0x1d,0xfc,0xdc,0x6e,0x7f,0xc1,0x4e,0xc6,0x0e,0x53,0x9f,0xcb),
+ .tests = {
+ { /* Public Key e changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0xea,0xc8,0x39),
+ .m = chunk_from_chars(
+ 0x9c,0x3d,0x5d,0x23,0xd2,0x74,0x6d,0x15,0xd6,0x16,0xbe,0xbf,0x3c,0xf7,0x20,0xc6,
+ 0xe6,0x01,0x2a,0x71,0xca,0xe2,0x20,0x02,0xf5,0x02,0x1a,0x47,0xd0,0xb8,0x63,0x6c,
+ 0xa3,0xbd,0x20,0x13,0x57,0xe1,0x32,0xa6,0x80,0xfc,0x5d,0xec,0x9b,0x28,0xa9,0xdb,
+ 0x93,0x2d,0x08,0xae,0x8b,0x3d,0x3a,0x37,0xd7,0xe2,0xee,0x75,0x4b,0x34,0x2a,0x69,
+ 0xb9,0x4f,0xec,0x26,0xb5,0x04,0x12,0x28,0x9b,0xcf,0x77,0xe6,0xd4,0x09,0x5f,0xaa,
+ 0x54,0x5f,0x15,0xa1,0x67,0x83,0xd2,0x2e,0xae,0x21,0xe1,0x84,0x64,0x15,0x01,0x74,
+ 0xe6,0xdb,0x0b,0x83,0x73,0x47,0xd4,0x40,0x30,0x76,0x55,0xd5,0x6f,0x04,0x09,0xdb,
+ 0x30,0x7f,0x97,0x73,0xe8,0x1c,0xb1,0x92,0x82,0xa9,0x3c,0x9c,0xa4,0xc3,0xb1,0x35),
+ .s = chunk_from_chars(
+ 0x98,0x65,0x7f,0xd8,0x16,0x39,0x67,0xfa,0x7d,0x26,0x3b,0xd4,0x5b,0xb8,0x90,0x03,
+ 0x5a,0xdb,0xcd,0xd1,0x64,0x5f,0xd4,0x8b,0x28,0xfe,0xbf,0xb9,0xb4,0xe1,0x51,0x72,
+ 0x54,0x0e,0x38,0xb7,0xc2,0xf6,0x73,0xc4,0x0a,0x20,0x5f,0xd4,0x0b,0x08,0xb6,0x0b,
+ 0x4b,0x81,0xed,0x6e,0x23,0x6c,0xdf,0x08,0xf0,0xd6,0xb1,0x1f,0x50,0xdc,0x74,0xc6,
+ 0x0d,0xc4,0x66,0xac,0x37,0x2e,0x0f,0x46,0x78,0x83,0xaa,0x9a,0x39,0x8f,0x4a,0xee,
+ 0xf8,0x7b,0x04,0x0e,0x14,0xa5,0x15,0x02,0xdd,0x46,0x7e,0x8e,0x8d,0xd8,0x98,0x12,
+ 0xdf,0xaf,0x6b,0x1d,0xc1,0xc2,0xf6,0xc2,0x84,0x48,0xaf,0x08,0x45,0x90,0xc0,0x5a,
+ 0xec,0x49,0x9d,0xd3,0xb1,0x48,0xe6,0x6f,0x3d,0x71,0xcf,0x75,0xe2,0x39,0xdb,0x6d,
+ 0x21,0xf4,0x07,0x4b,0x8b,0xd9,0xa6,0xbd,0xe5,0xca,0x66,0x86,0x34,0xbd,0x47,0x95,
+ 0x32,0x76,0xff,0x2d,0x0e,0xbb,0xe0,0x1a,0xfc,0xfe,0x0e,0x38,0x19,0x03,0x73,0x6d,
+ 0x6a,0x6c,0x67,0x2a,0x45,0xfb,0xa4,0xee,0x32,0x6e,0x34,0x2d,0xc5,0x92,0x51,0x69,
+ 0x51,0x7c,0x5f,0x57,0xe9,0x29,0x07,0x24,0x57,0x6a,0x22,0x5b,0xa8,0x9c,0xb4,0xdd,
+ 0x09,0x1f,0x4e,0x65,0x13,0xbe,0x10,0xdd,0x41,0x81,0x85,0x5b,0xb4,0x04,0x5d,0x6e,
+ 0xf6,0x43,0x7c,0x16,0xd3,0xb5,0x58,0x9e,0xf9,0xd6,0x83,0x66,0x82,0x71,0x1c,0x7d,
+ 0x66,0x02,0x5a,0xe3,0x7b,0x52,0x55,0x80,0xf0,0xdf,0xcf,0x3d,0xb7,0xfe,0x57,0xd7,
+ 0xc6,0xb1,0x57,0x77,0xcc,0x41,0x60,0x03,0x07,0xe5,0x8a,0x17,0x21,0xb6,0xf7,0xbc),
+ },
+ { /* Format of the EM is incorrect - hash moved to left */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x8d,0x88,0x53),
+ .m = chunk_from_chars(
+ 0x77,0x59,0x42,0x0c,0x8d,0x1a,0x39,0xba,0x0e,0x3e,0x16,0x81,0xd9,0xb7,0x57,0xfc,
+ 0xf3,0x0c,0xb4,0x0d,0x84,0x4f,0x4a,0x71,0x22,0x4f,0xf9,0x98,0x52,0x0e,0x0b,0xb4,
+ 0x4c,0x76,0x16,0x11,0xff,0x47,0x23,0xa4,0x55,0x54,0x0f,0xe6,0xb8,0xef,0x32,0xe3,
+ 0xd5,0xa2,0x3f,0x8d,0xa0,0x20,0x6b,0x57,0x98,0x7a,0xd2,0xff,0x4c,0x96,0x16,0xab,
+ 0x1e,0xde,0x49,0x38,0x47,0x35,0x0d,0xcf,0x1b,0x2f,0xf9,0xb9,0x8e,0x81,0x3f,0x74,
+ 0xf8,0xb6,0x8c,0x06,0x15,0x24,0x30,0x91,0x50,0x1f,0x7f,0x28,0x41,0x6c,0x77,0xe1,
+ 0x74,0xf8,0xa3,0x2b,0x6c,0xca,0x3e,0x62,0xe7,0x37,0x9c,0xa1,0x64,0x55,0xc6,0xd8,
+ 0xe3,0xb2,0x65,0x1e,0xec,0x45,0xe1,0x48,0xd2,0xa4,0xc9,0xba,0x39,0x78,0x76,0x7d),
+ .s = chunk_from_chars(
+ 0x91,0xce,0x8e,0x92,0x1f,0x85,0xde,0x84,0x5b,0x9b,0xf7,0x50,0x3d,0xc6,0x5a,0x32,
+ 0x82,0x24,0xd1,0x5b,0x23,0xe8,0xea,0x65,0xdc,0x3d,0xa6,0xd8,0x04,0xfb,0xef,0x19,
+ 0x6c,0x30,0x5e,0x0f,0xba,0x05,0x9a,0x7d,0x84,0x2c,0x8c,0x0f,0x58,0x08,0x60,0xcc,
+ 0xe7,0x76,0x52,0xd4,0xdc,0x77,0x90,0x73,0xd6,0xa3,0xb0,0xa9,0x2b,0xf2,0xdd,0x3e,
+ 0xc6,0xc0,0x61,0x8d,0xa1,0x48,0x50,0x36,0xfd,0x59,0x4b,0xd9,0x62,0xf7,0xb5,0xa1,
+ 0xc6,0x1d,0x53,0xf1,0x62,0x69,0x12,0xc7,0xe3,0x12,0xaa,0x83,0xeb,0x43,0x26,0x28,
+ 0x8a,0x52,0x43,0x7c,0x73,0x87,0x91,0x6b,0xcb,0x11,0x08,0x4a,0x40,0xc2,0x19,0xc8,
+ 0x4c,0xab,0x2f,0xf6,0x6e,0x83,0x14,0x3f,0x85,0x86,0x47,0xf2,0xdc,0x91,0x4d,0xa0,
+ 0xc7,0x85,0x8b,0xa3,0x9a,0xa8,0xad,0x81,0x47,0xea,0x5c,0x9c,0x52,0x06,0x9e,0xb2,
+ 0xb2,0xca,0x94,0x1d,0x8a,0x50,0x23,0x74,0x8d,0xc4,0x01,0xe7,0x66,0x45,0x00,0x84,
+ 0x6c,0x85,0xca,0xdf,0x02,0x87,0xe3,0x9b,0x8b,0x8b,0x46,0x79,0x4a,0x82,0xbf,0xff,
+ 0xa7,0x52,0x96,0x0a,0xb3,0xb9,0xea,0xa0,0x25,0x30,0xb5,0x90,0x3c,0x24,0xae,0xfa,
+ 0x10,0x8f,0x10,0xae,0xe3,0x5b,0x6a,0x8a,0x3c,0xdf,0x87,0x95,0xa1,0x82,0xe5,0xc0,
+ 0x4e,0xd3,0x6b,0xb6,0x8c,0x18,0x78,0x56,0x23,0xb4,0x2f,0x09,0x79,0xff,0xf3,0x19,
+ 0x11,0x2e,0x15,0x14,0xce,0xe5,0x1d,0xb4,0x37,0xee,0x32,0x28,0x9f,0x61,0xde,0xd6,
+ 0x11,0x86,0xc6,0xed,0x44,0xad,0x72,0x2d,0x18,0xd5,0x56,0x82,0x1f,0x88,0x82,0x21),
+ },
+ { /* Message changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x8d,0x88,0x53),
+ .m = chunk_from_chars(
+ 0x86,0x4f,0x4f,0x58,0x90,0xa0,0x36,0x53,0xd0,0x8d,0xaa,0x83,0xd9,0xe2,0x99,0x2f,
+ 0xab,0x33,0x93,0xb7,0xee,0x15,0x2d,0x6f,0x7b,0x8e,0xa3,0xad,0x1e,0xc9,0xc1,0x21,
+ 0x9a,0x0e,0x03,0x65,0xee,0xf2,0xfb,0xd5,0xd7,0xcb,0xf3,0xa1,0x96,0x67,0xd4,0x21,
+ 0xf3,0xfe,0x46,0x68,0x82,0x64,0x19,0x1b,0x25,0x83,0xe4,0x84,0xd2,0x09,0xeb,0xe2,
+ 0x97,0x5e,0x46,0x03,0xdb,0xd9,0x40,0x15,0xe6,0x33,0xfe,0xba,0xa4,0x3c,0x61,0x5a,
+ 0xa5,0xcc,0x2c,0xbd,0x69,0xfd,0x6a,0xd9,0xdb,0x97,0x0a,0xe8,0x1b,0xcc,0xcd,0xbe,
+ 0x80,0x26,0x62,0x5a,0xde,0xbd,0xcf,0xbb,0x04,0xad,0x12,0xf5,0x89,0xc7,0x08,0x83,
+ 0xc9,0x87,0x8f,0xdf,0x2a,0x46,0xe7,0x50,0xa4,0xb1,0x5f,0x03,0x80,0x7a,0x2d,0x5e),
+ .s = chunk_from_chars(
+ 0x24,0x5f,0xda,0x2e,0x66,0xd2,0xba,0xb1,0x02,0xd0,0xda,0x40,0x98,0xd7,0x51,0x65,
+ 0x0f,0x5e,0xf4,0x73,0x8d,0x14,0xda,0xbe,0x86,0x6c,0x78,0x20,0x09,0xea,0xd9,0xd6,
+ 0xd0,0x5d,0x43,0xac,0x0a,0x30,0x14,0xa3,0x82,0xd6,0x2a,0xc9,0x71,0xee,0x19,0x79,
+ 0x8f,0x3b,0x8e,0xf4,0x9f,0x9b,0xc2,0x47,0xfa,0x07,0xb3,0x68,0xac,0x2d,0x0e,0x8a,
+ 0x4f,0xb2,0x10,0xaf,0x5a,0xcd,0x87,0xb6,0xb5,0x12,0xe1,0x35,0x86,0x1b,0x30,0x10,
+ 0x34,0x03,0x30,0x47,0x32,0xa1,0x0b,0x75,0xc9,0xa1,0x49,0x55,0x2d,0x1c,0xcf,0x0f,
+ 0x99,0x12,0x96,0x8c,0x64,0x31,0x39,0x8b,0x7d,0x48,0xdf,0xf4,0x8c,0xc7,0xcb,0x71,
+ 0x84,0xe7,0x6a,0x0a,0xb9,0x4a,0xc9,0xa6,0xb0,0x03,0x5b,0x91,0xb3,0xee,0xb2,0xd1,
+ 0x32,0x6e,0xbd,0xdf,0xc1,0x32,0x50,0x22,0x45,0x38,0xc1,0x43,0xfc,0x0d,0xfa,0x39,
+ 0x95,0x92,0x64,0x15,0xa6,0x58,0xdb,0x8e,0x66,0x91,0x50,0x40,0x50,0xa1,0xa3,0x0e,
+ 0x34,0xb2,0x1a,0xf8,0xd1,0x27,0x07,0xbc,0x44,0x54,0xf1,0x74,0x38,0x5c,0xd8,0x4c,
+ 0x72,0x9e,0x2d,0xdf,0xc5,0xcc,0x91,0x78,0x81,0x20,0x59,0xb5,0xda,0x4a,0x1a,0x60,
+ 0x5a,0x2a,0x81,0x64,0x2c,0xcc,0x1b,0xc5,0xcf,0x95,0x39,0x65,0xf7,0x05,0x67,0x3b,
+ 0x12,0xc5,0xb4,0x6a,0xc8,0xc1,0xa0,0x3c,0x10,0x01,0xae,0x4d,0xf1,0xc3,0x9c,0xc8,
+ 0x3c,0xb5,0x4b,0x10,0xcb,0x7d,0x33,0xcd,0x51,0x08,0x03,0x3c,0x26,0x8c,0xee,0xeb,
+ 0xba,0x6c,0x6a,0xda,0x92,0x88,0x2f,0x46,0x56,0x2d,0xc6,0x58,0xd3,0x52,0x55,0x74),
+ },
+ { /* Signature changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x8d,0x88,0x53),
+ .m = chunk_from_chars(
+ 0x71,0xab,0xf8,0x95,0xe5,0x6b,0xa8,0xf6,0xae,0x8d,0x0e,0x9e,0x66,0x90,0xc0,0x9c,
+ 0x75,0x92,0x70,0xa7,0x3d,0xb8,0xc1,0xaa,0x95,0xd0,0x59,0x80,0x79,0x35,0x37,0xfb,
+ 0xff,0xf3,0x47,0x2c,0x8d,0x2c,0x34,0xde,0x4a,0xbb,0x7e,0x64,0xd2,0x16,0xcc,0x95,
+ 0x2e,0x79,0x83,0x14,0x03,0x41,0x97,0xd5,0x09,0x96,0xa2,0xdc,0xbf,0x4c,0x33,0x48,
+ 0x5e,0x0b,0x68,0x91,0x0b,0xae,0xbf,0x0e,0x50,0xea,0x29,0xba,0xcd,0x30,0x60,0x37,
+ 0x2b,0xd4,0x7b,0x13,0x52,0x6e,0xc0,0x4b,0xdc,0x81,0xb9,0x0d,0xc9,0x5a,0x8a,0xc2,
+ 0x74,0x3b,0x81,0x4c,0xc5,0xb9,0xef,0x8c,0xa9,0x63,0x36,0x28,0xbf,0xa4,0x24,0x8b,
+ 0x55,0xeb,0x7f,0x2d,0x92,0x08,0xe1,0x14,0xf4,0xda,0xc6,0x9b,0xfe,0x27,0xe4,0x72),
+ .s = chunk_from_chars(
+ 0x24,0x3c,0x57,0x0c,0xd1,0xbd,0x85,0x52,0x2e,0x64,0x81,0x73,0x61,0xcb,0xb9,0x49,
+ 0xc8,0x38,0x76,0xd7,0xa3,0x60,0x95,0x13,0xae,0xbf,0x50,0x6f,0xc0,0x67,0x50,0xba,
+ 0x38,0xe8,0x20,0x23,0x2c,0x98,0xac,0xbe,0x00,0xff,0xa5,0x0b,0x36,0xc5,0x38,0x56,
+ 0x00,0x69,0xfd,0x13,0x99,0x2c,0xa0,0xdf,0x7d,0x9f,0x6d,0x95,0x6b,0x88,0x33,0x34,
+ 0xf1,0xc3,0xaf,0x8a,0x74,0xad,0xee,0xd5,0xbe,0x15,0xb0,0x33,0xd8,0x5b,0x20,0x7b,
+ 0xe2,0xfe,0x60,0x0a,0x99,0x02,0xd6,0x99,0xcc,0xef,0x1f,0x4a,0x8d,0x58,0x86,0x72,
+ 0xc4,0x46,0x40,0x1e,0xb3,0x90,0xd1,0x74,0xd5,0x72,0xb9,0x18,0xf9,0xb3,0x49,0xe2,
+ 0xe7,0x04,0x77,0x53,0x00,0x02,0x38,0x50,0xa5,0x34,0xcd,0x14,0xe0,0x04,0x6e,0x38,
+ 0x51,0x81,0xd3,0x45,0xa0,0x1d,0xbd,0x23,0x0c,0x79,0x65,0xff,0xfd,0x71,0xd4,0xe9,
+ 0xf9,0xbd,0x27,0x4d,0x2e,0xf4,0x6c,0x55,0x6c,0x73,0x32,0x12,0x13,0x62,0xe7,0x17,
+ 0x06,0xc3,0x9f,0x08,0x91,0x9e,0xfa,0x3a,0x4f,0x2f,0x14,0x21,0x50,0xc8,0xce,0xf4,
+ 0xb3,0x0e,0xf7,0x88,0xf6,0xff,0xfc,0x2e,0xd2,0xac,0xa0,0x26,0x2e,0xba,0x87,0x3a,
+ 0x25,0x17,0x95,0x84,0x5d,0xa5,0x26,0xb7,0x8e,0x2b,0x24,0xd6,0x6f,0x21,0xd4,0x0d,
+ 0x5f,0xcb,0xe5,0x54,0x2a,0x75,0x53,0xa9,0x17,0x8b,0xe5,0xa9,0x80,0x5b,0xb5,0x35,
+ 0x79,0xbd,0x10,0x8c,0xff,0x73,0x3b,0x37,0x64,0x07,0x89,0x31,0x8d,0xb6,0x20,0xa6,
+ 0xa9,0x44,0x44,0xe9,0x20,0x39,0x23,0xae,0x32,0x55,0x00,0xb6,0x76,0xb1,0x47,0x98),
+ },
+ { /* Format of the EM is incorrect - 00 on end of pad removed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x8d,0x88,0x53),
+ .m = chunk_from_chars(
+ 0x4b,0x64,0x8d,0xe2,0xe3,0x90,0x67,0x7c,0xe1,0x72,0x71,0x91,0x49,0x8b,0x76,0xd2,
+ 0xd2,0x43,0x8d,0x0c,0xed,0xdf,0x3d,0xb5,0x02,0xad,0xe5,0xc5,0xfd,0x81,0x5b,0xc7,
+ 0x09,0x65,0xd4,0x2f,0x9b,0x8d,0x04,0xee,0xb3,0x89,0x86,0x44,0x5f,0xbe,0x7d,0xd5,
+ 0x80,0x17,0x7c,0x00,0xd0,0xf8,0xa3,0x6c,0x24,0x74,0x0b,0xe3,0xef,0xbf,0x65,0x64,
+ 0x08,0xe6,0xdd,0x73,0xad,0xbd,0x45,0xb4,0xc7,0x19,0x6f,0xb8,0x6f,0x40,0xda,0x17,
+ 0xb2,0x9e,0x91,0xbf,0x91,0xba,0x51,0x8b,0x4c,0x68,0xea,0x18,0xe1,0x3f,0xe7,0xd4,
+ 0xcf,0x4d,0x71,0x57,0x1f,0x0a,0x71,0xf7,0xa5,0x8b,0xf5,0x96,0x84,0xf8,0xd5,0xbf,
+ 0xf0,0x40,0x96,0xf2,0x38,0x0b,0x8e,0x3b,0x03,0xf1,0x49,0x09,0xd9,0xe9,0x2c,0x3e),
+ .s = chunk_from_chars(
+ 0x27,0x7f,0xe8,0x1a,0x15,0x40,0x34,0x1c,0x9c,0x04,0xfb,0x5d,0x3c,0x8f,0x70,0xc1,
+ 0xe7,0x2f,0x87,0xfa,0x7d,0x04,0xb9,0x3e,0xe5,0x4d,0x56,0xd1,0x18,0x4c,0x14,0x1e,
+ 0xc4,0xe1,0x25,0xe2,0xe5,0xcf,0xd0,0xac,0xff,0x10,0x55,0xc7,0x66,0x97,0xa1,0xc3,
+ 0x07,0x9c,0x37,0x1c,0xce,0x0b,0xd8,0x4e,0xe4,0x43,0x7b,0xfa,0x18,0x06,0xaa,0x76,
+ 0xdf,0x29,0x55,0x93,0x53,0x31,0x91,0x5f,0xff,0x87,0x9d,0x87,0xc7,0x37,0x2e,0x75,
+ 0xe5,0xe8,0xfe,0xcc,0x90,0x6f,0x9d,0x34,0xa5,0xad,0xc0,0xb7,0x54,0x09,0xa8,0x7f,
+ 0xb6,0x41,0x1e,0x29,0x90,0xcd,0x23,0x7a,0xc8,0x22,0x3f,0x72,0x23,0x44,0x4f,0x5d,
+ 0x52,0x7a,0x11,0x5c,0x85,0xb9,0xba,0x10,0x28,0x7f,0x3e,0x82,0x5e,0x1d,0xc5,0x8e,
+ 0xb3,0x7c,0x8a,0x9c,0xa0,0x55,0x15,0x5f,0xf6,0xa5,0xaa,0xa6,0x56,0x56,0x90,0xdc,
+ 0xee,0xf6,0xf6,0x47,0x72,0x9d,0x07,0x1c,0xdd,0x9f,0x06,0x88,0xc7,0xfe,0xe8,0xf9,
+ 0x29,0x3a,0xbe,0x65,0x8d,0x0e,0x1e,0xf8,0x55,0xc8,0x6a,0x28,0xd8,0xd0,0xf8,0xf8,
+ 0x2f,0x72,0x17,0x31,0x86,0x35,0x30,0x80,0xb8,0x4f,0x14,0x2f,0x96,0x59,0x07,0x37,
+ 0x71,0x78,0xfc,0x1e,0xa0,0x08,0x19,0xd8,0x1a,0xfc,0x24,0x74,0xbe,0xcf,0x79,0xe1,
+ 0xe3,0xb7,0x0c,0x7c,0x2a,0x84,0x07,0xd5,0x07,0x95,0xc3,0x13,0x1b,0xb6,0xdf,0x78,
+ 0x72,0x0c,0x31,0xb2,0xf8,0xc4,0x3f,0x70,0x54,0x64,0xd8,0x98,0x20,0x43,0xc4,0x5f,
+ 0x04,0xe3,0x39,0xaa,0x1c,0x6f,0x4e,0x26,0xaa,0x70,0x92,0xb3,0xe6,0x26,0x12,0x99),
+ },
+ {
+ .exp = TRUE,
+ .e = chunk_from_chars(0x8d,0x88,0x53),
+ .m = chunk_from_chars(
+ 0x78,0x11,0xa4,0x07,0xfe,0x65,0x3a,0xd2,0x34,0x3d,0x83,0xc0,0x49,0x9f,0xc1,0x1e,
+ 0x29,0x51,0xef,0x0a,0x47,0x91,0xa3,0xcd,0x9a,0x06,0x39,0x6b,0xe5,0xf7,0x2e,0x78,
+ 0x3c,0xbb,0xca,0x2c,0xc4,0x70,0x02,0xba,0xba,0xf0,0x9c,0xde,0xb7,0x01,0x94,0xb5,
+ 0x32,0xcc,0xbf,0xd2,0x46,0x91,0xae,0x8e,0xb5,0x98,0xd5,0x9f,0x2e,0x6b,0xec,0xed,
+ 0xcb,0x42,0x96,0xa1,0xde,0xbf,0x41,0x7e,0xed,0xdb,0x4d,0x74,0xfb,0x21,0x70,0x72,
+ 0x09,0x1a,0x59,0x7d,0xdd,0x08,0x93,0xff,0x02,0xd6,0xad,0x61,0x10,0x50,0x98,0xdb,
+ 0x2e,0x90,0x50,0x8b,0xd4,0xb8,0xbe,0xc5,0xd6,0xe7,0xde,0xab,0x9e,0x65,0x1d,0xfd,
+ 0xb8,0x21,0x05,0x32,0x95,0x5e,0x1b,0xc7,0x88,0xa9,0x08,0xd7,0x15,0x0e,0xf8,0xec),
+ .s = chunk_from_chars(
+ 0x3a,0xd1,0xf0,0xfa,0xa9,0xa3,0x65,0x86,0x15,0x4a,0x38,0x2a,0x1f,0x2c,0x10,0xe8,
+ 0x19,0xdc,0x31,0x8a,0x68,0xbe,0x35,0xf5,0x4f,0x95,0x40,0x1b,0x0e,0xf2,0xba,0x5c,
+ 0xc8,0x95,0xf0,0xd6,0xbd,0xe2,0x8c,0x8d,0x3b,0x36,0x4f,0x60,0xde,0x03,0xce,0x75,
+ 0xa7,0xaf,0x29,0xe5,0x80,0x7c,0x1e,0xec,0x4c,0xd7,0x06,0x24,0x75,0x6e,0x26,0x31,
+ 0xeb,0x46,0xaf,0x01,0x0c,0xa8,0xcf,0x93,0xee,0x7d,0x86,0xa4,0xaf,0x3c,0xed,0x5d,
+ 0xd2,0xa8,0xa4,0x1c,0x1f,0xee,0xe6,0xb4,0x57,0x20,0x70,0x87,0x39,0x39,0xae,0x7a,
+ 0x2c,0xe7,0x51,0x93,0x94,0x59,0x37,0x46,0x1d,0x00,0x64,0xee,0xba,0x07,0x76,0x0c,
+ 0x49,0x5c,0x5c,0x70,0xbd,0xb0,0x4d,0x89,0x95,0x1d,0xe3,0xf9,0x65,0x25,0xf8,0xe4,
+ 0x46,0x12,0x49,0x3d,0x49,0x07,0x31,0xe7,0xef,0x76,0x79,0xa2,0x4b,0x0b,0x1e,0x2b,
+ 0x24,0xc8,0x00,0x3c,0x2f,0x94,0x11,0x4e,0x41,0x93,0xd6,0xe5,0x4c,0x0a,0xf9,0xe8,
+ 0x70,0x53,0x0b,0x00,0x85,0x30,0x21,0x0a,0xc0,0xb0,0xe4,0xc7,0xc7,0x9f,0x37,0x93,
+ 0x84,0xe1,0xbb,0x31,0x9b,0x5f,0x2a,0x0b,0x62,0x25,0x17,0xae,0x5d,0x27,0xf0,0xea,
+ 0xaf,0x79,0x58,0xcb,0x0b,0x41,0x84,0x91,0x26,0x07,0x50,0x92,0xe8,0x6e,0x7e,0x7b,
+ 0xe5,0xee,0xac,0xef,0x9a,0x8e,0x3e,0xc5,0x95,0x43,0x2e,0xf6,0x19,0x85,0x8f,0xe0,
+ 0xd0,0x51,0x78,0x71,0xb8,0xb4,0x95,0xc0,0x1a,0xf6,0xf1,0x8d,0x4e,0x6d,0x25,0x0d,
+ 0xbd,0x19,0x28,0x0e,0xf4,0xf8,0xa3,0x7d,0x1b,0x59,0xa4,0x8f,0xa4,0x1b,0x83,0x1d),
+ },
+ },
+},
+{
+ .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, },
+ .n = chunk_from_chars(
+ 0xce,0x49,0x24,0xff,0x47,0x0f,0xb9,0x9d,0x17,0xf6,0x65,0x95,0x56,0x1a,0x74,0xde,
+ 0xd2,0x20,0x92,0xd1,0xdc,0x27,0x12,0x2a,0xe1,0x5c,0xa8,0xca,0xc4,0xbf,0xae,0x11,
+ 0xda,0xa9,0xe3,0x7a,0x94,0x14,0x30,0xdd,0x1b,0x81,0xaa,0xf4,0x72,0xf3,0x20,0x83,
+ 0x5e,0xe2,0xfe,0x74,0x4c,0x83,0xf1,0x32,0x08,0x82,0xa8,0xa0,0x23,0x16,0xce,0xb3,
+ 0x75,0xf5,0xc4,0x90,0x92,0x32,0xbb,0x2c,0x65,0x20,0xb2,0x49,0xc8,0x8b,0xe4,0xf4,
+ 0x7b,0x8b,0x86,0xfd,0xd9,0x36,0x78,0xc6,0x9e,0x64,0xf5,0x00,0x89,0xe9,0x07,0xa5,
+ 0x50,0x4f,0xdd,0x43,0xf0,0xca,0xd2,0x4a,0xaa,0x9e,0x31,0x7e,0xf2,0xec,0xad,0xe3,
+ 0xb5,0xc1,0xfd,0x31,0xf3,0xc3,0x27,0xd7,0x0a,0x0e,0x2d,0x48,0x67,0xe6,0xfe,0x3f,
+ 0x26,0x27,0x2e,0x8b,0x6a,0x3c,0xce,0x17,0x84,0x3e,0x35,0x9b,0x82,0xeb,0x7a,0x4c,
+ 0xad,0x8c,0x42,0x46,0x01,0x79,0xcb,0x6c,0x07,0xfa,0x25,0x2e,0xfa,0xec,0x42,0x8f,
+ 0xd5,0xca,0xe5,0x20,0x8b,0x29,0x8b,0x25,0x51,0x09,0x02,0x6e,0x21,0x27,0x24,0x24,
+ 0xec,0x0c,0x52,0xe1,0xe5,0xf7,0x2c,0x5a,0xb0,0x6f,0x5d,0x2a,0x05,0xe7,0x7c,0x19,
+ 0x3b,0x64,0x7e,0xc9,0x48,0xbb,0x84,0x4e,0x0c,0x2e,0xf1,0x30,0x7f,0x53,0xcb,0x80,
+ 0x0d,0x4f,0x55,0x52,0x3d,0x86,0x03,0x8b,0xb9,0xe2,0x10,0x99,0xa8,0x61,0xb6,0xb9,
+ 0xbc,0xc9,0x69,0xe5,0xdd,0xdb,0xdf,0x71,0x71,0xb3,0x7d,0x61,0x63,0x81,0xb7,0x8c,
+ 0x3b,0x22,0xef,0x66,0x51,0x0b,0x27,0x65,0xd9,0x61,0x75,0x56,0xb1,0x75,0x59,0x98,
+ 0x79,0xd8,0x55,0x81,0x00,0xad,0x90,0xb8,0x30,0xe8,0x7a,0xd4,0x60,0xa2,0x21,0x08,
+ 0xba,0xa5,0xed,0x0f,0x2b,0xa9,0xdf,0xc0,0x51,0x67,0xf8,0xab,0x61,0xfc,0x9f,0x8a,
+ 0xe0,0x16,0x03,0xf9,0xdd,0x5e,0x66,0xce,0x1e,0x64,0x2b,0x60,0x4b,0xca,0x92,0x94,
+ 0xb5,0x7f,0xb7,0xc0,0xd8,0x3f,0x05,0x4b,0xac,0xf4,0x45,0x4c,0x29,0x8a,0x27,0x2c,
+ 0x44,0xbc,0x71,0x8f,0x54,0x60,0x5b,0x91,0xe0,0xbf,0xaf,0xd7,0x72,0xae,0xba,0xf3,
+ 0x82,0x88,0x46,0xc9,0x30,0x18,0xf9,0x8e,0x31,0x57,0x08,0xd5,0x0b,0xe8,0x40,0x1e,
+ 0xb9,0xa8,0x77,0x8d,0xcb,0xd0,0xd6,0xdb,0x93,0x70,0x86,0x04,0x11,0xb0,0x04,0xcd,
+ 0x37,0xfb,0xb8,0xb5,0xdf,0x87,0xed,0xee,0x7a,0xae,0x94,0x9f,0xff,0x34,0x60,0x7b),
+ .tests = {
+ { /* Public Key e changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0xfe,0x30,0x79),
+ .m = chunk_from_chars(
+ 0xe4,0x9f,0x58,0x5e,0xec,0xcf,0x2b,0xf7,0x26,0x56,0x41,0xfb,0x8c,0x0f,0x94,0xc7,
+ 0x17,0xe2,0xff,0x1d,0x90,0x45,0xae,0xca,0xa3,0x02,0xd2,0x85,0x35,0x3b,0x99,0x1b,
+ 0xf7,0xac,0x5d,0xc9,0x3b,0x31,0x1c,0xe9,0x07,0x88,0x28,0xd2,0x68,0x57,0x1f,0xf9,
+ 0x09,0x71,0x1e,0x5c,0x04,0x55,0x32,0x20,0xf8,0xf8,0x0f,0x78,0x5c,0xc4,0x05,0xca,
+ 0x13,0xe0,0x2f,0x0d,0x40,0xb2,0xee,0x76,0x5b,0xa2,0x95,0x53,0x85,0x21,0x66,0x37,
+ 0x18,0xea,0xbe,0x57,0x83,0x88,0x8c,0x34,0x55,0x19,0x07,0x7a,0x97,0x51,0xa1,0x28,
+ 0x5f,0xc2,0x36,0xf2,0xa2,0x5a,0x8a,0xe4,0x4a,0x2d,0xf2,0x47,0x88,0x74,0x51,0xc8,
+ 0x6c,0xd6,0x46,0xd7,0xb3,0xe7,0xa4,0x4e,0xe0,0xef,0x23,0x53,0x8e,0xec,0x55,0x7f),
+ .s = chunk_from_chars(
+ 0x4e,0x85,0xf6,0x8a,0x5b,0x06,0xb0,0x6a,0x17,0xd0,0xf3,0xf2,0x7b,0x3a,0x5a,0x11,
+ 0x9e,0x7d,0xb0,0x2a,0xbc,0x2d,0x9b,0x4a,0xfc,0x69,0x82,0x20,0xda,0x11,0x52,0x4a,
+ 0x88,0x5f,0x33,0xcd,0x7a,0x10,0xae,0x89,0xc9,0x8b,0x02,0x7b,0x69,0x22,0x4a,0xce,
+ 0xf4,0x71,0x3a,0x14,0x63,0xf1,0x68,0xc8,0xbe,0xf5,0x51,0xef,0x8f,0xed,0xb2,0x19,
+ 0xb6,0xad,0x0b,0x3e,0x99,0xd6,0x21,0x66,0x43,0xe5,0x8a,0x51,0xbb,0x2a,0xe9,0x3b,
+ 0xbe,0xf7,0x69,0x61,0x49,0x14,0xea,0xb1,0x37,0xc1,0x99,0x3b,0x14,0x91,0x71,0xb8,
+ 0x63,0x3f,0x4a,0x31,0x8f,0x69,0x77,0x29,0x96,0xef,0x7d,0xc3,0xf7,0x74,0x8f,0x37,
+ 0x56,0xd5,0x8e,0xcd,0xc3,0x93,0x76,0x32,0x71,0x7f,0xb4,0x0c,0xb7,0xed,0x6e,0x5c,
+ 0x72,0xe1,0x72,0xac,0x58,0xec,0x01,0xf4,0xe3,0x2f,0xff,0xc4,0x45,0xb6,0x0f,0x98,
+ 0xa6,0x28,0xfc,0x1b,0x0f,0xa4,0xcf,0xb6,0x68,0x6d,0xeb,0x12,0x59,0x50,0xb8,0x62,
+ 0xf3,0x47,0xe9,0xeb,0x81,0x20,0xfb,0x2b,0x5a,0xa2,0x3d,0x6d,0x86,0xea,0xf1,0xed,
+ 0xeb,0xeb,0x13,0x37,0x93,0x54,0x1c,0x4d,0xbe,0xa0,0xf1,0x4a,0x9f,0x74,0x73,0x3d,
+ 0xa4,0xed,0x11,0xd1,0x27,0x4d,0x46,0x4e,0x09,0xa5,0x78,0x08,0x43,0xd6,0x75,0x0b,
+ 0xac,0xe0,0xe9,0x70,0x29,0x30,0x82,0x87,0xdd,0x39,0x6e,0xfa,0x0f,0x32,0x62,0x81,
+ 0x71,0xfc,0x5e,0xc2,0x0d,0x3c,0x82,0x61,0x9b,0x78,0x4e,0x4c,0xdb,0x66,0xcb,0xdb,
+ 0x28,0xcd,0xd2,0x63,0xa4,0x6a,0x3e,0xc6,0x3e,0x1c,0xad,0x76,0x59,0xdc,0x3b,0x33,
+ 0x80,0x14,0x32,0xd2,0xb5,0xb5,0xe1,0x0a,0x77,0x00,0x83,0xb9,0x33,0xa8,0x05,0xa9,
+ 0xc7,0x6c,0xc2,0x6c,0x91,0x2f,0x95,0x2c,0xec,0x5f,0xd8,0x41,0x3a,0x8c,0x1a,0xda,
+ 0xee,0x80,0x14,0x9f,0xa1,0x98,0x55,0x31,0x50,0x75,0x82,0x52,0x92,0xdb,0x24,0xde,
+ 0x32,0x5f,0xa6,0xbf,0x3b,0x4c,0x06,0x65,0x2f,0xc8,0x32,0x0d,0xef,0x42,0x36,0xc0,
+ 0x88,0xdd,0x5a,0xe4,0x33,0x15,0xe0,0x36,0x72,0xfb,0x99,0x9c,0x35,0x4e,0xf6,0x1a,
+ 0xc3,0x80,0xb1,0xb1,0xc9,0x6d,0x71,0x1f,0xc7,0x77,0xe3,0x45,0xcc,0xb9,0x45,0x36,
+ 0x35,0x5a,0x32,0x14,0x66,0xee,0xdc,0xf2,0x35,0x5d,0xd5,0x1f,0x68,0x80,0x23,0xd6,
+ 0xb5,0x99,0x39,0x0f,0x3a,0xff,0x62,0x01,0x36,0x9d,0x81,0x03,0xaf,0x92,0x6c,0x83),
+ },
+ { /* Message changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x73,0xb1,0x93),
+ .m = chunk_from_chars(
+ 0x46,0x21,0xb1,0x7c,0xd9,0xf5,0xb6,0x23,0xfe,0x73,0xb5,0xfe,0x28,0x0c,0xe9,0xac,
+ 0x84,0x08,0x05,0x60,0x8a,0xcd,0x6e,0x41,0xd5,0x5e,0xa7,0x11,0x32,0x22,0x0c,0x0d,
+ 0xf7,0xe7,0xc4,0x15,0x96,0x26,0xf1,0x0d,0x71,0x88,0x29,0x83,0xf0,0xaa,0x2a,0x92,
+ 0xd1,0x1d,0xc9,0x06,0xc0,0xb2,0x2c,0xc0,0x28,0xf4,0x39,0x5d,0x48,0xf5,0x4e,0x12,
+ 0x89,0x4e,0x33,0xda,0x0f,0x61,0x4d,0xd4,0x8e,0xe1,0x14,0xe6,0x5f,0x95,0xc7,0xa7,
+ 0xd3,0x58,0x5e,0x7c,0xc7,0x65,0xc0,0x01,0x78,0xd1,0x36,0xaa,0x99,0x59,0x1f,0xaa,
+ 0xa3,0x5e,0xe6,0x13,0x6d,0x2e,0x32,0x3f,0xfc,0x85,0x5c,0x70,0x9c,0x54,0x26,0xb3,
+ 0x2f,0xc0,0xaa,0x0a,0xc6,0x6e,0x90,0xc9,0x6e,0xfe,0x84,0x41,0x4d,0xd5,0xe7,0x9c),
+ .s = chunk_from_chars(
+ 0xb6,0x0a,0x4d,0xd6,0x29,0xd6,0x03,0x0f,0xe6,0x52,0x2f,0x6b,0x75,0x4f,0x0e,0x75,
+ 0x1d,0xe4,0xb2,0x55,0x2c,0x60,0x7e,0xfc,0xcb,0x2f,0x90,0xda,0x91,0x78,0x75,0x83,
+ 0xb6,0xfc,0x51,0xbc,0xb6,0x0a,0xb2,0x19,0x38,0xa4,0x8c,0xa6,0xab,0x3e,0xf8,0xab,
+ 0x75,0xb5,0x6a,0xbb,0x9d,0xf1,0xfa,0xa4,0xdb,0xd8,0x4b,0x41,0x20,0x66,0xf3,0xf9,
+ 0x2b,0xff,0x77,0x8a,0x89,0xf7,0xdf,0x4f,0x55,0x31,0x7c,0xbc,0x40,0xa7,0x80,0xfb,
+ 0x87,0xf0,0xc8,0x44,0xc2,0xd6,0x4e,0x23,0x24,0x74,0xa3,0xe9,0x31,0xc1,0x68,0xb3,
+ 0x30,0x86,0x65,0x79,0x68,0x5c,0x51,0xa5,0x93,0x7a,0x2e,0x80,0xea,0x2c,0x6e,0xd0,
+ 0x0f,0xe1,0x23,0xf1,0x4b,0xbe,0xf5,0x5c,0x97,0x74,0xbd,0x62,0x0e,0x1e,0x82,0x1e,
+ 0x01,0x28,0xcf,0x49,0xda,0xb6,0xf8,0x85,0x3c,0x08,0x80,0x1c,0x8a,0x00,0x91,0x9a,
+ 0x6c,0x01,0x3c,0x3a,0x83,0xf9,0x99,0xc6,0x6a,0x5c,0xb4,0x9c,0x91,0x86,0x5d,0xf6,
+ 0x0d,0xb8,0xbe,0x81,0x3b,0xc3,0xd8,0xb3,0x5d,0x85,0xd7,0x9c,0xf0,0x1a,0xbe,0xd2,
+ 0xf6,0x0f,0x60,0xed,0xc9,0x71,0x53,0x78,0x0c,0x0c,0x12,0xfe,0x45,0xe5,0xe4,0x87,
+ 0xfd,0x95,0x93,0x93,0x07,0x9d,0xbe,0xe5,0xaf,0x46,0xc0,0xa7,0xc4,0x21,0x4f,0xab,
+ 0x75,0xc5,0xb5,0xdd,0xd6,0xf0,0x28,0x86,0x69,0xe0,0xa9,0xbe,0x33,0xf4,0xb5,0x78,
+ 0x25,0x24,0xe8,0x38,0x31,0x5c,0xc0,0x31,0xd9,0x7b,0xeb,0x15,0x96,0x02,0x6f,0x12,
+ 0x9a,0x21,0xe9,0x61,0xdd,0xe6,0xbc,0x34,0xc4,0x92,0xf3,0x02,0x6a,0xf7,0xf5,0x03,
+ 0xb8,0xff,0x87,0xb7,0x77,0x56,0x19,0xf8,0xd1,0xe1,0x7f,0x97,0x2c,0x85,0x94,0x0a,
+ 0xff,0xbb,0x64,0xd3,0x31,0x0f,0xb9,0xf7,0x4d,0x9d,0x16,0xae,0xb0,0x77,0xb8,0xb9,
+ 0x97,0xb1,0x80,0x20,0xeb,0x99,0x2a,0xb6,0x13,0x22,0x84,0x7f,0xe6,0xcb,0x62,0xf7,
+ 0x3d,0x0a,0xbd,0x81,0x63,0x3a,0xc5,0xc5,0xbe,0x65,0x19,0xdd,0xbc,0x93,0x34,0xbb,
+ 0x56,0x44,0x9b,0xdf,0x96,0x93,0x0d,0x65,0xd8,0x06,0x1d,0xb8,0x91,0x1d,0x4e,0xd6,
+ 0xa5,0x9a,0xe8,0xd2,0x27,0x6d,0x04,0x59,0x6a,0x38,0x8e,0x75,0x2c,0xf9,0x9c,0xbd,
+ 0x39,0x5b,0x83,0x7e,0x7c,0x5a,0xee,0x27,0x8a,0x7c,0x4b,0x43,0xc7,0x8d,0x3d,0x74,
+ 0xc8,0x8f,0x49,0xcb,0xc8,0xd8,0x16,0xf5,0x3c,0xca,0x15,0x69,0x27,0xfb,0x92,0xd4),
+ },
+ {
+ .exp = TRUE,
+ .e = chunk_from_chars(0x73,0xb1,0x93),
+ .m = chunk_from_chars(
+ 0x08,0x97,0xd4,0x0e,0x7c,0x0f,0x2d,0xfc,0x07,0xb0,0xc7,0xfd,0xda,0xf5,0xfd,0x8f,
+ 0xcc,0x6a,0xf9,0xc1,0xfd,0xc1,0x7b,0xeb,0xb9,0x23,0xd5,0x9c,0x9f,0xc4,0x3b,0xd4,
+ 0x02,0xba,0x39,0x73,0x8f,0x0f,0x85,0xf2,0x30,0x15,0xf7,0x51,0x31,0xf9,0xd6,0x50,
+ 0xa2,0x9b,0x55,0xe2,0xfc,0x9d,0x5d,0xdf,0x07,0xbb,0x8d,0xf9,0xfa,0x5a,0x80,0xf1,
+ 0xe4,0x63,0x4e,0x0b,0x4c,0x51,0x55,0xbf,0x14,0x89,0x39,0xb1,0xa4,0xea,0x29,0xe3,
+ 0x44,0xa6,0x64,0x29,0xc8,0x50,0xfc,0xde,0x73,0x36,0xda,0xd6,0x16,0xf0,0x03,0x93,
+ 0x78,0x39,0x1a,0xbc,0xfa,0xfe,0x25,0xca,0x7b,0xb5,0x94,0x05,0x7a,0xf0,0x7f,0xaf,
+ 0x7a,0x32,0x2f,0x7f,0xab,0x01,0xe0,0x51,0xc6,0x3c,0xc5,0x1b,0x39,0xaf,0x4d,0x23),
+ .s = chunk_from_chars(
+ 0x8e,0xbe,0xd0,0x02,0xd4,0xf5,0x4d,0xe5,0x89,0x8a,0x5f,0x2e,0x69,0xd7,0x70,0xed,
+ 0x5a,0x5c,0xe1,0xd4,0x5a,0xd6,0xdd,0x9c,0xe5,0xf1,0x17,0x9d,0x1c,0x46,0xda,0xa4,
+ 0xd0,0x39,0x4e,0x21,0xa9,0x9d,0x80,0x33,0x58,0xd9,0xab,0xfd,0x23,0xbb,0x53,0x16,
+ 0x63,0x94,0xf9,0x97,0xb9,0x09,0xe6,0x75,0x66,0x20,0x66,0x32,0x4c,0xa1,0xf2,0xb7,
+ 0x31,0xde,0xba,0x17,0x05,0x25,0xc4,0xee,0x8f,0xa7,0x52,0xd2,0xd7,0xf2,0x01,0xb1,
+ 0x02,0x19,0x48,0x9f,0x57,0x84,0xe3,0x99,0xd9,0x16,0x30,0x2f,0xd4,0xb7,0xad,0xf8,
+ 0x84,0x90,0xdf,0x87,0x65,0x01,0xc4,0x67,0x42,0xa9,0x3c,0xfb,0x3a,0xaa,0xb9,0x60,
+ 0x2e,0x65,0xd7,0xe6,0x0d,0x7c,0x4c,0xea,0xdb,0x7e,0xb6,0x7e,0x42,0x1d,0x18,0x03,
+ 0x23,0xa6,0xd3,0x8f,0x38,0xb9,0xf9,0x99,0x21,0x3e,0xbf,0xcc,0xc7,0xe0,0x4f,0x06,
+ 0x0f,0xbd,0xb7,0xc2,0x10,0x20,0x65,0x22,0xb4,0x94,0xe1,0x99,0xe9,0x8c,0x6c,0x24,
+ 0xe4,0x57,0xf8,0x69,0x66,0x44,0xfd,0xca,0xeb,0xc1,0xb9,0x03,0x1c,0x81,0x83,0x22,
+ 0xc2,0x9d,0x13,0x5e,0x11,0x72,0xfa,0x0f,0xdf,0x7b,0xe1,0x00,0x7d,0xab,0xca,0xab,
+ 0x49,0x66,0x33,0x2e,0x7e,0xa1,0x45,0x6b,0x6c,0xe8,0x79,0xcd,0x91,0x0c,0x91,0x10,
+ 0x10,0x4f,0xc7,0xd3,0xdc,0xab,0x07,0x6f,0x2b,0xd1,0x82,0xbb,0x83,0x27,0xa8,0x63,
+ 0x25,0x45,0x70,0xcd,0xf2,0xab,0x38,0xe0,0xcd,0xa3,0x17,0x79,0xde,0xaa,0xd6,0x16,
+ 0xe3,0x43,0x7e,0xd6,0x59,0xd7,0x4e,0x5a,0x4e,0x04,0x5a,0x70,0x13,0x38,0x90,0xb8,
+ 0x1b,0xc4,0xf2,0x4a,0xb6,0xda,0x67,0xa2,0xee,0x0c,0xe1,0x5b,0xab,0xa3,0x37,0xd0,
+ 0x91,0xcb,0x5a,0x1c,0x44,0xda,0x69,0x0f,0x81,0x14,0x5b,0x02,0x52,0xa6,0x54,0x9b,
+ 0xbb,0x20,0xcd,0x5c,0xc4,0x7a,0xfe,0xc7,0x55,0xeb,0x37,0xfe,0xd5,0x5a,0x9a,0x33,
+ 0xd3,0x65,0x57,0x42,0x45,0x03,0xd8,0x05,0xa0,0xa1,0x20,0xb7,0x69,0x41,0xf4,0x15,
+ 0x0d,0x89,0x34,0x2d,0x7a,0x7f,0xa3,0xa2,0xb0,0x8c,0x51,0x5e,0x6f,0x68,0x42,0x9c,
+ 0xf7,0xaf,0xd1,0xa3,0xfc,0xe0,0xf4,0x28,0x35,0x1a,0x6f,0x9e,0xda,0x3a,0xb2,0x4a,
+ 0x7e,0xf5,0x91,0x99,0x4c,0x21,0xfb,0xf1,0x00,0x1f,0x99,0x23,0x9e,0x88,0x34,0x0f,
+ 0x9b,0x35,0x9e,0xc7,0x2e,0x8a,0x21,0x2a,0x19,0x20,0xe6,0xcf,0x99,0x3f,0xf8,0x48),
+ },
+ { /* Format of the EM is incorrect - 00 on end of pad removed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x73,0xb1,0x93),
+ .m = chunk_from_chars(
+ 0x78,0x67,0xb6,0x5e,0xd9,0x82,0xed,0x6c,0xdd,0x2d,0x06,0x11,0x57,0xbe,0x90,0xf8,
+ 0x5b,0xcd,0x58,0x03,0x50,0xf1,0x25,0x31,0x45,0xcb,0xa5,0xc5,0x89,0x46,0xa8,0xa5,
+ 0x75,0x1c,0x8c,0x00,0x8d,0x9d,0xf8,0x33,0xc8,0xac,0xce,0xee,0x2b,0x0a,0x5a,0x92,
+ 0x9c,0xd7,0xd0,0xde,0xf6,0x55,0xf5,0xcb,0x59,0xf0,0x1c,0xb4,0xc4,0x7b,0x54,0xba,
+ 0xe5,0xbd,0xe0,0x67,0x2f,0x2c,0xe7,0x92,0x2e,0xf8,0x6d,0x82,0x17,0x4b,0x82,0x56,
+ 0xa4,0xd0,0xb9,0xa3,0x1e,0x72,0xdc,0x60,0xbb,0x66,0xde,0xff,0x2b,0x6b,0x11,0xdd,
+ 0x6e,0x50,0x99,0xdc,0xe8,0xb7,0x21,0x4e,0xb7,0x1a,0xcd,0x16,0x44,0x0b,0x6f,0x09,
+ 0x18,0xc0,0xfd,0x9b,0xf2,0xce,0x43,0xb7,0x16,0x35,0xd5,0xee,0xe7,0x9d,0x48,0xd4),
+ .s = chunk_from_chars(
+ 0x0a,0x61,0x70,0x81,0xdd,0x97,0x94,0xc9,0x37,0xe4,0xc7,0x16,0x3e,0x28,0x65,0x43,
+ 0x95,0x58,0xd4,0x1e,0x68,0x8b,0x23,0x0c,0x20,0xa1,0xea,0x71,0x84,0x66,0x43,0xb8,
+ 0x32,0x1d,0x77,0xca,0xd5,0x82,0xec,0x9a,0x70,0xf4,0x0d,0x7a,0x8e,0xd9,0xf7,0x22,
+ 0xc5,0xb9,0x01,0x2f,0x43,0x6c,0x7a,0x61,0x7d,0xed,0x2a,0xd1,0x86,0x43,0x45,0x7b,
+ 0x6f,0xd3,0x30,0x35,0xfc,0x2a,0x2c,0xbd,0x52,0xf3,0xda,0x41,0x58,0x01,0x5e,0x01,
+ 0xfa,0xb5,0x5b,0x4e,0x26,0xe2,0xde,0x96,0x02,0x10,0x1d,0xdb,0x86,0xe8,0xd2,0xae,
+ 0xb8,0x9b,0xf4,0x00,0x69,0x33,0xa1,0x1b,0x5f,0xbc,0xe2,0xbd,0x09,0xe3,0x1f,0xda,
+ 0x18,0xa8,0x2e,0xc4,0x05,0x91,0x0d,0xd3,0xd1,0xcf,0x1e,0x46,0x5c,0x17,0x68,0x72,
+ 0xda,0x3d,0xb1,0xc2,0xb3,0x08,0x9b,0x48,0xe7,0x68,0xef,0x15,0x5a,0xd5,0xf5,0x64,
+ 0x17,0x49,0x7a,0x64,0x8e,0xd0,0x42,0x7d,0x45,0xec,0xdd,0x03,0x8d,0x3c,0xc8,0xc8,
+ 0x7c,0xe9,0x9a,0x92,0xf0,0x8c,0x76,0x41,0xf7,0xfa,0x39,0xce,0xb4,0xec,0x83,0xec,
+ 0xe0,0x99,0x4a,0xc6,0x84,0x8b,0xb6,0xef,0xb4,0xe7,0x93,0x27,0x14,0x5e,0x53,0x96,
+ 0xb1,0x0f,0xaa,0x1a,0xc3,0xa6,0x3e,0xcd,0x4a,0x4a,0x2c,0x9c,0xba,0x94,0x6b,0x0e,
+ 0x5f,0x18,0x5b,0x2c,0xd1,0xa0,0x42,0x93,0xee,0x46,0x39,0x3d,0x37,0x4d,0xb8,0xbe,
+ 0x0a,0x84,0x93,0x77,0xeb,0x11,0x06,0x7e,0xad,0x3b,0x76,0xe5,0x14,0x55,0x1d,0x48,
+ 0x4d,0x5c,0x51,0x54,0x4a,0x1d,0x0d,0xa9,0x6c,0x17,0xb5,0xb2,0xef,0x95,0x3d,0xcd,
+ 0xc1,0xc6,0xd5,0x92,0x03,0x0e,0x46,0x8e,0xb8,0x18,0x6a,0x5b,0xf6,0x60,0xb7,0x1d,
+ 0xa5,0xd9,0x82,0xbc,0x54,0x24,0xcf,0x1a,0x4f,0x8c,0xe9,0x52,0xbc,0x76,0x3b,0x4e,
+ 0xaa,0xdb,0x2a,0x3f,0x78,0x7c,0x8a,0xf0,0x1d,0xf2,0xf4,0x3d,0xb5,0xe0,0xad,0x71,
+ 0x18,0x24,0xac,0xec,0xe2,0xd9,0x9d,0x5b,0xf9,0xfd,0xee,0x0f,0xdf,0x1f,0xdd,0x37,
+ 0x0e,0xc7,0x91,0xa9,0x46,0xa4,0xb6,0xaf,0x20,0xb2,0x77,0x47,0x9a,0x83,0x87,0x76,
+ 0xe9,0xc0,0x92,0x30,0xc3,0x63,0x25,0xb8,0xc8,0xef,0x84,0xdb,0x28,0x2f,0xe8,0x9c,
+ 0xed,0x24,0xb0,0xd7,0x86,0x9b,0x5d,0x24,0x6f,0xb3,0xc6,0x0f,0xcb,0x26,0x13,0x09,
+ 0x89,0x77,0x14,0xe8,0x70,0x19,0x5b,0x9b,0xee,0xd0,0xb2,0x65,0x80,0x0f,0xc6,0xe6),
+ },
+ { /* Format of the EM is incorrect - hash moved to left */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x73,0xb1,0x93),
+ .m = chunk_from_chars(
+ 0x4d,0x36,0xeb,0x2c,0x3a,0xd2,0x33,0x43,0x69,0x23,0xe5,0x80,0xfa,0xdd,0xb4,0x5a,
+ 0xd3,0x59,0x67,0x10,0x8b,0xe8,0xd9,0x9a,0x87,0x67,0x45,0xdf,0x62,0x13,0xc0,0x28,
+ 0x92,0x9f,0x07,0xd5,0x49,0x84,0x7b,0x4f,0x9a,0x99,0x6a,0x3d,0xdd,0xe3,0x90,0xfb,
+ 0x54,0xae,0xde,0x47,0x0f,0xdc,0x7a,0x3e,0x0c,0x7e,0x06,0x88,0xa3,0xa1,0x25,0xcf,
+ 0x21,0x6a,0x3b,0x75,0xb4,0x66,0x75,0x86,0x87,0x1b,0x0a,0xeb,0x2d,0xe3,0xc0,0xe1,
+ 0x43,0xfa,0xb1,0xaa,0x51,0xd5,0x4f,0x82,0xf2,0xb5,0xa6,0xd5,0x35,0x7d,0xe1,0xaf,
+ 0x42,0xc0,0x10,0x74,0x41,0x1f,0x28,0xd1,0x77,0xd2,0x4b,0xf2,0xb2,0x84,0x4a,0xf6,
+ 0xe8,0x64,0x69,0xa0,0x1b,0x79,0x62,0x4f,0x7f,0x35,0xac,0x30,0xdf,0x4e,0xfc,0xb2),
+ .s = chunk_from_chars(
+ 0x81,0x38,0x92,0x2f,0xd1,0xa8,0x73,0x33,0xf1,0x31,0x6e,0x20,0x7e,0x58,0x51,0xaf,
+ 0x65,0xf2,0x7d,0x9f,0x5c,0xda,0x0f,0x7b,0x7c,0xab,0x00,0x54,0xa2,0xde,0xab,0x0a,
+ 0x5c,0x24,0x6f,0x18,0x34,0xb8,0xfa,0x0a,0x9a,0xe7,0x55,0xb6,0xad,0xd3,0xb6,0xdd,
+ 0x93,0xc6,0x94,0xfa,0x49,0xbe,0xa2,0x8a,0x56,0x35,0xe5,0x6d,0x98,0x41,0xd2,0x83,
+ 0x32,0x0e,0x7a,0x6f,0x98,0x12,0xc1,0x02,0xa6,0x0f,0xc2,0x50,0x5a,0x08,0x1e,0xe3,
+ 0x84,0x9f,0x81,0x51,0x91,0xb9,0xd7,0xa6,0xc4,0x1d,0xb6,0x7a,0xa1,0xa0,0x53,0xf2,
+ 0x2d,0x15,0x14,0x22,0x6a,0xad,0x39,0x22,0xcb,0x0b,0x5b,0xe7,0xdc,0x86,0xd6,0xcd,
+ 0x5d,0xaf,0x28,0xba,0xda,0x17,0x9f,0xbe,0xda,0x50,0x37,0x2b,0xce,0xe5,0xfd,0x8b,
+ 0x56,0x7c,0xa1,0x82,0x6b,0x08,0x1c,0xc0,0xe6,0xcf,0x58,0xcd,0x7e,0xd9,0x35,0xc6,
+ 0x92,0x2b,0x92,0x4b,0xed,0xd7,0xe4,0xf3,0xd4,0x8f,0x19,0x95,0xa5,0x6b,0xb1,0xd8,
+ 0xaf,0xf5,0x50,0x5e,0xa9,0x7c,0x56,0xcd,0xcb,0xaa,0x8e,0x93,0x25,0x4e,0x8c,0x6a,
+ 0x39,0xdb,0x12,0x76,0xc6,0xf5,0x3a,0x65,0x51,0xf1,0x62,0xf4,0x03,0x18,0x2b,0x4b,
+ 0xca,0x89,0x2a,0x6c,0xf5,0x27,0xc4,0xf9,0x62,0x96,0xb2,0xce,0x17,0xff,0xdf,0xa0,
+ 0x34,0x7d,0x52,0x90,0x94,0x0d,0x81,0xed,0x99,0xa3,0xe8,0xb0,0x0e,0x85,0x9d,0xc0,
+ 0xbc,0xb8,0x3e,0x90,0xe9,0xcd,0x9a,0x5b,0x64,0xcb,0x9d,0xb1,0xf3,0xf0,0x1d,0x26,
+ 0xd0,0x88,0x35,0xff,0xdf,0xe4,0x05,0x3d,0x9c,0x79,0x20,0x96,0x3b,0x07,0xfb,0x19,
+ 0x9e,0x5c,0x01,0xd4,0x4d,0x41,0x82,0x58,0x61,0x04,0x85,0x02,0x13,0xf8,0xca,0x60,
+ 0xc0,0x08,0x1e,0x62,0xb5,0xfe,0xcb,0xad,0x7e,0xce,0xd9,0x3c,0x35,0xa1,0x37,0x4d,
+ 0x27,0xb6,0x71,0x50,0xdd,0xfb,0x44,0xac,0x68,0xf6,0xaa,0x00,0xb5,0x5e,0x38,0xe6,
+ 0x81,0xb4,0x56,0xe6,0x06,0x55,0x26,0x1d,0x8d,0xae,0x04,0x7d,0x67,0xa4,0xee,0x2c,
+ 0x55,0xec,0xf2,0x13,0x57,0x1d,0xa1,0xdf,0x54,0x9a,0x48,0x89,0xea,0x3a,0x28,0x5b,
+ 0x5b,0x2f,0xe0,0x70,0x7d,0x74,0xd4,0x70,0xc7,0xec,0xe3,0xa2,0x15,0x26,0xf5,0xd4,
+ 0xaf,0x70,0x85,0xdd,0x11,0xe6,0xaf,0x40,0x51,0x52,0xa0,0x51,0x10,0xfc,0xd6,0xaa,
+ 0x06,0xce,0x93,0xf1,0xd2,0xba,0xba,0x3e,0xd5,0xdb,0x73,0x29,0x3f,0x97,0x7e,0xf1),
+ },
+ { /* Signature changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x73,0xb1,0x93),
+ .m = chunk_from_chars(
+ 0xe2,0xa9,0x2b,0x14,0x3c,0x8a,0x00,0x6c,0xee,0x8a,0xfe,0xbb,0x66,0x31,0x19,0x74,
+ 0x5d,0x26,0xf4,0xff,0xac,0xaa,0x53,0x5c,0x61,0x65,0xd3,0x0a,0x12,0x65,0xd9,0x27,
+ 0x71,0x64,0xc8,0xd8,0x21,0x49,0x77,0xeb,0xc8,0xf2,0xe2,0xbb,0x66,0x31,0x1f,0x54,
+ 0xe5,0x14,0x94,0xd8,0xf1,0x6a,0x68,0x22,0x09,0x82,0x37,0xa8,0xd6,0x36,0x0a,0xa6,
+ 0xbc,0x28,0x86,0x79,0xb0,0x4c,0x63,0x48,0x49,0xa7,0x20,0xea,0x19,0x56,0xf5,0x04,
+ 0x3d,0xd1,0x0a,0x72,0x33,0x71,0xe6,0xe9,0xec,0x30,0x2a,0xda,0x22,0xb1,0x7f,0x99,
+ 0xec,0x80,0xcd,0xbe,0x90,0x9a,0xae,0xcc,0x98,0x30,0x22,0x10,0x28,0xa8,0x84,0xcc,
+ 0x8e,0xe5,0xbc,0x95,0x1b,0xc8,0xb7,0xfa,0x31,0xf6,0x14,0x66,0x9e,0xdc,0x20,0x48),
+ .s = chunk_from_chars(
+ 0xc8,0x1a,0xc3,0x94,0xf8,0x2c,0xb2,0x7d,0x75,0x95,0x07,0x59,0x22,0x4b,0x17,0x87,
+ 0xf8,0x72,0x25,0xae,0x55,0x49,0xbe,0x13,0xdc,0x1f,0x74,0x32,0x6e,0xb6,0x68,0xe5,
+ 0xe0,0x9d,0x03,0xe0,0x3e,0xcf,0x03,0x9f,0xd0,0x8d,0xc3,0x01,0xe7,0x0b,0xd0,0x79,
+ 0x92,0xb2,0x0a,0x27,0x57,0xb5,0x76,0x6b,0xf6,0x22,0x05,0x2d,0x69,0xfb,0xfb,0xfa,
+ 0xca,0x96,0x4d,0xa3,0x3a,0xf7,0x1c,0x87,0x87,0xeb,0xa9,0xed,0x5c,0xaf,0x1b,0xf8,
+ 0x6e,0x48,0x58,0x7d,0x26,0xb2,0x1f,0x9f,0x1b,0xe6,0x01,0x24,0x6e,0x1d,0x9c,0xdc,
+ 0xea,0x9a,0xf7,0x79,0x6a,0xe3,0x0d,0xd6,0xbc,0xbf,0x1b,0x25,0x73,0x4f,0x89,0xe8,
+ 0x6a,0xe9,0x05,0x1c,0x7a,0x2c,0xf3,0x73,0x09,0x14,0x40,0x6f,0x15,0x41,0xbe,0xed,
+ 0x81,0x2a,0xc6,0xc9,0xe1,0x8c,0xfd,0x5b,0xf2,0x65,0x52,0x33,0x60,0x01,0x88,0x60,
+ 0x14,0x1b,0xcf,0xc5,0x1c,0x89,0xef,0x87,0x96,0x36,0xae,0x2d,0x7f,0x7e,0x41,0xe3,
+ 0x13,0x37,0xf7,0xaf,0xc3,0xe2,0x01,0xc6,0x80,0x5a,0x76,0xaf,0x89,0xdc,0x9e,0xa7,
+ 0x74,0x13,0xbe,0x1f,0x13,0x38,0xe8,0x45,0xe9,0xd1,0x6c,0xf8,0x6e,0x5e,0x04,0xa5,
+ 0x2d,0x8b,0x57,0x94,0x21,0x29,0x6f,0xa7,0x02,0xad,0x07,0xec,0xbf,0xa0,0x23,0x7a,
+ 0xc9,0x96,0xee,0x2e,0x91,0xee,0xac,0x8e,0xf4,0x89,0x02,0xa7,0x6c,0x94,0x7b,0x50,
+ 0x1e,0x26,0x5c,0x4b,0x3f,0xbd,0x0c,0x51,0x6a,0x04,0x16,0xea,0x13,0xc7,0x9b,0x7e,
+ 0x5d,0x5b,0x94,0x35,0xae,0xf3,0xf3,0x71,0xd3,0x8f,0xf9,0xdf,0x8f,0xdd,0xed,0x2f,
+ 0x26,0x5b,0x27,0xda,0x5a,0x84,0xfe,0x54,0x43,0x63,0x5e,0x26,0x08,0x07,0xdb,0x9a,
+ 0x15,0x51,0x38,0x7e,0x6c,0x9c,0x59,0x64,0x98,0xd2,0x80,0xd9,0x17,0x0d,0xaa,0x62,
+ 0x95,0x4e,0xd3,0x2b,0x14,0xd0,0x44,0x98,0x0e,0xca,0x76,0xa8,0xdb,0x63,0x48,0x3d,
+ 0x8c,0x4c,0xbf,0xa6,0x69,0xec,0x14,0x0e,0x7c,0x4a,0x30,0x4c,0xc1,0x5e,0x46,0x8d,
+ 0x96,0xff,0xf3,0x4d,0x77,0x69,0x25,0x81,0xb1,0x0e,0x7d,0x25,0xef,0x07,0x5d,0x65,
+ 0x27,0x58,0xf5,0x0e,0x9a,0xc4,0xcf,0x98,0x48,0x46,0x63,0x88,0x05,0x15,0x18,0xcf,
+ 0x93,0xe1,0x83,0xf9,0x10,0xa4,0xf5,0x03,0xfb,0xeb,0x65,0x4f,0x4b,0x94,0x24,0xdb,
+ 0xad,0xf6,0x1d,0x2d,0x50,0xf6,0x0f,0x8f,0x02,0xb4,0xea,0x0e,0x7b,0xc3,0xb3,0x98),
+ },
+ },
+},
+{
+ .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, },
+ .n = chunk_from_chars(
+ 0x99,0xa5,0xc8,0xd0,0x94,0xa5,0xf9,0x17,0x03,0x46,0x67,0xa0,0x40,0x8b,0x7e,0xcf,
+ 0xca,0xac,0xc3,0xf9,0x78,0x44,0x44,0xe2,0x17,0x73,0xc3,0x46,0x1e,0xc3,0x55,0xf0,
+ 0xd0,0xf5,0x2a,0x5d,0xb0,0x56,0x8a,0x71,0xd3,0x88,0x69,0x67,0x88,0xef,0x66,0xae,
+ 0x73,0x40,0xc6,0xb2,0x8d,0xbf,0x92,0x5f,0xe8,0x35,0x57,0x98,0x65,0x75,0xf7,0x9c,
+ 0xca,0x69,0x21,0x72,0x21,0x39,0x7e,0xd5,0x80,0x8a,0x26,0xf7,0xe7,0xe7,0x14,0xc9,
+ 0x32,0x35,0xf9,0x14,0xd4,0x5c,0x4a,0x9a,0xf4,0x61,0x9b,0x20,0xf5,0x11,0xad,0x64,
+ 0x4b,0xd3,0x41,0x2d,0xfd,0xf0,0xff,0x71,0x7f,0x7a,0xac,0x74,0x6f,0x31,0x0b,0xfa,
+ 0x9a,0x14,0x1a,0xc3,0xdb,0xf0,0x1c,0x1f,0xc7,0x4f,0xeb,0xd1,0x97,0x93,0x84,0x19,
+ 0xc2,0x62,0x29,0x35,0x05,0xc3,0x5f,0x40,0x2f,0x90,0x53,0xad,0x13,0xc5,0x1a,0x59,
+ 0x60,0xec,0xde,0x55,0xec,0x82,0x9e,0x95,0x3f,0x94,0x1a,0xf7,0x33,0xe5,0x87,0x05,
+ 0x91,0x37,0x67,0xe7,0xa7,0x20,0x0d,0x1d,0x09,0xe7,0xe7,0xe2,0xd2,0x69,0xfa,0x29,
+ 0xa5,0x58,0xbb,0x16,0x30,0x4b,0x05,0x9f,0x13,0xf4,0xca,0x56,0x0a,0x81,0x01,0xfe,
+ 0x37,0x20,0xb4,0xa7,0x79,0xec,0x12,0x64,0x27,0x32,0x6c,0xaa,0x13,0x2a,0x3d,0x36,
+ 0x11,0xd7,0xdb,0xc5,0x03,0x36,0xfa,0xc7,0x89,0xec,0x40,0x6b,0x39,0x7e,0x1e,0x36,
+ 0xd7,0xda,0xf9,0xb6,0x24,0xbf,0x63,0x9c,0x82,0xb8,0x59,0x28,0x87,0x47,0x69,0x0c,
+ 0x73,0x0c,0x98,0x0b,0x2f,0x5a,0x23,0x9d,0xd9,0x5a,0xd5,0x38,0x9a,0x2e,0xc9,0x0c,
+ 0x57,0x78,0x60,0x47,0x13,0x71,0x03,0x83,0xae,0x55,0xd4,0xd2,0x8c,0x06,0xd4,0xac,
+ 0x26,0xf0,0xd1,0x23,0x1f,0x1d,0x67,0x62,0xc8,0xe0,0xd9,0x18,0x11,0x81,0x56,0xbc,
+ 0x63,0x77,0x60,0xda,0xea,0x18,0x47,0x46,0xb8,0xdc,0xf6,0xf6,0x1d,0xb2,0x74,0xa7,
+ 0xdd,0xce,0xaa,0x07,0x49,0x37,0xab,0xab,0xad,0x45,0x49,0xb9,0x7a,0xb9,0x92,0x49,
+ 0x4a,0x80,0x72,0x08,0xab,0xd7,0x89,0x82,0x3f,0x5d,0x75,0xc4,0xb9,0x94,0x08,0x9c,
+ 0x80,0x72,0xcf,0xc2,0x54,0xe0,0xd8,0x20,0x2f,0xd8,0x96,0x47,0x6e,0x96,0xad,0x9d,
+ 0x30,0x9a,0x0e,0x8e,0x73,0x01,0x28,0x2f,0x07,0xeb,0x2a,0xe8,0xed,0xef,0xb7,0xdb,
+ 0xbe,0x13,0xb9,0x6e,0x8b,0x40,0x24,0xc6,0xb8,0x4d,0xe0,0xa0,0x5e,0x15,0x02,0x85),
+ .tests = {
+ { /* Format of the EM is incorrect - hash moved to left */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x08,0xa6,0x49),
+ .m = chunk_from_chars(
+ 0x4d,0x44,0x66,0x5e,0x0e,0x29,0x87,0xcf,0x7d,0xd1,0xe9,0xd6,0x20,0x01,0x51,0xf5,
+ 0x00,0xea,0x3b,0x85,0xa2,0x4f,0x72,0xfb,0x38,0xe5,0xdd,0x69,0x19,0xff,0x9c,0x48,
+ 0x6f,0x6a,0x54,0x74,0x2f,0x96,0xc6,0x78,0x4f,0xf7,0xa7,0x0c,0x33,0xab,0xab,0xdc,
+ 0x68,0x5d,0xe4,0x8b,0x94,0x69,0x4a,0xf8,0xad,0x41,0x9b,0xc0,0x6a,0x0f,0x65,0x04,
+ 0xf7,0x9c,0x60,0x6c,0xed,0x70,0x02,0x6b,0x81,0x3b,0x4e,0xc5,0xfc,0x73,0xed,0x4f,
+ 0x6b,0x3f,0x7f,0xf6,0x97,0x94,0x33,0x03,0x37,0x9d,0x95,0x9e,0x65,0x61,0xa8,0x90,
+ 0x4f,0xa0,0x35,0x4d,0x2f,0xfd,0x62,0x31,0x7d,0x63,0x86,0x0a,0x62,0xa1,0x3c,0xd7,
+ 0x71,0x57,0xb7,0xcf,0x92,0x16,0x55,0xa5,0x3e,0xc3,0x76,0x0b,0xf2,0x3c,0x8e,0x75),
+ .s = chunk_from_chars(
+ 0x4f,0x48,0xe5,0x1a,0x04,0x1e,0x40,0xa0,0x29,0xd5,0x86,0xcb,0x7a,0xfd,0x7e,0xc1,
+ 0x10,0x31,0xf8,0x6d,0x7b,0xee,0x58,0xfc,0x13,0xa9,0x22,0x7d,0xd2,0x09,0xf1,0xd7,
+ 0xbe,0xcf,0x32,0x09,0xcd,0x43,0x05,0x5e,0x93,0x16,0x5f,0x04,0xf2,0x32,0x76,0xd4,
+ 0x6b,0x0b,0x64,0x66,0x9b,0x88,0xc2,0xba,0x54,0xad,0x6b,0xcb,0x5e,0x9d,0xa8,0x18,
+ 0x10,0x01,0x4e,0x14,0x0e,0xd0,0xa1,0x42,0x34,0xb1,0xfc,0x0f,0xa4,0xcf,0xa4,0xf2,
+ 0x58,0xa7,0xb5,0xcf,0x73,0xa3,0x36,0x53,0x4f,0x37,0x58,0x0a,0x38,0x30,0x87,0x5f,
+ 0x31,0x19,0x09,0x2e,0x48,0x54,0xfa,0x80,0xd8,0x78,0x33,0xf7,0xe9,0x62,0x7a,0xb5,
+ 0x1e,0x05,0x6a,0x8d,0xef,0xf3,0xa4,0x51,0xe8,0xaa,0xd7,0x83,0x35,0x81,0x6b,0x53,
+ 0xae,0x0d,0x89,0x9b,0x06,0x07,0x40,0x3b,0xf0,0x8e,0x8c,0x32,0xe1,0xcf,0x0b,0xaa,
+ 0x8f,0xe0,0xd7,0x8d,0x1b,0x8d,0x72,0xf8,0x5f,0x17,0xc1,0xc5,0xb8,0x87,0x0c,0xec,
+ 0x49,0x94,0x97,0xb4,0x2d,0xe9,0x82,0x40,0x8f,0xba,0xdb,0xe3,0xb4,0x5a,0x13,0xb4,
+ 0xb5,0x37,0x1c,0xe2,0xa4,0xd9,0x60,0x0b,0x7d,0x14,0x01,0x16,0x25,0xcb,0xe7,0x3a,
+ 0x79,0x31,0x39,0x54,0xf4,0xf3,0xec,0x0b,0x3b,0xf6,0xdc,0x94,0x52,0x97,0x32,0x5e,
+ 0x3a,0xaf,0x5b,0xc8,0x9a,0x27,0x67,0x0f,0x5b,0x25,0x36,0xa5,0x4c,0xae,0xa3,0xbc,
+ 0x66,0x41,0xae,0x62,0x8a,0x9a,0x4d,0xa6,0x1d,0xe7,0x49,0x66,0x1a,0x93,0xb6,0xae,
+ 0x68,0x72,0x2d,0x10,0xd7,0x90,0x2b,0x39,0x1f,0x9e,0x9e,0xbf,0x3a,0xb9,0xc1,0x86,
+ 0x01,0x7b,0x52,0xea,0xc6,0xfd,0x44,0x2a,0x25,0x6f,0xe7,0xc9,0x50,0x01,0x65,0xe3,
+ 0xc7,0xa4,0x02,0xaa,0x01,0x74,0xe6,0xb6,0xf3,0x5e,0x4e,0x12,0xe3,0x5a,0x9d,0x42,
+ 0x9b,0x21,0xf6,0xcc,0x98,0xeb,0xa7,0x3c,0x80,0xed,0x8a,0xc3,0x3a,0xcd,0x79,0x48,
+ 0x8e,0x62,0x0b,0x27,0x49,0x23,0xe7,0x8c,0xe5,0xd9,0x1a,0x61,0x96,0xca,0x59,0x05,
+ 0x4f,0xa7,0x7c,0xd6,0x7e,0x0d,0x3f,0xc0,0x4d,0x71,0xb9,0x4b,0x0c,0xda,0x54,0x78,
+ 0xf1,0xb3,0xd6,0x91,0x50,0xf4,0x09,0x27,0xc1,0xab,0x39,0x20,0x36,0x58,0x36,0x09,
+ 0xd8,0xef,0xda,0x3f,0xe4,0x86,0x43,0xef,0x2f,0x75,0xf1,0x16,0x4e,0xa7,0xf2,0x55,
+ 0x89,0xb5,0xbb,0xb5,0x60,0xc9,0xa0,0x42,0x40,0x8f,0x85,0x94,0x4c,0xa0,0x8f,0x92),
+ },
+ { /* Format of the EM is incorrect - 00 on end of pad removed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x08,0xa6,0x49),
+ .m = chunk_from_chars(
+ 0x1a,0xbc,0xa8,0xd8,0x1c,0xc9,0x8a,0x5d,0x50,0x20,0xe9,0x50,0x80,0xb5,0xfc,0xe5,
+ 0x9f,0xfe,0x70,0xdc,0xff,0x54,0x48,0x02,0xc4,0x9d,0xe7,0xfa,0x99,0x28,0x6b,0x3d,
+ 0xa1,0xd8,0x3d,0x60,0xb0,0x85,0xe6,0x96,0xbc,0x9f,0x25,0x75,0x8e,0x14,0x3e,0xfd,
+ 0xbd,0x74,0x94,0xd6,0xdd,0x54,0x7a,0xd9,0xf4,0xf0,0x47,0xd2,0x2d,0x14,0xa8,0x84,
+ 0xd1,0x3c,0x3b,0xee,0x72,0xfa,0x59,0xcd,0x6a,0x98,0x33,0x62,0x84,0xfe,0x20,0x75,
+ 0xf8,0xd7,0x35,0x9a,0x9d,0xf0,0x17,0xb3,0x5a,0xe0,0x0d,0xb6,0xdd,0xee,0x59,0xb1,
+ 0x90,0x2f,0xc9,0x0b,0xc9,0xef,0x89,0x0c,0x42,0x52,0x3b,0x9f,0xc8,0x3b,0x49,0x57,
+ 0x37,0x6d,0x7a,0xb1,0xa5,0xf1,0xc4,0x99,0xde,0xb7,0x62,0x2f,0x11,0x80,0x26,0xca),
+ .s = chunk_from_chars(
+ 0x85,0xe1,0x57,0x65,0xa4,0x01,0xc1,0x0d,0x86,0xac,0xf3,0xa0,0x5f,0xab,0x14,0xe0,
+ 0x54,0x87,0xb7,0x93,0x56,0x9a,0xe6,0x80,0xf7,0x7d,0x20,0xc2,0x5b,0x17,0x63,0xd1,
+ 0x84,0x63,0x4f,0xa0,0xb0,0x1d,0x97,0x9d,0xce,0x9d,0x80,0x36,0x70,0xd7,0xf9,0xf6,
+ 0xad,0xcd,0x59,0x47,0x6f,0xb1,0xc8,0xc3,0xaa,0xe5,0x12,0xf9,0x4a,0x9c,0xcf,0x6e,
+ 0x57,0x3a,0xee,0x6a,0x28,0xc0,0xdc,0xfd,0x2d,0xae,0x85,0x22,0x68,0x5f,0x03,0xec,
+ 0xec,0x8c,0x04,0x50,0x36,0xd1,0xcb,0x05,0x4a,0x08,0x64,0x54,0xa2,0x83,0x26,0xd5,
+ 0x31,0x9b,0xc7,0x00,0x4b,0xc8,0x7c,0x75,0x66,0xa5,0x68,0x52,0x55,0x8f,0x58,0x3a,
+ 0x38,0xa4,0xe7,0xe7,0xbe,0x79,0x81,0xdc,0xf3,0xec,0x41,0xc1,0x23,0x45,0xf8,0x45,
+ 0x40,0x97,0x92,0xed,0x87,0xb3,0xf1,0xb8,0xfc,0x89,0xc2,0x88,0xa2,0x96,0x8e,0x73,
+ 0x27,0x3a,0x36,0xf2,0xb6,0x72,0x58,0xfc,0x67,0xe8,0x88,0x60,0x85,0x66,0xa2,0x3a,
+ 0x6a,0x56,0x45,0x32,0x8f,0x1e,0xdd,0x8c,0x10,0x59,0x93,0xb4,0x86,0xeb,0x33,0x35,
+ 0x23,0x22,0x12,0xa1,0xdc,0xfd,0x5d,0xa4,0x0f,0xb3,0x90,0x2f,0xd2,0xcf,0xa8,0x6e,
+ 0x85,0x88,0xeb,0x3c,0x40,0xdf,0x8d,0x9e,0xdf,0x3c,0x41,0x93,0x4c,0xe9,0x1b,0x50,
+ 0xc0,0xd5,0xca,0x1a,0x38,0x40,0xca,0x40,0xe3,0xc8,0x41,0xb3,0x95,0x20,0xcb,0x5e,
+ 0x56,0x54,0xaf,0x39,0x61,0xec,0x94,0x08,0xd2,0x2e,0xdb,0x34,0x50,0x27,0xee,0xa7,
+ 0x11,0x9d,0xd5,0x52,0x65,0x63,0x42,0xe3,0x16,0xc6,0x0c,0x5f,0x5d,0xa0,0x28,0x30,
+ 0x8b,0x03,0x1b,0xac,0xc7,0x4d,0x1f,0xdd,0x69,0x07,0xbc,0x69,0x44,0xfb,0x85,0x60,
+ 0x82,0xcb,0x14,0xf1,0x2c,0xb5,0x09,0xca,0x4e,0xfb,0x51,0x6e,0xd0,0xc6,0x08,0x96,
+ 0x77,0x1b,0x47,0x84,0x42,0x02,0x69,0x13,0xe6,0x1a,0x32,0x61,0x1d,0xde,0x1a,0x88,
+ 0x07,0xf2,0xe1,0xcb,0x76,0xd0,0xc0,0xc6,0x9c,0x70,0x5b,0xeb,0x8f,0xe7,0x13,0xe8,
+ 0x48,0xcc,0x03,0xb1,0xef,0x89,0x65,0x26,0x7c,0xfc,0x3e,0xbd,0x43,0xf0,0x00,0x1b,
+ 0x33,0xb9,0xe9,0xad,0x41,0x8e,0xe0,0xd5,0x92,0xf1,0x84,0xd2,0x02,0x33,0x1d,0x4b,
+ 0x51,0xa9,0x6a,0x17,0xb0,0x14,0xd4,0x71,0x38,0xf2,0x8c,0xaa,0x39,0xd9,0xdf,0xbd,
+ 0xa6,0x08,0x94,0x95,0x6d,0x0c,0x04,0x3e,0x42,0x92,0x87,0x7f,0x04,0x4b,0x55,0xa2),
+ },
+ { /* Signature changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x08,0xa6,0x49),
+ .m = chunk_from_chars(
+ 0x20,0x85,0xe8,0xb9,0x46,0xd2,0x05,0x97,0x52,0xf8,0xf0,0xfe,0xe5,0x28,0xe7,0xc4,
+ 0xcc,0x0a,0xc1,0xfa,0x24,0x53,0x2c,0x1e,0xc2,0x9a,0x3a,0x92,0xd2,0x68,0x1c,0x4d,
+ 0xbd,0x8e,0x2d,0xd1,0x51,0xbb,0x32,0x5d,0x1c,0x4d,0xdf,0x63,0x18,0x68,0x9e,0x3c,
+ 0x8e,0x45,0x8d,0x1b,0x34,0xcd,0xc5,0x40,0x98,0x67,0xe2,0x6e,0xc2,0x0e,0xc0,0x9e,
+ 0x15,0xa6,0x82,0xf5,0x77,0x90,0xd9,0xf4,0xb2,0x7c,0x83,0xef,0x19,0x7e,0x11,0xc0,
+ 0x6e,0x65,0xee,0xbc,0x03,0x48,0x9d,0xe6,0x20,0x61,0x42,0x63,0xa5,0x1e,0x64,0x2e,
+ 0xf0,0x76,0xf1,0x0d,0x01,0x7a,0x82,0xc4,0xdc,0x2c,0xe1,0x88,0x2f,0x93,0xc9,0xb6,
+ 0x35,0x0f,0xec,0xc5,0xda,0xeb,0x3a,0x7a,0x20,0x31,0x61,0x5a,0xc1,0xc2,0x90,0x65),
+ .s = chunk_from_chars(
+ 0x65,0xbd,0x57,0xd4,0xa3,0x74,0x95,0xd5,0x4e,0xec,0x7f,0x63,0x21,0xf7,0x10,0x1a,
+ 0x46,0x43,0xd9,0x43,0x2a,0x2a,0xfc,0x8e,0xaa,0x14,0x7f,0xb2,0x9e,0x7a,0xb1,0x10,
+ 0x6e,0xb3,0x1a,0x6e,0xa7,0xae,0x3b,0x48,0xe4,0x0d,0xe6,0x3c,0xc3,0x68,0xe7,0xa6,
+ 0xdf,0x4c,0x99,0x82,0x59,0xc5,0x9c,0xe4,0x0b,0x8a,0xc2,0xf8,0x76,0x3b,0xee,0x91,
+ 0x92,0x41,0x7d,0x20,0x20,0xcb,0xe1,0x79,0xbb,0xa8,0xae,0xe9,0xbe,0x89,0x71,0x46,
+ 0x6f,0x5e,0x53,0xb3,0xf8,0x20,0x04,0xab,0x6a,0xa5,0x29,0xd0,0x85,0x45,0xbd,0x89,
+ 0x44,0x35,0xd8,0xdc,0xee,0xb3,0xa8,0xe9,0x05,0x91,0x6b,0xbd,0xb0,0x15,0xbf,0xf6,
+ 0x5e,0x9e,0x79,0x2a,0x88,0xe1,0xc8,0x44,0x9f,0x41,0x1e,0xda,0xcb,0xa5,0x04,0xcd,
+ 0x07,0x30,0x60,0x5d,0xc8,0x3f,0xee,0x64,0xf8,0xdd,0x17,0xf5,0x77,0x07,0x56,0x94,
+ 0x40,0x2f,0x18,0x62,0x79,0x0d,0x96,0x29,0xf9,0xfa,0x8a,0xc3,0xab,0x4e,0xe3,0x41,
+ 0xdd,0x39,0x79,0xeb,0x17,0x15,0xc4,0xf7,0x42,0xfb,0xd8,0x9b,0xa3,0xb9,0x05,0x65,
+ 0xea,0x45,0x87,0x43,0x85,0x62,0x49,0x3f,0x61,0x1d,0x5a,0xc9,0x98,0x9f,0xd4,0x05,
+ 0xa0,0x1d,0x23,0xb1,0x34,0x69,0xa2,0xa7,0xa8,0x5b,0x00,0x47,0x48,0x3a,0x66,0x5c,
+ 0xe3,0x89,0x9a,0x41,0x21,0x07,0xca,0xcc,0x11,0x08,0x7c,0xb2,0x60,0x7b,0xa9,0xd0,
+ 0x40,0x91,0xc4,0x18,0x24,0x72,0x42,0xcd,0x8d,0x81,0x9a,0xe1,0x7e,0x49,0xa2,0x1b,
+ 0xc4,0xf9,0x66,0xac,0x3d,0x37,0xd2,0xa6,0x1a,0x8b,0xfe,0xed,0xe0,0xf2,0xef,0x2d,
+ 0xa3,0xaa,0x32,0xbc,0x38,0xab,0xb6,0xa1,0x6a,0x44,0x75,0xe9,0x67,0x2c,0x4a,0xaa,
+ 0x31,0xd2,0xe8,0x27,0x7f,0x3d,0xd9,0x66,0x3f,0x39,0x60,0xf1,0x6c,0x01,0x99,0x8d,
+ 0x50,0xa9,0x9b,0xcc,0x68,0x1e,0xa0,0x2b,0x13,0x75,0x55,0xaf,0x2c,0xdd,0x28,0xea,
+ 0x43,0x28,0x15,0x88,0x06,0x6b,0xc5,0x5c,0x8f,0x7a,0xab,0x45,0xde,0xdf,0xa2,0xf6,
+ 0xbe,0xfb,0x5b,0x13,0x91,0x1c,0xb9,0xce,0xc2,0xb3,0xfb,0x07,0xbc,0x00,0xb2,0xda,
+ 0xca,0xff,0x82,0x37,0x20,0x1d,0x3e,0xbe,0xac,0x57,0x50,0x83,0x01,0x16,0x24,0xb4,
+ 0xbe,0x01,0x83,0x79,0x51,0x4d,0xec,0x97,0x20,0x9f,0xaa,0x29,0xb1,0xf9,0x3f,0xda,
+ 0x75,0xf0,0x77,0x0f,0x3c,0x73,0xe7,0x00,0xa2,0xe4,0x84,0x53,0x06,0x7c,0x90,0x9e),
+ },
+ {
+ .exp = TRUE,
+ .e = chunk_from_chars(0x08,0xa6,0x49),
+ .m = chunk_from_chars(
+ 0xcc,0x21,0x59,0x3a,0x6a,0x0f,0x73,0x7e,0x29,0x70,0xb7,0xc0,0x79,0x84,0xb0,0x70,
+ 0xd7,0x61,0x72,0x62,0x96,0xa0,0x7e,0x24,0xe0,0x56,0xe6,0x8f,0xf8,0x46,0xb2,0x9c,
+ 0xc1,0x54,0x81,0x79,0x84,0x3d,0x74,0xdc,0xee,0x86,0x47,0x98,0x58,0xb2,0xc1,0x6e,
+ 0x4c,0xb8,0x4f,0x25,0x44,0xb4,0xec,0xdc,0xb4,0xdd,0x43,0xa0,0x4b,0xb7,0x18,0x3a,
+ 0x76,0x8a,0xe4,0x4a,0x27,0x12,0xbf,0x9a,0xd4,0x78,0x83,0xac,0xc2,0x81,0x2f,0x95,
+ 0x83,0x06,0x89,0x0e,0xbe,0xa4,0x08,0xc9,0x2e,0xb4,0xf0,0x01,0xed,0x7d,0xbf,0x55,
+ 0xf3,0xa9,0xc8,0xd6,0xd9,0xf6,0x1e,0x5f,0xe3,0x2e,0xb3,0x25,0x3e,0x59,0xc1,0x8e,
+ 0x86,0x31,0x69,0x47,0x8c,0xd6,0x9b,0x91,0x55,0xc3,0x35,0xdb,0x66,0x01,0x6f,0x96),
+ .s = chunk_from_chars(
+ 0x0a,0xa5,0x72,0xa6,0x84,0x5b,0x87,0x0b,0x89,0x09,0xa6,0x83,0xbb,0x7e,0x6e,0x76,
+ 0x16,0xf7,0x7b,0xef,0xf2,0x87,0x46,0x11,0x6d,0x8b,0xc4,0xb7,0x33,0x55,0x46,0xb5,
+ 0x1e,0x80,0x06,0xed,0x0f,0xc9,0xa0,0xd6,0x6f,0x63,0xce,0x0b,0x9e,0xbf,0x79,0x2d,
+ 0x7e,0xfd,0x43,0x05,0xd7,0x62,0x4d,0x54,0x54,0x00,0xa5,0xfd,0x6a,0x06,0xb7,0x8f,
+ 0x17,0x4b,0x86,0x80,0x3f,0x7c,0xd1,0xcc,0x93,0xe3,0xa9,0x72,0x86,0xf0,0xea,0x59,
+ 0x0e,0x40,0xff,0x26,0x19,0x5a,0xa2,0x19,0xfe,0x15,0x10,0xa0,0x16,0x78,0x52,0x23,
+ 0x60,0x6d,0x93,0x11,0xa1,0x6c,0x59,0xa8,0xfe,0x4a,0x6d,0xa6,0xec,0xd0,0xc1,0xd7,
+ 0x77,0x50,0x39,0x29,0x0c,0x2a,0xaa,0x17,0xed,0x1e,0xb1,0xb5,0x43,0x74,0xf7,0xe5,
+ 0x72,0xdb,0x13,0xcc,0xa3,0xa6,0x38,0x57,0x5f,0x80,0x04,0xaa,0x54,0xa2,0xfa,0x98,
+ 0x42,0x2f,0xc0,0x7e,0x43,0xad,0x3a,0x20,0xdd,0x93,0x00,0x14,0x93,0x44,0x26,0x77,
+ 0xd8,0x83,0x91,0x4d,0xc7,0x4e,0xc1,0xcb,0xeb,0xbb,0xd3,0xd2,0xb6,0xba,0xd4,0x66,
+ 0x6d,0x91,0x45,0x7b,0x69,0xb4,0x6a,0x1a,0x61,0xf2,0x12,0x98,0xf1,0xa6,0x79,0x42,
+ 0xec,0x86,0xc8,0x76,0x32,0x2d,0xd3,0x66,0xed,0x16,0x78,0x14,0xe9,0xc8,0xfc,0x90,
+ 0x40,0xc5,0xb4,0xb7,0xa8,0x59,0xbb,0xd8,0x80,0xcb,0x6b,0xc2,0x41,0xb9,0xe3,0x27,
+ 0xce,0x77,0x9e,0x07,0x83,0xb1,0xcf,0x44,0x5e,0x0b,0x2f,0x57,0x71,0xb3,0xf5,0x82,
+ 0x2a,0x13,0x64,0x39,0x1c,0x15,0x4d,0xc5,0x06,0xff,0xf1,0xfb,0x9d,0x9a,0x35,0xf8,
+ 0x01,0x99,0xa6,0xb3,0x0b,0x4b,0x92,0xb9,0x26,0x19,0xa4,0x0e,0x21,0xae,0xa1,0x92,
+ 0x84,0x01,0x58,0x63,0xc4,0x48,0x66,0xc6,0x1e,0xd9,0x04,0xa7,0xad,0x19,0xee,0x04,
+ 0xd9,0x66,0xc0,0xaa,0xe3,0x90,0x63,0x62,0x43,0x56,0x55,0x81,0xff,0x20,0xbd,0x6e,
+ 0x3c,0xfb,0x6e,0x31,0xf5,0xaf,0xba,0x96,0x4b,0x31,0x1d,0xc2,0xd0,0x23,0xa2,0x19,
+ 0x98,0xc8,0xdd,0x50,0xca,0x45,0x36,0x99,0x19,0x0b,0xd4,0x67,0x42,0x9e,0x2f,0x88,
+ 0xac,0xe2,0x9c,0x4d,0x1d,0xa4,0xda,0x61,0xaa,0xc1,0xed,0xa2,0x38,0x02,0x30,0xaa,
+ 0x8d,0xbb,0x63,0xc7,0x5a,0x3c,0x1e,0xc0,0x4d,0xa3,0xa1,0xf8,0x80,0xc9,0xc7,0x47,
+ 0xac,0xdb,0x74,0xa8,0x39,0x5a,0xf5,0x8f,0x5f,0x04,0x40,0x15,0xcc,0xaf,0x6e,0x94),
+ },
+ { /* Public Key e changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0xa4,0x5b,0x6b),
+ .m = chunk_from_chars(
+ 0xa5,0x89,0xc8,0x78,0x8c,0x95,0x99,0x61,0xfe,0xf9,0x86,0x94,0xbb,0xfe,0xff,0xce,
+ 0x5d,0x69,0x07,0x18,0x99,0xad,0x96,0x9a,0xc2,0x5f,0x3c,0xb4,0x8e,0xea,0x08,0x4b,
+ 0x1d,0x84,0xa8,0x61,0x37,0x61,0xd1,0xe9,0xd6,0x26,0xe2,0xd9,0xe4,0xa0,0xc4,0x80,
+ 0x45,0xb6,0x14,0x1a,0x18,0x9c,0x84,0xa2,0x3a,0x4a,0x7e,0xe7,0x0c,0x2d,0x0b,0xe2,
+ 0x77,0x1c,0xf4,0x47,0x2d,0x8d,0x27,0x5a,0x31,0x09,0x5b,0x04,0x99,0xdd,0xf7,0x26,
+ 0x93,0x13,0x30,0x2d,0xa6,0xa0,0x72,0xe7,0x3a,0xdf,0x02,0x95,0x5b,0x3e,0xe1,0x41,
+ 0xba,0x38,0xf3,0x51,0xf4,0x83,0x60,0x5d,0x17,0x8a,0x3b,0x3e,0x63,0x1d,0x62,0x67,
+ 0x4d,0x67,0xa5,0x79,0xca,0x21,0x2a,0x11,0xc9,0x06,0x0f,0xe4,0x01,0x87,0x52,0x0f),
+ .s = chunk_from_chars(
+ 0x06,0x24,0x18,0x75,0x08,0x45,0xd3,0x29,0x1e,0x63,0x3e,0x47,0x40,0x64,0x80,0xe3,
+ 0x2f,0xa2,0x98,0x02,0x75,0xf2,0xe4,0xac,0x79,0xd2,0x84,0xad,0x83,0xed,0x11,0x19,
+ 0x0e,0x7b,0x85,0xbf,0xd6,0xed,0x9b,0xcf,0xf6,0x33,0x45,0x58,0x2f,0xcc,0xd8,0x8a,
+ 0x57,0x89,0x41,0xab,0xb9,0x87,0xd2,0xdc,0xb5,0x49,0xa0,0xac,0x2e,0xd5,0xfe,0x7c,
+ 0xe8,0x25,0x7b,0xb1,0xe6,0x28,0x81,0x55,0xff,0xf3,0xdc,0x9b,0xc1,0x14,0x0f,0x27,
+ 0x77,0xa8,0x45,0x75,0x98,0x63,0x60,0xd0,0x76,0x60,0x5e,0x65,0x5c,0x9d,0x73,0xf9,
+ 0xbf,0x01,0x0a,0x43,0x7e,0xb7,0xb2,0x80,0xd6,0x10,0x83,0x74,0xce,0x8d,0xa4,0xc7,
+ 0x02,0xf6,0x6a,0x9d,0x1d,0x01,0xb1,0x41,0xc6,0xa6,0x98,0x72,0x9d,0x0f,0xcd,0xb0,
+ 0x63,0x1b,0x21,0x57,0x8d,0xde,0xd7,0x21,0xef,0x5c,0x49,0x08,0x12,0x26,0x6c,0xf6,
+ 0xf0,0x12,0x70,0xa8,0xc6,0xc2,0xf0,0x84,0x66,0xc9,0xb3,0xc6,0x26,0xc0,0xf1,0xed,
+ 0xeb,0x5b,0x4f,0xb3,0x2e,0x95,0x8a,0x4a,0x38,0x8c,0x6c,0x6e,0x73,0xb5,0x3a,0x50,
+ 0x61,0x37,0x35,0x43,0x58,0xbd,0x00,0xbb,0xd2,0x05,0x8c,0x9c,0x12,0x79,0x04,0x10,
+ 0xa4,0x5f,0x43,0x48,0x75,0x48,0x44,0xb3,0x57,0xc4,0xe1,0x7f,0xb3,0x8c,0x8c,0xac,
+ 0x87,0xa6,0xbe,0x3c,0xd0,0x6a,0x08,0x94,0x3d,0xb0,0xe8,0xb8,0x67,0xd4,0x73,0xe7,
+ 0xd3,0x58,0x1e,0xd2,0xa3,0x2d,0x25,0xd7,0xb4,0x5e,0xec,0xf8,0xfe,0xa1,0x0d,0x0a,
+ 0xde,0x1c,0x88,0x85,0x91,0xc7,0x1f,0xc8,0x6a,0xbd,0x14,0x46,0xfa,0xdc,0xa2,0x88,
+ 0x1d,0xe8,0x7a,0x6d,0x05,0x56,0x6c,0x50,0x00,0xc1,0xe0,0x75,0xb0,0xc1,0xc5,0x48,
+ 0x1f,0xfb,0x6e,0x98,0x2a,0x3f,0x8f,0x44,0xfa,0x8a,0xd0,0xb6,0xa9,0x2f,0x1c,0xde,
+ 0xdd,0x9c,0x38,0xd3,0x26,0xa6,0xef,0xad,0x9d,0x03,0x59,0xa6,0x9a,0xf4,0x20,0x34,
+ 0xb7,0xa4,0xac,0x38,0x8f,0x9c,0x7d,0x35,0x6e,0xdf,0x4d,0x6e,0x45,0x50,0xad,0xde,
+ 0xcc,0x71,0x92,0x24,0x2b,0x3b,0x1f,0xc4,0x16,0x46,0x02,0x91,0x9d,0x34,0x11,0xed,
+ 0x43,0xe2,0xb3,0x94,0x86,0x7b,0xf8,0x40,0xea,0x61,0x75,0x0b,0xac,0x4f,0x1b,0x72,
+ 0xd2,0x8a,0xf3,0x5e,0xb0,0xb3,0xaa,0xf6,0xee,0xd6,0x54,0xd1,0xde,0x88,0x32,0x40,
+ 0xc0,0xe2,0x23,0x4e,0xa2,0xdd,0xf6,0xf8,0x93,0x4c,0xdc,0xac,0xea,0x80,0x2e,0x26),
+ },
+ { /* Message changed */
+ .exp = FALSE,
+ .e = chunk_from_chars(0x08,0xa6,0x49),
+ .m = chunk_from_chars(
+ 0x70,0xa4,0xa8,0x98,0x02,0x85,0x68,0x69,0x9c,0xcd,0x8a,0x53,0x28,0x8a,0x74,0x78,
+ 0x51,0x88,0x4d,0xb2,0x97,0x1a,0xb1,0x7a,0xa1,0x16,0xa9,0x09,0xd4,0x22,0xda,0xbc,
+ 0x24,0x2e,0xfc,0xbd,0x2a,0x42,0x8e,0xe0,0x77,0x7a,0xc8,0xcb,0x29,0x4f,0xd2,0x5a,
+ 0xbc,0x17,0x33,0x42,0x22,0xcf,0x8c,0xf4,0x15,0x19,0x86,0xc4,0xac,0x81,0x09,0x4a,
+ 0x2c,0x04,0xaf,0x08,0x21,0xd3,0x78,0x4e,0xae,0x54,0xbf,0x5b,0x22,0x6a,0x6c,0xc5,
+ 0xcb,0xf6,0x6c,0x1b,0x0f,0x9e,0x5e,0xc8,0xb8,0xcd,0x8f,0x3a,0x90,0xfa,0x29,0x44,
+ 0x2e,0x2e,0xa7,0xc1,0x0f,0xc0,0x8c,0x7b,0xe9,0x63,0x55,0x4b,0x3b,0x64,0xac,0x81,
+ 0x29,0x2c,0xde,0x85,0x87,0x0c,0x8f,0xbf,0x34,0x3a,0xad,0xb5,0xa9,0x16,0xa2,0x73),
+ .s = chunk_from_chars(
+ 0x07,0x88,0x43,0xb0,0x4c,0x98,0x55,0xe6,0x0b,0x09,0x65,0x97,0x0e,0x34,0x85,0xa8,
+ 0x51,0x70,0x33,0xef,0xb5,0x7b,0x77,0x31,0x50,0x48,0x3e,0x7d,0x79,0xa5,0x49,0xd2,
+ 0x17,0x15,0x9f,0xc1,0x94,0xc7,0x8d,0x1d,0x7e,0xb8,0x72,0xad,0xe2,0x31,0xd1,0xc9,
+ 0x5d,0xaf,0xcb,0x7d,0x52,0x92,0xd7,0xb1,0x13,0xa9,0x95,0x67,0xf4,0x92,0xcd,0x84,
+ 0x6f,0x88,0xcd,0xc1,0xd0,0x35,0xa0,0x4a,0xe6,0xa5,0xef,0x28,0xa8,0x67,0x33,0x87,
+ 0xa2,0x47,0x9c,0x3e,0x0c,0x5a,0x12,0x04,0xbf,0x13,0x60,0x2b,0x49,0x09,0x7f,0xd4,
+ 0xbe,0xc1,0x62,0x84,0x56,0x6c,0x36,0xe4,0x5e,0xa3,0x96,0x35,0x67,0xf3,0x6d,0xae,
+ 0xe1,0xee,0x86,0x69,0x71,0x37,0xcb,0x25,0x82,0x58,0xb5,0xc3,0x18,0x92,0x6f,0xed,
+ 0x50,0x5c,0xd6,0x78,0x4c,0xcc,0x95,0xde,0x4e,0xdc,0x20,0x34,0xe6,0x45,0x21,0x27,
+ 0x6f,0x90,0x55,0x82,0x44,0x79,0xb4,0xab,0xd5,0x1a,0x73,0x15,0xe8,0x1e,0x20,0x4d,
+ 0xc0,0x0f,0x4b,0x07,0x7f,0x26,0xea,0x0a,0x72,0x56,0xbc,0xfb,0x0e,0xdf,0x88,0x62,
+ 0x4c,0x4e,0x3a,0x05,0x99,0x14,0xb7,0x5d,0xdf,0xcf,0x94,0x5c,0x56,0x20,0xeb,0x6b,
+ 0x06,0xb3,0x01,0x1e,0x4b,0xab,0xc2,0x68,0x57,0xbd,0xd9,0xbb,0x06,0x5d,0xfd,0xe5,
+ 0x15,0xc3,0x7e,0xaa,0x6a,0xd8,0x35,0x90,0x53,0x75,0x66,0x68,0x0a,0xd1,0xd7,0x76,
+ 0x06,0x78,0x27,0x28,0x8c,0x80,0x49,0x7b,0x76,0xc4,0x89,0xcb,0x39,0x76,0x2d,0xc1,
+ 0x99,0x7f,0xaa,0x41,0x08,0x6b,0x1e,0x37,0x7d,0x3c,0x9c,0xb2,0x9e,0x45,0x99,0xde,
+ 0xa3,0xb1,0x23,0xd8,0x50,0x46,0x3e,0xd2,0x00,0x87,0xfa,0x74,0x4a,0x54,0x81,0xa4,
+ 0x53,0x7a,0x62,0x52,0xae,0xa0,0xbc,0x18,0xb2,0xbc,0x96,0x2d,0xeb,0x58,0x9a,0xe5,
+ 0x3a,0x88,0x23,0x9e,0xac,0x7e,0x79,0x06,0xf4,0xb1,0x6e,0x68,0xc0,0xe7,0xde,0x24,
+ 0x78,0xc4,0xe4,0xda,0x86,0x90,0x08,0xa6,0x54,0x55,0xc6,0x91,0x54,0x7b,0x16,0xa9,
+ 0xd9,0x64,0xfe,0x0f,0xaa,0xac,0x4a,0xbb,0x22,0x30,0x9e,0x07,0x53,0x40,0x8e,0x22,
+ 0xa8,0x66,0x8c,0x0e,0x96,0x68,0x1f,0x0f,0xed,0xf3,0xad,0xeb,0xd7,0xc3,0xc6,0xea,
+ 0x0b,0x45,0x2e,0x07,0xa6,0xd9,0x4d,0x94,0x37,0xe8,0xb0,0x3e,0x7b,0x26,0x20,0x3a,
+ 0xff,0x7c,0x17,0x06,0xb5,0x8a,0x20,0x56,0x86,0x42,0xa8,0x71,0x9b,0x98,0x38,0xf0),
+ },
+ },
+},
+};
+
+START_TEST(test_verify_pss)
+{
+ public_key_t *pubkey;
+ bool result;
+ int i;
+
+ if (!lib->plugins->has_feature(lib->plugins,
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS)))
+ {
+ warn("%N not supported, skip test", signature_scheme_names,
+ SIGN_RSA_EMSA_PSS);
+ return;
+ }
+ for (i = 0; i < countof(pss_verify[_i].tests); i++)
+ {
+ pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ BUILD_RSA_MODULUS, pss_verify[_i].n,
+ BUILD_RSA_PUB_EXP, pss_verify[_i].tests[i].e,
+ BUILD_END);
+ ck_assert(pubkey != NULL);
+ result = pubkey->verify(pubkey, SIGN_RSA_EMSA_PSS,
+ &pss_verify[_i].params,
+ pss_verify[_i].tests[i].m,
+ pss_verify[_i].tests[i].s);
+ fail_unless(result == pss_verify[_i].tests[i].exp,
+ "verify %N [%d]", signature_scheme_names,
+ SIGN_RSA_EMSA_PSS, i);
+ pubkey->destroy(pubkey);
+ }
+}
+END_TEST
+
Suite *rsa_suite_create()
{
Suite *s;
@@ -395,5 +5188,23 @@ Suite *rsa_suite_create()
tcase_add_loop_test(tc, test_load, 0, countof(keys));
suite_add_tcase(s, tc);
+ tc = tcase_create("sign");
+ tcase_add_checked_fixture(tc, setup_keys, teardown_keys);
+ tcase_add_loop_test(tc, test_sign_pkcs15_2048, 0, countof(pkcs15_2048));
+ tcase_add_loop_test(tc, test_sign_pkcs15_3072, 0, countof(pkcs15_3072));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("sign pss");
+ tcase_add_checked_fixture(tc, setup_keys_pss, teardown_keys_pss);
+ tcase_add_loop_test(tc, test_sign_pss_2048, 0, countof(pss_sign_2048));
+ tcase_add_loop_test(tc, test_sign_pss_3072, 0, countof(pss_sign_3072));
+ tcase_add_loop_test(tc, test_sign_pss_no_salt, 0, countof(pss_sign_ns));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("verify");
+ tcase_add_loop_test(tc, test_verify_pkcs15, 0, countof(pkcs15_verify));
+ tcase_add_loop_test(tc, test_verify_pss, 0, countof(pss_verify));
+ suite_add_tcase(s, tc);
+
return s;
}
diff --git a/src/libstrongswan/tests/suites/test_signature_params.c b/src/libstrongswan/tests/suites/test_signature_params.c
new file mode 100644
index 000000000..38cb5803f
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_signature_params.c
@@ -0,0 +1,461 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <credentials/keys/signature_params.h>
+
+static struct {
+ chunk_t aid;
+ rsa_pss_params_t params;
+} rsa_pss_parse_tests[] = {
+ /* from RFC 7427, no parameters (empty sequence) */
+ { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00),
+ { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
+ /* from RFC 7427, default parameters (SHA-1), would actually not be sent
+ * like this, as corrected in errata */
+ { chunk_from_chars(0x30,0x3e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x31,0xa0,
+ 0x0b,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0xa1,0x18,0x30,0x16,
+ 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,0x09,0x06,0x05,0x2b,
+ 0x0e,0x03,0x02,0x1a,0x05,0x00,0xa2,0x03,0x02,0x01,0x14,0xa3,0x03,0x02,0x01,0x01),
+ { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
+ /* from RFC 7427, SHA-256 */
+ { chunk_from_chars(0x30,0x46,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x39,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
+ 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
+ 0x02,0x01,0x20,0xa3,0x03,0x02,0x01,0x01),
+ { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }},
+ /* from RFC 7427, SHA-256 (errata, without trailer, with len corrections) */
+ { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
+ 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
+ 0x02,0x01,0x20),
+ { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }},
+ /* SHA-512 */
+ { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
+ 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0xa2,0x03,
+ 0x02,0x01,0x40),
+ { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, .salt_len = HASH_SIZE_SHA512, }},
+ /* SHA-256, no salt */
+ { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
+ 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
+ 0x02,0x01,0x00),
+ { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 0, }},
+ /* only hash specified */
+ { chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11,
+ 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,
+ 0x05,0x00),
+ { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
+ /* only mgf specified */
+ { chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,
+ 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00),
+ { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA1, }},
+ /* only salt specified */
+ { chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05,0xa2,
+ 0x03,0x02,0x01,0x20),
+ { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA256, }},
+};
+
+START_TEST(test_rsa_pss_params_parse)
+{
+ rsa_pss_params_t parsed;
+ chunk_t params;
+ int oid;
+
+ oid = asn1_parse_algorithmIdentifier(rsa_pss_parse_tests[_i].aid, 0, &params);
+ ck_assert_int_eq(OID_RSASSA_PSS, oid);
+ ck_assert(rsa_pss_params_parse(params, 1, &parsed));
+ ck_assert_int_eq(rsa_pss_parse_tests[_i].params.hash, parsed.hash);
+ ck_assert_int_eq(rsa_pss_parse_tests[_i].params.mgf1_hash, parsed.mgf1_hash);
+ ck_assert_int_eq(rsa_pss_parse_tests[_i].params.salt_len, parsed.salt_len);
+}
+END_TEST
+
+chunk_t rsa_pss_parse_invalid_tests[] = {
+ /* unknown hash */
+ chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11,
+ 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x00,
+ 0x05,0x00),
+ /* unknown mgf */
+ chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x00,
+ 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00),
+ /* unknown mgf-1 hash */
+ chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,
+ 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x00,0x05,0x00),
+ /* incorrect trailer */
+ chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05,
+ 0xa3,0x03,0x02,0x01,0x02),
+ /* too long trailer */
+ chunk_from_chars(0x30,0x13,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x06,
+ 0xa3,0x04,0x02,0x02,0x01,0x01),
+};
+
+START_TEST(test_rsa_pss_params_parse_invalid)
+{
+ rsa_pss_params_t parsed;
+ chunk_t params;
+ int oid;
+
+ oid = asn1_parse_algorithmIdentifier(rsa_pss_parse_invalid_tests[_i], 0, &params);
+ ck_assert_int_eq(OID_RSASSA_PSS, oid);
+ ck_assert(!rsa_pss_params_parse(params, 1, &parsed));
+}
+END_TEST
+
+static struct {
+ chunk_t aid;
+ rsa_pss_params_t params;
+} rsa_pss_build_tests[] = {
+ /* default parameters -> empty sequence */
+ { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00),
+ { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
+ /* SHA-256 */
+ { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
+ 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
+ 0x02,0x01,0x20),
+ { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }},
+ /* default salt length: SHA-1 */
+ { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00),
+ { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }},
+ /* default salt length: SHA-224 */
+ { chunk_from_chars(0x30,0x23,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x16,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,0x05,0x00,
+ 0xa2,0x03,0x02,0x01,0x1c),
+ { .hash = HASH_SHA224, .mgf1_hash = HASH_SHA1, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }},
+ /* default salt length: SHA-384 */
+ { chunk_from_chars(0x30,0x23,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x16,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,
+ 0xa2,0x03,0x02,0x01,0x30),
+ { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA1, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }},
+ /* SHA-512 */
+ { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
+ 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0xa2,0x03,
+ 0x02,0x01,0x40),
+ { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }},
+ /* SHA-256, no salt */
+ { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
+ 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
+ 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
+ 0x02,0x01,0x00),
+ { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 0, }},
+ /* SHA-256, rest default */
+ { chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11,
+ 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,
+ 0x05,0x00),
+ { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
+ /* MGF1-SHA-256, rest default */
+ { chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e,
+ 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,
+ 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00),
+ { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA1, }},
+ /* only salt specified */
+ { chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05,0xa2,
+ 0x03,0x02,0x01,0x20),
+ { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA256, }},
+};
+
+START_TEST(test_rsa_pss_params_build)
+{
+ chunk_t params, aid;
+
+ ck_assert(rsa_pss_params_build(&rsa_pss_build_tests[_i].params, &params));
+ aid = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_RSASSA_PSS),
+ params);
+ ck_assert_chunk_eq(rsa_pss_build_tests[_i].aid, aid);
+ chunk_free(&aid);
+}
+END_TEST
+
+rsa_pss_params_t rsa_pss_build_invalid_tests[] = {
+ /* unknown hash */
+ { .hash = HASH_UNKNOWN, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, },
+ /* invalid mgf */
+ { .hash = HASH_SHA256, .mgf1_hash = HASH_UNKNOWN, .salt_len = HASH_SIZE_SHA256, },
+};
+
+START_TEST(test_rsa_pss_params_build_invalid)
+{
+ chunk_t params;
+
+ ck_assert(!rsa_pss_params_build(&rsa_pss_build_invalid_tests[_i], &params));
+}
+END_TEST
+
+static rsa_pss_params_t rsa_pss_params_sha1 = { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, };
+static rsa_pss_params_t rsa_pss_params_sha256 = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, };
+static rsa_pss_params_t rsa_pss_params_sha256_mgf1 = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA512, .salt_len = HASH_SIZE_SHA256, };
+static rsa_pss_params_t rsa_pss_params_sha256_salt = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 10, };
+
+static struct {
+ bool equal;
+ bool complies;
+ signature_params_t a;
+ signature_params_t b;
+} params_compare_tests[] = {
+ { TRUE, TRUE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, },
+ { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA1, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, },
+ { TRUE, TRUE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
+ { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, },
+ { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 },
+ { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 }, },
+ { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
+ { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_mgf1 }, },
+ { FALSE, TRUE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
+ { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt }, },
+ { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha1 },
+ { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, },
+ { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
+ { .scheme = SIGN_RSA_EMSA_PSS, }, },
+};
+
+START_TEST(test_params_compare)
+{
+ bool res;
+
+ res = signature_params_equal(&params_compare_tests[_i].a,
+ &params_compare_tests[_i].b);
+ ck_assert(res == params_compare_tests[_i].equal);
+ res = signature_params_comply(&params_compare_tests[_i].a,
+ &params_compare_tests[_i].b);
+ ck_assert(res == params_compare_tests[_i].complies);
+ res = signature_params_comply(&params_compare_tests[_i].b,
+ &params_compare_tests[_i].a);
+ ck_assert(res == params_compare_tests[_i].complies);
+}
+END_TEST
+
+START_TEST(test_params_compare_null)
+{
+ ck_assert(signature_params_equal(NULL, NULL));
+ ck_assert(!signature_params_equal(&params_compare_tests[0].a, NULL));
+ ck_assert(!signature_params_equal(NULL, &params_compare_tests[0].a));
+}
+END_TEST
+
+static struct {
+ signature_params_t src;
+ signature_params_t res;
+} params_clone_tests[] = {
+ { { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, },
+ { { .scheme = SIGN_RSA_EMSA_PSS }, { .scheme = SIGN_RSA_EMSA_PSS }, },
+ { { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
+ { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, },
+ { { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt },
+ { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt }, },
+ { { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 },
+ { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256 }, },
+};
+
+START_TEST(test_params_clone)
+{
+ signature_params_t *clone = NULL;
+
+ clone = signature_params_clone(&params_clone_tests[_i].src);
+ ck_assert(signature_params_equal(clone, &params_clone_tests[_i].res));
+ signature_params_destroy(clone);
+}
+END_TEST
+
+START_TEST(test_params_clone_null)
+{
+ signature_params_t *clone = NULL;
+
+ clone = signature_params_clone(clone);
+ ck_assert(!clone);
+ signature_params_destroy(clone);
+}
+END_TEST
+
+START_TEST(test_params_clear)
+{
+ signature_params_t *clone;
+
+ clone = signature_params_clone(&params_clone_tests[_i].src);
+ signature_params_clear(clone);
+ ck_assert_int_eq(clone->scheme, SIGN_UNKNOWN);
+ ck_assert(!clone->params);
+ free(clone);
+}
+END_TEST
+
+START_TEST(test_params_clear_null)
+{
+ signature_params_t *clone = NULL;
+
+ signature_params_clear(clone);
+}
+END_TEST
+
+START_TEST(test_params_parse_rsa_pss)
+{
+ signature_params_t parsed, res = { .scheme = SIGN_RSA_EMSA_PSS, };
+
+ ck_assert(signature_params_parse(rsa_pss_parse_tests[_i].aid, 0, &parsed));
+ res.params = &rsa_pss_parse_tests[_i].params;
+ ck_assert(signature_params_equal(&parsed, &res));
+ signature_params_clear(&parsed);
+}
+END_TEST
+
+START_TEST(test_params_parse_rsa_pss_invalid)
+{
+ signature_params_t parsed;
+
+ ck_assert(!signature_params_parse(rsa_pss_parse_invalid_tests[_i], 0, &parsed));
+}
+END_TEST
+
+static struct {
+ bool valid;
+ chunk_t aid;
+ signature_params_t params;
+} params_parse_tests[] = {
+ { TRUE, chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00),
+ { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }},
+ { TRUE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02),
+ { .scheme = SIGN_ECDSA_WITH_SHA256_DER, }},
+ { FALSE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0xff), },
+};
+
+START_TEST(test_params_parse_other)
+{
+ signature_params_t parsed;
+
+ if (params_parse_tests[_i].valid)
+ {
+ ck_assert(signature_params_parse(params_parse_tests[_i].aid, 0, &parsed));
+ ck_assert(signature_params_equal(&parsed, &params_parse_tests[_i].params));
+ signature_params_clear(&parsed);
+ }
+ else
+ {
+ ck_assert(!signature_params_parse(params_parse_tests[_i].aid, 0, &parsed));
+ }
+}
+END_TEST
+
+START_TEST(test_params_build_rsa_pss)
+{
+ signature_params_t scheme = { .scheme = SIGN_RSA_EMSA_PSS, };
+ chunk_t aid;
+
+ scheme.params = &rsa_pss_build_tests[_i].params;
+ ck_assert(signature_params_build(&scheme, &aid));
+ ck_assert_chunk_eq(rsa_pss_build_tests[_i].aid, aid);
+ chunk_free(&aid);
+}
+END_TEST
+
+START_TEST(test_params_build_rsa_pss_invalid)
+{
+ signature_params_t scheme = { .scheme = SIGN_RSA_EMSA_PSS, };
+ chunk_t aid;
+
+ scheme.params = &rsa_pss_build_invalid_tests[_i];
+ ck_assert(!signature_params_build(&scheme, &aid));
+}
+END_TEST
+
+static struct {
+ bool valid;
+ signature_params_t params;
+ chunk_t aid;
+} params_build_tests[] = {
+ { TRUE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, },
+ chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00), },
+ { TRUE, { .scheme = SIGN_ECDSA_WITH_SHA256_DER, },
+ chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02), },
+ { FALSE, { .scheme = SIGN_UNKNOWN, }, },
+};
+
+START_TEST(test_params_build_other)
+{
+ chunk_t aid;
+
+ if (params_build_tests[_i].valid)
+ {
+ ck_assert(signature_params_build(&params_build_tests[_i].params, &aid));
+ ck_assert_chunk_eq(params_build_tests[_i].aid, aid);
+ chunk_free(&aid);
+ }
+ else
+ {
+ ck_assert(!signature_params_build(&params_build_tests[_i].params, &aid));
+ }
+}
+END_TEST
+
+Suite *signature_params_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("signature params");
+
+ tc = tcase_create("rsa/pss parse");
+ tcase_add_loop_test(tc, test_rsa_pss_params_parse, 0, countof(rsa_pss_parse_tests));
+ tcase_add_loop_test(tc, test_rsa_pss_params_parse_invalid, 0, countof(rsa_pss_parse_invalid_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("rsa/pss build");
+ tcase_add_loop_test(tc, test_rsa_pss_params_build, 0, countof(rsa_pss_build_tests));
+ tcase_add_loop_test(tc, test_rsa_pss_params_build_invalid, 0, countof(rsa_pss_build_invalid_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("params compare");
+ tcase_add_loop_test(tc, test_params_compare, 0, countof(params_compare_tests));
+ tcase_add_test(tc, test_params_compare_null);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("params clone");
+ tcase_add_loop_test(tc, test_params_clone, 0, countof(params_clone_tests));
+ tcase_add_test(tc, test_params_clone_null);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("params clear");
+ tcase_add_loop_test(tc, test_params_clear, 0, countof(params_clone_tests));
+ tcase_add_test(tc, test_params_clear_null);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("parse");
+ tcase_add_loop_test(tc, test_params_parse_rsa_pss, 0, countof(rsa_pss_parse_tests));
+ tcase_add_loop_test(tc, test_params_parse_rsa_pss_invalid, 0, countof(rsa_pss_parse_invalid_tests));
+ tcase_add_loop_test(tc, test_params_parse_other, 0, countof(params_parse_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("build");
+ tcase_add_loop_test(tc, test_params_build_rsa_pss, 0, countof(rsa_pss_build_tests));
+ tcase_add_loop_test(tc, test_params_build_rsa_pss_invalid, 0, countof(rsa_pss_build_invalid_tests));
+ tcase_add_loop_test(tc, test_params_build_other, 0, countof(params_build_tests));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_traffic_selector.c b/src/libstrongswan/tests/suites/test_traffic_selector.c
index a5f30d251..93361f9bf 100644
--- a/src/libstrongswan/tests/suites/test_traffic_selector.c
+++ b/src/libstrongswan/tests/suites/test_traffic_selector.c
@@ -25,6 +25,11 @@ static void verify(const char *str, const char *alt, traffic_selector_t *ts)
{
char buf[512];
+ if (!str)
+ {
+ ck_assert_msg(!ts, "traffic selector not null: %R", ts);
+ return;
+ }
snprintf(buf, sizeof(buf), "%R", ts);
DESTROY_IF(ts);
if (!streq(buf, str) && (!alt || !streq(buf, alt)))
@@ -48,12 +53,14 @@ START_TEST(test_create_from_string)
verify("fec1::1..fec1::ffff:ffff:ffff:ffff", NULL,
traffic_selector_create_from_string(0, TS_IPV6_ADDR_RANGE,
"fec1::1", 0, "fec1::ffff:ffff:ffff:ffff", 65535));
-
- ck_assert(!traffic_selector_create_from_string(IPPROTO_TCP, 0,
+ verify(NULL, NULL,
+ traffic_selector_create_from_string(IPPROTO_TCP, 0,
"10.1.0.0", 80, "10.1.255.255", 80));
- ck_assert(!traffic_selector_create_from_string(IPPROTO_TCP, TS_IPV4_ADDR_RANGE,
+ verify(NULL, NULL,
+ traffic_selector_create_from_string(IPPROTO_TCP, TS_IPV4_ADDR_RANGE,
"a.b.c.d", 80, "10.1.255.255", 80));
- ck_assert(!traffic_selector_create_from_string(IPPROTO_TCP, TS_IPV4_ADDR_RANGE,
+ verify(NULL, NULL,
+ traffic_selector_create_from_string(IPPROTO_TCP, TS_IPV4_ADDR_RANGE,
"10.1.0.0", 80, "a.b.c.d", 80));
}
END_TEST
@@ -62,13 +69,17 @@ START_TEST(test_create_from_cidr)
{
verify("10.1.0.0/16", NULL,
traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535));
+ verify("10.1.0.1/32[udp]", "10.1.0.1/32[17]",
+ traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP,
+ 0, 65535));
verify("10.1.0.1/32[udp/1234-1235]", "10.1.0.1/32[17/1234-1235]",
traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP,
1234, 1235));
verify("10.1.0.0/16[OPAQUE]", NULL,
traffic_selector_create_from_cidr("10.1.0.0/16", 0, 65535, 0));
- ck_assert(!traffic_selector_create_from_cidr("a.b.c.d/16", 0, 0, 65535));
+ verify(NULL, NULL,
+ traffic_selector_create_from_cidr("a.b.c.d/16", 0, 0, 65535));
}
END_TEST
@@ -78,14 +89,20 @@ START_TEST(test_create_from_bytes)
traffic_selector_create_from_bytes(0, TS_IPV4_ADDR_RANGE,
chunk_from_chars(0x0a,0x01,0x00,0x00), 0,
chunk_from_chars(0x0a,0x01,0xff,0xff), 65535));
-
- ck_assert(!traffic_selector_create_from_bytes(0, TS_IPV4_ADDR_RANGE,
+ verify(NULL, NULL,
+ traffic_selector_create_from_bytes(0, TS_IPV4_ADDR_RANGE,
+ chunk_from_chars(0x0a,0x01,0x00,0x00), 0,
+ chunk_from_chars(0x0a,0x01,0xff,0xff,0xff), 65535));
+ verify(NULL, NULL,
+ traffic_selector_create_from_bytes(0, TS_IPV4_ADDR_RANGE,
chunk_empty, 0,
chunk_empty, 65535));
- ck_assert(!traffic_selector_create_from_bytes(0, TS_IPV6_ADDR_RANGE,
+ verify(NULL, NULL,
+ traffic_selector_create_from_bytes(0, TS_IPV6_ADDR_RANGE,
chunk_from_chars(0x0a,0x01,0x00,0x00), 0,
chunk_from_chars(0x0a,0x01,0xff,0xff), 65535));
- ck_assert(!traffic_selector_create_from_bytes(0, 0,
+ verify(NULL, NULL,
+ traffic_selector_create_from_bytes(0, 0,
chunk_from_chars(0x0a,0x01,0x00,0x00), 0,
chunk_from_chars(0x0a,0x01,0xff,0xff), 65535));
}
@@ -117,6 +134,7 @@ struct {
{ "128.0.0.0/4", TS_IPV4_ADDR_RANGE, chunk_from_chars(0x04,0x80), },
{ "172.16.0.0/12", TS_IPV4_ADDR_RANGE, chunk_from_chars(0x04,0xac,0x10), },
{ "0.0.0.0/0", TS_IPV4_ADDR_RANGE, chunk_from_chars(0x00), },
+ { NULL, 0, chunk_from_chars(0x00), },
/* FIXME: not a correct encoding, so we might want to fail here */
{ "0.0.0.0/0", TS_IPV4_ADDR_RANGE, {NULL, 0}, },
{ "2001:0:2::/48", TS_IPV6_ADDR_RANGE, chunk_from_chars(0x00,0x20,0x01,0x00,0x00,0x00,0x02),},
@@ -411,6 +429,7 @@ struct {
{ "0.0.0.0/0", "fec2::1", FALSE },
{ "::/0", "1.2.3.4", FALSE },
{ "10.0.0.0/16", "10.1.0.0", FALSE },
+ { "10.1.0.0/16", "10.0.255.255", FALSE },
{ "fec2::/64", "fec2:0:0:1::afaf", FALSE },
};
@@ -469,6 +488,7 @@ struct {
} is_host_tests[] = {
{ "0.0.0.0/0", "192.168.1.2", FALSE, FALSE },
{ "::/0", "fec2::1", FALSE, FALSE },
+ { "192.168.1.0/24", "192.168.1.0", FALSE, FALSE },
{ "192.168.1.2/32", "192.168.1.2", TRUE, TRUE },
{ "192.168.1.2/32", "192.168.1.1", FALSE, TRUE },
{ "192.168.1.2/32", "fec2::1", FALSE, TRUE },
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index de7b470d2..353010aaf 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -115,6 +115,54 @@ START_TEST(test_timeval_add_ms)
END_TEST
/*******************************************************************************
+ * timespan_from_string
+ */
+
+static struct {
+ char *s;
+ char *u;
+ bool v;
+ time_t t;
+} ts_data[] = {
+ {NULL, NULL, FALSE, 0},
+ {"", NULL, FALSE, 0},
+ {"a", NULL, FALSE, 0},
+ {"0", NULL, TRUE, 0},
+ {"5", NULL, TRUE, 5},
+ {"5s", NULL, TRUE, 5},
+ {"5m", NULL, TRUE, 300},
+ {"5ms", NULL, TRUE, 300},
+ {"5h", NULL, TRUE, 18000},
+ {"5d", NULL, TRUE, 432000},
+ {"5x", NULL, FALSE, 0},
+ {"5", "", TRUE, 5},
+ {"5", "m", TRUE, 300},
+ {"5", "ms", TRUE, 300},
+ {"5", "x", FALSE, 0},
+ {"5x", "m", FALSE, 0},
+ {"18446744073709551616", NULL, FALSE, 0},
+};
+
+START_TEST(test_timespan_from_string)
+{
+ time_t val = 42;
+
+ ck_assert(timespan_from_string(ts_data[_i].s, ts_data[_i].u,
+ NULL) == ts_data[_i].v);
+ ck_assert(timespan_from_string(ts_data[_i].s, ts_data[_i].u,
+ &val) == ts_data[_i].v);
+ if (ts_data[_i].v)
+ {
+ ck_assert_int_eq(val, ts_data[_i].t);
+ }
+ else
+ {
+ ck_assert_int_eq(val, 42);
+ }
+}
+END_TEST
+
+/*******************************************************************************
* htoun/untoh
*/
@@ -856,15 +904,20 @@ END_TEST
static struct {
key_type_t type;
int size;
- signature_scheme_t expected[4];
+ signature_scheme_t expected[7];
} scheme_data[] = {
- {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
- SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
- {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
- SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
- {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ {KEY_RSA, 1024, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS,
+ SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ SIGN_UNKNOWN }},
+ {KEY_RSA, 2048, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS,
+ SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ SIGN_UNKNOWN }},
+ {KEY_RSA, 4096, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS,
+ SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
SIGN_UNKNOWN }},
- {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_RSA, 8192, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
{KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER,
SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
{KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER,
@@ -880,16 +933,16 @@ static struct {
START_TEST(test_signature_schemes_for_key)
{
enumerator_t *enumerator;
- signature_scheme_t scheme;
+ signature_params_t *params;
int i;
enumerator = signature_schemes_for_key(scheme_data[_i].type, scheme_data[_i].size);
for (i = 0; scheme_data[_i].expected[i] != SIGN_UNKNOWN; i++)
{
- ck_assert(enumerator->enumerate(enumerator, &scheme));
- ck_assert_int_eq(scheme_data[_i].expected[i], scheme);
+ ck_assert(enumerator->enumerate(enumerator, &params));
+ ck_assert_int_eq(scheme_data[_i].expected[i], params->scheme);
}
- ck_assert(!enumerator->enumerate(enumerator, &scheme));
+ ck_assert(!enumerator->enumerate(enumerator, &params));
enumerator->destroy(enumerator);
}
END_TEST
@@ -921,6 +974,10 @@ Suite *utils_suite_create()
tcase_add_test(tc, test_timeval_add_ms);
suite_add_tcase(s, tc);
+ tc = tcase_create("timespan_from_string");
+ tcase_add_loop_test(tc, test_timespan_from_string, 0, countof(ts_data));
+ suite_add_tcase(s, tc);
+
tc = tcase_create("htoun,untoh");
tcase_add_test(tc, test_htoun);
tcase_add_test(tc, test_untoh);
diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c
index ed77b3c86..b9a0fe6d6 100644
--- a/src/libstrongswan/tests/test_runner.c
+++ b/src/libstrongswan/tests/test_runner.c
@@ -386,9 +386,28 @@ static void collect_failure_info(array_t *failures, char *name, int i)
}
/**
+ * Collect warning information, add failure_t to array
+ */
+static bool collect_warning_info(array_t *warnings, char *name, int i)
+{
+ failure_t warning = {
+ .name = name,
+ .i = i,
+ };
+
+ warning.line = test_warning_get(warning.msg, sizeof(warning.msg),
+ &warning.file);
+ if (warning.line)
+ {
+ array_insert(warnings, -1, &warning);
+ }
+ return warning.line;
+}
+
+/**
* Print array of collected failure_t to stderr
*/
-static void print_failures(array_t *failures)
+static void print_failures(array_t *failures, bool warnings)
{
failure_t failure;
@@ -397,8 +416,16 @@ static void print_failures(array_t *failures)
while (array_remove(failures, 0, &failure))
{
- fprintf(stderr, " %sFailure in '%s': %s (",
- TTY(RED), failure.name, failure.msg);
+ if (warnings)
+ {
+ fprintf(stderr, " %sWarning in '%s': %s (",
+ TTY(YELLOW), failure.name, failure.msg);
+ }
+ else
+ {
+ fprintf(stderr, " %sFailure in '%s': %s (",
+ TTY(RED), failure.name, failure.msg);
+ }
if (failure.line)
{
fprintf(stderr, "%s:%d, ", failure.file, failure.line);
@@ -423,9 +450,10 @@ static bool run_case(test_case_t *tcase, test_runner_init_t init, char *cfg)
enumerator_t *enumerator;
test_function_t *tfun;
int passed = 0;
- array_t *failures;
+ array_t *failures, *warnings;
failures = array_create(sizeof(failure_t), 0);
+ warnings = array_create(sizeof(failure_t), 0);
fprintf(stderr, " Running case '%s': ", tcase->name);
fflush(stderr);
@@ -470,7 +498,14 @@ static bool run_case(test_case_t *tcase, test_runner_init_t init, char *cfg)
if (!leaks)
{
rounds++;
- fprintf(stderr, "%s+%s", TTY(GREEN), TTY(DEF));
+ if (!collect_warning_info(warnings, tfun->name, i))
+ {
+ fprintf(stderr, "%s+%s", TTY(GREEN), TTY(DEF));
+ }
+ else
+ {
+ fprintf(stderr, "%s~%s", TTY(YELLOW), TTY(DEF));
+ }
}
}
else
@@ -497,8 +532,10 @@ static bool run_case(test_case_t *tcase, test_runner_init_t init, char *cfg)
fprintf(stderr, "\n");
- print_failures(failures);
+ print_failures(warnings, TRUE);
+ print_failures(failures, FALSE);
array_destroy(failures);
+ array_destroy(warnings);
return passed == array_count(tcase->functions);
}
diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c
index 8541cdaef..412d9fbf6 100644
--- a/src/libstrongswan/tests/test_suite.c
+++ b/src/libstrongswan/tests/test_suite.c
@@ -50,6 +50,21 @@ static backtrace_t *failure_backtrace;
static bool worker_failed;
/**
+ * Warning message buf
+ */
+static char warning_buf[4096];
+
+/**
+ * Source file warning was issued
+ */
+static const char *warning_file;
+
+/**
+ * Line of source file warning was issued
+ */
+static int warning_line;
+
+/**
* See header.
*/
test_suite_t* test_suite_create(const char *name)
@@ -419,6 +434,21 @@ void test_fail_vmsg(const char *file, int line, char *fmt, va_list args)
test_failure();
}
+
+/**
+ * See header.
+ */
+void test_warn_msg(const char *file, int line, char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vsnprintf(warning_buf, sizeof(warning_buf), fmt, args);
+ warning_line = line;
+ warning_file = file;
+ va_end(args);
+}
+
/**
* See header.
*/
@@ -449,6 +479,25 @@ int test_failure_get(char *msg, int len, const char **file)
/**
* See header.
*/
+int test_warning_get(char *msg, int len, const char **file)
+{
+ int line = warning_line;
+
+ if (!line)
+ {
+ return 0;
+ }
+ strncpy(msg, warning_buf, len - 1);
+ msg[len - 1] = 0;
+ *file = warning_file;
+ /* reset state */
+ warning_line = 0;
+ return line;
+}
+
+/**
+ * See header.
+ */
backtrace_t *test_failure_backtrace()
{
backtrace_t *bt;
diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h
index 97c1b42c1..9b9fcad85 100644
--- a/src/libstrongswan/tests/test_suite.h
+++ b/src/libstrongswan/tests/test_suite.h
@@ -220,6 +220,17 @@ void test_setup_timeout(int s);
int test_failure_get(char *msg, int len, const char **file);
/**
+ * Get info about a warning if one was issued during the test. Resets the
+ * warning state.
+ *
+ * @param msg buffer receiving warning
+ * @param len size of msg buffer
+ * @param file pointer receiving source code file
+ * @return source code line number, 0 if no warning issued
+ */
+int test_warning_get(char *msg, int len, const char **file);
+
+/**
* Get a backtrace for a failure.
*
* @return allocated backtrace of test failure, if any
@@ -247,6 +258,18 @@ void test_fail_vmsg(const char *file, int line, char *fmt, va_list args);
void test_fail_msg(const char *file, int line, char *fmt, ...);
/**
+ * Issue a warning for a particular test with a message using printf style
+ * arguments. This does not fail the test, and only the last warning for each
+ * test is kept.
+ *
+ * @param file source code file name
+ * @param line source code line number
+ * @param fmt printf format string
+ * @param ... arguments for fmt
+ */
+void test_warn_msg(const char *file, int line, char *fmt, ...);
+
+/**
* Let a test fail if one of the worker threads has failed (only if called from
* the main thread).
*/
@@ -345,6 +368,7 @@ void test_fail_if_worker_failed();
#define ck_assert_msg test_assert_msg
#define ck_assert_str_eq test_str_eq
#define ck_assert_chunk_eq test_chunk_eq
+#define warn(fmt, ...) test_warn_msg(__FILE__, __LINE__, fmt, ##__VA_ARGS__)
#define fail(fmt, ...) test_fail_msg(__FILE__, __LINE__, fmt, ##__VA_ARGS__)
#define fail_if(x, fmt, ...) \
({ \
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index c19cac25a..525bdeb94 100644
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -51,4 +51,5 @@ TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519)
+TEST_SUITE(signature_params_suite_create)
diff --git a/src/libstrongswan/utils/debug.h b/src/libstrongswan/utils/debug.h
index f1c8c70ab..3b554487c 100644
--- a/src/libstrongswan/utils/debug.h
+++ b/src/libstrongswan/utils/debug.h
@@ -24,9 +24,9 @@
typedef enum debug_t debug_t;
typedef enum level_t level_t;
-#include <stdio.h>
-
+#include <utils/printf_hook/printf_hook.h>
#include <utils/utils.h>
+#include <stdio.h>
/**
* Debug message group.
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 1a4769063..56298a60f 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -72,10 +72,13 @@ static const x501rdn_t x501rdns[] = {
{"C", OID_COUNTRY, ASN1_PRINTABLESTRING},
{"L", OID_LOCALITY, ASN1_PRINTABLESTRING},
{"ST", OID_STATE_OR_PROVINCE, ASN1_PRINTABLESTRING},
+ {"STREET", OID_STREET_ADDRESS, ASN1_PRINTABLESTRING},
{"O", OID_ORGANIZATION, ASN1_PRINTABLESTRING},
{"OU", OID_ORGANIZATION_UNIT, ASN1_PRINTABLESTRING},
{"T", OID_TITLE, ASN1_PRINTABLESTRING},
{"D", OID_DESCRIPTION, ASN1_PRINTABLESTRING},
+ {"postalAddress", OID_POSTAL_ADDRESS, ASN1_PRINTABLESTRING},
+ {"postalCode", OID_POSTAL_CODE, ASN1_PRINTABLESTRING},
{"N", OID_NAME, ASN1_PRINTABLESTRING},
{"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING},
{"I", OID_INITIALS, ASN1_PRINTABLESTRING},
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index 33b8d1956..ec994bfc5 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -25,6 +25,7 @@
#define _GNU_SOURCE
#include <sys/types.h>
#include <stdlib.h>
+#include <stdint.h>
#include <stddef.h>
#include <sys/time.h>
#include <string.h>
diff --git a/src/libstrongswan/utils/utils/time.c b/src/libstrongswan/utils/utils/time.c
index 48e5151c0..d96c918da 100644
--- a/src/libstrongswan/utils/utils/time.c
+++ b/src/libstrongswan/utils/utils/time.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2008-2014 Tobias Brunner
+ * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -23,7 +23,9 @@
#include <utils/utils.h>
#include <inttypes.h>
+#include <ctype.h>
#include <time.h>
+#include <errno.h>
/**
* Return monotonic time
@@ -77,8 +79,62 @@ time_t time_monotonic(timeval_t *tv)
#endif /* !WIN32 */
}
-/**
- * Described in header.
+/*
+ * Described in header
+ */
+bool timespan_from_string(char *str, char *defunit, time_t *val)
+{
+ char *endptr, unit;
+ time_t timeval;
+
+ if (str)
+ {
+ errno = 0;
+ timeval = strtoull(str, &endptr, 10);
+ if (endptr == str)
+ {
+ return FALSE;
+ }
+ if (errno == 0)
+ {
+ while (isspace(*endptr))
+ {
+ endptr++;
+ }
+ unit = *endptr;
+ if (!unit && defunit)
+ {
+ unit = *defunit;
+ }
+ switch (unit)
+ {
+ case 'd': /* time in days */
+ timeval *= 24 * 3600;
+ break;
+ case 'h': /* time in hours */
+ timeval *= 3600;
+ break;
+ case 'm': /* time in minutes */
+ timeval *= 60;
+ break;
+ case 's': /* time in seconds */
+ case '\0':
+ break;
+ default:
+ return FALSE;
+ }
+ if (val)
+ {
+ *val = timeval;
+ }
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/*
+ * Described in header
*/
int time_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
const void *const *args)
@@ -112,8 +168,8 @@ int time_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
t.tm_sec, utc ? " UTC " : " ", t.tm_year + 1900);
}
-/**
- * Described in header.
+/*
+ * Described in header
*/
int time_delta_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
const void *const *args)
diff --git a/src/libstrongswan/utils/utils/time.h b/src/libstrongswan/utils/utils/time.h
index 2626d9a33..2e210fbef 100644
--- a/src/libstrongswan/utils/utils/time.h
+++ b/src/libstrongswan/utils/utils/time.h
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2008-2014 Tobias Brunner
+ * Copyright (C) 2008-2017 Tobias Brunner
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -71,6 +71,18 @@ static inline void timeval_add_ms(timeval_t *tv, u_int ms)
}
/**
+ * Parse the given string as time span and return the number of seconds,
+ * optionally with a default unit ('s' for seconds, 'm' for minutes, 'h' for
+ * hours, 'd' for days - default is 's').
+ *
+ * @param str value to parse
+ * @param defunit optional default unit
+ * @param[out] val parsed value
+ * @return TRUE if a value was parsed
+ */
+bool timespan_from_string(char *str, char *defunit, time_t *val);
+
+/**
* printf hook for time_t.
*
* Arguments are:
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 292d10f0b..3412ab1cb 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -297,9 +297,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in
index 2e2c3debf..c46ca18bd 100644
--- a/src/libtls/tests/Makefile.in
+++ b/src/libtls/tests/Makefile.in
@@ -241,9 +241,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 05ae62b49..7f7742e88 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1428,7 +1428,7 @@ METHOD(tls_crypto_t, sign, bool,
{
scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
if (scheme != SIGN_UNKNOWN &&
- key->sign(key, scheme, data, &sig))
+ key->sign(key, scheme, NULL, data, &sig))
{
done = TRUE;
break;
@@ -1460,7 +1460,8 @@ METHOD(tls_crypto_t, sign, bool,
{
return FALSE;
}
- done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, &sig);
+ done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
+ &sig);
free(hash.ptr);
if (!done)
{
@@ -1469,7 +1470,7 @@ METHOD(tls_crypto_t, sign, bool,
DBG2(DBG_TLS, "created signature with MD5+SHA1/RSA");
break;
case KEY_ECDSA:
- if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, data, &sig))
+ if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data, &sig))
{
return FALSE;
}
@@ -1509,7 +1510,7 @@ METHOD(tls_crypto_t, verify, bool,
tls_signature_algorithm_names, alg);
return FALSE;
}
- if (!key->verify(key, scheme, data, sig))
+ if (!key->verify(key, scheme, NULL, data, sig))
{
return FALSE;
}
@@ -1533,7 +1534,8 @@ METHOD(tls_crypto_t, verify, bool,
{
return FALSE;
}
- done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, sig);
+ done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
+ sig);
free(hash.ptr);
if (!done)
{
@@ -1542,7 +1544,8 @@ METHOD(tls_crypto_t, verify, bool,
DBG2(DBG_TLS, "verified signature data with MD5+SHA1/RSA");
break;
case KEY_ECDSA:
- if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, data, sig))
+ if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data,
+ sig))
{
return FALSE;
}
diff --git a/src/libtls/tls_prf.c b/src/libtls/tls_prf.c
index 918de1e50..f88dbc2b7 100644
--- a/src/libtls/tls_prf.c
+++ b/src/libtls/tls_prf.c
@@ -17,6 +17,8 @@
typedef struct private_tls_prf12_t private_tls_prf12_t;
+#include <library.h>
+
/**
* Private data of an tls_prf_t object.
*/
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index 9a7639e06..97995800b 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -301,9 +301,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index 5824c4597..7143a1ce2 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c
index 822df3f27..e88ac42b6 100644
--- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c
+++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c
@@ -354,7 +354,7 @@ imc_t* tnc_imc_create(char *name, char *path)
this = tnc_imc_create_empty(name);
if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now",
- lib->ns, FALSE))
+ FALSE, lib->ns))
{
flag = RTLD_NOW;
}
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index 4de4bccb3..a142a7eff 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -250,9 +250,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
index 9a0304172..e6c53b74f 100644
--- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c
+++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c
@@ -350,7 +350,7 @@ imv_t* tnc_imv_create(char *name, char *path)
this = tnc_imv_create_empty(name);
if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now",
- lib->ns, FALSE))
+ FALSE, lib->ns))
{
flag = RTLD_NOW;
}
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index a8607d3b4..72a195eca 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index eac0e1f63..7e15cb2ff 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -259,9 +259,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index 0d1e73aa4..d7d445fd1 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -262,9 +262,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index ebe42fe5d..79db1e9b4 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -249,9 +249,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index 1fc797c7f..bd1da8e18 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -211,9 +211,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtncif/tncif_pa_subtypes.c b/src/libtncif/tncif_pa_subtypes.c
index 2789e7d3e..9c58944bb 100644
--- a/src/libtncif/tncif_pa_subtypes.c
+++ b/src/libtncif/tncif_pa_subtypes.c
@@ -16,7 +16,7 @@
#include "tncif_pa_subtypes.h"
/* IETF PA Subtype names */
-ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_SW,
+ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_SWIMA,
"Testing",
"Operating System",
"Anti-Virus",
@@ -26,10 +26,10 @@ ENUM_BEGIN(pa_subtype_ietf_names, PA_SUBTYPE_IETF_TESTING, PA_SUBTYPE_IETF_SW,
"IDPS",
"VPN",
"NEA Client",
- "Software"
+ "SWIMA"
);
ENUM_NEXT(pa_subtype_ietf_names, PA_SUBTYPE_IETF_ANY, PA_SUBTYPE_IETF_ANY,
- PA_SUBTYPE_IETF_SW,
+ PA_SUBTYPE_IETF_SWIMA,
"ANY"
);
ENUM_END(pa_subtype_ietf_names, PA_SUBTYPE_IETF_ANY);
diff --git a/src/libtncif/tncif_pa_subtypes.h b/src/libtncif/tncif_pa_subtypes.h
index 696441029..0eef4ad17 100644
--- a/src/libtncif/tncif_pa_subtypes.h
+++ b/src/libtncif/tncif_pa_subtypes.h
@@ -43,7 +43,7 @@ typedef enum pa_subtype_ita_t pa_subtype_ita_t;
PA_SUBTYPE_IETF_IDPS = 0x06,
PA_SUBTYPE_IETF_VPN = 0x07,
PA_SUBTYPE_IETF_NEA_CLIENT = 0x08,
- PA_SUBTYPE_IETF_SW = 0x09,
+ PA_SUBTYPE_IETF_SWIMA = 0x09,
PA_SUBTYPE_IETF_ANY = 0xff
};
diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in
index 90d5e54f5..50861bcdd 100644
--- a/src/libtpmtss/Makefile.in
+++ b/src/libtpmtss/Makefile.in
@@ -289,9 +289,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtpmtss/plugins/tpm/Makefile.in b/src/libtpmtss/plugins/tpm/Makefile.in
index f80c0f736..a12c18a35 100644
--- a/src/libtpmtss/plugins/tpm/Makefile.in
+++ b/src/libtpmtss/plugins/tpm/Makefile.in
@@ -246,9 +246,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/libtpmtss/plugins/tpm/tpm_private_key.c b/src/libtpmtss/plugins/tpm/tpm_private_key.c
index bd5a8baeb..0df5ee94c 100644
--- a/src/libtpmtss/plugins/tpm/tpm_private_key.c
+++ b/src/libtpmtss/plugins/tpm/tpm_private_key.c
@@ -76,7 +76,7 @@ METHOD(private_key_t, get_keysize, int,
}
METHOD(private_key_t, sign, bool,
- private_tpm_private_key_t *this, signature_scheme_t scheme,
+ private_tpm_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
chunk_t pin = chunk_empty;
@@ -191,7 +191,7 @@ tpm_private_key_t *tpm_private_key_connect(key_type_t type, va_list args)
if (!tpm)
{
DBG1(DBG_LIB, "no TPM 2.0 found");
- return NULL;
+ return NULL;
}
INIT(this,
diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c
index dcba05c43..4c0d95fe5 100644
--- a/src/libtpmtss/tpm_tss_tss2.c
+++ b/src/libtpmtss/tpm_tss_tss2.c
@@ -742,7 +742,7 @@ METHOD(tpm_tss_t, sign, bool,
*( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0;
key_type = key_type_from_signature_scheme(scheme);
- hash_alg = hasher_from_signature_scheme(scheme);
+ hash_alg = hasher_from_signature_scheme(scheme, NULL);
/* Check if hash algorithm is supported by TPM */
alg_id = hash_alg_to_tpm_alg_id(hash_alg);
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index 0c128c1a8..c8450d27f 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -263,9 +263,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/manager/templates/static/jquery.js b/src/manager/templates/static/jquery.js
index 7cb68d02f..f0e43fa93 100644
--- a/src/manager/templates/static/jquery.js
+++ b/src/manager/templates/static/jquery.js
@@ -311,7 +311,7 @@ jQuery.fn = jQuery.prototype = {
for ( var i = one ? index : 0, max = one ? index + 1 : options.length; i < max; i++ ) {
var option = options[i];
if ( option.selected ) {
- // Get the specifc value for the option
+ // Get the specific value for the option
var val = jQuery.browser.msie && !option.attributes["value"].specified ? option.text : option.value;
// We don't need an array for one selects
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 6ebe48691..02b5607b1 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -252,9 +252,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 58de24aca..8b369b38d 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -265,9 +265,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/pki/command.c b/src/pki/command.c
index ce704dbb8..f425af7e8 100644
--- a/src/pki/command.c
+++ b/src/pki/command.c
@@ -191,7 +191,7 @@ void command_register(command_t command)
int command_usage(char *error)
{
FILE *out = stdout;
- int i;
+ int i, indent = 0;
if (error)
{
@@ -221,12 +221,12 @@ int command_usage(char *error)
{
if (i == 0)
{
- fprintf(out, " pki --%s %s\n",
- cmds[active].cmd, cmds[active].line[i]);
+ indent = fprintf(out, " pki --%s ", cmds[active].cmd);
+ fprintf(out, "%s\n", cmds[active].line[i]);
}
else
{
- fprintf(out, " %s\n", cmds[active].line[i]);
+ fprintf(out, "%*s%s\n", indent, "", cmds[active].line[i]);
}
}
for (i = 0; cmds[active].options[i].name; i++)
diff --git a/src/pki/command.h b/src/pki/command.h
index 449252eb8..a7dade758 100644
--- a/src/pki/command.h
+++ b/src/pki/command.h
@@ -34,7 +34,7 @@
/**
* Maximum number of usage summary lines (+1)
*/
-#define MAX_LINES 11
+#define MAX_LINES 12
typedef struct command_t command_t;
typedef struct command_option_t command_option_t;
diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c
index 9e6e80938..d1ea5c65e 100644
--- a/src/pki/commands/acert.c
+++ b/src/pki/commands/acert.c
@@ -33,6 +33,7 @@ static int acert()
{
cred_encoding_type_t form = CERT_ASN1_DER;
hash_algorithm_t digest = HASH_UNKNOWN;
+ signature_params_t *scheme = NULL;
certificate_t *ac = NULL, *cert = NULL, *issuer =NULL;
private_key_t *private = NULL;
public_key_t *public = NULL;
@@ -44,6 +45,8 @@ static int acert()
char *datenb = NULL, *datena = NULL, *dateform = NULL;
rng_t *rng;
char *arg;
+ bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+ lib->ns);
groups = linked_list_create();
@@ -60,6 +63,17 @@ static int acert()
goto usage;
}
continue;
+ case 'R':
+ if (streq(arg, "pss"))
+ {
+ pss = TRUE;
+ }
+ else if (!streq(arg, "pkcs1"))
+ {
+ error = "invalid RSA padding";
+ goto usage;
+ }
+ continue;
case 'i':
file = arg;
continue;
@@ -162,10 +176,6 @@ static int acert()
error = "loading issuer private key failed";
goto end;
}
- if (digest == HASH_UNKNOWN)
- {
- digest = get_default_digest(private);
- }
if (!private->belongs_to(private, public))
{
error = "issuer private key does not match issuer certificate";
@@ -217,6 +227,7 @@ static int acert()
error = "parsing user certificate failed";
goto end;
}
+ scheme = get_signature_scheme(private, digest, pss);
ac = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509_AC,
@@ -227,6 +238,7 @@ static int acert()
BUILD_AC_GROUP_STRINGS, groups,
BUILD_SIGNING_CERT, issuer,
BUILD_SIGNING_KEY, private,
+ BUILD_SIGNATURE_SCHEME, scheme,
BUILD_END);
if (!ac)
{
@@ -252,6 +264,7 @@ end:
DESTROY_IF(public);
DESTROY_IF(private);
groups->destroy(groups);
+ signature_params_destroy(scheme);
free(encoding.ptr);
free(serial.ptr);
@@ -279,6 +292,7 @@ static void __attribute__ ((constructor))reg()
" --issuercert file [--serial hex] [--lifetime hours]",
" [--not-before datetime] [--not-after datetime] [--dateform form]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--rsa-padding pkcs1|pss]",
"[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
@@ -293,6 +307,7 @@ static void __attribute__ ((constructor))reg()
{"not-after", 'T', 1, "date/time the validity of the AC ends"},
{"dateform", 'D', 1, "strptime(3) input format, default: %d.%m.%y %T"},
{"digest", 'g', 1, "digest for signature creation, default: key-specific"},
+ {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"},
{"outform", 'f', 1, "encoding of generated cert, default: der"},
}
});
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c
index 6f14b5276..203c76542 100644
--- a/src/pki/commands/gen.c
+++ b/src/pki/commands/gen.c
@@ -166,7 +166,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
gen, 'g', "gen", "generate a new private key",
- {" [--type rsa|ecdsa|ed25519|bliss] [--size bits] [--safe-primes]",
+ {"[--type rsa|ecdsa|ed25519|bliss] [--size bits] [--safe-primes]",
"[--shares n] [--threshold l] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index e41c56d08..1ccbca89f 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -61,6 +61,7 @@ static int issue()
{
cred_encoding_type_t form = CERT_ASN1_DER;
hash_algorithm_t digest = HASH_UNKNOWN;
+ signature_params_t *scheme = NULL;
certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL;
private_key_t *private = NULL;
public_key_t *public = NULL;
@@ -84,6 +85,8 @@ static int issue()
x509_cert_policy_t *policy = NULL;
traffic_selector_t *ts;
char *arg;
+ bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+ lib->ns);
san = linked_list_create();
cdps = linked_list_create();
@@ -143,6 +146,17 @@ static int issue()
goto usage;
}
continue;
+ case 'R':
+ if (streq(arg, "pss"))
+ {
+ pss = TRUE;
+ }
+ else if (!streq(arg, "pkcs1"))
+ {
+ error = "invalid RSA padding";
+ goto usage;
+ }
+ continue;
case 'i':
file = arg;
continue;
@@ -396,10 +410,6 @@ static int issue()
error = "loading CA private key failed";
goto end;
}
- if (digest == HASH_UNKNOWN)
- {
- digest = get_default_digest(private);
- }
if (!private->belongs_to(private, public))
{
error = "CA private key does not match CA certificate";
@@ -525,11 +535,12 @@ static int issue()
id = identification_create_from_encoding(ID_DER_ASN1_DN,
chunk_from_chars(ASN1_SEQUENCE, 0));
}
+ scheme = get_signature_scheme(private, digest, pss);
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca,
BUILD_PUBLIC_KEY, public, BUILD_SUBJECT, id,
- BUILD_NOT_BEFORE_TIME, not_before, BUILD_DIGEST_ALG, digest,
+ BUILD_NOT_BEFORE_TIME, not_before,
BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial,
BUILD_SUBJECT_ALTNAMES, san, BUILD_X509_FLAG, flags,
BUILD_PATHLEN, pathlen, BUILD_ADDRBLOCKS, addrblocks,
@@ -542,6 +553,7 @@ static int issue()
BUILD_POLICY_REQUIRE_EXPLICIT, require_explicit,
BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping,
BUILD_POLICY_INHIBIT_ANY, inhibit_any,
+ BUILD_SIGNATURE_SCHEME, scheme,
BUILD_END);
if (!cert)
{
@@ -575,6 +587,7 @@ end:
mappings->destroy_function(mappings, (void*)destroy_policy_mapping);
cdps->destroy_function(cdps, (void*)destroy_cdp);
ocsp->destroy(ocsp);
+ signature_params_destroy(scheme);
free(encoding.ptr);
free(serial.ptr);
@@ -614,6 +627,7 @@ static void __attribute__ ((constructor))reg()
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
"[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--rsa-padding pkcs1|pss]",
"[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
@@ -646,6 +660,7 @@ static void __attribute__ ((constructor))reg()
{"crlissuer", 'I', 1, "CRL Issuer for CRL at distribution point"},
{"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"},
{"digest", 'g', 1, "digest for signature creation, default: key-specific"},
+ {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"},
{"outform", 'f', 1, "encoding of generated cert, default: der"},
}
});
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 7b87e6ca6..cfddbc455 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -30,6 +30,7 @@ static int req()
cred_encoding_type_t form = CERT_ASN1_DER;
key_type_t type = KEY_ANY;
hash_algorithm_t digest = HASH_UNKNOWN;
+ signature_params_t *scheme = NULL;
certificate_t *cert = NULL;
private_key_t *private = NULL;
char *file = NULL, *keyid = NULL, *dn = NULL, *error = NULL;
@@ -38,6 +39,8 @@ static int req()
chunk_t encoding = chunk_empty;
chunk_t challenge_password = chunk_empty;
char *arg;
+ bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+ lib->ns);
san = linked_list_create();
@@ -77,6 +80,17 @@ static int req()
goto usage;
}
continue;
+ case 'R':
+ if (streq(arg, "pss"))
+ {
+ pss = TRUE;
+ }
+ else if (!streq(arg, "pkcs1"))
+ {
+ error = "invalid RSA padding";
+ goto usage;
+ }
+ continue;
case 'i':
file = arg;
continue;
@@ -153,16 +167,14 @@ static int req()
error = "parsing private key failed";
goto end;
}
- if (digest == HASH_UNKNOWN)
- {
- digest = get_default_digest(private);
- }
+ scheme = get_signature_scheme(private, digest, pss);
+
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
BUILD_SIGNING_KEY, private,
BUILD_SUBJECT, id,
BUILD_SUBJECT_ALTNAMES, san,
BUILD_CHALLENGE_PWD, challenge_password,
- BUILD_DIGEST_ALG, digest,
+ BUILD_SIGNATURE_SCHEME, scheme,
BUILD_END);
if (!cert)
{
@@ -186,6 +198,7 @@ end:
DESTROY_IF(cert);
DESTROY_IF(private);
san->destroy_offset(san, offsetof(identification_t, destroy));
+ signature_params_destroy(scheme);
free(encoding.ptr);
if (error)
@@ -208,20 +221,22 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
- {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name",
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name",
"[--san subjectAltName]+ [--password challengePassword]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--rsa-padding pkcs1|pss]",
"[--outform der|pem]"},
{
- {"help", 'h', 0, "show usage information"},
- {"in", 'i', 1, "private key input file, default: stdin"},
- {"keyid", 'x', 1, "smartcard or TPM private key object handle"},
- {"type", 't', 1, "type of input key, default: priv"},
- {"dn", 'd', 1, "subject distinguished name"},
- {"san", 'a', 1, "subjectAltName to include in cert request"},
- {"password",'p', 1, "challengePassword to include in cert request"},
- {"digest", 'g', 1, "digest for signature creation, default: key-specific"},
- {"outform", 'f', 1, "encoding of generated request, default: der"},
+ {"help", 'h', 0, "show usage information"},
+ {"in", 'i', 1, "private key input file, default: stdin"},
+ {"keyid", 'x', 1, "smartcard or TPM private key object handle"},
+ {"type", 't', 1, "type of input key, default: priv"},
+ {"dn", 'd', 1, "subject distinguished name"},
+ {"san", 'a', 1, "subjectAltName to include in cert request"},
+ {"password", 'p', 1, "challengePassword to include in cert request"},
+ {"digest", 'g', 1, "digest for signature creation, default: key-specific"},
+ {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"},
+ {"outform", 'f', 1, "encoding of generated request, default: der"},
}
});
}
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index bdb22463e..6f7adef0f 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -52,6 +52,7 @@ static int self()
cred_encoding_type_t form = CERT_ASN1_DER;
key_type_t type = KEY_ANY;
hash_algorithm_t digest = HASH_UNKNOWN;
+ signature_params_t *scheme = NULL;
certificate_t *cert = NULL;
private_key_t *private = NULL;
public_key_t *public = NULL;
@@ -70,6 +71,8 @@ static int self()
x509_cert_policy_t *policy = NULL;
traffic_selector_t *ts;
char *arg;
+ bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+ lib->ns);
san = linked_list_create();
ocsp = linked_list_create();
@@ -119,6 +122,17 @@ static int self()
goto usage;
}
continue;
+ case 'R':
+ if (streq(arg, "pss"))
+ {
+ pss = TRUE;
+ }
+ else if (!streq(arg, "pkcs1"))
+ {
+ error = "invalid RSA padding";
+ goto usage;
+ }
+ continue;
case 'i':
file = arg;
continue;
@@ -335,10 +349,6 @@ static int self()
error = "loading private key failed";
goto end;
}
- if (digest == HASH_UNKNOWN)
- {
- digest = get_default_digest(private);
- }
public = private->get_public_key(private);
if (!public)
{
@@ -367,11 +377,13 @@ static int self()
serial.ptr[0] &= 0x7F;
rng->destroy(rng);
}
+ scheme = get_signature_scheme(private, digest, pss);
+
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_SIGNING_KEY, private, BUILD_PUBLIC_KEY, public,
BUILD_SUBJECT, id, BUILD_NOT_BEFORE_TIME, not_before,
BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial,
- BUILD_DIGEST_ALG, digest, BUILD_X509_FLAG, flags,
+ BUILD_SIGNATURE_SCHEME, scheme, BUILD_X509_FLAG, flags,
BUILD_PATHLEN, pathlen, BUILD_SUBJECT_ALTNAMES, san,
BUILD_ADDRBLOCKS, addrblocks,
BUILD_OCSP_ACCESS_LOCATIONS, ocsp,
@@ -412,6 +424,7 @@ end:
policies->destroy_function(policies, (void*)destroy_cert_policy);
mappings->destroy_function(mappings, (void*)destroy_policy_mapping);
ocsp->destroy(ocsp);
+ signature_params_destroy(scheme);
free(encoding.ptr);
free(serial.ptr);
@@ -441,7 +454,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
self, 's', "self",
"create a self signed certificate",
- {" [--in file|--keyid hex] [--type rsa|ecdsa|ed25519|bliss|priv]",
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|ed25519|bliss|priv]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
@@ -450,6 +463,7 @@ static void __attribute__ ((constructor))reg()
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
"[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--rsa-padding pkcs1|pss]",
"[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
@@ -478,6 +492,7 @@ static void __attribute__ ((constructor))reg()
{"flag", 'e', 1, "include extendedKeyUsage flag"},
{"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"},
{"digest", 'g', 1, "digest for signature creation, default: key-specific"},
+ {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"},
{"outform", 'f', 1, "encoding of generated cert, default: der"},
}
});
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 25a3aac52..50f939687 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -109,15 +109,6 @@ static int read_serial(char *file, char *buf, int buflen)
}
/**
- * Destroy a CDP
- */
-static void cdp_destroy(x509_cdp_t *this)
-{
- free(this->uri);
- free(this);
-}
-
-/**
* Sign a CRL
*/
static int sign_crl()
@@ -129,6 +120,7 @@ static int sign_crl()
crl_t *lastcrl = NULL;
x509_t *x509;
hash_algorithm_t digest = HASH_UNKNOWN;
+ signature_params_t *scheme = NULL;
char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL;
char *basecrl = NULL;
char serial[512], *keyid = NULL;
@@ -142,6 +134,8 @@ static int sign_crl()
x509_cdp_t *cdp;
chunk_t crl_serial = chunk_empty, baseCrlNumber = chunk_empty;
chunk_t encoding = chunk_empty;
+ bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+ lib->ns);
list = linked_list_create();
cdps = linked_list_create();
@@ -159,6 +153,17 @@ static int sign_crl()
goto usage;
}
continue;
+ case 'R':
+ if (streq(arg, "pss"))
+ {
+ pss = TRUE;
+ }
+ else if (!streq(arg, "pkcs1"))
+ {
+ error = "invalid RSA padding";
+ goto usage;
+ }
+ continue;
case 'c':
cacert = arg;
continue;
@@ -341,10 +346,6 @@ static int sign_crl()
error = "loading CA private key failed";
goto error;
}
- if (digest == HASH_UNKNOWN)
- {
- digest = get_default_digest(private);
- }
if (!private->belongs_to(private, public))
{
error = "CA private key does not match CA certificate";
@@ -399,6 +400,7 @@ static int sign_crl()
/* increment the serial number by one */
chunk_increment(crl_serial);
+ scheme = get_signature_scheme(private, digest, pss);
enumerator = enumerator_create_filter(list->create_enumerator(list),
filter, NULL, NULL);
crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
@@ -406,7 +408,7 @@ static int sign_crl()
BUILD_SERIAL, crl_serial,
BUILD_NOT_BEFORE_TIME, thisUpdate, BUILD_NOT_AFTER_TIME, nextUpdate,
BUILD_REVOKED_ENUMERATOR, enumerator,
- BUILD_REVOKED_ENUMERATOR, lastenum, BUILD_DIGEST_ALG, digest,
+ BUILD_REVOKED_ENUMERATOR, lastenum, BUILD_SIGNATURE_SCHEME, scheme,
BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_BASE_CRL, baseCrlNumber,
BUILD_END);
enumerator->destroy(enumerator);
@@ -436,10 +438,11 @@ error:
DESTROY_IF(private);
DESTROY_IF(ca);
DESTROY_IF(crl);
+ signature_params_destroy(scheme);
free(encoding.ptr);
free(baseCrlNumber.ptr);
list->destroy_function(list, (void*)revoked_destroy);
- cdps->destroy_function(cdps, (void*)cdp_destroy);
+ cdps->destroy_function(cdps, (void*)x509_cdp_destroy);
if (error)
{
fprintf(stderr, "%s\n", error);
@@ -449,7 +452,7 @@ error:
usage:
list->destroy_function(list, (void*)revoked_destroy);
- cdps->destroy_function(cdps, (void*)cdp_destroy);
+ cdps->destroy_function(cdps, (void*)x509_cdp_destroy);
return command_usage(error);
}
@@ -462,12 +465,13 @@ static void __attribute__ ((constructor))reg()
sign_crl, 'c', "signcrl",
"issue a CRL using a CA certificate and key",
{"--cacert file --cakey file|--cakeyid hex [--lifetime days]",
- " [--lastcrl crl] [--basecrl crl] [--crluri uri]+",
- " [[--reason key-compromise|ca-compromise|affiliation-changed|",
- " superseded|cessation-of-operation|certificate-hold]",
- " [--date timestamp] --cert file|--serial hex]*",
- " [--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
- " [--outform der|pem]"},
+ "[--lastcrl crl] [--basecrl crl] [--crluri uri]+",
+ "[[--reason key-compromise|ca-compromise|affiliation-changed|",
+ " superseded|cessation-of-operation|certificate-hold]",
+ " [--date timestamp] --cert file|--serial hex]*",
+ "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+ "[--rsa-padding pkcs1|pss]",
+ "[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"cacert", 'c', 1, "CA certificate file"},
@@ -485,6 +489,7 @@ static void __attribute__ ((constructor))reg()
{"reason", 'r', 1, "reason for certificate revocation"},
{"date", 'd', 1, "revocation date as unix timestamp, default: now"},
{"digest", 'g', 1, "digest for signature creation, default: key-specific"},
+ {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"},
{"outform", 'f', 1, "encoding of generated crl, default: der"},
}
});
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index bf8092bd4..533dfcab1 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -202,9 +202,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/pki/man/pki---acert.1.in b/src/pki/man/pki---acert.1.in
index c6ecbb989..6c574f273 100644
--- a/src/pki/man/pki---acert.1.in
+++ b/src/pki/man/pki---acert.1.in
@@ -16,6 +16,7 @@ pki \-\-acert \- Issue an attribute certificate
.OP \-\-not-after datetime
.OP \-\-serial hex
.OP \-\-digest digest
+.OP \-\-rsa\-padding padding
.OP \-\-outform encoding
.OP \-\-debug level
.YS
@@ -103,6 +104,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
determined based on the type and size of the signature key.
.TP
+.BI "\-R, \-\-rsa\-padding " padding
+Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
+to \fIpkcs1\fR.
+.TP
.BI "\-f, \-\-outform " encoding
Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in
index 99cc64fa5..8aec65306 100644
--- a/src/pki/man/pki---issue.1.in
+++ b/src/pki/man/pki---issue.1.in
@@ -19,6 +19,7 @@ pki \-\-issue \- Issue a certificate using a CA certificate and key
.OP \-\-serial hex
.OP \-\-flag flag
.OP \-\-digest digest
+.OP \-\-rsa\-padding padding
.OP \-\-ca
.OP \-\-crl uri\ \fR[\fB\-\-crlissuer\ \fIissuer\fR]
.OP \-\-ocsp uri
@@ -129,6 +130,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
determined based on the type and size of the signature key.
.TP
+.BI "\-R, \-\-rsa\-padding " padding
+Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
+to \fIpkcs1\fR.
+.TP
.BI "\-f, \-\-outform " encoding
Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
diff --git a/src/pki/man/pki---req.1.in b/src/pki/man/pki---req.1.in
index 09ef0862a..8f7de248c 100644
--- a/src/pki/man/pki---req.1.in
+++ b/src/pki/man/pki---req.1.in
@@ -15,6 +15,7 @@ pki \-\-req \- Create a PKCS#10 certificate request
.OP \-\-san subjectAltName
.OP \-\-password password
.OP \-\-digest digest
+.OP \-\-rsa\-padding padding
.OP \-\-outform encoding
.OP \-\-debug level
.YS
@@ -72,6 +73,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
determined based on the type and size of the signature key.
.TP
+.BI "\-R, \-\-rsa\-padding " padding
+Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
+to \fIpkcs1\fR.
+.TP
.BI "\-f, \-\-outform " encoding
Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
diff --git a/src/pki/man/pki---self.1.in b/src/pki/man/pki---self.1.in
index aa7e6fabe..5f7e42108 100644
--- a/src/pki/man/pki---self.1.in
+++ b/src/pki/man/pki---self.1.in
@@ -19,6 +19,7 @@ pki \-\-self \- Create a self-signed certificate
.OP \-\-serial hex
.OP \-\-flag flag
.OP \-\-digest digest
+.OP \-\-rsa\-padding padding
.OP \-\-ca
.OP \-\-ocsp uri
.OP \-\-pathlen len
@@ -115,6 +116,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
determined based on the type and size of the signature key.
.TP
+.BI "\-R, \-\-rsa\-padding " padding
+Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
+to \fIpkcs1\fR.
+.TP
.BI "\-f, \-\-outform " encoding
Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
diff --git a/src/pki/man/pki---signcrl.1.in b/src/pki/man/pki---signcrl.1.in
index b901ad084..0abd166a9 100644
--- a/src/pki/man/pki---signcrl.1.in
+++ b/src/pki/man/pki---signcrl.1.in
@@ -16,6 +16,7 @@ pki \-\-signcrl \- Issue a Certificate Revocation List (CRL) using a CA certific
.OP \-\-basecrl crl
.OP \-\-crluri uri
.OP \-\-digest digest
+.OP \-\-rsa\-padding padding
.OP \fR[\fB\-\-reason\ \fIreason\fR]\ \fR[\fB\-\-date\ \fIts\fR]\ \fB\-\-cert\ \fIfile\fB|\-\-serial\ \fIhex\fR
.OP \-\-outform encoding
.OP \-\-debug level
@@ -102,6 +103,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
determined based on the type and size of the signature key.
.TP
+.BI "\-R, \-\-rsa\-padding " padding
+Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
+to \fIpkcs1\fR.
+.TP
.BI "\-f, \-\-outform " encoding
Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
diff --git a/src/pki/pki.c b/src/pki/pki.c
index 0fdab2aab..ec60f7d42 100644
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2012-2014 Tobias Brunner
+ * Copyright (C) 2012-2017 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -237,20 +237,20 @@ void set_file_mode(FILE *stream, cred_encoding_type_t enc)
#endif
}
-/*
- * Described in header
+/**
+ * Determine a default hash algorithm for the given key
*/
-hash_algorithm_t get_default_digest(private_key_t *private)
+static hash_algorithm_t get_default_digest(private_key_t *private)
{
enumerator_t *enumerator;
- signature_scheme_t scheme;
+ signature_params_t *params;
hash_algorithm_t alg = HASH_UNKNOWN;
enumerator = signature_schemes_for_key(private->get_type(private),
private->get_keysize(private));
- if (enumerator->enumerate(enumerator, &scheme))
+ if (enumerator->enumerate(enumerator, &params))
{
- alg = hasher_from_signature_scheme(scheme);
+ alg = hasher_from_signature_scheme(params->scheme, params->params);
}
enumerator->destroy(enumerator);
@@ -261,6 +261,42 @@ hash_algorithm_t get_default_digest(private_key_t *private)
/*
* Described in header
*/
+signature_params_t *get_signature_scheme(private_key_t *private,
+ hash_algorithm_t digest, bool pss)
+{
+ signature_params_t *scheme;
+
+ if (digest == HASH_UNKNOWN)
+ {
+ digest = get_default_digest(private);
+ }
+ if (private->get_type(private) == KEY_RSA && pss)
+ {
+ rsa_pss_params_t pss_params = {
+ .hash = digest,
+ .mgf1_hash = digest,
+ .salt_len = RSA_PSS_SALT_LEN_DEFAULT,
+ };
+ signature_params_t pss_scheme = {
+ .scheme = SIGN_RSA_EMSA_PSS,
+ .params = &pss_params,
+ };
+ scheme = signature_params_clone(&pss_scheme);
+ }
+ else
+ {
+ INIT(scheme,
+ .scheme = signature_scheme_from_oid(
+ hasher_signature_algorithm_to_oid(digest,
+ private->get_type(private))),
+ );
+ }
+ return scheme;
+}
+
+/*
+ * Described in header
+ */
traffic_selector_t* parse_ts(char *str)
{
ts_type_t type = TS_IPV4_ADDR_RANGE;
diff --git a/src/pki/pki.h b/src/pki/pki.h
index 54be59f8f..3f0793cfd 100644
--- a/src/pki/pki.h
+++ b/src/pki/pki.h
@@ -1,6 +1,7 @@
/*
+ * Copyright (C) 2015-2017 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -57,12 +58,17 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span,
void set_file_mode(FILE *stream, cred_encoding_type_t enc);
/**
- * Select default digest for signatures with the given key
+ * Determine the signature scheme and parameters for the given private key and
+ * hash algorithm and whether to use PSS padding for RSA.
*
* @param private private key
- * @return hash algorithm
+ * @param digest hash algorithm (if HASH_UNKNOWN a default is determined
+ * based on the key)
+ * @param pss use PSS padding for RSA keys
+ * @return allocated signature scheme and parameters
*/
-hash_algorithm_t get_default_digest(private_key_t *private);
+signature_params_t *get_signature_scheme(private_key_t *private,
+ hash_algorithm_t digest, bool pss);
/**
* Create a traffic selector from a CIDR or range string.
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index 1da001d09..e6815434f 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/pool/pool.c b/src/pool/pool.c
index cd9fb6293..b755365ec 100644
--- a/src/pool/pool.c
+++ b/src/pool/pool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2016 Tobias Brunner
+ * Copyright (C) 2011-2017 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -56,28 +56,30 @@ static void do_args(int argc, char *argv[]);
/**
* Create or replace a pool by name
*/
-static u_int create_pool(char *name, chunk_t start, chunk_t end, int timeout)
+static u_int create_pool(char *name, chunk_t start, chunk_t end, u_int timeout)
{
enumerator_t *e;
int pool;
+ bool exists;
e = db->query(db, "SELECT id FROM pools WHERE name = ?",
DB_TEXT, name, DB_UINT);
- if (e && e->enumerate(e, &pool))
+ exists = e && e->enumerate(e, &pool);
+ DESTROY_IF(e);
+
+ if (exists)
{
- if (replace_pool == FALSE)
+ if (!replace_pool)
{
fprintf(stderr, "pool '%s' exists.\n", name);
- e->destroy(e);
exit(EXIT_FAILURE);
}
del(name);
}
- DESTROY_IF(e);
if (db->execute(db, &pool,
"INSERT INTO pools (name, start, end, timeout) VALUES (?, ?, ?, ?)",
DB_TEXT, name, DB_BLOB, start, DB_BLOB, end,
- DB_INT, timeout*3600) != 1)
+ DB_UINT, timeout) != 1)
{
fprintf(stderr, "creating pool failed.\n");
exit(EXIT_FAILURE);
@@ -258,7 +260,18 @@ static void status(void)
}
if (timeout)
{
- printf("%7dh ", timeout/3600);
+ if (timeout >= 60 * 300)
+ {
+ printf("%7dh ", timeout/3600);
+ }
+ else if (timeout >= 300)
+ {
+ printf("%7dm ", timeout/60);
+ }
+ else
+ {
+ printf("%7ds ", timeout);
+ }
}
else
{
@@ -318,7 +331,7 @@ next_pool:
/**
* ipsec pool --add - add a new pool
*/
-static void add(char *name, host_t *start, host_t *end, int timeout)
+static void add(char *name, host_t *start, host_t *end, u_int timeout)
{
chunk_t start_addr, end_addr, cur_addr;
u_int id, count;
@@ -407,7 +420,7 @@ static bool add_address(u_int pool_id, char *address_str, int *family)
return TRUE;
}
-static void add_addresses(char *pool, char *path, int timeout)
+static void add_addresses(char *pool, char *path, u_int timeout)
{
u_int pool_id, count = 0;
int family = AF_UNSPEC;
@@ -941,7 +954,7 @@ static void do_args(int argc, char *argv[])
char *name = "", *value = "", *filter = "";
char *pool = NULL, *identity = NULL, *addresses = NULL;
value_type_t value_type = VALUE_NONE;
- int timeout = 0;
+ time_t timeout = 0;
bool utc = FALSE, hexout = FALSE;
enum {
@@ -1088,8 +1101,7 @@ static void do_args(int argc, char *argv[])
}
continue;
case 't':
- timeout = atoi(optarg);
- if (timeout == 0 && strcmp(optarg, "0") != 0)
+ if (!timespan_from_string(optarg, "h", &timeout))
{
fprintf(stderr, "invalid timeout '%s'.\n", optarg);
usage();
diff --git a/src/pool/pool_usage.c b/src/pool/pool_usage.c
index 7622cfa86..94cc041b5 100644
--- a/src/pool/pool_usage.c
+++ b/src/pool/pool_usage.c
@@ -44,7 +44,9 @@ Usage:\n\
name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
start: Start address of the pool\n\
end: End address of the pool\n\
- timeout: Lease time in hours, 0 for static leases\n\
+ timeout: Lease time in hours (use 'd', 'm', or 's' to alternatively\n\
+ configure the time in days, minutes or seconds, respectively),\n\
+ 0 for static leases\n\
\n\
ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\
ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\
@@ -57,7 +59,9 @@ Usage:\n\
are read from STDIN. Reading addresses stops at the end of file\n\
or an empty line. Pools created with this command can not be\n\
resized.\n\
- timeout: Lease time in hours, 0 for static leases\n\
+ timeout: Lease time in hours (use 'd', 'm', or 's' to alternatively\n\
+ configure the time in days, minutes or seconds, respectively),\n\
+ 0 for static leases\n\
\n\
ipsec pool --addattr <type> [--pool <name> [--identity <id>]]\n\
--addr|--mask|--server|--subnet|--string|--hex <value>\n\
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index 820bec9f3..1bab5804f 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -247,9 +247,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/pt-tls-client/pt-tls-client.1.in b/src/pt-tls-client/pt-tls-client.1.in
index d7c9dffe5..795054c80 100644
--- a/src/pt-tls-client/pt-tls-client.1.in
+++ b/src/pt-tls-client/pt-tls-client.1.in
@@ -20,7 +20,7 @@ pt-tls-client \- Simple client using PT-TLS to collect integrity information
.OP \-\-client client-id
.OP \-\-secret password
.OP \-\-mutual
-.OP \-\-optionsfrom filename
+.OP \-\-options filename
.OP \-\-quiet
.OP \-\-debug level
.YS
@@ -92,7 +92,7 @@ Set debug level, default: 1.
.B "\-q, \-\-quiet
Disable debug output to stderr.
.TP
-.BI "\-+, \-\-optionsfrom " file
+.BI "\-+, \-\-options " file
Read command line options from \fIfile\fR.
.
.SH "EXAMPLES"
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index d7e78c497..841724eb3 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -45,7 +45,7 @@ static void usage(FILE *out)
" [--cert <file>]+ [--keyid <hex>|--key <file>]\n"
" [--key-type rsa|ecdsa] [--client <client-id>]\n"
" [--secret <password>] [--mutual] [--quiet]\n"
- " [--debug <level>] [--optionsfrom <filename>]\n");
+ " [--debug <level>] [--options <filename>]\n");
}
/**
@@ -289,6 +289,7 @@ int main(int argc, char *argv[])
{"mutual", no_argument, NULL, 'm' },
{"quiet", no_argument, NULL, 'q' },
{"debug", required_argument, NULL, 'd' },
+ {"options", required_argument, NULL, '+' },
{"optionsfrom", required_argument, NULL, '+' },
{0,0,0,0 }
};
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 85522ad7b..1d5e53241 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -244,9 +244,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/sec-updater/Makefile.am b/src/sec-updater/Makefile.am
new file mode 100644
index 000000000..5546cb8f8
--- /dev/null
+++ b/src/sec-updater/Makefile.am
@@ -0,0 +1,18 @@
+if !USE_WINDOWS
+
+sbin_PROGRAMS = sec-updater
+
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -DPLUGINS=\""sqlite"\"
+
+sec_updater_SOURCES = sec-updater.c
+sec_updater_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+sec-updater.o : $(top_builddir)/config.status
+
+EXTRA_DIST = sec-updater.sh
+
+man8_MANS = sec-updater.8
+CLEANFILES = $(man8_MANS)
+
+endif
diff --git a/src/sec-updater/Makefile.in b/src/sec-updater/Makefile.in
new file mode 100644
index 000000000..a434b9d34
--- /dev/null
+++ b/src/sec-updater/Makefile.in
@@ -0,0 +1,845 @@
+# Makefile.in generated by automake 1.15 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@USE_WINDOWS_FALSE@sbin_PROGRAMS = sec-updater$(EXEEXT)
+subdir = src/sec-updater
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = sec-updater.8
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am__sec_updater_SOURCES_DIST = sec-updater.c
+@USE_WINDOWS_FALSE@am_sec_updater_OBJECTS = sec-updater.$(OBJEXT)
+sec_updater_OBJECTS = $(am_sec_updater_OBJECTS)
+@USE_WINDOWS_FALSE@sec_updater_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(sec_updater_SOURCES)
+DIST_SOURCES = $(am__sec_updater_SOURCES_DIST)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man8_MANS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/sec-updater.8.in \
+ $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+ATOMICLIB = @ATOMICLIB@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+fuzz_plugins = @fuzz_plugins@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libfuzzer = @libfuzzer@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+ruby_CFLAGS = @ruby_CFLAGS@
+ruby_LIBS = @ruby_LIBS@
+runstatedir = @runstatedir@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
+tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
+tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
+tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+@USE_WINDOWS_FALSE@AM_CPPFLAGS = \
+@USE_WINDOWS_FALSE@ -I$(top_srcdir)/src/libstrongswan \
+@USE_WINDOWS_FALSE@ -DPLUGINS=\""sqlite"\"
+
+@USE_WINDOWS_FALSE@sec_updater_SOURCES = sec-updater.c
+@USE_WINDOWS_FALSE@sec_updater_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+@USE_WINDOWS_FALSE@EXTRA_DIST = sec-updater.sh
+@USE_WINDOWS_FALSE@man8_MANS = sec-updater.8
+@USE_WINDOWS_FALSE@CLEANFILES = $(man8_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/sec-updater/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/sec-updater/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+sec-updater.8: $(top_builddir)/config.status $(srcdir)/sec-updater.8.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+sec-updater$(EXEEXT): $(sec_updater_OBJECTS) $(sec_updater_DEPENDENCIES) $(EXTRA_sec_updater_DEPENDENCIES)
+ @rm -f sec-updater$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(sec_updater_OBJECTS) $(sec_updater_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sec-updater.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS)
+ @$(NORMAL_INSTALL)
+ @list1='$(man8_MANS)'; \
+ list2=''; \
+ test -n "$(man8dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.8[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS)
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-sbinPROGRAMS
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+ uninstall-man uninstall-man8 uninstall-sbinPROGRAMS
+
+.PRECIOUS: Makefile
+
+@USE_WINDOWS_FALSE@sec-updater.o : $(top_builddir)/config.status
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/sec-updater/sec-updater.8.in b/src/sec-updater/sec-updater.8.in
new file mode 100644
index 000000000..f17198f56
--- /dev/null
+++ b/src/sec-updater/sec-updater.8.in
@@ -0,0 +1,84 @@
+.TH SEC-UPDATER 8 "2017-08-25" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+sec-updater \- Extracts security update information of Linux distributions
+.
+.SH "SYNOPSIS"
+.
+.SY "sec-updater"
+.OP \-\-debug level
+.OP \-\-quiet
+.OP \-\-security
+.BI \-\-os " string"
+.BI \-\-arch " string"
+.BI \-\-uri " uri"
+.BI \-\-file " filename"
+.YS
+.
+.SY "sec-updater"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+.B sec-updater
+extracts information about security updates and backports of Linux repositories
+(e.g. Debian or Ubuntu). This information is used to update the package version
+information stored in the strongTNC SQLite database. The "dbkg --compare-versions"
+command is used to determine which package versions are affected by a given
+security update.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Prints usage information and a short summary of the available commands.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.B "\-q, \-\-quiet"
+Disable debug output to stderr.
+.TP
+.B "\-s, \-\-security"
+Set when parsing a distributions file with security updates.
+.TP
+.BI "\-o, \-\-os " string
+Name of operating system (OS). eg. "Ubuntu 16.04".
+.TP
+.BI "\-o, \-\-arch " string
+Name of HW architecture. eg. "x86_64".
+.TP
+.BI "\-o, \-\-uri " uri
+URI where to download deb package from.
+.TP
+.BI "\-f, \-\-file " filename
+Linux package information file to parse.
+.
+.SH "CONFIGURATION"
+.
+The following parameters can be configured in strongswan.conf:
+.P
+ sec-updater {
+ database = sqlite:///etc/pts/config.db
+ swid_gen {
+ command = /usr/local/bin/swid_generator
+ tag_creator {
+ name = strongSwan Project
+ regid = strongswan.org
+ }
+ }
+ tnc_manage_command = /var/www/tnc/manage.py
+ tmp {
+ deb_file = /tmp/sec-updater.deb
+ tag_file = /tmp/sec-updater.tag
+ }
+ }
+.
+.SH "SEE ALSO"
+.
+.BR strongswan.conf (5)
+
diff --git a/src/sec-updater/sec-updater.c b/src/sec-updater/sec-updater.c
new file mode 100644
index 000000000..e1d2baea2
--- /dev/null
+++ b/src/sec-updater/sec-updater.c
@@ -0,0 +1,565 @@
+/*
+ * Copyright (C) 2012-2017 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <syslog.h>
+#include <time.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+
+#include <library.h>
+#include <utils/debug.h>
+
+#define EXIT_NO_UPDATES 80
+#define TMP_DEB_FILE "/tmp/sec-updater.deb"
+#define TMP_TAG_FILE "/tmp/sec-updater.tag"
+#define SWID_GEN_CMD "/usr/local/bin/swid_generator"
+#define TNC_MANAGE_CMD "/var/www/tnc/manage.py"
+
+typedef enum sec_update_state_t sec_update_state_t;
+
+enum sec_update_state_t {
+ SEC_UPDATE_STATE_BEGIN_PACKAGE,
+ SEC_UPDATE_STATE_VERSION,
+ SEC_UPDATE_STATE_FILENAME,
+ SEC_UPDATE_STATE_END_PACKAGE
+};
+
+typedef struct stats_t stats_t;
+
+struct stats_t {
+ time_t release;
+ int product;
+ int packages;
+ int new_versions;
+ int updated_versions;
+};
+
+/**
+ * global debug output variables
+ */
+static int debug_level = 1;
+static bool stderr_quiet = FALSE;
+
+/**
+ * sec_updater dbg function
+ */
+static void sec_updater_dbg(debug_t group, level_t level, char *fmt, ...)
+{
+ int priority = LOG_INFO;
+ char buffer[8192];
+ char *current = buffer, *next;
+ va_list args;
+
+ if (level <= debug_level)
+ {
+ if (!stderr_quiet)
+ {
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\n");
+ va_end(args);
+ }
+
+ /* write in memory buffer first */
+ va_start(args, fmt);
+ vsnprintf(buffer, sizeof(buffer), fmt, args);
+ va_end(args);
+
+ /* do a syslog with every line */
+ while (current)
+ {
+ next = strchr(current, '\n');
+ if (next)
+ {
+ *(next++) = '\0';
+ }
+ syslog(priority, "%s\n", current);
+ current = next;
+ }
+ }
+}
+
+/**
+ * atexit handler to close everything on shutdown
+ */
+static void cleanup(void)
+{
+ closelog();
+ library_deinit();
+}
+
+static void usage(void)
+{
+ printf("\
+Usage:\n\
+ sec-updater --help\n\
+ sec-updater [--debug <level>] [--quiet] [--security] --os <string>\n\
+ --arch <string> --uri <uri> --file <filename>\n\n\
+ Options:\n\
+ --help print usage information\n\
+ --debug <level> set debug level\n\
+ --quiet suppress debug output to stderr\n\
+ --os <string> operating system\n\
+ --arch <string> hw architecture\n\
+ --security set when parsing a file with security updates\n\
+ --file <filename> package information file to parse\n\
+ --uri <uri> uri where to download deb package from\n");
+ }
+
+/**
+ * Update the package database
+ */
+static bool update_database(database_t *db, char *package, char *version,
+ bool security, stats_t *stats, bool *new)
+{
+ int pid = 0, vid = 0, sec_flag;
+ bool first = TRUE, found = FALSE;
+ char *release;
+ enumerator_t *e;
+
+ /* increment package count */
+ stats->packages++;
+
+ /* set new output variable */
+ *new = FALSE;
+
+ /* check if package is already in database */
+ e = db->query(db, "SELECT id FROM packages WHERE name = ?",
+ DB_TEXT, package, DB_INT);
+ if (!e)
+ {
+ return FALSE;
+ }
+ if (!e->enumerate(e, &pid))
+ {
+ pid = 0;
+ }
+ e->destroy(e);
+
+ if (!pid)
+ {
+ return TRUE;
+ }
+
+ /* retrieve all package versions stored in database */
+ e = db->query(db,
+ "SELECT id, release, security FROM versions "
+ "WHERE product = ? AND package = ?",
+ DB_INT, stats->product, DB_INT, pid, DB_INT, DB_TEXT, DB_INT);
+ if (!e)
+ {
+ return FALSE;
+ }
+
+ while (e->enumerate(e, &vid, &release, &sec_flag))
+ {
+ char command[BUF_LEN];
+ char found_char = ' ';
+ bool update_version = FALSE;
+
+ if (streq(version, release))
+ {
+ found = TRUE;
+ found_char = '*';
+ }
+ else if (security)
+ {
+ snprintf(command, BUF_LEN, "dpkg --compare-versions %s lt %s",
+ release, version);
+ if (system(command) == 0)
+ {
+ found_char = '!';
+ if (!sec_flag)
+ {
+ if (db->execute(db, NULL, "UPDATE versions "
+ "SET security = 1 WHERE id = ?", DB_INT, vid) != 1)
+ {
+ DBG1(DBG_IMV, " could not update version");
+ e->destroy(e);
+ return FALSE;
+ }
+ update_version = TRUE;
+ stats->updated_versions++;
+ }
+ }
+ }
+ if (debug_level < 2 && !update_version)
+ {
+ continue;
+ }
+ if (first)
+ {
+ DBG1(DBG_IMV, "%s", package);
+ first = FALSE;
+ }
+ DBG1(DBG_IMV, " %c%s %s", found_char , sec_flag ? "s" : " ", release);
+ }
+ e->destroy(e);
+
+ if (!found)
+ {
+ if (first)
+ {
+ DBG1(DBG_IMV, "%s", package);
+ }
+ DBG1(DBG_IMV, " + %s", version);
+
+ if (db->execute(db, &vid,
+ "INSERT INTO versions "
+ "(package, product, release, security, time) "
+ "VALUES (?, ?, ?, 0, ?)", DB_INT, pid, DB_INT, stats->product,
+ DB_TEXT, version, DB_INT, stats->release) != 1)
+ {
+ DBG1(DBG_IMV, " could not store version to database");
+ return FALSE;
+ }
+ stats->new_versions++;
+ *new = TRUE;
+ }
+
+ return TRUE;
+}
+
+/**
+ * Process a package file and store updates in the database
+ */
+static int process_packages(char *path, char *os, char *arch, char *uri,
+ bool security)
+{
+ char line[BUF_LEN], product[BUF_LEN], command[BUF_LEN];
+ char *db_uri, *download_uri = NULL, *swid_regid, *swid_entity;
+ char *pos, *package = NULL, *version = NULL, *filename = NULL;
+ char *swid_gen_cmd, *tnc_manage_cmd, *tmp_deb_file, *tmp_tag_file;
+ sec_update_state_t state;
+ enumerator_t *e;
+ database_t *db;
+ int len, pid;
+ chunk_t deb = chunk_empty;
+ FILE *file;
+ stats_t stats;
+ bool success = TRUE, new;
+
+ /* initialize statistics */
+ memset(&stats, 0x00, sizeof(stats_t));
+
+ /* Set release date to current time */
+ stats.release = time(NULL);
+
+ /* opening package file */
+ file = fopen(path, "r");
+ if (!file)
+ {
+ DBG1(DBG_IMV, " could not open \"%s\"", path);
+ exit(EXIT_FAILURE);
+ }
+
+ /* connect package database */
+ db_uri = lib->settings->get_str(lib->settings, "sec-updater.database", NULL);
+ if (!db_uri)
+ {
+ DBG1(DBG_IMV, "database URI sec-updater.database not set");
+ fclose(file);
+ exit(EXIT_FAILURE);
+ }
+ db = lib->db->create(lib->db, db_uri);
+ if (!db)
+ {
+ DBG1(DBG_IMV, "could not connect to database '%s'", db_uri);
+ fclose(file);
+ exit(EXIT_FAILURE);
+ }
+
+ /* form product name by concatenating os and arch strings */
+ snprintf(product, BUF_LEN, "%s %s", os, arch);
+
+ /* check if product is already in database */
+ e = db->query(db, "SELECT id FROM products WHERE name = ?",
+ DB_TEXT, product, DB_INT);
+ if (e)
+ {
+ if (e->enumerate(e, &pid))
+ {
+ stats.product = pid;
+ }
+ e->destroy(e);
+ }
+ if (!stats.product)
+ {
+ if (db->execute(db, &pid, "INSERT INTO products (name) VALUES (?)",
+ DB_TEXT, product) != 1)
+ {
+ DBG1(DBG_IMV, "could not store product '%s' to database",
+ product);
+ fclose(file);
+ db->destroy(db);
+ exit(EXIT_FAILURE);
+ }
+ stats.product = pid;
+ }
+
+ /* get settings for the loop */
+ swid_regid = lib->settings->get_str(lib->settings,
+ "sec-updater.swid_gen.tag_creator.regid",
+ "strongswan.org");
+ swid_entity = lib->settings->get_str(lib->settings,
+ "sec-updater.swid_gen.tag_creator.name",
+ "strongSwan Project");
+ swid_gen_cmd = lib->settings->get_str(lib->settings,
+ "sec-updater.swid_gen.command", SWID_GEN_CMD);
+ tnc_manage_cmd = lib->settings->get_str(lib->settings,
+ "sec-updater.tnc_manage_command", TNC_MANAGE_CMD);
+ tmp_deb_file = lib->settings->get_str(lib->settings,
+ "sec-updater.tmp.deb_file", TMP_DEB_FILE);
+ tmp_tag_file = lib->settings->get_str(lib->settings,
+ "sec-updater.tmp.tag_file", TMP_TAG_FILE);
+
+ state = SEC_UPDATE_STATE_BEGIN_PACKAGE;
+
+ while (fgets(line, sizeof(line), file))
+ {
+ /* set read pointer to beginning of line */
+ pos = line;
+
+ switch (state)
+ {
+ case SEC_UPDATE_STATE_BEGIN_PACKAGE:
+ pos = strstr(pos, "Package: ");
+ if (!pos)
+ {
+ continue;
+ }
+ pos += 9;
+ package = pos;
+ pos = strchr(pos, '\n');
+ if (pos)
+ {
+ package = strndup(package, pos - package);
+ state = SEC_UPDATE_STATE_VERSION;
+ }
+ break;
+ case SEC_UPDATE_STATE_VERSION:
+ pos = strstr(pos, "Version: ");
+ if (!pos)
+ {
+ continue;
+ }
+ pos += 9;
+ version = pos;
+ pos = strchr(pos, '\n');
+ if (pos)
+ {
+ version = strndup(version, pos - version);
+ success = update_database(db, package, version, security,
+ &stats, &new);
+ state = (success && new) ? SEC_UPDATE_STATE_FILENAME :
+ SEC_UPDATE_STATE_END_PACKAGE;
+ }
+ break;
+ case SEC_UPDATE_STATE_FILENAME:
+ pos = strstr(pos, "Filename: ");
+ if (!pos)
+ {
+ continue;
+ }
+ state = SEC_UPDATE_STATE_END_PACKAGE;
+
+ pos += 10;
+ filename = pos;
+ pos = strchr(pos, '\n');
+ if (!pos)
+ {
+ break;
+ }
+ len = pos - filename;
+ if (asprintf(&download_uri, "%s/%.*s", uri, len, filename) == -1)
+ {
+ break;
+ }
+
+ /* retrieve deb package file from linux repository */
+ if (lib->fetcher->fetch(lib->fetcher, download_uri,
+ &deb, FETCH_END) != SUCCESS)
+ {
+ DBG1(DBG_IMV, " %s failed", download_uri);
+ break;
+ }
+ DBG1(DBG_IMV, " %s (%u bytes)", download_uri, deb.len);
+
+ /* store deb package file to temporary location */
+ if (!chunk_write(deb, tmp_deb_file, 0022, TRUE))
+ {
+ DBG1(DBG_IMV, " save to '%s' failed", tmp_deb_file);
+ break;
+ }
+
+ /* generate SWID tag for downloaded deb package */
+ snprintf(command, BUF_LEN, "%s swid --full --package-file %s "
+ "--regid %s --entity-name '%s' --os '%s' --arch '%s' "
+ ">> %s", swid_gen_cmd, tmp_deb_file, swid_regid,
+ swid_entity, os, arch, tmp_tag_file);
+ if (system(command) != 0)
+ {
+ DBG1(DBG_IMV, " tag generation failed");
+ break;
+ }
+ break;
+ case SEC_UPDATE_STATE_END_PACKAGE:
+ if (*pos != '\n')
+ {
+ continue;
+ }
+ free(package);
+ free(version);
+ free(download_uri);
+ chunk_free(&deb);
+ package = version = download_uri = NULL;
+
+ if (!success)
+ {
+ fclose(file);
+ db->destroy(db);
+ exit(EXIT_FAILURE);
+ }
+ state = SEC_UPDATE_STATE_BEGIN_PACKAGE;
+ }
+ }
+
+ free(package);
+ free(version);
+ free(download_uri);
+ fclose(file);
+ db->destroy(db);
+
+ /* import swid tags into strongTNC */
+ if (stats.new_versions > 0)
+ {
+ snprintf(command, BUF_LEN, "%s importswid %s",
+ tnc_manage_cmd, tmp_tag_file);
+ if (system(command) != 0)
+ {
+ DBG1(DBG_IMV, "tag import failed");
+ }
+ snprintf(command, BUF_LEN, "rm %s %s",
+ tmp_deb_file, tmp_tag_file);
+ if (system(command) != 0)
+ {
+ DBG1(DBG_IMV, "removing temporary files failed");
+ }
+ }
+
+ DBG1(DBG_IMV, "processed \"%s\": %d packages, %d new versions, "
+ "%d updated versions", path, stats.packages,
+ stats.new_versions, stats.updated_versions);
+
+ return (stats.new_versions + stats.updated_versions) ?
+ EXIT_SUCCESS : EXIT_NO_UPDATES;
+}
+
+static int do_args(int argc, char *argv[])
+{
+ char *filename = NULL, *arch = NULL, *os = NULL, *uri = NULL;
+ bool security = FALSE;
+
+ /* reinit getopt state */
+ optind = 0;
+
+ while (TRUE)
+ {
+ int c;
+
+ struct option long_opts[] = {
+ { "help", no_argument, NULL, 'h' },
+ { "arch", required_argument, NULL, 'a' },
+ { "debug", required_argument, NULL, 'd' },
+ { "file", required_argument, NULL, 'f' },
+ { "os", required_argument, NULL, 'o' },
+ { "quiet", no_argument, NULL, 'q' },
+ { "security", no_argument, NULL, 's' },
+ { "uri", required_argument, NULL, 'u' },
+ { 0,0,0,0 }
+ };
+
+ c = getopt_long(argc, argv, "ha:d:f:o:qsu:", long_opts, NULL);
+ switch (c)
+ {
+ case EOF:
+ break;
+ case 'h':
+ usage();
+ exit(EXIT_SUCCESS);
+ case 'a':
+ arch = optarg;
+ continue;
+ case 'd':
+ debug_level = atoi(optarg);
+ continue;
+ case 'f':
+ filename = optarg;
+ continue;
+ case 'o':
+ os = optarg;
+ continue;
+ case 'q':
+ stderr_quiet = TRUE;
+ continue;
+ case 's':
+ security = TRUE;
+ continue;
+ case 'u':
+ uri = optarg;
+ continue;
+ }
+ break;
+ }
+
+ if (filename && os && arch && uri)
+ {
+ return process_packages(filename, os, arch, uri, security);
+ }
+ else
+ {
+ usage();
+ exit(EXIT_FAILURE);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ /* enable attest debugging hook */
+ dbg = sec_updater_dbg;
+ openlog("sec-updater", 0, LOG_DEBUG);
+
+ atexit(cleanup);
+
+ /* initialize library */
+ if (!library_init(NULL, "sec-updater"))
+ {
+ exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+ }
+ if (!lib->plugins->load(lib->plugins,
+ lib->settings->get_str(lib->settings, "sec-updater.load",
+ "sqlite curl")))
+ {
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
+ exit(do_args(argc, argv));
+}
+
diff --git a/src/sec-updater/sec-updater.sh b/src/sec-updater/sec-updater.sh
new file mode 100755
index 000000000..ca7b89841
--- /dev/null
+++ b/src/sec-updater/sec-updater.sh
@@ -0,0 +1,168 @@
+#!/bin/sh
+
+DIR="/etc/pts"
+DISTS_DIR="$DIR/dists"
+DATE=`date +%Y%m%d-%H%M`
+UBUNTU="http://security.ubuntu.com/ubuntu"
+UBUNTU_VERSIONS="xenial"
+UBUNTU_DIRS="main multiverse restricted universe"
+UBUNTU_ARCH="binary-amd64"
+DEBIAN="http://security.debian.org"
+DEBIAN_VERSIONS="jessie wheezy"
+DEBIAN_DIRS="main contrib non-free"
+DEBIAN_ARCH="binary-amd64 binary-armhf"
+RASPIAN="http://archive.raspberrypi.org/debian"
+RASPIAN_VERSIONS="jessie wheezy"
+RASPIAN_DIRS="main"
+RASPIAN_ARCH="binary-armhf"
+CMD=/usr/sbin/sec-updater
+CMD_LOG="$DIR/logs/$DATE-sec-update.log"
+DEL_LOG=1
+
+mkdir -p $DIR/dists
+cd $DIR/dists
+
+# Download Ubuntu distribution information
+
+for v in $UBUNTU_VERSIONS
+do
+ for a in $UBUNTU_ARCH
+ do
+ mkdir -p $v-security/$a $v-updates/$a
+ for d in $UBUNTU_DIRS
+ do
+ wget -nv $UBUNTU/dists/$v-security/$d/$a/Packages.xz -O $v-security/$a/Packages-$d.xz
+ unxz -f $v-security/$a/Packages-$d.xz
+ wget -nv $UBUNTU/dists/$v-updates/$d/$a/Packages.xz -O $v-updates/$a/Packages-$d.xz
+ unxz -f $v-updates/$a/Packages-$d.xz
+ done
+ done
+done
+
+# Download Debian distribution information
+
+for v in $DEBIAN_VERSIONS
+do
+ for a in $DEBIAN_ARCH
+ do
+ mkdir -p $v-updates/$a
+ for d in $DEBIAN_DIRS
+ do
+ wget -nv $DEBIAN/dists/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2
+ bunzip2 -f $v-updates/$a/Packages-$d.bz2
+ done
+ done
+done
+
+# Download Raspian distribution information
+
+for v in $RASPIAN_VERSIONS
+do
+ for a in $RASPIAN_ARCH
+ do
+ mkdir -p $v-raspian/$a
+ for d in $RASPIAN_DIRS
+ do
+ wget -nv $RASPIAN/dists/$v/$d/$a/Packages.gz -O $v-raspian/$a/Packages-$d.gz
+ gunzip -f $v-raspian/$a/Packages-$d.gz
+ done
+ done
+done
+
+# Run sec-updater in distribution information
+
+for f in xenial-security/binary-amd64/*
+do
+ echo "security: $f"
+ $CMD --os "Ubuntu 16.04" --arch "x86_64" --file $f --security \
+ --uri $UBUNTU >> $CMD_LOG 2>&1
+ if [ $? -eq 0 ]
+ then
+ DEL_LOG=0
+ fi
+done
+
+for f in xenial-updates/binary-amd64/*
+do
+ echo "updates: $f"
+ $CMD --os "Ubuntu 16.04" --arch "x86_64" --file $f \
+ --uri $UBUNTU >> $CMD_LOG 2>&1
+ if [ $? -eq 0 ]
+ then
+ DEL_LOG=0
+ fi
+done
+
+for f in jessie-updates/binary-amd64/*
+do
+ echo "security: $f"
+ $CMD --os "Debian 8.0" --arch "x86_64" --file $f --security \
+ --uri $DEBIAN >> $CMD_LOG 2>&1
+ if [ $? -eq 0 ]
+ then
+ DEL_LOG=0
+ fi
+done
+
+for f in wheezy-updates/binary-amd64/*
+do
+ echo "security: $f"
+ $CMD --os "Debian 7.0" --arch "x86_64" --file $f --security \
+ --uri $DEBIAN >> $CMD_LOG 2>&1
+ if [ $? -eq 0 ]
+ then
+ DEL_LOG=0
+ fi
+done
+
+for f in jessie-updates/binary-armhf/*
+do
+ echo "security: $f"
+ $CMD --os "Debian 8.0" --arch "armhf" --file $f --security \
+ --uri $DEBIAN >> $CMD_LOG 2>&1
+ if [ $? -eq 0 ]
+ then
+ DEL_LOG=0
+ fi
+done
+
+for f in wheezy-updates/binary-armhf/*
+do
+ echo "security: $f"
+ $CMD --os "Debian 7.0" --arch "armhf" --file $f --security \
+ --uri $DEBIAN >> $CMD_LOG 2>&1
+ if [ $? -eq 0 ]
+ then
+ DEL_LOG=0
+ fi
+done
+
+for f in jessie-raspian/binary-armhf/*
+do
+ echo "security: $f"
+ $CMD --os "Debian 8.0" --arch "armv7l" --file $f --security \
+ --uri $RASPIAN >> $CMD_LOG 2>&1
+ if [ $? -eq 0 ]
+ then
+ DEL_LOG=0
+ fi
+done
+
+for f in wheezy-raspian/binary-armhf/*
+do
+ echo "security: $f"
+ $CMD --os "Debian 7.11" --arch "armv7l" --file $f --security \
+ --uri $RASPIAN >> $CMD_LOG 2>&1
+ if [ $? -eq 0 ]
+ then
+ DEL_LOG=0
+ fi
+done
+
+# Delete log file if no security updates were found
+
+if [ $DEL_LOG -eq 1 ]
+then
+ rm $CMD_LOG
+ echo "no security updates found"
+fi
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index a3c58126e..457c0650e 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -39,15 +39,21 @@ starter_LDADD = \
libstarter.la \
$(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
-EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk
-MAINTAINERCLEANFILES = keywords.c
-BUILT_SOURCES = keywords.c parser/parser.h
+EXTRA_DIST = keywords.h.in keywords.txt ipsec.conf ipsec.secrets Android.mk
+MAINTAINERCLEANFILES = keywords.h keywords.c
+BUILT_SOURCES = keywords.h keywords.c parser/parser.h
if USE_LOAD_WARNING
AM_CPPFLAGS += -DLOAD_WARNING
endif
-keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h
+keywords.h: $(srcdir)/keywords.h.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:\@GPERF_LEN_TYPE\@:$(GPERF_LEN_TYPE):" \
+ $< > $@
+
+keywords.c: $(srcdir)/keywords.txt keywords.h
$(AM_V_GEN) \
$(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 2fa22ae97..80fd2c68d 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -289,9 +289,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -524,9 +526,9 @@ starter_LDADD = \
libstarter.la \
$(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
-EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk
-MAINTAINERCLEANFILES = keywords.c
-BUILT_SOURCES = keywords.c parser/parser.h
+EXTRA_DIST = keywords.h.in keywords.txt ipsec.conf ipsec.secrets Android.mk
+MAINTAINERCLEANFILES = keywords.h keywords.c
+BUILT_SOURCES = keywords.h keywords.c parser/parser.h
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -995,7 +997,13 @@ uninstall-am: uninstall-ipsecPROGRAMS
.PRECIOUS: Makefile
-keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h
+keywords.h: $(srcdir)/keywords.h.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:\@GPERF_LEN_TYPE\@:$(GPERF_LEN_TYPE):" \
+ $< > $@
+
+keywords.c: $(srcdir)/keywords.txt keywords.h
$(AM_V_GEN) \
$(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@
diff --git a/src/starter/confread.c b/src/starter/confread.c
index f98fc8936..f154f8951 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -40,17 +40,9 @@
#define SA_REPLACEMENT_RETRIES_DEFAULT 3
#define SA_REPLAY_WINDOW_DEFAULT -1 /* use charon.replay_window */
-static const char ike_defaults[] = "aes128-sha256-curve25519";
-static const char esp_defaults[] = "aes128-sha256";
-
static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
/**
- * Provided by GPERF
- */
-extern kw_entry_t *in_word_set (char *str, unsigned int len);
-
-/**
* Process deprecated keywords
*/
static bool is_deprecated(kw_token_t token, char *name, char *conn)
@@ -95,7 +87,7 @@ static void load_setup(starter_config_t *cfg, conf_parser_t *parser)
{
enumerator_t *enumerator;
dictionary_t *dict;
- kw_entry_t *entry;
+ const kw_entry_t *entry;
char *key, *value;
DBG2(DBG_APP, "Loading config setup");
@@ -146,7 +138,7 @@ static void load_ca(starter_ca_t *ca, starter_config_t *cfg,
{
enumerator_t *enumerator;
dictionary_t *dict;
- kw_entry_t *entry;
+ const kw_entry_t *entry;
kw_token_t token;
char *key, *value;
@@ -211,7 +203,6 @@ static void conn_defaults(starter_conn_t *conn)
conn->mode = MODE_TUNNEL;
conn->options = SA_OPTION_MOBIKE;
- conn->ike = strdupnull(ike_defaults);
/* esp defaults are set after parsing the conn section */
conn->sa_ike_life_seconds = IKE_LIFETIME_DEFAULT;
conn->sa_ipsec_life_seconds = IPSEC_LIFETIME_DEFAULT;
@@ -559,7 +550,7 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg,
{
enumerator_t *enumerator;
dictionary_t *dict;
- kw_entry_t *entry;
+ const kw_entry_t *entry;
kw_token_t token;
char *key, *value;
@@ -627,11 +618,6 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg,
handle_firewall("left", &conn->left, cfg);
handle_firewall("right", &conn->right, cfg);
-
- if (!conn->esp && !conn->ah)
- {
- conn->esp = strdupnull(esp_defaults);
- }
}
/*
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index 505b66010..0e2d0fb4b 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -47,6 +47,7 @@ error "gperf generated tables don't work with this execution character set. Plea
#include <string.h>
+#define IN_GPERF_GENERATED_FILE
#include "keywords.h"
struct kw_entry {
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 0cb46a740..27d16b0b8 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -196,4 +196,8 @@ struct kw_entry_t {
kw_token_t token;
};
+#ifndef IN_GPERF_GENERATED_FILE
+const kw_entry_t *in_word_set(register const char*, register unsigned);
+#endif
+
#endif /* _KEYWORDS_H_ */
diff --git a/src/starter/keywords.h.in b/src/starter/keywords.h.in
new file mode 100644
index 000000000..d2b08f2cf
--- /dev/null
+++ b/src/starter/keywords.h.in
@@ -0,0 +1,203 @@
+/*
+ * Copyright (C) 2005 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _KEYWORDS_H_
+#define _KEYWORDS_H_
+
+typedef enum kw_token_t kw_token_t;
+typedef struct kw_entry_t kw_entry_t;
+
+enum kw_token_t {
+ /* config setup keywords */
+ KW_CHARONDEBUG,
+ KW_UNIQUEIDS,
+ KW_CACHECRLS,
+ KW_STRICTCRLPOLICY,
+ KW_PKCS11_DEPRECATED,
+ KW_SETUP_DEPRECATED,
+
+#define KW_SETUP_FIRST KW_CHARONDEBUG
+#define KW_SETUP_LAST KW_SETUP_DEPRECATED
+
+ /* conn section keywords */
+ KW_CONN_NAME,
+ KW_CONN_SETUP,
+ KW_KEYEXCHANGE,
+ KW_TYPE,
+ KW_COMPRESS,
+ KW_INSTALLPOLICY,
+ KW_AGGRESSIVE,
+ KW_AUTHBY,
+ KW_EAP_IDENTITY,
+ KW_AAA_IDENTITY,
+ KW_MOBIKE,
+ KW_FORCEENCAPS,
+ KW_FRAGMENTATION,
+ KW_IKEDSCP,
+ KW_IKELIFETIME,
+ KW_KEYLIFE,
+ KW_REKEYMARGIN,
+ KW_LIFEBYTES,
+ KW_MARGINBYTES,
+ KW_LIFEPACKETS,
+ KW_MARGINPACKETS,
+ KW_KEYINGTRIES,
+ KW_REKEYFUZZ,
+ KW_REKEY,
+ KW_REAUTH,
+ KW_IKE,
+ KW_ESP,
+ KW_AH,
+ KW_DPDDELAY,
+ KW_DPDTIMEOUT,
+ KW_DPDACTION,
+ KW_CLOSEACTION,
+ KW_SHA256_96,
+ KW_INACTIVITY,
+ KW_MODECONFIG,
+ KW_XAUTH,
+ KW_XAUTH_IDENTITY,
+ KW_MEDIATION,
+ KW_MEDIATED_BY,
+ KW_ME_PEERID,
+ KW_REQID,
+ KW_REPLAY_WINDOW,
+ KW_MARK,
+ KW_MARK_IN,
+ KW_MARK_OUT,
+ KW_TFC,
+ KW_PFS_DEPRECATED,
+ KW_CONN_DEPRECATED,
+
+#define KW_CONN_FIRST KW_CONN_SETUP
+#define KW_CONN_LAST KW_CONN_DEPRECATED
+
+ /* ca section keywords */
+ KW_CA_NAME,
+ KW_CA_SETUP,
+ KW_CACERT,
+ KW_CRLURI,
+ KW_CRLURI2,
+ KW_OCSPURI,
+ KW_OCSPURI2,
+ KW_CERTURIBASE,
+ KW_CA_DEPRECATED,
+
+#define KW_CA_FIRST KW_CA_SETUP
+#define KW_CA_LAST KW_CA_DEPRECATED
+
+ /* end keywords */
+ KW_HOST,
+ KW_IKEPORT,
+ KW_SUBNET,
+ KW_PROTOPORT,
+ KW_SOURCEIP,
+ KW_DNS,
+ KW_FIREWALL,
+ KW_HOSTACCESS,
+ KW_ALLOWANY,
+ KW_UPDOWN,
+ KW_AUTH1,
+ KW_AUTH2,
+ KW_ID,
+ KW_ID2,
+ KW_SIGKEY,
+ KW_CERT,
+ KW_CERT2,
+ KW_CERTPOLICY,
+ KW_SENDCERT,
+ KW_CA,
+ KW_CA2,
+ KW_GROUPS,
+ KW_GROUPS2,
+ KW_END_DEPRECATED,
+
+#define KW_END_FIRST KW_HOST
+#define KW_END_LAST KW_END_DEPRECATED
+
+ /* left end keywords */
+ KW_LEFT,
+ KW_LEFTIKEPORT,
+ KW_LEFTSUBNET,
+ KW_LEFTPROTOPORT,
+ KW_LEFTSOURCEIP,
+ KW_LEFTDNS,
+ KW_LEFTFIREWALL,
+ KW_LEFTHOSTACCESS,
+ KW_LEFTALLOWANY,
+ KW_LEFTUPDOWN,
+ KW_LEFTAUTH,
+ KW_LEFTAUTH2,
+ KW_LEFTID,
+ KW_LEFTID2,
+ KW_LEFTSIGKEY,
+ KW_LEFTCERT,
+ KW_LEFTCERT2,
+ KW_LEFTCERTPOLICY,
+ KW_LEFTSENDCERT,
+ KW_LEFTCA,
+ KW_LEFTCA2,
+ KW_LEFTGROUPS,
+ KW_LEFTGROUPS2,
+ KW_LEFT_DEPRECATED,
+
+#define KW_LEFT_FIRST KW_LEFT
+#define KW_LEFT_LAST KW_LEFT_DEPRECATED
+
+ /* right end keywords */
+ KW_RIGHT,
+ KW_RIGHTIKEPORT,
+ KW_RIGHTSUBNET,
+ KW_RIGHTPROTOPORT,
+ KW_RIGHTSOURCEIP,
+ KW_RIGHTDNS,
+ KW_RIGHTFIREWALL,
+ KW_RIGHTHOSTACCESS,
+ KW_RIGHTALLOWANY,
+ KW_RIGHTUPDOWN,
+ KW_RIGHTAUTH,
+ KW_RIGHTAUTH2,
+ KW_RIGHTID,
+ KW_RIGHTID2,
+ KW_RIGHTSIGKEY,
+ KW_RIGHTCERT,
+ KW_RIGHTCERT2,
+ KW_RIGHTCERTPOLICY,
+ KW_RIGHTSENDCERT,
+ KW_RIGHTCA,
+ KW_RIGHTCA2,
+ KW_RIGHTGROUPS,
+ KW_RIGHTGROUPS2,
+ KW_RIGHT_DEPRECATED,
+
+#define KW_RIGHT_FIRST KW_RIGHT
+#define KW_RIGHT_LAST KW_RIGHT_DEPRECATED
+
+ /* general section keywords */
+ KW_ALSO,
+ KW_AUTO,
+
+};
+
+struct kw_entry_t {
+ char *name;
+ kw_token_t token;
+};
+
+#ifndef IN_GPERF_GENERATED_FILE
+const kw_entry_t *in_word_set(register const char*, register @GPERF_LEN_TYPE@);
+#endif
+
+#endif /* _KEYWORDS_H_ */
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index 3f92dc83f..dd673bc7a 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -16,6 +16,7 @@
#include <string.h>
+#define IN_GPERF_GENERATED_FILE
#include "keywords.h"
%}
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index fc5b86397..ce0c7b43c 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -241,9 +241,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/stroke/Makefile.am b/src/stroke/Makefile.am
index ed170bd08..5c04b5ae7 100644
--- a/src/stroke/Makefile.am
+++ b/src/stroke/Makefile.am
@@ -4,13 +4,19 @@ stroke_SOURCES = \
stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h
stroke_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
-EXTRA_DIST = stroke_keywords.txt Android.mk
-BUILT_SOURCES = stroke_keywords.c
-MAINTAINERCLEANFILES = stroke_keywords.c
+EXTRA_DIST = stroke_keywords.h.in stroke_keywords.txt Android.mk
+BUILT_SOURCES = stroke_keywords.h stroke_keywords.c
+MAINTAINERCLEANFILES = stroke_keywords.h stroke_keywords.c
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DIPSEC_PIDDIR=\"${piddir}\"
-stroke_keywords.c: $(srcdir)/stroke_keywords.txt $(srcdir)/stroke_keywords.h
+stroke_keywords.h: $(srcdir)/stroke_keywords.h.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:\@GPERF_LEN_TYPE\@:$(GPERF_LEN_TYPE):" \
+ $< > $@
+
+stroke_keywords.c: $(srcdir)/stroke_keywords.txt stroke_keywords.h
$(AM_V_GEN) \
$(GPERF) -m 10 -D -C -G -t < $(srcdir)/stroke_keywords.txt > $@
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 9d17733ba..be31bc581 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -215,9 +215,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -422,9 +424,9 @@ stroke_SOURCES = \
stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h
stroke_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB)
-EXTRA_DIST = stroke_keywords.txt Android.mk
-BUILT_SOURCES = stroke_keywords.c
-MAINTAINERCLEANFILES = stroke_keywords.c
+EXTRA_DIST = stroke_keywords.h.in stroke_keywords.txt Android.mk
+BUILT_SOURCES = stroke_keywords.h stroke_keywords.c
+MAINTAINERCLEANFILES = stroke_keywords.h stroke_keywords.c
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DIPSEC_PIDDIR=\"${piddir}\"
@@ -769,7 +771,13 @@ uninstall-am: uninstall-ipsecPROGRAMS
.PRECIOUS: Makefile
-stroke_keywords.c: $(srcdir)/stroke_keywords.txt $(srcdir)/stroke_keywords.h
+stroke_keywords.h: $(srcdir)/stroke_keywords.h.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:\@GPERF_LEN_TYPE\@:$(GPERF_LEN_TYPE):" \
+ $< > $@
+
+stroke_keywords.c: $(srcdir)/stroke_keywords.txt stroke_keywords.h
$(AM_V_GEN) \
$(GPERF) -m 10 -D -C -G -t < $(srcdir)/stroke_keywords.txt > $@
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index 4a1016277..00b992769 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -73,6 +73,7 @@ typedef enum {
typedef struct stroke_token stroke_token_t;
-extern const stroke_token_t* in_word_set(register const char *str, register unsigned int len);
+extern const stroke_token_t* in_word_set(register const char *str,
+ register unsigned len);
#endif /* _STROKE_KEYWORDS_H_ */
diff --git a/src/stroke/stroke_keywords.h.in b/src/stroke/stroke_keywords.h.in
new file mode 100644
index 000000000..2b5780adc
--- /dev/null
+++ b/src/stroke/stroke_keywords.h.in
@@ -0,0 +1,79 @@
+/* stroke keywords
+ * Copyright (C) 2006 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _STROKE_KEYWORDS_H_
+#define _STROKE_KEYWORDS_H_
+
+typedef enum {
+ STROKE_ADD,
+ STROKE_DEL,
+ STROKE_DELETE,
+ STROKE_ROUTE,
+ STROKE_UNROUTE,
+ STROKE_UP,
+ STROKE_UP_NOBLK,
+ STROKE_DOWN,
+ STROKE_DOWN_NOBLK,
+ STROKE_DOWN_SRCIP,
+ STROKE_REKEY,
+ STROKE_LOGLEVEL,
+ STROKE_STATUS,
+ STROKE_STATUSALL,
+ STROKE_STATUSALL_NOBLK,
+ STROKE_LIST_PUBKEYS,
+ STROKE_LIST_CERTS,
+ STROKE_LIST_CACERTS,
+ STROKE_LIST_OCSPCERTS,
+ STROKE_LIST_AACERTS,
+ STROKE_LIST_ACERTS,
+ STROKE_LIST_GROUPS,
+ STROKE_LIST_CAINFOS,
+ STROKE_LIST_CRLS,
+ STROKE_LIST_OCSP,
+ STROKE_LIST_ALGS,
+ STROKE_LIST_PLUGINS,
+ STROKE_LIST_ALL,
+ STROKE_REREAD_SECRETS,
+ STROKE_REREAD_CACERTS,
+ STROKE_REREAD_OCSPCERTS,
+ STROKE_REREAD_AACERTS,
+ STROKE_REREAD_ACERTS,
+ STROKE_REREAD_CRLS,
+ STROKE_REREAD_ALL,
+ STROKE_PURGE_OCSP,
+ STROKE_PURGE_CRLS,
+ STROKE_PURGE_CERTS,
+ STROKE_PURGE_IKE,
+ STROKE_EXPORT_X509,
+ STROKE_EXPORT_CONN_CERT,
+ STROKE_EXPORT_CONN_CHAIN,
+ STROKE_LEASES,
+ STROKE_MEMUSAGE,
+ STROKE_USER_CREDS,
+ STROKE_COUNTERS,
+ STROKE_COUNTERS_RESET,
+} stroke_keyword_t;
+
+#define STROKE_LIST_FIRST STROKE_LIST_PUBKEYS
+#define STROKE_REREAD_FIRST STROKE_REREAD_SECRETS
+#define STROKE_PURGE_FIRST STROKE_PURGE_OCSP
+#define STROKE_EXPORT_FIRST STROKE_EXPORT_X509
+
+typedef struct stroke_token stroke_token_t;
+
+extern const stroke_token_t* in_word_set(register const char *str,
+ register @GPERF_LEN_TYPE@ len);
+
+#endif /* _STROKE_KEYWORDS_H_ */
diff --git a/src/sw-collector/Makefile.in b/src/sw-collector/Makefile.in
index 73016ad72..28169508a 100644
--- a/src/sw-collector/Makefile.in
+++ b/src/sw-collector/Makefile.in
@@ -252,9 +252,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/src/sw-collector/sw-collector.8.in b/src/sw-collector/sw-collector.8.in
index 8560ba095..b9041c77b 100644
--- a/src/sw-collector/sw-collector.8.in
+++ b/src/sw-collector/sw-collector.8.in
@@ -1,4 +1,4 @@
-.TH SW-COLLECTOR 1 "2017-07-15" "@PACKAGE_VERSION@" "strongSwan"
+.TH SW-COLLECTOR 8 "2017-08-25" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
@@ -56,34 +56,34 @@ Prints usage information and a short summary of the available commands.
.BI "\-v, \-\-debug " level
Set debug level, default: 2.
.TP
-.B "\-q, \-\-quiet
+.B "\-q, \-\-quiet"
Disable debug output to stderr.
.TP
-.B "\-i, \-\-installed
+.B "\-i, \-\-installed"
Apply command to installed software packages, only.
.TP
-.B "\-r, \-\-removed
+.B "\-r, \-\-removed"
Apply command to removed software packages, only.
.TP
-.B "\-f, \-\-full
+.B "\-f, \-\-full"
Generate ISO 19770-2:2015 SWID tags with full file information (possible for
installed software packages, only).
.TP
-.B "\-l, \-\-list
+.B "\-l, \-\-list"
Lists all software packages stored in the collector database showing their
installation status.
.TP
-.B "\-u, \-\-unregistered
+.B "\-u, \-\-unregistered"
Lists all software packages residing in the local collector database but for
which no SWID tags exist yet in a central collector database reachable via a
REST interface.
.TP
-.B "\-g, \-\-generate
+.B "\-g, \-\-generate"
Generates ISO 19770-2:2015 SWID tags for all software packages residing in the
local collector database but for which no SWID tags exist in a central collector
database reachable via a REST interface.
.TP
-.B "\-m, \-\-migrate
+.B "\-m, \-\-migrate"
Can be used to migrate collector database versions. Currently all architecture
suffixes are removed from dpkg package names.
.
diff --git a/src/sw-collector/sw-collector.c b/src/sw-collector/sw-collector.c
index e673dd657..a42f1068a 100644
--- a/src/sw-collector/sw-collector.c
+++ b/src/sw-collector/sw-collector.c
@@ -249,6 +249,7 @@ static int extract_history(sw_collector_db_t *db)
history = sw_collector_history_create(db, 1);
if (!history)
{
+ chunk_unmap(h);
return EXIT_FAILURE;
}
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index 19815c51a..3a432c454 100644
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -2,6 +2,7 @@ sbin_PROGRAMS = swanctl
swanctl_SOURCES = \
command.c command.h \
+ commands/counters.c \
commands/initiate.c \
commands/terminate.c \
commands/rekey.c \
diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in
index 6da739b88..ea7130bbb 100644
--- a/src/swanctl/Makefile.in
+++ b/src/swanctl/Makefile.in
@@ -112,10 +112,11 @@ am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man5dir)" \
"$(DESTDIR)$(man8dir)"
PROGRAMS = $(sbin_PROGRAMS)
am__dirstamp = $(am__leading_dot)dirstamp
-am_swanctl_OBJECTS = command.$(OBJEXT) commands/initiate.$(OBJEXT) \
- commands/terminate.$(OBJEXT) commands/rekey.$(OBJEXT) \
- commands/redirect.$(OBJEXT) commands/install.$(OBJEXT) \
- commands/list_sas.$(OBJEXT) commands/list_pols.$(OBJEXT) \
+am_swanctl_OBJECTS = command.$(OBJEXT) commands/counters.$(OBJEXT) \
+ commands/initiate.$(OBJEXT) commands/terminate.$(OBJEXT) \
+ commands/rekey.$(OBJEXT) commands/redirect.$(OBJEXT) \
+ commands/install.$(OBJEXT) commands/list_sas.$(OBJEXT) \
+ commands/list_pols.$(OBJEXT) \
commands/list_authorities.$(OBJEXT) \
commands/list_conns.$(OBJEXT) commands/list_certs.$(OBJEXT) \
commands/list_pools.$(OBJEXT) commands/list_algs.$(OBJEXT) \
@@ -264,9 +265,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
@@ -469,6 +472,7 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
swanctl_SOURCES = \
command.c command.h \
+ commands/counters.c \
commands/initiate.c \
commands/terminate.c \
commands/rekey.c \
@@ -606,6 +610,8 @@ commands/$(am__dirstamp):
commands/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) commands/$(DEPDIR)
@: > commands/$(DEPDIR)/$(am__dirstamp)
+commands/counters.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
commands/initiate.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/terminate.$(OBJEXT): commands/$(am__dirstamp) \
@@ -664,6 +670,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/swanctl.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/counters.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/flush_certs.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/initiate.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/install.Po@am__quote@
diff --git a/src/swanctl/command.c b/src/swanctl/command.c
index 7f65d2b0e..225dff617 100644
--- a/src/swanctl/command.c
+++ b/src/swanctl/command.c
@@ -147,6 +147,15 @@ void command_register(command_t command)
"MAX_COMMANDS\n");
return;
}
+ for (i = 0; i < MAX_COMMANDS && cmds[i].cmd; i++)
+ {
+ if (cmds[i].op == command.op)
+ {
+ fprintf(stderr, "unable to register command --%s, short option "
+ "conflicts with --%s\n", command.cmd, cmds[i].cmd);
+ return;
+ }
+ }
cmds[registered] = command;
/* append default options, but not to --help */
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index c17811498..0d93ae45c 100644
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -27,7 +27,7 @@
/**
* Maximum number of commands (+1).
*/
-#define MAX_COMMANDS 25
+#define MAX_COMMANDS 26
/**
* Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/counters.c b/src/swanctl/commands/counters.c
new file mode 100644
index 000000000..ab386b5d8
--- /dev/null
+++ b/src/swanctl/commands/counters.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <errno.h>
+
+#include "command.h"
+
+CALLBACK(counters_kv, int,
+ void *null, vici_res_t *res, char *name, void *value, int len)
+{
+ if (chunk_printable(chunk_create(value, len), NULL, ' '))
+ {
+ printf(" %-22s: %.*s\n", name, len, value);
+ }
+ return 0;
+}
+
+CALLBACK(conns_sn, int,
+ void *null, vici_res_t *res, char *name)
+{
+ printf("%s:\n", strlen(name) ? name : "global");
+ return vici_parse_cb(res, NULL, counters_kv, NULL, NULL);
+}
+
+CALLBACK(counters_sn, int,
+ void *null, vici_res_t *res, char *name)
+{
+ return vici_parse_cb(res, conns_sn, NULL, NULL, NULL);
+}
+
+static int counters(vici_conn_t *conn)
+{
+ vici_req_t *req;
+ vici_res_t *res;
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ char *arg, *name = NULL;
+ int ret;
+ bool all = FALSE, reset = FALSE;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case 'n':
+ name = arg;
+ continue;
+ case 'a':
+ all = TRUE;
+ continue;
+ case 'R':
+ reset = TRUE;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --counters option");
+ }
+ break;
+ }
+ if (reset)
+ {
+ req = vici_begin("reset-counters");
+ }
+ else
+ {
+ req = vici_begin("get-counters");
+ }
+ if (all)
+ {
+ vici_add_key_valuef(req, "all", "yes");
+ }
+ else if (name)
+ {
+ vici_add_key_valuef(req, "name", "%s", name);
+ }
+
+ res = vici_submit(req, conn);
+ if (!res)
+ {
+ ret = errno;
+ fprintf(stderr, "%s-counters request failed: %s\n",
+ reset ? "reset" : "get", strerror(errno));
+ return ret;
+ }
+ if (format & COMMAND_FORMAT_RAW)
+ {
+ vici_dump(res, "counters reply", format & COMMAND_FORMAT_PRETTY,
+ stdout);
+ }
+ else
+ {
+ if (streq(vici_find_str(res, "no", "success"), "yes"))
+ {
+ if (reset)
+ {
+ printf("reset-counters completed successfully\n");
+ }
+ else if (vici_parse_cb(res, counters_sn, NULL, NULL, NULL) != 0)
+ {
+ fprintf(stderr, "parsing get-counters reply failed: %s\n",
+ strerror(errno));
+ }
+ }
+ else
+ {
+ fprintf(stderr, "%s-counters failed: %s\n", reset ? "reset" : "get",
+ vici_find_str(res, "", "errmsg"));
+ ret = 1;
+ }
+ }
+ vici_free_res(res);
+ return 0;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+ command_register((command_t) {
+ counters, 'C', "counters", "list or reset IKE event counters",
+ {"[--name <name>|--all] [--reset] [--raw|--pretty]"},
+ {
+ {"help", 'h', 0, "show usage information"},
+ {"name", 'n', 1, "connection name, omit for global counters"},
+ {"all", 'a', 0, "get/reset counters for all tracked connections"},
+ {"reset", 'R', 0, "reset the counters"},
+ {"raw", 'r', 0, "dump raw response message"},
+ {"pretty", 'P', 0, "dump raw response message in pretty print"},
+ }
+ });
+}
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf
index 1ff5ee8fb..9b87a963a 100644
--- a/src/swanctl/swanctl.conf
+++ b/src/swanctl/swanctl.conf
@@ -305,6 +305,9 @@
# Netfilter mark and mask for input traffic.
# mark_in = 0/0x00000000
+ # Whether to set *mark_in* on the inbound SA.
+ # mark_in_sa = no
+
# Netfilter mark and mask for output traffic.
# mark_out = 0/0x00000000
diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main
index d1aced493..6c73d4775 100644
--- a/src/swanctl/swanctl.conf.5.main
+++ b/src/swanctl/swanctl.conf.5.main
@@ -252,11 +252,9 @@ to enforce the uniqueness policy instead.
On initiators this setting specifies whether an INITIAL_CONTACT notify is sent
during IKE_AUTH if no existing connection is found with the remote peer
-(determined by the identities of the first authentication round). Only if set to
-.RI "" "keep" ""
-or
-.RI "" "replace" ""
-will the client send a notify.
+(determined by the identities of the first authentication round). Unless set to
+.RI "" "never" ""
+the client will send a notify.
.TP
.BR connections.<conn>.reauth_time " [0s]"
@@ -485,6 +483,20 @@ configured any signature scheme constraint (without
prefix) will also
apply to IKEv2 authentication, unless this is disabled in
.RB "" "strongswan.conf" "(5)."
+To use RSASSA\-PSS signatures use
+.RI "" "rsa/pss" ""
+instead of
+.RI "" "pubkey" ""
+or
+.RI "" "rsa" ""
+as in e.g.
+.RI "" "ike:rsa/pss\-sha256" "."
+If
+.RI "" "pubkey" ""
+or
+.RI "" "rsa" ""
+constraints are configured RSASSA\-PSS signatures will only be used if enabled in
+.RB "" "strongswan.conf" "(5)."
.TP
@@ -726,7 +738,24 @@ section's
.RB "" "auth" ""
keyword for
details), such key types and hash algorithms are also applied as constraints
-against IKEv2 signature authentication schemes used by the remote side.
+against IKEv2 signature authentication schemes used by the remote side. To
+require RSASSA\-PSS signatures use
+.RI "" "rsa/pss" ""
+instead of
+.RI "" "pubkey" ""
+or
+.RI "" "rsa" ""
+as in
+e.g.
+.RI "" "rsa/pss\-sha256" "."
+If
+.RI "" "pubkey" ""
+or
+.RI "" "rsa" ""
+constraints are configured
+RSASSA\-PSS signatures will only be accepted if enabled in
+.RB "" "strongswan.conf" "(5)."
+
To specify trust chain constraints for EAP\-(T)TLS, append a colon to the EAP
method, followed by the key type/size and hash algorithm as discussed above
@@ -1053,9 +1082,11 @@ Optional interface name to restrict IPsec policies.
.TP
.BR connections.<conn>.children.<child>.mark_in " [0/0x00000000]"
-Netfilter mark and mask for input traffic. On Linux Netfilter may require marks
-on each packet to match an SA having that option set. This allows Netfilter
-rules to select specific tunnels for incoming traffic. The special value
+Netfilter mark and mask for input traffic. On Linux, Netfilter may require marks
+on each packet to match an SA/policy having that option set. This allows
+installing duplicate policies and enables Netfilter rules to select specific
+SAs/policies for incoming traffic. Note that inbound marks are only set on
+policies, by default, unless *mark_in_sa* is enabled. The special value
.RI "" "%unique" ""
sets a unique mark on each CHILD_SA instance, beyond that the value
.RI "" "%unique\-dir" ""
@@ -1068,15 +1099,26 @@ The default
mask if omitted is 0xffffffff.
.TP
+.BR connections.<conn>.children.<child>.mark_in_sa " [no]"
+Whether to set *mark_in* on the inbound SA. By default, the inbound mark is only
+set on the inbound policy. The tuple destination address, protocol and SPI is
+unique and the mark is not required to find the correct SA, allowing to mark
+traffic after decryption instead (where more specific selectors may be used) to
+match different policies. Marking packets before decryption is still possible,
+even if no mark is set on the SA.
+
+.TP
.BR connections.<conn>.children.<child>.mark_out " [0/0x00000000]"
-Netfilter mark and mask for output traffic. On Linux Netfilter may require marks
-on each packet to match a policy having that option set. This allows Netfilter
-rules to select specific tunnels for outgoing traffic. The special value
+Netfilter mark and mask for output traffic. On Linux, Netfilter may require
+marks on each packet to match a policy/SA having that option set. This allows
+installing duplicate policies and enables Netfilter rules to select specific
+policies/SAs for outgoing traffic. The special value
.RI "" "%unique" ""
-sets a unique mark on each CHILD_SA instance, beyond that the value
+sets a unique
+mark on each CHILD_SA instance, beyond that the value
.RI "" "%unique\-dir" ""
-assigns a different unique mark for each CHILD_SA direction
-(in/out).
+assigns a
+different unique mark for each CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by
.RI "" "/" "."
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index d0a0d21dd..2dd9ea374 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -216,7 +216,7 @@ connections.<conn>.unique = no
On initiators this setting specifies whether an INITIAL_CONTACT notify is
sent during IKE_AUTH if no existing connection is found with the remote
peer (determined by the identities of the first authentication round).
- Only if set to _keep_ or _replace_ will the client send a notify.
+ Unless set to _never_ the client will send a notify.
connections.<conn>.reauth_time = 0s
Time to schedule IKE reauthentication.
@@ -395,7 +395,11 @@ connections.<conn>.local<suffix>.auth = pubkey
algorithm that matches or exceeds the strength of the signature key.
If no constraints with _ike:_ prefix are configured any signature scheme
constraint (without _ike:_ prefix) will also apply to IKEv2 authentication,
- unless this is disabled in **strongswan.conf**(5).
+ unless this is disabled in **strongswan.conf**(5). To use RSASSA-PSS
+ signatures use _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g.
+ _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured
+ RSASSA-PSS signatures will only be used if enabled in
+ **strongswan.conf**(5).
connections.<conn>.local<suffix>.id =
IKE identity to use for authentication round.
@@ -589,7 +593,10 @@ connections.<conn>.remote<suffix>.auth = pubkey
constraints are configured (refer to the description of the **local**
section's **auth** keyword for details), such key types and hash algorithms
are also applied as constraints against IKEv2 signature authentication
- schemes used by the remote side.
+ schemes used by the remote side. To require RSASSA-PSS signatures use
+ _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. _rsa/pss-sha256_. If
+ _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only
+ be accepted if enabled in **strongswan.conf**(5).
To specify trust chain constraints for EAP-(T)TLS, append a colon to the
EAP method, followed by the key type/size and hash algorithm as discussed
@@ -867,25 +874,37 @@ connections.<conn>.children.<child>.interface =
connections.<conn>.children.<child>.mark_in = 0/0x00000000
Netfilter mark and mask for input traffic.
- Netfilter mark and mask for input traffic. On Linux Netfilter may require
- marks on each packet to match an SA having that option set. This allows
- Netfilter rules to select specific tunnels for incoming traffic. The
- special value _%unique_ sets a unique mark on each CHILD_SA instance,
- beyond that the value _%unique-dir_ assigns a different unique mark for each
+ Netfilter mark and mask for input traffic. On Linux, Netfilter may require
+ marks on each packet to match an SA/policy having that option set. This
+ allows installing duplicate policies and enables Netfilter rules to select
+ specific SAs/policies for incoming traffic. Note that inbound marks are
+ only set on policies, by default, unless *mark_in_sa* is enabled. The
+ special value _%unique_ sets a unique mark on each CHILD_SA instance, beyond
+ that the value _%unique-dir_ assigns a different unique mark for each
CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by _/_. The
default mask if omitted is 0xffffffff.
+connections.<conn>.children.<child>.mark_in_sa = no
+ Whether to set *mark_in* on the inbound SA.
+
+ Whether to set *mark_in* on the inbound SA. By default, the inbound mark is
+ only set on the inbound policy. The tuple destination address, protocol and
+ SPI is unique and the mark is not required to find the correct SA, allowing
+ to mark traffic after decryption instead (where more specific selectors may
+ be used) to match different policies. Marking packets before decryption is
+ still possible, even if no mark is set on the SA.
+
connections.<conn>.children.<child>.mark_out = 0/0x00000000
Netfilter mark and mask for output traffic.
- Netfilter mark and mask for output traffic. On Linux Netfilter may require
- marks on each packet to match a policy having that option set. This allows
- Netfilter rules to select specific tunnels for outgoing traffic. The
- special value _%unique_ sets a unique mark on each CHILD_SA instance,
- beyond that the value _%unique-dir_ assigns a different unique mark for each
- CHILD_SA direction (in/out).
+ Netfilter mark and mask for output traffic. On Linux, Netfilter may require
+ marks on each packet to match a policy/SA having that option set. This
+ allows installing duplicate policies and enables Netfilter rules to select
+ specific policies/SAs for outgoing traffic. The special value _%unique_ sets
+ a unique mark on each CHILD_SA instance, beyond that the value _%unique-dir_
+ assigns a different unique mark for each CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by _/_. The
default mask if omitted is 0xffffffff.
diff --git a/testing/Makefile.in b/testing/Makefile.in
index 3f6f1e4dd..1c244c66e 100644
--- a/testing/Makefile.in
+++ b/testing/Makefile.in
@@ -161,9 +161,11 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
diff --git a/testing/config/kernel/config-4.13 b/testing/config/kernel/config-4.13
new file mode 100644
index 000000000..dcdceccd8
--- /dev/null
+++ b/testing/config/kernel/config-4.13
@@ -0,0 +1,2613 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/x86 4.13.12 Kernel Configuration
+#
+CONFIG_64BIT=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_INSTRUCTION_DECODER=y
+CONFIG_OUTPUT_FORMAT="elf64-x86-64"
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_MMU=y
+CONFIG_ARCH_MMAP_RND_BITS_MIN=28
+CONFIG_ARCH_MMAP_RND_BITS_MAX=32
+CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
+CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
+CONFIG_NEED_DMA_MAP_STATE=y
+CONFIG_NEED_SG_DMA_LENGTH=y
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
+CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
+CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
+CONFIG_ZONE_DMA32=y
+CONFIG_AUDIT_ARCH=y
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
+CONFIG_ARCH_SUPPORTS_UPROBES=y
+CONFIG_FIX_EARLYCON_MEM=y
+CONFIG_PGTABLE_LEVELS=4
+CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
+CONFIG_THREAD_INFO_IN_TASK=y
+
+#
+# General setup
+#
+CONFIG_BROKEN_ON_SMP=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+CONFIG_CROSS_COMPILE=""
+# CONFIG_COMPILE_TEST is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
+CONFIG_HAVE_KERNEL_GZIP=y
+CONFIG_HAVE_KERNEL_BZIP2=y
+CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
+CONFIG_HAVE_KERNEL_LZO=y
+CONFIG_HAVE_KERNEL_LZ4=y
+CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
+# CONFIG_KERNEL_XZ is not set
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+CONFIG_CROSS_MEMORY_ATTACH=y
+CONFIG_FHANDLE=y
+CONFIG_USELIB=y
+# CONFIG_AUDIT is not set
+CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_IRQ_DOMAIN=y
+CONFIG_IRQ_DOMAIN_HIERARCHY=y
+CONFIG_GENERIC_MSI_IRQ=y
+CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_ARCH_CLOCKSOURCE_DATA=y
+CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+# CONFIG_TASKSTATS is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_TINY_RCU=y
+# CONFIG_RCU_EXPERT is not set
+CONFIG_SRCU=y
+CONFIG_TINY_SRCU=y
+# CONFIG_TASKS_RCU is not set
+# CONFIG_RCU_STALL_COMMON is not set
+# CONFIG_RCU_NEED_SEGCBLIST is not set
+CONFIG_BUILD_BIN2C=y
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+CONFIG_CGROUPS=y
+CONFIG_PAGE_COUNTER=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
+CONFIG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
+CONFIG_CGROUP_WRITEBACK=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+# CONFIG_RT_GROUP_SCHED is not set
+CONFIG_CGROUP_PIDS=y
+# CONFIG_CGROUP_RDMA is not set
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_PERF=y
+# CONFIG_CGROUP_DEBUG is not set
+CONFIG_SOCK_CGROUP_DATA=y
+# CONFIG_CHECKPOINT_RESTORE is not set
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_USER_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+# CONFIG_SCHED_AUTOGROUP is not set
+# CONFIG_SYSFS_DEPRECATED is not set
+# CONFIG_RELAY is not set
+# CONFIG_BLK_DEV_INITRD is not set
+# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+CONFIG_BPF=y
+# CONFIG_EXPERT is not set
+CONFIG_MULTIUSER=y
+CONFIG_SGETMASK_SYSCALL=y
+CONFIG_SYSFS_SYSCALL=y
+# CONFIG_SYSCTL_SYSCALL is not set
+CONFIG_POSIX_TIMERS=y
+CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
+# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set
+CONFIG_KALLSYMS_BASE_RELATIVE=y
+CONFIG_PRINTK=y
+CONFIG_PRINTK_NMI=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+# CONFIG_BPF_SYSCALL is not set
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_ADVISE_SYSCALLS=y
+# CONFIG_USERFAULTFD is not set
+CONFIG_PCI_QUIRKS=y
+CONFIG_MEMBARRIER=y
+# CONFIG_EMBEDDED is not set
+CONFIG_HAVE_PERF_EVENTS=y
+# CONFIG_PC104 is not set
+
+#
+# Kernel Performance Events And Counters
+#
+CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_COMPAT_BRK=y
+CONFIG_SLAB=y
+# CONFIG_SLUB is not set
+CONFIG_SLAB_MERGE_DEFAULT=y
+# CONFIG_SLAB_FREELIST_RANDOM is not set
+# CONFIG_SYSTEM_DATA_VERIFICATION is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_OPROFILE_NMI_TIMER=y
+# CONFIG_JUMP_LABEL is not set
+# CONFIG_UPROBES is not set
+# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_OPTPROBES=y
+CONFIG_HAVE_KPROBES_ON_FTRACE=y
+CONFIG_HAVE_NMI=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_ARCH_HAS_FORTIFY_SOURCE=y
+CONFIG_ARCH_HAS_SET_MEMORY=y
+CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
+CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_CLK=y
+CONFIG_HAVE_DMA_API_DEBUG=y
+CONFIG_HAVE_HW_BREAKPOINT=y
+CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
+CONFIG_HAVE_USER_RETURN_NOTIFIER=y
+CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y
+CONFIG_HAVE_PERF_REGS=y
+CONFIG_HAVE_PERF_USER_STACK_DUMP=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
+CONFIG_HAVE_CMPXCHG_LOCAL=y
+CONFIG_HAVE_CMPXCHG_DOUBLE=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_HAVE_GCC_PLUGINS=y
+# CONFIG_GCC_PLUGINS is not set
+CONFIG_HAVE_CC_STACKPROTECTOR=y
+CONFIG_CC_STACKPROTECTOR=y
+# CONFIG_CC_STACKPROTECTOR_NONE is not set
+CONFIG_CC_STACKPROTECTOR_REGULAR=y
+# CONFIG_CC_STACKPROTECTOR_STRONG is not set
+CONFIG_THIN_ARCHIVES=y
+CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y
+CONFIG_HAVE_ARCH_HUGE_VMAP=y
+CONFIG_HAVE_ARCH_SOFT_DIRTY=y
+CONFIG_MODULES_USE_ELF_RELA=y
+CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
+CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
+CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
+CONFIG_HAVE_EXIT_THREAD=y
+CONFIG_ARCH_MMAP_RND_BITS=28
+CONFIG_HAVE_COPY_THREAD_TLS=y
+CONFIG_HAVE_STACK_VALIDATION=y
+# CONFIG_HAVE_ARCH_HASH is not set
+# CONFIG_ISA_BUS_API is not set
+# CONFIG_CPU_NO_EFFICIENT_FFS is not set
+CONFIG_HAVE_ARCH_VMAP_STACK=y
+CONFIG_VMAP_STACK=y
+# CONFIG_ARCH_OPTIONAL_KERNEL_RWX is not set
+# CONFIG_ARCH_OPTIONAL_KERNEL_RWX_DEFAULT is not set
+CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
+CONFIG_STRICT_KERNEL_RWX=y
+CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
+# CONFIG_REFCOUNT_FULL is not set
+
+#
+# GCOV-based kernel profiling
+#
+CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
+# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
+CONFIG_SLABINFO=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+# CONFIG_MODULES is not set
+CONFIG_MODULES_TREE_LOOKUP=y
+CONFIG_BLOCK=y
+# CONFIG_BLK_DEV_BSG is not set
+# CONFIG_BLK_DEV_BSGLIB is not set
+# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_DEV_ZONED is not set
+# CONFIG_BLK_DEV_THROTTLING is not set
+# CONFIG_BLK_CMDLINE_PARSER is not set
+# CONFIG_BLK_WBT is not set
+# CONFIG_BLK_SED_OPAL is not set
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_EFI_PARTITION=y
+CONFIG_BLK_MQ_PCI=y
+CONFIG_BLK_MQ_VIRTIO=y
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_DEADLINE=y
+CONFIG_IOSCHED_CFQ=y
+# CONFIG_CFQ_GROUP_IOSCHED is not set
+# CONFIG_DEFAULT_DEADLINE is not set
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
+CONFIG_MQ_IOSCHED_DEADLINE=y
+CONFIG_MQ_IOSCHED_KYBER=y
+# CONFIG_IOSCHED_BFQ is not set
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
+CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y
+CONFIG_ARCH_USE_QUEUED_RWLOCKS=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_ZONE_DMA=y
+# CONFIG_SMP is not set
+CONFIG_X86_FEATURE_NAMES=y
+CONFIG_X86_FAST_FEATURE_TESTS=y
+CONFIG_X86_MPPARSE=y
+# CONFIG_GOLDFISH is not set
+# CONFIG_INTEL_RDT_A is not set
+CONFIG_X86_EXTENDED_PLATFORM=y
+# CONFIG_X86_GOLDFISH is not set
+# CONFIG_X86_INTEL_MID is not set
+# CONFIG_X86_INTEL_LPSS is not set
+# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
+CONFIG_IOSF_MBI=y
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+# CONFIG_HYPERVISOR_GUEST is not set
+CONFIG_NO_BOOTMEM=y
+# CONFIG_MK8 is not set
+# CONFIG_MPSC is not set
+CONFIG_MCORE2=y
+# CONFIG_MATOM is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_INTERNODE_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_USE_PPRO_CHECKSUM=y
+CONFIG_X86_P6_NOP=y
+CONFIG_X86_TSC=y
+CONFIG_X86_CMPXCHG64=y
+CONFIG_X86_CMOV=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=64
+CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR=y
+CONFIG_HPET_TIMER=y
+CONFIG_DMI=y
+CONFIG_GART_IOMMU=y
+# CONFIG_CALGARY_IOMMU is not set
+CONFIG_SWIOTLB=y
+CONFIG_IOMMU_HELPER=y
+CONFIG_NR_CPUS=1
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_UP_LATE_INIT=y
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+
+#
+# Performance monitoring
+#
+CONFIG_PERF_EVENTS_INTEL_UNCORE=y
+CONFIG_PERF_EVENTS_INTEL_RAPL=y
+CONFIG_PERF_EVENTS_INTEL_CSTATE=y
+# CONFIG_PERF_EVENTS_AMD_POWER is not set
+# CONFIG_VM86 is not set
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
+CONFIG_X86_VSYSCALL_EMULATION=y
+# CONFIG_I8K is not set
+CONFIG_MICROCODE=y
+CONFIG_MICROCODE_INTEL=y
+# CONFIG_MICROCODE_AMD is not set
+CONFIG_MICROCODE_OLD_INTERFACE=y
+# CONFIG_X86_MSR is not set
+# CONFIG_X86_CPUID is not set
+CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
+CONFIG_ARCH_DMA_ADDR_T_64BIT=y
+CONFIG_X86_DIRECT_GBPAGES=y
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_ARCH_MEMORY_PROBE=y
+CONFIG_ARCH_PROC_KCORE_TEXT=y
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_SPARSEMEM_MANUAL=y
+CONFIG_SPARSEMEM=y
+CONFIG_HAVE_MEMORY_PRESENT=y
+CONFIG_SPARSEMEM_EXTREME=y
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
+CONFIG_SPARSEMEM_VMEMMAP=y
+CONFIG_HAVE_MEMBLOCK=y
+CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_HAVE_GENERIC_GUP=y
+CONFIG_ARCH_DISCARD_MEMBLOCK=y
+CONFIG_MEMORY_ISOLATION=y
+CONFIG_HAVE_BOOTMEM_INFO_NODE=y
+CONFIG_MEMORY_HOTPLUG=y
+CONFIG_MEMORY_HOTPLUG_SPARSE=y
+# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set
+CONFIG_MEMORY_HOTREMOVE=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
+CONFIG_MEMORY_BALLOON=y
+# CONFIG_COMPACTION is not set
+CONFIG_MIGRATION=y
+CONFIG_PHYS_ADDR_T_64BIT=y
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+# CONFIG_KSM is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+# CONFIG_TRANSPARENT_HUGEPAGE is not set
+CONFIG_ARCH_WANTS_THP_SWAP=y
+CONFIG_NEED_PER_CPU_KM=y
+# CONFIG_CLEANCACHE is not set
+# CONFIG_FRONTSWAP is not set
+# CONFIG_CMA is not set
+# CONFIG_ZPOOL is not set
+# CONFIG_ZBUD is not set
+# CONFIG_ZSMALLOC is not set
+CONFIG_GENERIC_EARLY_IOREMAP=y
+CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y
+# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
+# CONFIG_IDLE_PAGE_TRACKING is not set
+CONFIG_ARCH_HAS_ZONE_DEVICE=y
+# CONFIG_ZONE_DEVICE is not set
+CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
+CONFIG_ARCH_HAS_PKEYS=y
+# CONFIG_PERCPU_STATS is not set
+# CONFIG_X86_PMEM_LEGACY is not set
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW=64
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+CONFIG_X86_PAT=y
+CONFIG_ARCH_USES_PG_UNCACHED=y
+CONFIG_ARCH_RANDOM=y
+CONFIG_X86_SMAP=y
+# CONFIG_X86_INTEL_MPX is not set
+CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
+# CONFIG_EFI is not set
+CONFIG_SECCOMP=y
+# CONFIG_HZ_100 is not set
+CONFIG_HZ_250=y
+# CONFIG_HZ_300 is not set
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=250
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_KEXEC_FILE is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x1000000
+CONFIG_RELOCATABLE=y
+# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_LEGACY_VSYSCALL_NATIVE is not set
+CONFIG_LEGACY_VSYSCALL_EMULATE=y
+# CONFIG_LEGACY_VSYSCALL_NONE is not set
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_MODIFY_LDT_SYSCALL=y
+CONFIG_HAVE_LIVEPATCH=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_PM_SLEEP=y
+# CONFIG_PM_AUTOSLEEP is not set
+# CONFIG_PM_WAKELOCKS is not set
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+CONFIG_PM_CLK=y
+# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
+CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
+CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
+# CONFIG_ACPI_DEBUGGER is not set
+CONFIG_ACPI_SLEEP=y
+# CONFIG_ACPI_PROCFS_POWER is not set
+CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
+# CONFIG_ACPI_EC_DEBUGFS is not set
+CONFIG_ACPI_AC=y
+CONFIG_ACPI_BATTERY=y
+CONFIG_ACPI_BUTTON=y
+CONFIG_ACPI_FAN=y
+# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_CPU_FREQ_PSS=y
+CONFIG_ACPI_PROCESSOR_CSTATE=y
+CONFIG_ACPI_PROCESSOR_IDLE=y
+CONFIG_ACPI_PROCESSOR=y
+# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
+CONFIG_ACPI_THERMAL=y
+# CONFIG_ACPI_CUSTOM_DSDT is not set
+CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y
+# CONFIG_ACPI_DEBUG is not set
+# CONFIG_ACPI_PCI_SLOT is not set
+CONFIG_X86_PM_TIMER=y
+# CONFIG_ACPI_CONTAINER is not set
+# CONFIG_ACPI_HOTPLUG_MEMORY is not set
+CONFIG_ACPI_HOTPLUG_IOAPIC=y
+# CONFIG_ACPI_SBS is not set
+# CONFIG_ACPI_HED is not set
+# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
+# CONFIG_ACPI_NFIT is not set
+CONFIG_HAVE_ACPI_APEI=y
+CONFIG_HAVE_ACPI_APEI_NMI=y
+# CONFIG_ACPI_APEI is not set
+# CONFIG_DPTF_POWER is not set
+# CONFIG_PMIC_OPREGION is not set
+# CONFIG_ACPI_CONFIGFS is not set
+# CONFIG_SFI is not set
+
+#
+# CPU Frequency scaling
+#
+# CONFIG_CPU_FREQ is not set
+
+#
+# CPU Idle
+#
+CONFIG_CPU_IDLE=y
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
+# CONFIG_INTEL_IDLE is not set
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+CONFIG_PCI_DIRECT=y
+# CONFIG_PCI_MMCONFIG is not set
+CONFIG_PCI_DOMAINS=y
+# CONFIG_PCIEPORTBUS is not set
+CONFIG_PCI_BUS_ADDR_T_64BIT=y
+CONFIG_PCI_MSI=y
+CONFIG_PCI_MSI_IRQ_DOMAIN=y
+# CONFIG_PCI_DEBUG is not set
+# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
+# CONFIG_PCI_STUB is not set
+CONFIG_HT_IRQ=y
+CONFIG_PCI_LOCKLESS_CONFIG=y
+# CONFIG_PCI_IOV is not set
+# CONFIG_PCI_PRI is not set
+# CONFIG_PCI_PASID is not set
+CONFIG_PCI_LABEL=y
+# CONFIG_HOTPLUG_PCI is not set
+
+#
+# DesignWare PCI Core Support
+#
+# CONFIG_PCIE_DW_PLAT is not set
+
+#
+# PCI host controller drivers
+#
+# CONFIG_VMD is not set
+
+#
+# PCI Endpoint
+#
+# CONFIG_PCI_ENDPOINT is not set
+
+#
+# PCI switch controller drivers
+#
+# CONFIG_PCI_SW_SWITCHTEC is not set
+CONFIG_ISA_DMA_API=y
+CONFIG_AMD_NB=y
+# CONFIG_PCCARD is not set
+# CONFIG_RAPIDIO is not set
+# CONFIG_X86_SYSFB is not set
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+CONFIG_ELFCORE=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_HAVE_AOUT is not set
+# CONFIG_BINFMT_MISC is not set
+CONFIG_COREDUMP=y
+# CONFIG_IA32_EMULATION is not set
+# CONFIG_X86_X32 is not set
+CONFIG_X86_DEV_DMA_OPS=y
+CONFIG_NET=y
+CONFIG_NET_INGRESS=y
+
+#
+# Networking options
+#
+CONFIG_PACKET=y
+# CONFIG_PACKET_DIAG is not set
+CONFIG_UNIX=y
+# CONFIG_UNIX_DIAG is not set
+CONFIG_TLS=y
+CONFIG_XFRM=y
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_XFRM_STATISTICS=y
+CONFIG_XFRM_IPCOMP=y
+CONFIG_NET_KEY=y
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+# CONFIG_IP_MULTICAST is not set
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_MULTIPLE_TABLES=y
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+# CONFIG_IP_PNP is not set
+# CONFIG_NET_IPIP is not set
+# CONFIG_NET_IPGRE_DEMUX is not set
+CONFIG_NET_IP_TUNNEL=y
+# CONFIG_SYN_COOKIES is not set
+# CONFIG_NET_IPVTI is not set
+CONFIG_NET_UDP_TUNNEL=y
+# CONFIG_NET_FOU is not set
+CONFIG_INET_AH=y
+CONFIG_INET_ESP=y
+# CONFIG_INET_ESP_OFFLOAD is not set
+CONFIG_INET_IPCOMP=y
+CONFIG_INET_XFRM_TUNNEL=y
+CONFIG_INET_TUNNEL=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=y
+CONFIG_INET_XFRM_MODE_TUNNEL=y
+CONFIG_INET_XFRM_MODE_BEET=y
+CONFIG_INET_DIAG=y
+CONFIG_INET_TCP_DIAG=y
+# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_INET_RAW_DIAG is not set
+# CONFIG_INET_DIAG_DESTROY is not set
+# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_DEFAULT_TCP_CONG="cubic"
+# CONFIG_TCP_MD5SIG is not set
+CONFIG_IPV6=y
+# CONFIG_IPV6_ROUTER_PREF is not set
+CONFIG_IPV6_OPTIMISTIC_DAD=y
+CONFIG_INET6_AH=y
+CONFIG_INET6_ESP=y
+# CONFIG_INET6_ESP_OFFLOAD is not set
+CONFIG_INET6_IPCOMP=y
+CONFIG_IPV6_MIP6=y
+# CONFIG_IPV6_ILA is not set
+CONFIG_INET6_XFRM_TUNNEL=y
+CONFIG_INET6_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_TRANSPORT=y
+CONFIG_INET6_XFRM_MODE_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_BEET=y
+# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
+# CONFIG_IPV6_VTI is not set
+# CONFIG_IPV6_SIT is not set
+CONFIG_IPV6_TUNNEL=y
+# CONFIG_IPV6_FOU is not set
+# CONFIG_IPV6_FOU_TUNNEL is not set
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_IPV6_SEG6_LWTUNNEL is not set
+# CONFIG_IPV6_SEG6_HMAC is not set
+# CONFIG_NETWORK_SECMARK is not set
+# CONFIG_NET_PTP_CLASSIFY is not set
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+CONFIG_NETFILTER=y
+# CONFIG_NETFILTER_DEBUG is not set
+CONFIG_NETFILTER_ADVANCED=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_INGRESS=y
+CONFIG_NETFILTER_NETLINK=y
+# CONFIG_NETFILTER_NETLINK_ACCT is not set
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_LOG_COMMON=y
+# CONFIG_NF_LOG_NETDEV is not set
+CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+# CONFIG_NF_CONNTRACK_TIMEOUT is not set
+# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+CONFIG_NF_CT_PROTO_UDPLITE=y
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+CONFIG_NF_CONNTRACK_SANE=y
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
+CONFIG_NF_CT_NETLINK=y
+# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+# CONFIG_NF_NAT_AMANDA is not set
+# CONFIG_NF_NAT_FTP is not set
+# CONFIG_NF_NAT_IRC is not set
+# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT_TFTP is not set
+CONFIG_NF_NAT_REDIRECT=y
+# CONFIG_NF_TABLES is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
+# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_NAT=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
+# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+# CONFIG_NETFILTER_XT_MATCH_CPU is not set
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
+# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
+CONFIG_NETFILTER_XT_MATCH_L2TP=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+# CONFIG_NETFILTER_XT_MATCH_OSF is not set
+# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+# CONFIG_NETFILTER_XT_MATCH_TIME is not set
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+# CONFIG_IP_SET_HASH_IPMARK is not set
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
+# CONFIG_IP_SET_HASH_IPMAC is not set
+# CONFIG_IP_SET_HASH_MAC is not set
+# CONFIG_IP_SET_HASH_NETPORTNET is not set
+CONFIG_IP_SET_HASH_NET=y
+# CONFIG_IP_SET_HASH_NETNET is not set
+CONFIG_IP_SET_HASH_NETPORT=y
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+CONFIG_IP_SET_LIST_SET=y
+# CONFIG_IP_VS is not set
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+# CONFIG_NF_SOCKET_IPV4 is not set
+# CONFIG_NF_DUP_IPV4 is not set
+# CONFIG_NF_LOG_ARP is not set
+CONFIG_NF_LOG_IPV4=y
+CONFIG_NF_REJECT_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_NF_NAT_MASQUERADE_IPV4=y
+# CONFIG_NF_NAT_PPTP is not set
+# CONFIG_NF_NAT_H323 is not set
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+# CONFIG_IP_NF_MATCH_RPFILTER is not set
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+# CONFIG_IP_NF_TARGET_SYNPROXY is not set
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+# CONFIG_NF_SOCKET_IPV6 is not set
+# CONFIG_NF_DUP_IPV6 is not set
+CONFIG_NF_REJECT_IPV6=y
+CONFIG_NF_LOG_IPV6=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_NF_NAT_MASQUERADE_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+# CONFIG_IP6_NF_MATCH_RPFILTER is not set
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
+CONFIG_IP6_NF_FILTER=y
+CONFIG_IP6_NF_TARGET_REJECT=y
+# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
+CONFIG_IP6_NF_MANGLE=y
+CONFIG_IP6_NF_RAW=y
+# CONFIG_IP6_NF_NAT is not set
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_RDS is not set
+# CONFIG_TIPC is not set
+# CONFIG_ATM is not set
+CONFIG_L2TP=y
+# CONFIG_L2TP_V3 is not set
+# CONFIG_BRIDGE is not set
+CONFIG_HAVE_NET_DSA=y
+# CONFIG_NET_DSA is not set
+# CONFIG_VLAN_8021Q is not set
+# CONFIG_DECNET is not set
+# CONFIG_LLC2 is not set
+# CONFIG_IPX is not set
+# CONFIG_ATALK is not set
+# CONFIG_X25 is not set
+# CONFIG_LAPB is not set
+# CONFIG_PHONET is not set
+# CONFIG_6LOWPAN is not set
+# CONFIG_IEEE802154 is not set
+# CONFIG_NET_SCHED is not set
+# CONFIG_DCB is not set
+# CONFIG_BATMAN_ADV is not set
+# CONFIG_OPENVSWITCH is not set
+# CONFIG_VSOCKETS is not set
+# CONFIG_NETLINK_DIAG is not set
+# CONFIG_MPLS is not set
+# CONFIG_HSR is not set
+# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_NET_L3_MASTER_DEV is not set
+# CONFIG_NET_NCSI is not set
+CONFIG_CGROUP_NET_PRIO=y
+CONFIG_CGROUP_NET_CLASSID=y
+CONFIG_NET_RX_BUSY_POLL=y
+CONFIG_BQL=y
+
+#
+# Network testing
+#
+# CONFIG_NET_PKTGEN is not set
+# CONFIG_HAMRADIO is not set
+# CONFIG_CAN is not set
+# CONFIG_IRDA is not set
+# CONFIG_BT is not set
+# CONFIG_AF_RXRPC is not set
+# CONFIG_AF_KCM is not set
+# CONFIG_STREAM_PARSER is not set
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+# CONFIG_CFG80211 is not set
+# CONFIG_LIB80211 is not set
+
+#
+# CFG80211 needs to be enabled for MAC80211
+#
+CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
+# CONFIG_WIMAX is not set
+# CONFIG_RFKILL is not set
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+# CONFIG_NET_9P_DEBUG is not set
+# CONFIG_CAIF is not set
+# CONFIG_CEPH_LIB is not set
+# CONFIG_NFC is not set
+# CONFIG_PSAMPLE is not set
+# CONFIG_NET_IFE is not set
+# CONFIG_LWTUNNEL is not set
+CONFIG_DST_CACHE=y
+CONFIG_GRO_CELLS=y
+# CONFIG_NET_DEVLINK is not set
+CONFIG_MAY_USE_DEVLINK=y
+CONFIG_HAVE_EBPF_JIT=y
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER=y
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
+CONFIG_FW_LOADER=y
+CONFIG_FIRMWARE_IN_KERNEL=y
+CONFIG_EXTRA_FIRMWARE=""
+# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set
+CONFIG_ALLOW_DEV_COREDUMP=y
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
+# CONFIG_SYS_HYPERVISOR is not set
+# CONFIG_GENERIC_CPU_DEVICES is not set
+CONFIG_GENERIC_CPU_AUTOPROBE=y
+# CONFIG_DMA_SHARED_BUFFER is not set
+
+#
+# Bus devices
+#
+# CONFIG_CONNECTOR is not set
+# CONFIG_MTD is not set
+# CONFIG_OF is not set
+CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+# CONFIG_PARPORT is not set
+CONFIG_PNP=y
+CONFIG_PNP_DEBUG_MESSAGES=y
+
+#
+# Protocols
+#
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+# CONFIG_BLK_DEV_NULL_BLK is not set
+# CONFIG_BLK_DEV_FD is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
+# CONFIG_BLK_CPQ_CISS_DA is not set
+# CONFIG_BLK_DEV_DAC960 is not set
+# CONFIG_BLK_DEV_UMEM is not set
+# CONFIG_BLK_DEV_COW_COMMON is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+# CONFIG_BLK_DEV_DRBD is not set
+CONFIG_BLK_DEV_NBD=y
+# CONFIG_BLK_DEV_SKD is not set
+# CONFIG_BLK_DEV_SX8 is not set
+# CONFIG_BLK_DEV_RAM is not set
+# CONFIG_CDROM_PKTCDVD is not set
+# CONFIG_ATA_OVER_ETH is not set
+CONFIG_VIRTIO_BLK=y
+# CONFIG_VIRTIO_BLK_SCSI is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BLK_DEV_RSXX is not set
+# CONFIG_BLK_DEV_NVME is not set
+# CONFIG_NVME_FC is not set
+
+#
+# Misc devices
+#
+# CONFIG_SENSORS_LIS3LV02D is not set
+# CONFIG_DUMMY_IRQ is not set
+# CONFIG_IBM_ASM is not set
+# CONFIG_PHANTOM is not set
+# CONFIG_SGI_IOC4 is not set
+# CONFIG_TIFM_CORE is not set
+# CONFIG_ENCLOSURE_SERVICES is not set
+# CONFIG_HP_ILO is not set
+# CONFIG_SRAM is not set
+# CONFIG_PCI_ENDPOINT_TEST is not set
+# CONFIG_C2PORT is not set
+
+#
+# EEPROM support
+#
+# CONFIG_EEPROM_93CX6 is not set
+# CONFIG_CB710_CORE is not set
+
+#
+# Texas Instruments shared transport line discipline
+#
+
+#
+# Altera FPGA firmware download module
+#
+# CONFIG_INTEL_MEI is not set
+# CONFIG_INTEL_MEI_ME is not set
+# CONFIG_INTEL_MEI_TXE is not set
+# CONFIG_VMWARE_VMCI is not set
+
+#
+# Intel MIC Bus Driver
+#
+# CONFIG_INTEL_MIC_BUS is not set
+
+#
+# SCIF Bus Driver
+#
+# CONFIG_SCIF_BUS is not set
+
+#
+# VOP Bus Driver
+#
+# CONFIG_VOP_BUS is not set
+
+#
+# Intel MIC Host Driver
+#
+
+#
+# Intel MIC Card Driver
+#
+
+#
+# SCIF Driver
+#
+
+#
+# Intel MIC Coprocessor State Management (COSM) Drivers
+#
+
+#
+# VOP Driver
+#
+# CONFIG_GENWQE is not set
+# CONFIG_ECHO is not set
+# CONFIG_CXL_BASE is not set
+# CONFIG_CXL_AFU_DRIVER_OPS is not set
+# CONFIG_CXL_LIB is not set
+CONFIG_HAVE_IDE=y
+# CONFIG_IDE is not set
+
+#
+# SCSI device support
+#
+CONFIG_SCSI_MOD=y
+# CONFIG_RAID_ATTRS is not set
+# CONFIG_SCSI is not set
+# CONFIG_SCSI_DMA is not set
+# CONFIG_SCSI_NETLINK is not set
+# CONFIG_ATA is not set
+# CONFIG_MD is not set
+# CONFIG_FUSION is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+# CONFIG_FIREWIRE is not set
+# CONFIG_FIREWIRE_NOSY is not set
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+# CONFIG_BONDING is not set
+CONFIG_DUMMY=y
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_TEAM is not set
+# CONFIG_MACVLAN is not set
+# CONFIG_VXLAN is not set
+# CONFIG_GENEVE is not set
+# CONFIG_GTP is not set
+CONFIG_MACSEC=y
+# CONFIG_NETCONSOLE is not set
+# CONFIG_NETPOLL is not set
+# CONFIG_NET_POLL_CONTROLLER is not set
+CONFIG_TUN=y
+# CONFIG_TUN_VNET_CROSS_LE is not set
+# CONFIG_VETH is not set
+CONFIG_VIRTIO_NET=y
+# CONFIG_NLMON is not set
+# CONFIG_ARCNET is not set
+
+#
+# CAIF transport drivers
+#
+
+#
+# Distributed Switch Architecture drivers
+#
+CONFIG_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_VORTEX is not set
+# CONFIG_TYPHOON is not set
+CONFIG_NET_VENDOR_ADAPTEC=y
+# CONFIG_ADAPTEC_STARFIRE is not set
+CONFIG_NET_VENDOR_AGERE=y
+# CONFIG_ET131X is not set
+CONFIG_NET_VENDOR_ALACRITECH=y
+# CONFIG_SLICOSS is not set
+CONFIG_NET_VENDOR_ALTEON=y
+# CONFIG_ACENIC is not set
+# CONFIG_ALTERA_TSE is not set
+CONFIG_NET_VENDOR_AMAZON=y
+# CONFIG_ENA_ETHERNET is not set
+CONFIG_NET_VENDOR_AMD=y
+# CONFIG_AMD8111_ETH is not set
+# CONFIG_PCNET32 is not set
+# CONFIG_AMD_XGBE is not set
+# CONFIG_AMD_XGBE_HAVE_ECC is not set
+CONFIG_NET_VENDOR_AQUANTIA=y
+# CONFIG_AQTION is not set
+# CONFIG_NET_VENDOR_ARC is not set
+CONFIG_NET_VENDOR_ATHEROS=y
+# CONFIG_ATL2 is not set
+# CONFIG_ATL1 is not set
+# CONFIG_ATL1E is not set
+# CONFIG_ATL1C is not set
+# CONFIG_ALX is not set
+# CONFIG_NET_VENDOR_AURORA is not set
+CONFIG_NET_CADENCE=y
+# CONFIG_MACB is not set
+CONFIG_NET_VENDOR_BROADCOM=y
+# CONFIG_B44 is not set
+# CONFIG_BCMGENET is not set
+# CONFIG_BNX2 is not set
+# CONFIG_CNIC is not set
+# CONFIG_TIGON3 is not set
+# CONFIG_BNX2X is not set
+# CONFIG_BNXT is not set
+CONFIG_NET_VENDOR_BROCADE=y
+# CONFIG_BNA is not set
+CONFIG_NET_VENDOR_CAVIUM=y
+# CONFIG_THUNDER_NIC_PF is not set
+# CONFIG_THUNDER_NIC_VF is not set
+# CONFIG_THUNDER_NIC_BGX is not set
+# CONFIG_THUNDER_NIC_RGX is not set
+# CONFIG_LIQUIDIO is not set
+# CONFIG_LIQUIDIO_VF is not set
+CONFIG_NET_VENDOR_CHELSIO=y
+# CONFIG_CHELSIO_T1 is not set
+# CONFIG_CHELSIO_T3 is not set
+# CONFIG_CHELSIO_T4 is not set
+# CONFIG_CHELSIO_T4VF is not set
+CONFIG_NET_VENDOR_CISCO=y
+# CONFIG_ENIC is not set
+# CONFIG_CX_ECAT is not set
+# CONFIG_DNET is not set
+CONFIG_NET_VENDOR_DEC=y
+# CONFIG_NET_TULIP is not set
+CONFIG_NET_VENDOR_DLINK=y
+# CONFIG_DL2K is not set
+# CONFIG_SUNDANCE is not set
+CONFIG_NET_VENDOR_EMULEX=y
+# CONFIG_BE2NET is not set
+CONFIG_NET_VENDOR_EZCHIP=y
+CONFIG_NET_VENDOR_EXAR=y
+# CONFIG_S2IO is not set
+# CONFIG_VXGE is not set
+CONFIG_NET_VENDOR_HP=y
+# CONFIG_HP100 is not set
+CONFIG_NET_VENDOR_INTEL=y
+# CONFIG_E100 is not set
+# CONFIG_E1000 is not set
+# CONFIG_E1000E is not set
+# CONFIG_IGB is not set
+# CONFIG_IGBVF is not set
+# CONFIG_IXGB is not set
+# CONFIG_IXGBE is not set
+# CONFIG_IXGBEVF is not set
+# CONFIG_I40E is not set
+# CONFIG_I40EVF is not set
+# CONFIG_FM10K is not set
+CONFIG_NET_VENDOR_I825XX=y
+# CONFIG_JME is not set
+CONFIG_NET_VENDOR_MARVELL=y
+# CONFIG_MVMDIO is not set
+# CONFIG_SKGE is not set
+# CONFIG_SKY2 is not set
+CONFIG_NET_VENDOR_MELLANOX=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX4_CORE is not set
+# CONFIG_MLX5_CORE is not set
+# CONFIG_MLXSW_CORE is not set
+# CONFIG_MLXFW is not set
+CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8851_MLL is not set
+# CONFIG_KSZ884X_PCI is not set
+CONFIG_NET_VENDOR_MYRI=y
+# CONFIG_MYRI10GE is not set
+# CONFIG_FEALNX is not set
+CONFIG_NET_VENDOR_NATSEMI=y
+# CONFIG_NATSEMI is not set
+# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_NETRONOME=y
+# CONFIG_NFP is not set
+CONFIG_NET_VENDOR_8390=y
+# CONFIG_NE2K_PCI is not set
+CONFIG_NET_VENDOR_NVIDIA=y
+# CONFIG_FORCEDETH is not set
+CONFIG_NET_VENDOR_OKI=y
+# CONFIG_ETHOC is not set
+CONFIG_NET_PACKET_ENGINE=y
+# CONFIG_HAMACHI is not set
+# CONFIG_YELLOWFIN is not set
+CONFIG_NET_VENDOR_QLOGIC=y
+# CONFIG_QLA3XXX is not set
+# CONFIG_QLCNIC is not set
+# CONFIG_QLGE is not set
+# CONFIG_NETXEN_NIC is not set
+# CONFIG_QED is not set
+CONFIG_NET_VENDOR_QUALCOMM=y
+# CONFIG_QCOM_EMAC is not set
+CONFIG_NET_VENDOR_REALTEK=y
+# CONFIG_8139CP is not set
+# CONFIG_8139TOO is not set
+# CONFIG_R8169 is not set
+CONFIG_NET_VENDOR_RENESAS=y
+CONFIG_NET_VENDOR_RDC=y
+# CONFIG_R6040 is not set
+CONFIG_NET_VENDOR_ROCKER=y
+CONFIG_NET_VENDOR_SAMSUNG=y
+# CONFIG_SXGBE_ETH is not set
+CONFIG_NET_VENDOR_SEEQ=y
+CONFIG_NET_VENDOR_SILAN=y
+# CONFIG_SC92031 is not set
+CONFIG_NET_VENDOR_SIS=y
+# CONFIG_SIS900 is not set
+# CONFIG_SIS190 is not set
+CONFIG_NET_VENDOR_SOLARFLARE=y
+# CONFIG_SFC is not set
+# CONFIG_SFC_FALCON is not set
+CONFIG_NET_VENDOR_SMSC=y
+# CONFIG_EPIC100 is not set
+# CONFIG_SMSC911X is not set
+# CONFIG_SMSC9420 is not set
+CONFIG_NET_VENDOR_STMICRO=y
+# CONFIG_STMMAC_ETH is not set
+CONFIG_NET_VENDOR_SUN=y
+# CONFIG_HAPPYMEAL is not set
+# CONFIG_SUNGEM is not set
+# CONFIG_CASSINI is not set
+# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_TEHUTI=y
+# CONFIG_TEHUTI is not set
+CONFIG_NET_VENDOR_TI=y
+# CONFIG_TI_CPSW_ALE is not set
+# CONFIG_TLAN is not set
+CONFIG_NET_VENDOR_VIA=y
+# CONFIG_VIA_RHINE is not set
+# CONFIG_VIA_VELOCITY is not set
+CONFIG_NET_VENDOR_WIZNET=y
+# CONFIG_WIZNET_W5100 is not set
+# CONFIG_WIZNET_W5300 is not set
+CONFIG_NET_VENDOR_SYNOPSYS=y
+# CONFIG_DWC_XLGMAC is not set
+# CONFIG_FDDI is not set
+# CONFIG_HIPPI is not set
+# CONFIG_NET_SB1000 is not set
+# CONFIG_MDIO_DEVICE is not set
+# CONFIG_MDIO_BUS is not set
+# CONFIG_PHYLIB is not set
+# CONFIG_PPP is not set
+# CONFIG_SLIP is not set
+
+#
+# Host-side USB support is needed for USB Network Adapter support
+#
+CONFIG_WLAN=y
+CONFIG_WLAN_VENDOR_ADMTEK=y
+CONFIG_WLAN_VENDOR_ATH=y
+# CONFIG_ATH_DEBUG is not set
+# CONFIG_ATH5K_PCI is not set
+CONFIG_WLAN_VENDOR_ATMEL=y
+CONFIG_WLAN_VENDOR_BROADCOM=y
+CONFIG_WLAN_VENDOR_CISCO=y
+CONFIG_WLAN_VENDOR_INTEL=y
+CONFIG_WLAN_VENDOR_INTERSIL=y
+# CONFIG_HOSTAP is not set
+# CONFIG_PRISM54 is not set
+CONFIG_WLAN_VENDOR_MARVELL=y
+CONFIG_WLAN_VENDOR_MEDIATEK=y
+CONFIG_WLAN_VENDOR_RALINK=y
+CONFIG_WLAN_VENDOR_REALTEK=y
+CONFIG_WLAN_VENDOR_RSI=y
+CONFIG_WLAN_VENDOR_ST=y
+CONFIG_WLAN_VENDOR_TI=y
+CONFIG_WLAN_VENDOR_ZYDAS=y
+CONFIG_WLAN_VENDOR_QUANTENNA=y
+
+#
+# Enable WiMAX (Networking options) to see the WiMAX drivers
+#
+# CONFIG_WAN is not set
+# CONFIG_VMXNET3 is not set
+# CONFIG_FUJITSU_ES is not set
+# CONFIG_ISDN is not set
+# CONFIG_NVM is not set
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
+# CONFIG_INPUT_SPARSEKMAP is not set
+# CONFIG_INPUT_MATRIXKMAP is not set
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_JOYDEV is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_EVBUG is not set
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_SAMSUNG is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=y
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_BYD=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_SENTELIC is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+CONFIG_MOUSE_PS2_FOCALTECH=y
+# CONFIG_MOUSE_SERIAL is not set
+# CONFIG_MOUSE_APPLETOUCH is not set
+# CONFIG_MOUSE_BCM5974 is not set
+# CONFIG_MOUSE_VSXXXAA is not set
+# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_JOYSTICK is not set
+# CONFIG_INPUT_TABLET is not set
+# CONFIG_INPUT_TOUCHSCREEN is not set
+# CONFIG_INPUT_MISC is not set
+# CONFIG_RMI4_CORE is not set
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=y
+# CONFIG_SERIO_CT82C710 is not set
+# CONFIG_SERIO_PCIPS2 is not set
+CONFIG_SERIO_LIBPS2=y
+# CONFIG_SERIO_RAW is not set
+# CONFIG_SERIO_ALTERA_PS2 is not set
+# CONFIG_SERIO_PS2MULT is not set
+# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_USERIO is not set
+# CONFIG_GAMEPORT is not set
+
+#
+# Character devices
+#
+CONFIG_TTY=y
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_VT_CONSOLE_SLEEP=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_UNIX98_PTYS=y
+CONFIG_LEGACY_PTYS=y
+CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_SERIAL_NONSTANDARD is not set
+# CONFIG_NOZOMI is not set
+# CONFIG_N_GSM is not set
+# CONFIG_TRACE_SINK is not set
+CONFIG_DEVMEM=y
+CONFIG_DEVKMEM=y
+
+#
+# Serial drivers
+#
+# CONFIG_SERIAL_8250 is not set
+
+#
+# Non-8250 serial port support
+#
+# CONFIG_SERIAL_UARTLITE is not set
+# CONFIG_SERIAL_JSM is not set
+# CONFIG_SERIAL_SCCNXP is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_ARC is not set
+# CONFIG_SERIAL_RP2 is not set
+# CONFIG_SERIAL_FSL_LPUART is not set
+# CONFIG_SERIAL_DEV_BUS is not set
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+# CONFIG_IPMI_HANDLER is not set
+# CONFIG_HW_RANDOM is not set
+# CONFIG_NVRAM is not set
+# CONFIG_R3964 is not set
+# CONFIG_APPLICOM is not set
+# CONFIG_MWAVE is not set
+# CONFIG_RAW_DRIVER is not set
+# CONFIG_HPET is not set
+# CONFIG_HANGCHECK_TIMER is not set
+# CONFIG_TCG_TPM is not set
+# CONFIG_TELCLOCK is not set
+CONFIG_DEVPORT=y
+# CONFIG_XILLYBUS is not set
+
+#
+# I2C support
+#
+# CONFIG_I2C is not set
+# CONFIG_SPI is not set
+# CONFIG_SPMI is not set
+# CONFIG_HSI is not set
+# CONFIG_PPS is not set
+
+#
+# PTP clock support
+#
+# CONFIG_PTP_1588_CLOCK is not set
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+# CONFIG_GPIOLIB is not set
+# CONFIG_W1 is not set
+# CONFIG_POWER_AVS is not set
+# CONFIG_POWER_RESET is not set
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+# CONFIG_PDA_POWER is not set
+# CONFIG_TEST_POWER is not set
+# CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
+# CONFIG_BATTERY_BQ27XXX is not set
+# CONFIG_CHARGER_MAX8903 is not set
+CONFIG_HWMON=y
+# CONFIG_HWMON_VID is not set
+# CONFIG_HWMON_DEBUG_CHIP is not set
+
+#
+# Native drivers
+#
+# CONFIG_SENSORS_ABITUGURU is not set
+# CONFIG_SENSORS_ABITUGURU3 is not set
+# CONFIG_SENSORS_K8TEMP is not set
+# CONFIG_SENSORS_K10TEMP is not set
+# CONFIG_SENSORS_FAM15H_POWER is not set
+# CONFIG_SENSORS_APPLESMC is not set
+# CONFIG_SENSORS_ASPEED is not set
+# CONFIG_SENSORS_DELL_SMM is not set
+# CONFIG_SENSORS_I5K_AMB is not set
+# CONFIG_SENSORS_F71805F is not set
+# CONFIG_SENSORS_F71882FG is not set
+# CONFIG_SENSORS_I5500 is not set
+# CONFIG_SENSORS_CORETEMP is not set
+# CONFIG_SENSORS_IT87 is not set
+# CONFIG_SENSORS_MAX197 is not set
+# CONFIG_SENSORS_PC87360 is not set
+# CONFIG_SENSORS_PC87427 is not set
+# CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_NCT6683 is not set
+# CONFIG_SENSORS_NCT6775 is not set
+# CONFIG_SENSORS_SIS5595 is not set
+# CONFIG_SENSORS_SMSC47M1 is not set
+# CONFIG_SENSORS_SMSC47B397 is not set
+# CONFIG_SENSORS_SCH56XX_COMMON is not set
+# CONFIG_SENSORS_VIA_CPUTEMP is not set
+# CONFIG_SENSORS_VIA686A is not set
+# CONFIG_SENSORS_VT1211 is not set
+# CONFIG_SENSORS_VT8231 is not set
+# CONFIG_SENSORS_W83627HF is not set
+# CONFIG_SENSORS_W83627EHF is not set
+
+#
+# ACPI drivers
+#
+# CONFIG_SENSORS_ACPI_POWER is not set
+# CONFIG_SENSORS_ATK0110 is not set
+CONFIG_THERMAL=y
+CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
+CONFIG_THERMAL_HWMON=y
+# CONFIG_THERMAL_WRITABLE_TRIPS is not set
+CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
+# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set
+# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
+CONFIG_THERMAL_GOV_STEP_WISE=y
+# CONFIG_THERMAL_GOV_BANG_BANG is not set
+# CONFIG_THERMAL_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set
+# CONFIG_THERMAL_EMULATION is not set
+# CONFIG_INTEL_POWERCLAMP is not set
+# CONFIG_INTEL_SOC_DTS_THERMAL is not set
+
+#
+# ACPI INT340X thermal drivers
+#
+# CONFIG_INT340X_THERMAL is not set
+# CONFIG_INTEL_PCH_THERMAL is not set
+# CONFIG_WATCHDOG is not set
+CONFIG_SSB_POSSIBLE=y
+
+#
+# Sonics Silicon Backplane
+#
+# CONFIG_SSB is not set
+CONFIG_BCMA_POSSIBLE=y
+
+#
+# Broadcom specific AMBA
+#
+# CONFIG_BCMA is not set
+
+#
+# Multifunction device drivers
+#
+# CONFIG_MFD_CORE is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_HTC_PASIC3 is not set
+# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_INTEL_LPSS_ACPI is not set
+# CONFIG_MFD_INTEL_LPSS_PCI is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_KEMPLD is not set
+# CONFIG_MFD_MT6397 is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_TMIO is not set
+# CONFIG_MFD_VX855 is not set
+# CONFIG_REGULATOR is not set
+# CONFIG_MEDIA_SUPPORT is not set
+
+#
+# Graphics support
+#
+# CONFIG_AGP is not set
+CONFIG_VGA_ARB=y
+CONFIG_VGA_ARB_MAX_GPUS=16
+# CONFIG_VGA_SWITCHEROO is not set
+# CONFIG_DRM is not set
+
+#
+# ACP (Audio CoProcessor) Configuration
+#
+# CONFIG_DRM_LIB_RANDOM is not set
+
+#
+# Frame buffer Devices
+#
+# CONFIG_FB is not set
+# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
+# CONFIG_VGASTATE is not set
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_DUMMY_CONSOLE_COLUMNS=80
+CONFIG_DUMMY_CONSOLE_ROWS=25
+CONFIG_SOUND=y
+# CONFIG_SOUND_OSS_CORE is not set
+# CONFIG_SND is not set
+
+#
+# HID support
+#
+CONFIG_HID=y
+# CONFIG_HID_BATTERY_STRENGTH is not set
+# CONFIG_HIDRAW is not set
+# CONFIG_UHID is not set
+CONFIG_HID_GENERIC=y
+
+#
+# Special HID drivers
+#
+CONFIG_HID_A4TECH=y
+# CONFIG_HID_ACRUX is not set
+CONFIG_HID_APPLE=y
+# CONFIG_HID_AUREAL is not set
+CONFIG_HID_BELKIN=y
+CONFIG_HID_CHERRY=y
+CONFIG_HID_CHICONY=y
+# CONFIG_HID_CMEDIA is not set
+CONFIG_HID_CYPRESS=y
+# CONFIG_HID_DRAGONRISE is not set
+# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
+CONFIG_HID_EZKEY=y
+# CONFIG_HID_GEMBIRD is not set
+# CONFIG_HID_GFRM is not set
+# CONFIG_HID_KEYTOUCH is not set
+# CONFIG_HID_KYE is not set
+# CONFIG_HID_WALTOP is not set
+# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
+CONFIG_HID_ITE=y
+# CONFIG_HID_TWINHAN is not set
+CONFIG_HID_KENSINGTON=y
+# CONFIG_HID_LCPOWER is not set
+# CONFIG_HID_LENOVO is not set
+CONFIG_HID_LOGITECH=y
+# CONFIG_HID_LOGITECH_HIDPP is not set
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+# CONFIG_LOGIG940_FF is not set
+# CONFIG_LOGIWHEELS_FF is not set
+# CONFIG_HID_MAGICMOUSE is not set
+# CONFIG_HID_MAYFLASH is not set
+CONFIG_HID_MICROSOFT=y
+CONFIG_HID_MONTEREY=y
+# CONFIG_HID_MULTITOUCH is not set
+# CONFIG_HID_NTI is not set
+# CONFIG_HID_ORTEK is not set
+# CONFIG_HID_PANTHERLORD is not set
+# CONFIG_HID_PETALYNX is not set
+# CONFIG_HID_PICOLCD is not set
+CONFIG_HID_PLANTRONICS=y
+# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_SAITEK is not set
+# CONFIG_HID_SAMSUNG is not set
+# CONFIG_HID_SPEEDLINK is not set
+# CONFIG_HID_STEELSERIES is not set
+# CONFIG_HID_SUNPLUS is not set
+# CONFIG_HID_RMI is not set
+# CONFIG_HID_GREENASIA is not set
+# CONFIG_HID_SMARTJOYPLUS is not set
+# CONFIG_HID_TIVO is not set
+# CONFIG_HID_TOPSEED is not set
+# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_UDRAW_PS3 is not set
+# CONFIG_HID_WACOM is not set
+# CONFIG_HID_XINMO is not set
+# CONFIG_HID_ZEROPLUS is not set
+# CONFIG_HID_ZYDACRON is not set
+# CONFIG_HID_SENSOR_HUB is not set
+# CONFIG_HID_ALPS is not set
+
+#
+# Intel ISH HID support
+#
+# CONFIG_INTEL_ISH_HID is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+# CONFIG_USB is not set
+CONFIG_USB_PCI=y
+
+#
+# USB port drivers
+#
+
+#
+# USB Physical Layer drivers
+#
+# CONFIG_USB_PHY is not set
+# CONFIG_NOP_USB_XCEIV is not set
+# CONFIG_USB_GADGET is not set
+
+#
+# USB Power Delivery and Type-C drivers
+#
+# CONFIG_TYPEC_UCSI is not set
+# CONFIG_USB_ULPI_BUS is not set
+# CONFIG_UWB is not set
+# CONFIG_MMC is not set
+# CONFIG_MEMSTICK is not set
+# CONFIG_NEW_LEDS is not set
+# CONFIG_ACCESSIBILITY is not set
+# CONFIG_INFINIBAND is not set
+CONFIG_EDAC_ATOMIC_SCRUB=y
+CONFIG_EDAC_SUPPORT=y
+CONFIG_RTC_LIB=y
+CONFIG_RTC_MC146818_LIB=y
+# CONFIG_RTC_CLASS is not set
+# CONFIG_DMADEVICES is not set
+
+#
+# DMABUF options
+#
+# CONFIG_SYNC_FILE is not set
+# CONFIG_AUXDISPLAY is not set
+# CONFIG_UIO is not set
+# CONFIG_VIRT_DRIVERS is not set
+CONFIG_VIRTIO=y
+
+#
+# Virtio drivers
+#
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_PCI_LEGACY=y
+CONFIG_VIRTIO_BALLOON=y
+# CONFIG_VIRTIO_INPUT is not set
+CONFIG_VIRTIO_MMIO=y
+# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
+
+#
+# Microsoft Hyper-V guest support
+#
+# CONFIG_HYPERV_TSCPAGE is not set
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACERHDF is not set
+# CONFIG_DELL_SMO8800 is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_HP_WIRELESS is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ASUS_WIRELESS is not set
+# CONFIG_ACPI_WMI is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_TOSHIBA_HAPS is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_HID_EVENT is not set
+# CONFIG_INTEL_VBTN is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_INTEL_PMC_CORE is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_PVPANIC is not set
+# CONFIG_INTEL_PMC_IPC is not set
+# CONFIG_SURFACE_PRO3_BUTTON is not set
+# CONFIG_INTEL_PUNIT_IPC is not set
+# CONFIG_MLX_PLATFORM is not set
+# CONFIG_MLX_CPLD_PLATFORM is not set
+CONFIG_PMC_ATOM=y
+# CONFIG_CHROME_PLATFORMS is not set
+CONFIG_CLKDEV_LOOKUP=y
+CONFIG_HAVE_CLK_PREPARE=y
+CONFIG_COMMON_CLK=y
+
+#
+# Common Clock Framework
+#
+# CONFIG_COMMON_CLK_NXP is not set
+# CONFIG_COMMON_CLK_PXA is not set
+# CONFIG_COMMON_CLK_PIC32 is not set
+# CONFIG_HWSPINLOCK is not set
+
+#
+# Clock Source drivers
+#
+CONFIG_CLKEVT_I8253=y
+CONFIG_I8253_LOCK=y
+CONFIG_CLKBLD_I8253=y
+# CONFIG_ATMEL_PIT is not set
+# CONFIG_SH_TIMER_CMT is not set
+# CONFIG_SH_TIMER_MTU2 is not set
+# CONFIG_SH_TIMER_TMU is not set
+# CONFIG_EM_TIMER_STI is not set
+# CONFIG_MAILBOX is not set
+CONFIG_IOMMU_SUPPORT=y
+
+#
+# Generic IOMMU Pagetable Support
+#
+# CONFIG_AMD_IOMMU is not set
+# CONFIG_INTEL_IOMMU is not set
+# CONFIG_IRQ_REMAP is not set
+
+#
+# Remoteproc drivers
+#
+# CONFIG_REMOTEPROC is not set
+
+#
+# Rpmsg drivers
+#
+
+#
+# SOC (System On Chip) specific Drivers
+#
+
+#
+# Broadcom SoC drivers
+#
+
+#
+# i.MX SoC drivers
+#
+# CONFIG_SUNXI_SRAM is not set
+# CONFIG_SOC_TI is not set
+# CONFIG_PM_DEVFREQ is not set
+# CONFIG_EXTCON is not set
+# CONFIG_MEMORY is not set
+# CONFIG_IIO is not set
+# CONFIG_NTB is not set
+# CONFIG_VME_BUS is not set
+# CONFIG_PWM is not set
+CONFIG_ARM_GIC_MAX_NR=1
+# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
+# CONFIG_FMC is not set
+
+#
+# PHY Subsystem
+#
+# CONFIG_GENERIC_PHY is not set
+# CONFIG_BCM_KONA_USB2_PHY is not set
+# CONFIG_PHY_PXA_28NM_HSIC is not set
+# CONFIG_PHY_PXA_28NM_USB2 is not set
+# CONFIG_POWERCAP is not set
+# CONFIG_MCB is not set
+
+#
+# Performance monitor support
+#
+# CONFIG_RAS is not set
+# CONFIG_THUNDERBOLT is not set
+
+#
+# Android
+#
+# CONFIG_ANDROID is not set
+# CONFIG_LIBNVDIMM is not set
+# CONFIG_DAX is not set
+# CONFIG_NVMEM is not set
+# CONFIG_STM is not set
+# CONFIG_INTEL_TH is not set
+
+#
+# FPGA Configuration Support
+#
+# CONFIG_FPGA is not set
+
+#
+# FSI support
+#
+# CONFIG_FSI is not set
+
+#
+# Firmware Drivers
+#
+# CONFIG_EDD is not set
+CONFIG_FIRMWARE_MEMMAP=y
+# CONFIG_DELL_RBU is not set
+# CONFIG_DCDBAS is not set
+CONFIG_DMIID=y
+# CONFIG_DMI_SYSFS is not set
+CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
+# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_FW_CFG_SYSFS is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+# CONFIG_EFI_DEV_PATH_PARSER is not set
+
+#
+# Tegra firmware driver
+#
+
+#
+# File systems
+#
+CONFIG_DCACHE_WORD_ACCESS=y
+CONFIG_EXT2_FS=y
+# CONFIG_EXT2_FS_XATTR is not set
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_FS_POSIX_ACL is not set
+# CONFIG_EXT3_FS_SECURITY is not set
+CONFIG_EXT4_FS=y
+# CONFIG_EXT4_FS_POSIX_ACL is not set
+# CONFIG_EXT4_FS_SECURITY is not set
+# CONFIG_EXT4_ENCRYPTION is not set
+# CONFIG_EXT4_DEBUG is not set
+CONFIG_JBD2=y
+# CONFIG_JBD2_DEBUG is not set
+CONFIG_FS_MBCACHE=y
+CONFIG_REISERFS_FS=y
+# CONFIG_REISERFS_CHECK is not set
+# CONFIG_REISERFS_PROC_INFO is not set
+# CONFIG_REISERFS_FS_XATTR is not set
+# CONFIG_JFS_FS is not set
+# CONFIG_XFS_FS is not set
+# CONFIG_GFS2_FS is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_NILFS2_FS is not set
+# CONFIG_F2FS_FS is not set
+# CONFIG_FS_DAX is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
+# CONFIG_EXPORTFS_BLOCK_OPS is not set
+CONFIG_FILE_LOCKING=y
+CONFIG_MANDATORY_FILE_LOCKING=y
+# CONFIG_FS_ENCRYPTION is not set
+CONFIG_FSNOTIFY=y
+CONFIG_DNOTIFY=y
+CONFIG_INOTIFY_USER=y
+# CONFIG_FANOTIFY is not set
+CONFIG_QUOTA=y
+# CONFIG_QUOTA_NETLINK_INTERFACE is not set
+CONFIG_PRINT_QUOTA_WARNING=y
+# CONFIG_QUOTA_DEBUG is not set
+# CONFIG_QFMT_V1 is not set
+# CONFIG_QFMT_V2 is not set
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS4_FS=y
+# CONFIG_FUSE_FS is not set
+# CONFIG_OVERLAY_FS is not set
+
+#
+# Caches
+#
+# CONFIG_FSCACHE is not set
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+# CONFIG_ZISOFS is not set
+# CONFIG_UDF_FS is not set
+
+#
+# DOS/FAT/NT Filesystems
+#
+# CONFIG_MSDOS_FS is not set
+# CONFIG_VFAT_FS is not set
+# CONFIG_NTFS_FS is not set
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_PROC_PAGE_MONITOR=y
+# CONFIG_PROC_CHILDREN is not set
+CONFIG_KERNFS=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_TMPFS_XATTR is not set
+# CONFIG_HUGETLBFS is not set
+# CONFIG_HUGETLB_PAGE is not set
+# CONFIG_CONFIGFS_FS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ORANGEFS_FS is not set
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_CRAMFS is not set
+# CONFIG_SQUASHFS is not set
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+# CONFIG_NFS_FS is not set
+# CONFIG_NFSD is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_NCP_FS is not set
+# CONFIG_CODA_FS is not set
+# CONFIG_AFS_FS is not set
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+# CONFIG_9P_FS_SECURITY is not set
+CONFIG_NLS=y
+CONFIG_NLS_DEFAULT="iso8859-1"
+# CONFIG_NLS_CODEPAGE_437 is not set
+# CONFIG_NLS_CODEPAGE_737 is not set
+# CONFIG_NLS_CODEPAGE_775 is not set
+# CONFIG_NLS_CODEPAGE_850 is not set
+# CONFIG_NLS_CODEPAGE_852 is not set
+# CONFIG_NLS_CODEPAGE_855 is not set
+# CONFIG_NLS_CODEPAGE_857 is not set
+# CONFIG_NLS_CODEPAGE_860 is not set
+# CONFIG_NLS_CODEPAGE_861 is not set
+# CONFIG_NLS_CODEPAGE_862 is not set
+# CONFIG_NLS_CODEPAGE_863 is not set
+# CONFIG_NLS_CODEPAGE_864 is not set
+# CONFIG_NLS_CODEPAGE_865 is not set
+# CONFIG_NLS_CODEPAGE_866 is not set
+# CONFIG_NLS_CODEPAGE_869 is not set
+# CONFIG_NLS_CODEPAGE_936 is not set
+# CONFIG_NLS_CODEPAGE_950 is not set
+# CONFIG_NLS_CODEPAGE_932 is not set
+# CONFIG_NLS_CODEPAGE_949 is not set
+# CONFIG_NLS_CODEPAGE_874 is not set
+# CONFIG_NLS_ISO8859_8 is not set
+# CONFIG_NLS_CODEPAGE_1250 is not set
+# CONFIG_NLS_CODEPAGE_1251 is not set
+# CONFIG_NLS_ASCII is not set
+# CONFIG_NLS_ISO8859_1 is not set
+# CONFIG_NLS_ISO8859_2 is not set
+# CONFIG_NLS_ISO8859_3 is not set
+# CONFIG_NLS_ISO8859_4 is not set
+# CONFIG_NLS_ISO8859_5 is not set
+# CONFIG_NLS_ISO8859_6 is not set
+# CONFIG_NLS_ISO8859_7 is not set
+# CONFIG_NLS_ISO8859_9 is not set
+# CONFIG_NLS_ISO8859_13 is not set
+# CONFIG_NLS_ISO8859_14 is not set
+# CONFIG_NLS_ISO8859_15 is not set
+# CONFIG_NLS_KOI8_R is not set
+# CONFIG_NLS_KOI8_U is not set
+# CONFIG_NLS_MAC_ROMAN is not set
+# CONFIG_NLS_MAC_CELTIC is not set
+# CONFIG_NLS_MAC_CENTEURO is not set
+# CONFIG_NLS_MAC_CROATIAN is not set
+# CONFIG_NLS_MAC_CYRILLIC is not set
+# CONFIG_NLS_MAC_GAELIC is not set
+# CONFIG_NLS_MAC_GREEK is not set
+# CONFIG_NLS_MAC_ICELAND is not set
+# CONFIG_NLS_MAC_INUIT is not set
+# CONFIG_NLS_MAC_ROMANIAN is not set
+# CONFIG_NLS_MAC_TURKISH is not set
+# CONFIG_NLS_UTF8 is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+
+#
+# printk and dmesg options
+#
+# CONFIG_PRINTK_TIME is not set
+CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7
+CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
+
+#
+# Compile-time checks and compiler options
+#
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+# CONFIG_DEBUG_INFO_SPLIT is not set
+# CONFIG_DEBUG_INFO_DWARF4 is not set
+# CONFIG_GDB_SCRIPTS is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_FRAME_WARN=1024
+# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_PAGE_OWNER is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_SECTION_MISMATCH_WARN_ONLY=y
+CONFIG_ARCH_WANT_FRAME_POINTERS=y
+CONFIG_FRAME_POINTER=y
+# CONFIG_STACK_VALIDATION is not set
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_DEBUG_KERNEL=y
+
+#
+# Memory Debugging
+#
+# CONFIG_PAGE_EXTENSION is not set
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_PAGE_POISONING is not set
+CONFIG_DEBUG_RODATA_TEST=y
+# CONFIG_DEBUG_OBJECTS is not set
+# CONFIG_DEBUG_SLAB is not set
+CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
+CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
+# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_MEMORY_INIT=y
+CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_HAVE_ARCH_KMEMCHECK=y
+CONFIG_HAVE_ARCH_KASAN=y
+# CONFIG_KASAN is not set
+CONFIG_ARCH_HAS_KCOV=y
+# CONFIG_KCOV is not set
+# CONFIG_DEBUG_SHIRQ is not set
+
+#
+# Debug Lockups and Hangs
+#
+# CONFIG_SOFTLOCKUP_DETECTOR is not set
+CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
+# CONFIG_HARDLOCKUP_DETECTOR is not set
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
+# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
+CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_WQ_WATCHDOG is not set
+# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_ON_OOPS_VALUE=0
+CONFIG_PANIC_TIMEOUT=0
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_SCHED_INFO is not set
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_SCHED_STACK_END_CHECK is not set
+# CONFIG_DEBUG_TIMEKEEPING is not set
+
+#
+# Lock Debugging (spinlocks, mutexes, etc...)
+#
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
+# CONFIG_WW_MUTEX_SELFTEST is not set
+# CONFIG_STACKTRACE is not set
+# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
+# CONFIG_DEBUG_KOBJECT is not set
+CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_PI_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
+
+#
+# RCU Debugging
+#
+# CONFIG_PROVE_RCU is not set
+# CONFIG_TORTURE_TEST is not set
+# CONFIG_RCU_PERF_TEST is not set
+# CONFIG_RCU_TORTURE_TEST is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_RCU_EQS_DEBUG is not set
+# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
+CONFIG_HAVE_FENTRY=y
+CONFIG_HAVE_C_RECORDMCOUNT=y
+CONFIG_TRACING_SUPPORT=y
+CONFIG_FTRACE=y
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_SCHED_TRACER is not set
+# CONFIG_HWLAT_TRACER is not set
+# CONFIG_ENABLE_DEFAULT_TRACERS is not set
+# CONFIG_FTRACE_SYSCALLS is not set
+# CONFIG_TRACER_SNAPSHOT is not set
+CONFIG_BRANCH_PROFILE_NONE=y
+# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
+# CONFIG_PROFILE_ALL_BRANCHES is not set
+# CONFIG_STACK_TRACER is not set
+# CONFIG_BLK_DEV_IO_TRACE is not set
+# CONFIG_UPROBE_EVENTS is not set
+# CONFIG_PROBE_EVENTS is not set
+# CONFIG_MMIOTRACE is not set
+# CONFIG_HIST_TRIGGERS is not set
+# CONFIG_TRACEPOINT_BENCHMARK is not set
+
+#
+# Runtime Testing
+#
+# CONFIG_TEST_LIST_SORT is not set
+# CONFIG_TEST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_INTERVAL_TREE_TEST is not set
+# CONFIG_ATOMIC64_SELFTEST is not set
+# CONFIG_TEST_HEXDUMP is not set
+# CONFIG_TEST_STRING_HELPERS is not set
+# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_TEST_PRINTF is not set
+# CONFIG_TEST_BITMAP is not set
+# CONFIG_TEST_UUID is not set
+# CONFIG_TEST_RHASHTABLE is not set
+# CONFIG_TEST_HASH is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_DMA_API_DEBUG is not set
+# CONFIG_TEST_FIRMWARE is not set
+# CONFIG_TEST_SYSCTL is not set
+# CONFIG_TEST_UDELAY is not set
+# CONFIG_MEMTEST is not set
+# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
+CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
+# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set
+# CONFIG_UBSAN is not set
+CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
+# CONFIG_STRICT_DEVMEM is not set
+CONFIG_X86_VERBOSE_BOOTUP=y
+CONFIG_EARLY_PRINTK=y
+# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_EARLY_PRINTK_USB_XDBC is not set
+# CONFIG_X86_PTDUMP_CORE is not set
+# CONFIG_X86_PTDUMP is not set
+# CONFIG_DEBUG_WX is not set
+CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
+# CONFIG_IOMMU_DEBUG is not set
+# CONFIG_IOMMU_STRESS is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
+# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_ENTRY is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+CONFIG_X86_DEBUG_FPU=y
+# CONFIG_PUNIT_ATOM_DEBUG is not set
+
+#
+# Security options
+#
+# CONFIG_KEYS is not set
+# CONFIG_SECURITY_DMESG_RESTRICT is not set
+# CONFIG_SECURITY is not set
+# CONFIG_SECURITYFS is not set
+CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
+# CONFIG_HARDENED_USERCOPY is not set
+# CONFIG_FORTIFY_SOURCE is not set
+# CONFIG_STATIC_USERMODEHELPER is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=y
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=y
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_RNG_DEFAULT=y
+CONFIG_CRYPTO_AKCIPHER2=y
+CONFIG_CRYPTO_KPP2=y
+CONFIG_CRYPTO_KPP=y
+CONFIG_CRYPTO_ACOMP2=y
+# CONFIG_CRYPTO_RSA is not set
+CONFIG_CRYPTO_DH=y
+CONFIG_CRYPTO_ECDH=y
+CONFIG_CRYPTO_MANAGER=y
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
+CONFIG_CRYPTO_GF128MUL=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_NULL2=y
+CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_CRYPTD=y
+CONFIG_CRYPTO_MCRYPTD=y
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_ABLK_HELPER=y
+CONFIG_CRYPTO_SIMD=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_CHACHA20POLY1305=y
+CONFIG_CRYPTO_SEQIV=y
+CONFIG_CRYPTO_ECHAINIV=y
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_CTR=y
+# CONFIG_CRYPTO_CTS is not set
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+CONFIG_CRYPTO_XTS=y
+# CONFIG_CRYPTO_KEYWRAP is not set
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_CMAC=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=y
+# CONFIG_CRYPTO_VMAC is not set
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=y
+# CONFIG_CRYPTO_CRC32C_INTEL is not set
+# CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_PCLMUL is not set
+# CONFIG_CRYPTO_CRCT10DIF is not set
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_POLY1305=y
+CONFIG_CRYPTO_POLY1305_X86_64=y
+CONFIG_CRYPTO_MD4=y
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=y
+CONFIG_CRYPTO_RMD128=y
+CONFIG_CRYPTO_RMD160=y
+CONFIG_CRYPTO_RMD256=y
+CONFIG_CRYPTO_RMD320=y
+CONFIG_CRYPTO_SHA1=y
+# CONFIG_CRYPTO_SHA1_SSSE3 is not set
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+# CONFIG_CRYPTO_SHA1_MB is not set
+CONFIG_CRYPTO_SHA256_MB=y
+CONFIG_CRYPTO_SHA512_MB=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_SHA3=y
+CONFIG_CRYPTO_TGR192=y
+CONFIG_CRYPTO_WP512=y
+# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=y
+# CONFIG_CRYPTO_AES_TI is not set
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=y
+CONFIG_CRYPTO_ARC4=y
+CONFIG_CRYPTO_BLOWFISH=y
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
+CONFIG_CRYPTO_CAMELLIA=y
+CONFIG_CRYPTO_CAMELLIA_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
+CONFIG_CRYPTO_CAST_COMMON=y
+CONFIG_CRYPTO_CAST5=y
+CONFIG_CRYPTO_CAST5_AVX_X86_64=y
+CONFIG_CRYPTO_CAST6=y
+CONFIG_CRYPTO_CAST6_AVX_X86_64=y
+CONFIG_CRYPTO_DES=y
+# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set
+CONFIG_CRYPTO_FCRYPT=y
+CONFIG_CRYPTO_KHAZAD=y
+CONFIG_CRYPTO_SALSA20=y
+CONFIG_CRYPTO_SALSA20_X86_64=y
+CONFIG_CRYPTO_CHACHA20=y
+CONFIG_CRYPTO_CHACHA20_X86_64=y
+CONFIG_CRYPTO_SEED=y
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y
+CONFIG_CRYPTO_TEA=y
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=y
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=y
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_842=y
+CONFIG_CRYPTO_LZ4=y
+CONFIG_CRYPTO_LZ4HC=y
+
+#
+# Random Number Generation
+#
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+CONFIG_CRYPTO_DRBG_MENU=y
+CONFIG_CRYPTO_DRBG_HMAC=y
+CONFIG_CRYPTO_DRBG_HASH=y
+CONFIG_CRYPTO_DRBG_CTR=y
+CONFIG_CRYPTO_DRBG=y
+CONFIG_CRYPTO_JITTERENTROPY=y
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+# CONFIG_CRYPTO_USER_API_RNG is not set
+CONFIG_CRYPTO_USER_API_AEAD=y
+# CONFIG_CRYPTO_HW is not set
+
+#
+# Certificates for signature checking
+#
+CONFIG_HAVE_KVM=y
+CONFIG_VIRTUALIZATION=y
+# CONFIG_KVM is not set
+# CONFIG_VHOST_NET is not set
+# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
+# CONFIG_BINARY_PRINTF is not set
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=y
+# CONFIG_HAVE_ARCH_BITREVERSE is not set
+CONFIG_RATIONAL=y
+CONFIG_GENERIC_STRNCPY_FROM_USER=y
+CONFIG_GENERIC_STRNLEN_USER=y
+CONFIG_GENERIC_NET_UTILS=y
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_PCI_IOMAP=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_GENERIC_IO=y
+CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
+CONFIG_CRC_CCITT=y
+CONFIG_CRC16=y
+# CONFIG_CRC_T10DIF is not set
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC32=y
+# CONFIG_CRC32_SELFTEST is not set
+CONFIG_CRC32_SLICEBY8=y
+# CONFIG_CRC32_SLICEBY4 is not set
+# CONFIG_CRC32_SARWATE is not set
+# CONFIG_CRC32_BIT is not set
+# CONFIG_CRC4 is not set
+CONFIG_CRC7=y
+CONFIG_LIBCRC32C=y
+# CONFIG_CRC8 is not set
+# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set
+# CONFIG_RANDOM32_SELFTEST is not set
+CONFIG_842_COMPRESS=y
+CONFIG_842_DECOMPRESS=y
+CONFIG_ZLIB_INFLATE=y
+CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_COMPRESS=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=y
+CONFIG_LZ4HC_COMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
+# CONFIG_XZ_DEC is not set
+# CONFIG_XZ_DEC_BCJ is not set
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT_MAP=y
+CONFIG_HAS_DMA=y
+# CONFIG_DMA_NOOP_OPS is not set
+# CONFIG_DMA_VIRT_OPS is not set
+CONFIG_DQL=y
+CONFIG_NLATTR=y
+CONFIG_CLZ_TAB=y
+# CONFIG_CORDIC is not set
+# CONFIG_DDR is not set
+# CONFIG_IRQ_POLL is not set
+CONFIG_MPILIB=y
+# CONFIG_SG_SPLIT is not set
+# CONFIG_SG_POOL is not set
+CONFIG_ARCH_HAS_SG_CHAIN=y
+CONFIG_ARCH_HAS_PMEM_API=y
+CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y
+CONFIG_ARCH_HAS_MMIO_FLUSH=y
+CONFIG_SBITMAP=y
diff --git a/testing/do-tests b/testing/do-tests
index e3fd9b464..38999ea61 100755
--- a/testing/do-tests
+++ b/testing/do-tests
@@ -825,7 +825,7 @@ do
for host in $IPSECHOSTS
do
eval HOSTLOGIN=root@\$ipv4_${host}
- ssh $SSHCONF $HOSTLOGIN "grep -s -E 'charon|last message repeated|imcv' \
+ ssh $SSHCONF $HOSTLOGIN "grep -s -E 'systemd|swanctl|charon|last message repeated|imcv' \
/var/log/daemon.log" >> $TESTRESULTDIR/${host}.daemon.log
done
diff --git a/testing/hosts/default/etc/strongswan.conf.testing b/testing/hosts/default/etc/strongswan.conf.testing
index b62355097..604769a49 100644
--- a/testing/hosts/default/etc/strongswan.conf.testing
+++ b/testing/hosts/default/etc/strongswan.conf.testing
@@ -7,6 +7,16 @@ charon {
xfrm_acq_expires = 60
}
}
+ syslog {
+ daemon {
+ }
+ auth {
+ default = 0
+ }
+ }
+ journal {
+ default = -1
+ }
}
include strongswan.conf
diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage
index 1264bd7ee..95453d620 100755
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@@ -18,7 +18,7 @@ INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc
INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,liblog4cxx10-dev
INC=$INC,libboost-thread-dev,libboost-system-dev,git-core,iperf,htop,screen
INC=$INC,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev
-INC=$INC,dnsutils,libsoup2.4-dev,ca-certificates,unzip
+INC=$INC,dnsutils,libsoup2.4-dev,ca-certificates,unzip,libsystemd-dev
INC=$INC,python,python-setuptools,python-dev,python-pip,apt-transport-https
INC=$INC,libjson0-dev,libxslt1-dev,libapache2-mod-wsgi,iptables-dev
case "$BASEIMGSUITE" in
diff --git a/testing/scripts/build-strongswan b/testing/scripts/build-strongswan
index d4e9e922f..150fce30c 100755
--- a/testing/scripts/build-strongswan
+++ b/testing/scripts/build-strongswan
@@ -50,8 +50,7 @@ execute "bindfs -u $SRCUID -g $SRCGID $SWANDIR $LOOPDIR/root/strongswan"
do_on_exit umount $LOOPDIR/root/strongswan
log_action "Remove SWID tags of previous versions"
-execute_chroot 'find /usr/local/share/regid.2004-03.org.strongswan -name *.swidtag -delete'
-execute_chroot 'find /usr/local/share/strongswan -name *.swidtag -delete'
+execute_chroot "find /usr/local/share -path '*strongswan*' -name *.swidtag -delete"
echo "Building and installing strongSwan"
diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk
index 3c5f41834..80f779c7d 100644
--- a/testing/scripts/recipes/013_strongswan.mk
+++ b/testing/scripts/recipes/013_strongswan.mk
@@ -103,7 +103,8 @@ CONFIG_OPTS = \
--enable-lookip \
--enable-bliss \
--enable-sha3 \
- --enable-newhope
+ --enable-newhope \
+ --enable-systemd
export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
diff --git a/testing/ssh_config b/testing/ssh_config
index 367683018..56a619002 100644
--- a/testing/ssh_config
+++ b/testing/ssh_config
@@ -1,4 +1,5 @@
Host *
+ LogLevel QUIET
# debian default
SendEnv LANG LC_*
SendEnv LEAK_DETECTIVE_LOG
diff --git a/testing/testing.conf b/testing/testing.conf
index e22afc3e4..e33fb4fc9 100644
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -31,7 +31,7 @@ fi
: ${KERNELPATCH=ha-4.4-abicompat.patch.bz2}
# strongSwan version used in tests
-: ${SWANVERSION=5.6.0}
+: ${SWANVERSION=5.6.1}
# Build directory where the guest kernel and images will be built
: ${BUILDDIR=$TESTDIR/build}
diff --git a/testing/tests/af-alg/alg-camellia/description.txt b/testing/tests/af-alg/alg-camellia/description.txt
index 87679788f..995ab4c65 100644
--- a/testing/tests/af-alg/alg-camellia/description.txt
+++ b/testing/tests/af-alg/alg-camellia/description.txt
@@ -1,3 +1,3 @@
-Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the IKE cipher suite <b>CAMELLIA_CBC_256 /
-HMAC_SHA2_512_256 / PRF_HMAC_SHA2_512 / MODP_3072</b> well as the ESP cipher suite <b>CAMELLIA_CBC_192 / HMAC_SHA384_192</b>.
-A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the IKE cipher suite <b>camellia256-sha512-modp3072</b>
+well as the ESP cipher suite <b>camellia192-sha384</b>. A ping from <b>carol</b> to <b>alice</b> successfully
+checks the established tunnel.
diff --git a/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
index 81a85aa06..e475be3ca 100644
--- a/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
}
diff --git a/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
index 81a85aa06..e475be3ca 100644
--- a/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
}
diff --git a/testing/tests/af-alg/alg-camellia/posttest.dat b/testing/tests/af-alg/alg-camellia/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/af-alg/alg-camellia/posttest.dat
+++ b/testing/tests/af-alg/alg-camellia/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/af-alg/alg-camellia/pretest.dat b/testing/tests/af-alg/alg-camellia/pretest.dat
index 41255bccb..dbd1738ae 100644
--- a/testing/tests/af-alg/alg-camellia/pretest.dat
+++ b/testing/tests/af-alg/alg-camellia/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection net
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
index 3610ac699..456c70df2 100644
--- a/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,13 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
index afa7afe83..b6be829f4 100644
--- a/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,13 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac xcbc ctr ccm gcm kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac xcbc ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
index 3610ac699..456c70df2 100644
--- a/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,13 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/af-alg/rw-cert/posttest.dat b/testing/tests/af-alg/rw-cert/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/af-alg/rw-cert/posttest.dat
+++ b/testing/tests/af-alg/rw-cert/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/af-alg/rw-cert/pretest.dat b/testing/tests/af-alg/rw-cert/pretest.dat
index 7652f460e..664cc9447 100644
--- a/testing/tests/af-alg/rw-cert/pretest.dat
+++ b/testing/tests/af-alg/rw-cert/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection net
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt
index 982efa5ea..28c6adb4b 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>SERPENT_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
-<b>SERPENT_CBC_256 / HMAC_SHA2_512_256 </b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
+<b>serpent256-sha512-modp4096</b> for the IKE protocol and <b>serpent256-sha512</b>
+for ESP packets. A ping from <b>carol</b> to <b>alice</b> successfully checks the
+established tunnel.
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
index 10c0ac6fb..b57ffec12 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
index 6c49b5e9b..22371e465 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
index 6387dff4f..e9c83e483 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
@@ -1,2 +1,2 @@
-moon::service charon stop
-carol::service charon stop
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl \ No newline at end of file
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
index 0f615f4ac..8c6a3ba30 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-moon::expect-connection rw
-carol::expect-connection home
-carol::swanctl --initiate --child home 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null \ No newline at end of file
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt
index e1a7403e3..bfef69b5c 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>TWOFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
-<b>TWOFISH_CBC_256 / HMAC_SHA2_512_256 </b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
+<b>twofish256-sha512-modp4096</b> for the IKE protocol and <b>twofish256-sha512</b>
+for ESP packets. A ping from <b>carol</b> to <b>alice</b> successfully checks the
+established tunnel.
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
index 10c0ac6fb..b57ffec12 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
index 6c49b5e9b..22371e465 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
index 6387dff4f..e9c83e483 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
@@ -1,2 +1,2 @@
-moon::service charon stop
-carol::service charon stop
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl \ No newline at end of file
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
index 0f615f4ac..b9e2a8eee 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-moon::expect-connection rw
-carol::expect-connection home
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/description.txt b/testing/tests/gcrypt-ikev2/alg-camellia/description.txt
index b3515c333..4b8eeb87e 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/description.txt
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/description.txt
@@ -1,4 +1,3 @@
-Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the IKE cipher suite <b>CAMELLIA_CBC_256 /
-HMAC_SHA2_512_256 / MODP_2048</b> by defining <b>ike=camellia256-sha256-modp2048</b> as well as
-the ESP cipher suite <b>CAMELLIA_CBC_192 / HMAC_SHA1_96</b> by defining <b>esp=camellia192-sha1</b>
-in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the IKE cipher suite
+<b>camellia256-sha512-modp3072</b> as well as the ESP cipher suite <b>camellia192-sha384</b>.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
index 562336fd4..8a2e36baa 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
@@ -1,12 +1,6 @@
-moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
-carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
-carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=CAMELLIA_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=CAMELLIA_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=CAMELLIA_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=CAMELLIA_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
moon:: ip xfrm state::enc cbc(camellia)::YES
carol::ip xfrm state::enc cbc(camellia)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index f0bbfc10f..000000000
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=camellia256-sha512-modp3072!
- esp=camellia192-sha384!
-
-conn home
- left=PH_IP_CAROL
- leftfirewall=yes
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- right=PH_IP_MOON
- rightsubnet=10.1.0.0/16
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index 3c094be34..e1d5a10dc 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici
}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..acba9cecb
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = camellia192-sha384
+ }
+ }
+ version = 2
+ proposals = camellia256-sha512-modp3072
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 8481f8974..000000000
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=camellia256-sha512-modp3072!
- esp=camellia192-sha384!
-
-conn rw
- left=PH_IP_MOON
- leftfirewall=yes
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- right=%any
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index 3c094be34..e1d5a10dc 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici
}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..1c06bb2ce
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = camellia192-sha384
+ }
+ }
+ version = 2
+ proposals = camellia256-sha512-modp3072
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat
index 046d4cfdc..2b00bea8e 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-carol::ipsec stop
+carol::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
index e34f70277..dbd1738ae 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::ipsec start
-carol::ipsec start
-moon::expect-connection rw
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+moon::expect-connection net
carol::expect-connection home
-carol::ipsec up home
+carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/test.conf b/testing/tests/gcrypt-ikev2/alg-camellia/test.conf
index 4a5fc470f..307c7e9cc 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/test.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/description.txt b/testing/tests/gcrypt-ikev2/rw-cert/description.txt
index f60f5b1ad..0502a6be2 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/description.txt
+++ b/testing/tests/gcrypt-ikev2/rw-cert/description.txt
@@ -5,8 +5,8 @@ plugins <b>aes des sha1 sha2 md5 gmp</b>.
<p>
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
+Upon the successful establishment of the IPsec tunnels, the <b>updown</b> directive
+in swanctl.conf automatically inserts iptables-based firewall rules that let pass the
+tunneled traffic. In order to test both tunnel and firewall, both <b>carol</b> and
+<b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
index 849d59a4e..eccdcf0c1 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
+++ b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_1536.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_1536.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index 214a8de28..000000000
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=3des-sha1-modp1536!
- esp=3des-sha1!
-
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- leftfirewall=yes
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 2b4da7495..c637e97ec 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..22fe14f92
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = 3des-sha1-modp1536
+ }
+ }
+ version = 2
+ proposals = 3des-sha1-modp1536
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 603651a43..000000000
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=aes256-sha512-modp2048!
- esp=aes256-sha512!
-
-conn home
- left=PH_IP_DAVE
- leftcert=daveCert.pem
- leftid=dave@strongswan.org
- leftfirewall=yes
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index f7b335e72..4f6bec1b4 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm vici stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
required = yes
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b3622f50e
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-modp3072
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-modp3072
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index ce4c0decb..000000000
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=aes256-sha512-modp2048,3des-sha1-modp1536!
- esp=aes256-sha512,3des-sha1!
-
-conn rw
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftfirewall=yes
- right=%any
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index 2b4da7495..c637e97ec 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..ccd247af0
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-modp3072,3des-sha1-modp1536
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-modp3072,3des-sha1-modp1536
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/posttest.dat b/testing/tests/gcrypt-ikev2/rw-cert/posttest.dat
index 1865a1c60..b909ac76c 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/posttest.dat
+++ b/testing/tests/gcrypt-ikev2/rw-cert/posttest.dat
@@ -1,6 +1,8 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/pretest.dat b/testing/tests/gcrypt-ikev2/rw-cert/pretest.dat
index 15c4ad7d1..664cc9447 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/pretest.dat
+++ b/testing/tests/gcrypt-ikev2/rw-cert/pretest.dat
@@ -1,11 +1,11 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-moon::expect-connection rw
-carol::expect-connection home
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection net
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/test.conf b/testing/tests/gcrypt-ikev2/rw-cert/test.conf
index f29298850..1227b9d1c 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/test.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
index d6e251dba..0ddecec94 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 3"
-
conn %default
keyexchange=ikev1
ike=aes128-sha256-modp3072!
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
index 02ae5affa..7e78d0431 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 3
+ }
+ }
}
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
index 7c0490d59..40327a9ec 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 3"
-
conn %default
keyexchange=ikev1
ike=aes128-sha256-modp3072!
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
index 02ae5affa..7e78d0431 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 3
+ }
+ }
}
diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
index 4fcff4a89..6c4ad62fc 100644
--- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
index 2e81bfd04..1bf040c21 100644
--- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
index 218c9f155..a725ea7da 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -13,7 +10,7 @@ conn %default
esp=aes256-sha512!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
index 38df6a919..759b92285 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -6,6 +6,12 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
plugins {
ntru {
parameter_set = optimum
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
index ce610b6a3..5cadaccc9 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
@@ -1,19 +1,16 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev1
ike=aes256-sha512-ntru256!
esp=aes256-sha512!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
index 7a578d242..04da33fd6 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -5,4 +5,10 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
}
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
index 77ed2c0c9..afa1641c5 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="job 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
index af5fa19ef..cf4c1eba4 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ job = 2
+ }
+ }
}
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
index 82a8f38c5..51a2e5758 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="job 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
index 93f434598..f09c27902 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ job = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
index 89674b2a1..7456a9d8a 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index d69a7b808..99d3c61d9 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ cfg = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
index 82804a0fe..3c0578d4b 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index a3c9999f7..99a0e8940 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ cfg = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf
index aac963e91..eee4e6edc 100644
--- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -10,7 +7,7 @@ conn %default
keyingtries=1
keyexchange=ikev2
-conn alice
+conn alice
rightid=alice@strongswan.org
mark=10/0xffffffff
also=sun
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
index 93f434598..9691dd22f 100644
--- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf
index 7af65a55d..e8eaa4887 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
keyexchange=ikev2
ike=aes128-sha256-modp3072!
diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf
index 82da6cb7a..95e90fd09 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
keyexchange=ikev2
ike=aes128-sha256-modp3072!
diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
index 8cce0c957..71f5442c0 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -13,7 +10,7 @@ conn %default
esp=aes128-sha256-esn-noesn!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
index 1fd5ddb03..9e0df8111 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -1,19 +1,16 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
ike=aes128-sha256-modp3072!
esp=aes128-sha256-esn!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf
index 01d114dd9..4251ecd68 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -13,7 +10,7 @@ conn %default
esp=aes128-sha256!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
index 49077484a..2dd0446ce 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
@@ -6,9 +6,15 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
plugins {
ntru {
- parameter_set = x9_98_bandwidth
+ parameter_set = x9_98_bandwidth
}
}
}
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf
index e57bec965..449ee7989 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf
@@ -1,19 +1,16 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
ike=aes128-sha256-ntru128!
esp=aes128-sha256!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
index 1dcbd6c27..2dd0446ce 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
@@ -6,6 +6,12 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
plugins {
ntru {
parameter_set = x9_98_bandwidth
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
index 9da45bcba..f29a8b2a2 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -13,7 +10,7 @@ conn %default
esp=aes256-sha512!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
index 38df6a919..759b92285 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -6,6 +6,12 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
plugins {
ntru {
parameter_set = optimum
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
index 50be98057..76fbc8024 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
@@ -1,19 +1,16 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
ike=aes256-sha512-ntru256!
esp=aes256-sha512!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
index 0b31f738c..d461bda50 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -4,4 +4,10 @@ charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
index aeaebe1f4..8c7918b80 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -25,7 +22,7 @@ conn dscp-ef
also=net-net
auto=add
-conn net-net
+conn net-net
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftfirewall=yes
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
index 3cf8c8807..a0be3ce18 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
index 8b54476fd..3c4d0a07f 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
@@ -1,13 +1,10 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
mobike=no
@@ -25,7 +22,7 @@ conn dscp-ef
also=net-net
auto=add
-conn net-net
+conn net-net
left=PH_IP_SUN
leftsubnet=10.2.0.0/16
leftfirewall=yes
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
index 3cf8c8807..a0be3ce18 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf
index dcd98b4de..ec3daa00a 100644
--- a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
lifetime=10s
diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
index 3dcbf76ea..8d26c1381 100644
--- a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
@@ -4,4 +4,9 @@ charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
# remove rekeyed inbound SA a bit quicker for the test scenario
delete_rekeyed_delay = 2
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
index 9ba918893..ec7d9a79a 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -11,7 +8,7 @@ conn %default
keyexchange=ikev2
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
index 18ed6a4c4..c9a56d748 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
index d41e43a5c..cc86ebc0a 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
@@ -1,17 +1,14 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
index 18ed6a4c4..c9a56d748 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf
index a5c2cc5fc..cdcf4e6f2 100644
--- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
index af5fa19ef..6bc136a9b 100644
--- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
index b7b27b720..10d92873d 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
index 6b0ab0dcc..58a2f2243 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
plugins {
eap-tls {
max_message_count = 40
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
index ee4bfd27d..0ab0c4772 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
index 6b0ab0dcc..58a2f2243 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
plugins {
eap-tls {
max_message_count = 40
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
index 5e06976d1..756e3835c 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
index 2261fc3e1..74881b5cf 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -4,4 +4,9 @@ charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
index 37fa2b435..4a645d741 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
index 8865bd52c..797d27cc2 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
libtls {
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
index fc6f1e633..6aaeb160f 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
index 84d571482..ef5666914 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -3,6 +3,11 @@
charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
libtls {
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
index 8ff3c2ab6..576d2cb99 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
index 951002690..fa1febe0f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
index 367c0b527..ba52ec31e 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
index 951002690..fa1febe0f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
index cd93a48e7..738481257 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
index 242329b3b..02899fdb7 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
plugins {
eap-ttls {
phase2_method = md5
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
index 8ff3c2ab6..576d2cb99 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
index 951002690..fa1febe0f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
index 367c0b527..ba52ec31e 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
index 951002690..fa1febe0f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
index cd93a48e7..738481257 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
index 20afebf81..0ff7725ca 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
plugins {
eap-ttls {
phase2_method = md5
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
index 5b1ac90a3..c18df1c73 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 1d380c409..443332acc 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
index 8aa168745..2b58fbfca 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 1d380c409..443332acc 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
index 4b549cbd5..f0094e4d7 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -10,7 +7,7 @@ conn %default
keyingtries=1
keyexchange=ikev2
-conn alice
+conn alice
rightid=alice@strongswan.org
mark_in=10/0xffffffff
mark_out=11/0xffffffff
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
index 93f434598..9691dd22f 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf
index a2d62296f..0e4eaa1ea 100644
--- a/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
index dbcd7d844..709e0c5e4 100644
--- a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf
index 3c7adfbf9..47792af99 100644
--- a/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
index 8d89cd0bb..5e900fd1b 100644
--- a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf
index 409bee2cb..650ebddd9 100644
--- a/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
index 8d89cd0bb..5e900fd1b 100644
--- a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf
index 71edc4c14..ef99cc768 100644
--- a/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
index 8d89cd0bb..5e900fd1b 100644
--- a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/description.txt b/testing/tests/ipv6-stroke/host2host-ikev1/description.txt
new file mode 100644
index 000000000..b52c4caf8
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/description.txt
@@ -0,0 +1,5 @@
+An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
+The authentication is based on X.509 certificates. Upon the successful establishment of
+the IPsec tunnel, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
+rules that let pass the tunneled traffic. In order to test both the host-to-host tunnel
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/host2host-ikev1/evaltest.dat
new file mode 100644
index 000000000..186ce4e06
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/ipsec.conf
index 9e68eb674..9e68eb674 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..8c90a8e03
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/ipsec.conf
index 23bc5c627..23bc5c627 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/posttest.dat b/testing/tests/ipv6-stroke/host2host-ikev1/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/pretest.dat b/testing/tests/ipv6-stroke/host2host-ikev1/pretest.dat
new file mode 100644
index 000000000..46c015387
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection host-host
+sun::expect-connection host-host
+moon::ipsec up host-host
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/test.conf b/testing/tests/ipv6-stroke/host2host-ikev1/test.conf
new file mode 100644
index 000000000..e1d17aa16
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-w-s-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/description.txt b/testing/tests/ipv6-stroke/host2host-ikev2/description.txt
new file mode 100644
index 000000000..b52c4caf8
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/description.txt
@@ -0,0 +1,5 @@
+An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
+The authentication is based on X.509 certificates. Upon the successful establishment of
+the IPsec tunnel, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
+rules that let pass the tunneled traffic. In order to test both the host-to-host tunnel
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/host2host-ikev2/evaltest.dat
new file mode 100644
index 000000000..186ce4e06
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/ipsec.conf
index faee5c854..faee5c854 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/ipsec.conf
index f4dc393ee..f4dc393ee 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/posttest.dat b/testing/tests/ipv6-stroke/host2host-ikev2/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/pretest.dat b/testing/tests/ipv6-stroke/host2host-ikev2/pretest.dat
new file mode 100644
index 000000000..46c015387
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection host-host
+sun::expect-connection host-host
+moon::ipsec up host-host
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/test.conf b/testing/tests/ipv6-stroke/host2host-ikev2/test.conf
new file mode 100644
index 000000000..e1d17aa16
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-w-s-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/description.txt b/testing/tests/ipv6-stroke/net2net-ikev1/description.txt
new file mode 100644
index 000000000..5952ecc2d
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ikev1/evaltest.dat
new file mode 100644
index 000000000..4cf23a31b
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/ipsec.conf
index 4821989a9..4821989a9 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/ipsec.conf
index 23bc5c627..23bc5c627 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/posttest.dat b/testing/tests/ipv6-stroke/net2net-ikev1/posttest.dat
new file mode 100644
index 000000000..078fca541
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+sun::ipsec stop
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/pretest.dat b/testing/tests/ipv6-stroke/net2net-ikev1/pretest.dat
new file mode 100644
index 000000000..a14b3cf79
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/test.conf b/testing/tests/ipv6-stroke/net2net-ikev1/test.conf
new file mode 100644
index 000000000..abade5bba
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/description.txt b/testing/tests/ipv6-stroke/net2net-ikev2/description.txt
new file mode 100644
index 000000000..5952ecc2d
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ikev2/evaltest.dat
new file mode 100644
index 000000000..4cf23a31b
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/ipsec.conf
index 7292066a9..7292066a9 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/ipsec.conf
index 2141c15c5..2141c15c5 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/posttest.dat b/testing/tests/ipv6-stroke/net2net-ikev2/posttest.dat
new file mode 100644
index 000000000..078fca541
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+sun::ipsec stop
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/pretest.dat b/testing/tests/ipv6-stroke/net2net-ikev2/pretest.dat
new file mode 100644
index 000000000..a14b3cf79
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/test.conf b/testing/tests/ipv6-stroke/net2net-ikev2/test.conf
new file mode 100644
index 000000000..abade5bba
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/description.txt b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/description.txt
new file mode 100644
index 000000000..62fff0b30
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/description.txt
@@ -0,0 +1,4 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two IPv4 subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. In order to test the IPv4-over-IPv6 ESP tunnel, client <b>alice</b> behind <b>moon</b>
+sends an IPv4 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping command.
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/evaltest.dat
new file mode 100644
index 000000000..ee9e22ed7
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf
index c43086f76..c43086f76 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf
index f64bc2342..f64bc2342 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/posttest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/pretest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/pretest.dat
new file mode 100644
index 000000000..812ccd162
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/test.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/test.conf
new file mode 100644
index 000000000..58ec28767
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip4-in-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/description.txt b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/description.txt
new file mode 100644
index 000000000..62fff0b30
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/description.txt
@@ -0,0 +1,4 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two IPv4 subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. In order to test the IPv4-over-IPv6 ESP tunnel, client <b>alice</b> behind <b>moon</b>
+sends an IPv4 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping command.
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/evaltest.dat
new file mode 100644
index 000000000..ee9e22ed7
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf
index 704737eaf..704737eaf 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf
index e739fc8ea..e739fc8ea 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/posttest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/pretest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/pretest.dat
new file mode 100644
index 000000000..812ccd162
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/test.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/test.conf
new file mode 100644
index 000000000..58ec28767
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip4-in-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/description.txt
new file mode 100644
index 000000000..5952ecc2d
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/evaltest.dat
new file mode 100644
index 000000000..803cf5ef5
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
index 93660a2d8..93660a2d8 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..aeab0b9b5
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ install_routes = no
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ip6tables.rules b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf
index 30dadee78..30dadee78 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..429439ee4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ install_routes=no
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/posttest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/posttest.dat
new file mode 100644
index 000000000..078fca541
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+sun::ipsec stop
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/pretest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/pretest.dat
new file mode 100644
index 000000000..58711bc06
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/test.conf
new file mode 100644
index 000000000..345e2d808
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip6-in-ip4.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/description.txt b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/description.txt
new file mode 100644
index 000000000..5952ecc2d
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/evaltest.dat
new file mode 100644
index 000000000..803cf5ef5
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
index f1cbd5576..f1cbd5576 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..0be55a717
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ install_routes = no
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ip6tables.rules b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf
index 1f1fa6c51..1f1fa6c51 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..812d52a95
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ install_routes=no
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/posttest.dat
new file mode 100644
index 000000000..078fca541
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+sun::ipsec stop
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/pretest.dat
new file mode 100644
index 000000000..58711bc06
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/test.conf
new file mode 100644
index 000000000..345e2d808
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip6-in-ip4.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/description.txt b/testing/tests/ipv6-stroke/rw-ikev1/description.txt
new file mode 100644
index 000000000..17461370e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/rw-ikev1/evaltest.dat
new file mode 100644
index 000000000..0e125b70e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/ipsec.conf
index 4bcfd19dd..4bcfd19dd 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..af5fa19ef
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/ipsec.conf
index 125303638..125303638 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/ipsec.conf
index 880b1b2e7..880b1b2e7 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/posttest.dat b/testing/tests/ipv6-stroke/rw-ikev1/posttest.dat
new file mode 100644
index 000000000..4e59395e3
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/posttest.dat
@@ -0,0 +1,12 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/pretest.dat b/testing/tests/ipv6-stroke/rw-ikev1/pretest.dat
new file mode 100644
index 000000000..f60be3887
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/pretest.dat
@@ -0,0 +1,17 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/test.conf b/testing/tests/ipv6-stroke/rw-ikev1/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/description.txt b/testing/tests/ipv6-stroke/rw-ikev2/description.txt
new file mode 100644
index 000000000..17461370e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/rw-ikev2/evaltest.dat
new file mode 100644
index 000000000..0e125b70e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/ipsec.conf
index 21166b2d0..21166b2d0 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..9c9714a33
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/ipsec.conf
index 9513be833..9513be833 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..3a52f0db6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/ipsec.conf
index 4bed27ec5..4bed27ec5 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3a52f0db6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/posttest.dat b/testing/tests/ipv6-stroke/rw-ikev2/posttest.dat
new file mode 100644
index 000000000..4e59395e3
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/posttest.dat
@@ -0,0 +1,12 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/pretest.dat b/testing/tests/ipv6-stroke/rw-ikev2/pretest.dat
new file mode 100644
index 000000000..f60be3887
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/pretest.dat
@@ -0,0 +1,17 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/test.conf b/testing/tests/ipv6-stroke/rw-ikev2/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/description.txt
new file mode 100644
index 000000000..f9412611b
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address from <b>moon</b> via
+the IKEv1 mode config payload.
+<p/>
+Upon the successful establishment of the ESP tunnels, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/evaltest.dat
new file mode 100644
index 000000000..f6dc9aa3e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf
index 8aba6f0b1..8aba6f0b1 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..0c5b0b5a4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf
index d0ff82c2d..d0ff82c2d 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
index e77d7b608..e77d7b608 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/libipsec/rw-suite-b/posttest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/posttest.dat
index 1865a1c60..ebe5e2a80 100644
--- a/testing/tests/libipsec/rw-suite-b/posttest.dat
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/posttest.dat
@@ -4,3 +4,7 @@ dave::ipsec stop
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec3:\:/16 via fec1:\:1"
diff --git a/testing/tests/libipsec/rw-suite-b/pretest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/pretest.dat
index e87a8ee47..e73bde487 100644
--- a/testing/tests/libipsec/rw-suite-b/pretest.dat
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/pretest.dat
@@ -1,11 +1,15 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec3:\:/16 via fec1:\:1"
moon::ipsec start
carol::ipsec start
dave::ipsec start
moon::expect-connection rw
carol::expect-connection home
-carol::ipsec up home
dave::expect-connection home
+carol::ipsec up home
dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/description.txt b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/description.txt
new file mode 100644
index 000000000..237e6fa52
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address from <b>moon</b> via
+the IKEv2 configuration payload.
+<p/>
+Upon the successful establishment of the ESP tunnels, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/evaltest.dat
new file mode 100644
index 000000000..f6dc9aa3e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf
index 1ca1c6c26..1ca1c6c26 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..9c9714a33
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf
index bba2d96f7..bba2d96f7 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..3a52f0db6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
index 5ea245568..5ea245568 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3a52f0db6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/posttest.dat
new file mode 100644
index 000000000..ebe5e2a80
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec3:\:/16 via fec1:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/pretest.dat
new file mode 100644
index 000000000..e73bde487
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/pretest.dat
@@ -0,0 +1,15 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec3:\:/16 via fec1:\:1"
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/description.txt b/testing/tests/ipv6-stroke/rw-psk-ikev1/description.txt
new file mode 100644
index 000000000..66fc09053
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> send an IPv6 ICMP request to client <b>alice</b>
+behind the gateway <b>moon</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev1/evaltest.dat
new file mode 100644
index 000000000..16982a736
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:10].*\[fec0.*:1]::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:20].*\[fec0.*:1]::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:10]::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:20]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.conf
index 47080139f..47080139f 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets
index 2abcb4e0a..2abcb4e0a 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.conf
index c59d32a14..c59d32a14 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets
index 2375cd559..2375cd559 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.conf
index 7d32866b5..7d32866b5 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets
index 88c418353..88c418353 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/posttest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev1/posttest.dat
new file mode 100644
index 000000000..4e59395e3
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/posttest.dat
@@ -0,0 +1,12 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/pretest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev1/pretest.dat
new file mode 100644
index 000000000..93a96ec36
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/pretest.dat
@@ -0,0 +1,20 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/test.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/description.txt b/testing/tests/ipv6-stroke/rw-psk-ikev2/description.txt
new file mode 100644
index 000000000..66fc09053
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> send an IPv6 ICMP request to client <b>alice</b>
+behind the gateway <b>moon</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev2/evaltest.dat
new file mode 100644
index 000000000..16982a736
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:10].*\[fec0.*:1]::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:20].*\[fec0.*:1]::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:10]::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:20]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.conf
index eed683f72..eed683f72 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets
index 2abcb4e0a..2abcb4e0a 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.conf
index 3b45adb0d..3b45adb0d 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets
index 2375cd559..2375cd559 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.conf
index f6c4c6ab9..f6c4c6ab9 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets
index 88c418353..88c418353 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/posttest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev2/posttest.dat
new file mode 100644
index 000000000..4e59395e3
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/posttest.dat
@@ -0,0 +1,12 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/pretest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev2/pretest.dat
new file mode 100644
index 000000000..93a96ec36
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/pretest.dat
@@ -0,0 +1,20 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/test.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/description.txt b/testing/tests/ipv6-stroke/transport-ikev1/description.txt
new file mode 100644
index 000000000..2d54790aa
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/description.txt
@@ -0,0 +1,5 @@
+An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
+The authentication is based on X.509 certificates. Upon the successful establishment of
+the IPsec SA, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
+rules that let pass the protected traffic. In order to test both the transport connection
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/transport-ikev1/evaltest.dat
new file mode 100644
index 000000000..5ae9d2c12
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/evaltest.dat
@@ -0,0 +1,9 @@
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+moon::ip xfrm state::mode transport::YES
+sun:: ip xfrm state::mode transport::YES
+moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/ipsec.conf
index f2938f307..f2938f307 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/ipsec.conf
index 9af8aa862..9af8aa862 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/posttest.dat b/testing/tests/ipv6-stroke/transport-ikev1/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/pretest.dat b/testing/tests/ipv6-stroke/transport-ikev1/pretest.dat
new file mode 100644
index 000000000..46c015387
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection host-host
+sun::expect-connection host-host
+moon::ipsec up host-host
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/test.conf b/testing/tests/ipv6-stroke/transport-ikev1/test.conf
new file mode 100644
index 000000000..e1d17aa16
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-w-s-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/description.txt b/testing/tests/ipv6-stroke/transport-ikev2/description.txt
new file mode 100644
index 000000000..2d54790aa
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/description.txt
@@ -0,0 +1,5 @@
+An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
+The authentication is based on X.509 certificates. Upon the successful establishment of
+the IPsec SA, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
+rules that let pass the protected traffic. In order to test both the transport connection
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/transport-ikev2/evaltest.dat
new file mode 100644
index 000000000..0dfba54ea
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/evaltest.dat
@@ -0,0 +1,10 @@
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
+moon::ip xfrm state::mode transport::YES
+sun:: ip xfrm state::mode transport::YES
+moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/ipsec.conf
index a48b6cbc6..a48b6cbc6 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/ipsec.conf
index e80eb8101..e80eb8101 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/posttest.dat b/testing/tests/ipv6-stroke/transport-ikev2/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/pretest.dat b/testing/tests/ipv6-stroke/transport-ikev2/pretest.dat
new file mode 100644
index 000000000..46c015387
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection host-host
+sun::expect-connection host-host
+moon::ipsec up host-host
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/test.conf b/testing/tests/ipv6-stroke/transport-ikev2/test.conf
new file mode 100644
index 000000000..e1d17aa16
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-w-s-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/host2host-ikev1/description.txt b/testing/tests/ipv6/host2host-ikev1/description.txt
index b52c4caf8..d9ef11539 100644
--- a/testing/tests/ipv6/host2host-ikev1/description.txt
+++ b/testing/tests/ipv6/host2host-ikev1/description.txt
@@ -1,5 +1,6 @@
-An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
-The authentication is based on X.509 certificates. Upon the successful establishment of
-the IPsec tunnel, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
-rules that let pass the tunneled traffic. In order to test both the host-to-host tunnel
-and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
+An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully
+set up. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules that pass the tunneled traffic. In order to test both the host-to-host tunnel
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using
+the ping6 command.
diff --git a/testing/tests/ipv6/host2host-ikev1/evaltest.dat b/testing/tests/ipv6/host2host-ikev1/evaltest.dat
index 186ce4e06..ef6ec2b98 100644
--- a/testing/tests/ipv6/host2host-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/host2host-ikev1/evaltest.dat
@@ -1,7 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:1/128] remote-ts=\[fec0:\:2/128]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::host-host.*version=1 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:2/128] remote-ts=\[fec0:\:1/128]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
index 6cb3ee291..15f8ad5bc 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..1fa9a622c
--- /dev/null
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
index 6cb3ee291..15f8ad5bc 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,8 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..585e32489
--- /dev/null
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/host2host-ikev1/posttest.dat b/testing/tests/ipv6/host2host-ikev1/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/host2host-ikev1/posttest.dat
+++ b/testing/tests/ipv6/host2host-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/host2host-ikev1/pretest.dat b/testing/tests/ipv6/host2host-ikev1/pretest.dat
index 46c015387..340344c95 100644
--- a/testing/tests/ipv6/host2host-ikev1/pretest.dat
+++ b/testing/tests/ipv6/host2host-ikev1/pretest.dat
@@ -2,8 +2,9 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
-moon::expect-connection host-host
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
sun::expect-connection host-host
-moon::ipsec up host-host
+moon::expect-connection host-host
+moon::swanctl --initiate --child host-host 2> /dev/null
+moon::sleep 1
diff --git a/testing/tests/ipv6/host2host-ikev1/test.conf b/testing/tests/ipv6/host2host-ikev1/test.conf
index e1d17aa16..7bc3a6eee 100644
--- a/testing/tests/ipv6/host2host-ikev1/test.conf
+++ b/testing/tests/ipv6/host2host-ikev1/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/host2host-ikev2/description.txt b/testing/tests/ipv6/host2host-ikev2/description.txt
index b52c4caf8..3714c800b 100644
--- a/testing/tests/ipv6/host2host-ikev2/description.txt
+++ b/testing/tests/ipv6/host2host-ikev2/description.txt
@@ -1,5 +1,6 @@
-An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
-The authentication is based on X.509 certificates. Upon the successful establishment of
-the IPsec tunnel, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
-rules that let pass the tunneled traffic. In order to test both the host-to-host tunnel
-and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
+An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully
+set up. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic. In order to test both the host-to-host tunnel
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using
+the ping6 command.
diff --git a/testing/tests/ipv6/host2host-ikev2/evaltest.dat b/testing/tests/ipv6/host2host-ikev2/evaltest.dat
index 186ce4e06..23add7ae5 100644
--- a/testing/tests/ipv6/host2host-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/host2host-ikev2/evaltest.dat
@@ -1,7 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:1/128] remote-ts=\[fec0:\:2/128]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:2/128] remote-ts=\[fec0:\:1/128]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
-sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES \ No newline at end of file
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..b422344f2
--- /dev/null
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..376f8d8fa
--- /dev/null
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/host2host-ikev2/posttest.dat b/testing/tests/ipv6/host2host-ikev2/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/host2host-ikev2/posttest.dat
+++ b/testing/tests/ipv6/host2host-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/host2host-ikev2/pretest.dat b/testing/tests/ipv6/host2host-ikev2/pretest.dat
index 46c015387..0c558800c 100644
--- a/testing/tests/ipv6/host2host-ikev2/pretest.dat
+++ b/testing/tests/ipv6/host2host-ikev2/pretest.dat
@@ -2,8 +2,8 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection host-host
sun::expect-connection host-host
-moon::ipsec up host-host
+moon::swanctl --initiate --child host-host 2> /dev/null \ No newline at end of file
diff --git a/testing/tests/ipv6/host2host-ikev2/test.conf b/testing/tests/ipv6/host2host-ikev2/test.conf
index e1d17aa16..459baf2d9 100644
--- a/testing/tests/ipv6/host2host-ikev2/test.conf
+++ b/testing/tests/ipv6/host2host-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="moon winnetou sun"
-
+
# Corresponding block diagram
#
DIAGRAM="m-w-s-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ikev1/description.txt b/testing/tests/ipv6/net2net-ikev1/description.txt
index 5952ecc2d..9c574d22f 100644
--- a/testing/tests/ipv6/net2net-ikev1/description.txt
+++ b/testing/tests/ipv6/net2net-ikev1/description.txt
@@ -1,6 +1,7 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
+successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic. In order to test both the net-to-net tunnel
+and the firewall rules, client <b>alice</b> behind <b>moon</b> sends an IPv6 ICMP
+request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/net2net-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ikev1/evaltest.dat
index 4cf23a31b..877459c88 100644
--- a/testing/tests/ipv6/net2net-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ikev1/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
index 00380ccb4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..e4ae7c91b
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
index 00380ccb4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..df389144d
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ikev1/posttest.dat b/testing/tests/ipv6/net2net-ikev1/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-ikev1/posttest.dat
+++ b/testing/tests/ipv6/net2net-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-ikev1/pretest.dat b/testing/tests/ipv6/net2net-ikev1/pretest.dat
index a14b3cf79..60b2810cf 100644
--- a/testing/tests/ipv6/net2net-ikev1/pretest.dat
+++ b/testing/tests/ipv6/net2net-ikev1/pretest.dat
@@ -6,8 +6,9 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net 2> /dev/null
+moon::sleep 1
diff --git a/testing/tests/ipv6/net2net-ikev1/test.conf b/testing/tests/ipv6/net2net-ikev1/test.conf
index abade5bba..5906883b1 100644
--- a/testing/tests/ipv6/net2net-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ikev1/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ikev2/description.txt b/testing/tests/ipv6/net2net-ikev2/description.txt
index 5952ecc2d..0fe026cc0 100644
--- a/testing/tests/ipv6/net2net-ikev2/description.txt
+++ b/testing/tests/ipv6/net2net-ikev2/description.txt
@@ -1,6 +1,7 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b>
+is successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic. In order to test both the net-to-net tunnel
+and the firewall rules, client <b>alice</b> behind <b>moon</b> sends an IPv6 ICMP
+request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/net2net-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ikev2/evaltest.dat
index 4cf23a31b..a3e2bad94 100644
--- a/testing/tests/ipv6/net2net-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ikev2/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
index 00380ccb4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..1bf52633b
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
index 00380ccb4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..73480f112
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ikev2/posttest.dat b/testing/tests/ipv6/net2net-ikev2/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-ikev2/posttest.dat
+++ b/testing/tests/ipv6/net2net-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ikev2/pretest.dat
index a14b3cf79..2db7a27c2 100644
--- a/testing/tests/ipv6/net2net-ikev2/pretest.dat
+++ b/testing/tests/ipv6/net2net-ikev2/pretest.dat
@@ -6,8 +6,8 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
diff --git a/testing/tests/ipv6/net2net-ikev2/test.conf b/testing/tests/ipv6/net2net-ikev2/test.conf
index abade5bba..5906883b1 100644
--- a/testing/tests/ipv6/net2net-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
index ee9e22ed7..829c64764 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
index 02280ac2f..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..7604b97d5
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
index 7a39a8ae4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size=1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..4a7f98856
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat
index 812ccd162..9a9d27b29 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat
@@ -2,8 +2,9 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
+moon::sleep 1
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
index 58ec28767..cc1bf500f 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip4-in-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
index ee9e22ed7..b898de258 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
@@ -1,7 +1,6 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..aea5c228c
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
index 3a52f0db6..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..1efe64d86
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat
index 812ccd162..5a4e73383 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat
@@ -2,8 +2,8 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
index 58ec28767..cc1bf500f 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip4-in-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt
index 5952ecc2d..26cb55e4d 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt
@@ -1,6 +1,8 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
+successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client
+<b>alice</b> behind <b>moon</b> sends an IPv6 ICMP request to client <b>bob</b>
+behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat
index 803cf5ef5..849da7c61 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]
+sun::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
index 0be55a717..89e0dfced 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..e78611432
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ net-net {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
index 812d52a95..89e0dfced 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
- install_routes=no
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
+ install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..db19938ac
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ net-net {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat
index 58711bc06..58be2992f 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat
@@ -6,8 +6,9 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
+moon::sleep 1
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
index 345e2d808..9f1c9a1f3 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6-in-ip4.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt
index 5952ecc2d..dee74097c 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt
@@ -1,6 +1,8 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
+successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client
+<b>alice</b> behind <b>moon</b> sends an IPv6 ICMP request to client <b>bob</b>
+behind <b>sun</b> using the ping6 command. \ No newline at end of file
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat
index 803cf5ef5..40ae8524a 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat
@@ -1,7 +1,4 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]
+sun::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index 0be55a717..89e0dfced 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..775c2feae
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ net-net {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
index 812d52a95..89e0dfced 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
- install_routes=no
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
+ install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..ed7e9b477
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ net-net {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat
index 58711bc06..e1d5265cc 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat
@@ -6,8 +6,8 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
index 345e2d808..9f1c9a1f3 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6-in-ip4.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt b/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt
index ebcc00724..0c0525ce1 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt
@@ -1,11 +1,14 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-<b>X.509 certificates</b> containing <b>RFC 3779 IP address block constraints</b>.
-Both <b>moon</b> and <b>sun</b> set <b>rightsubnet=::/0</b> thus allowing the peers to narrow down
-the address range to their actual subnets <b>fec1::/16</b> and <b>fec2::/16</b>, respectively.
-These unilaterally proposed traffic selectors must be validated by corresponding IP address block constraints.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
+successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on <b>X.509 certificates</b> containing
+<b>RFC 3779 IP address block constraints</b>. Both <b>moon</b> and <b>sun</b> set
+<b>rightsubnet=::/0</b> thus allowing the peers to narrow down the address range
+to their actual subnets <b>fec1::/16</b> and <b>fec2::/16</b>, respectively.
+These unilaterally proposed traffic selectors must be validated by corresponding
+IP address block constraints.
<p/>
-Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+Upon the successful establishment of the IPsec tunnel, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic. In order to test
+both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind
+<b>moon</b> sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat
index 3b0a3eeca..72dade743 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat
@@ -1,9 +1,7 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/daemon.log::TS fec2:\:/16 is contained in address block constraint fec2:\:/16::YES
sun:: cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 46b9ad415..000000000
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- mobike=no
-
-conn net-net
- also=host-host
- leftsubnet=fec1::0/16
- rightsubnet=0::0/0
-
-conn host-host
- left=PH_IP6_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftfirewall=yes
- right=PH_IP6_SUN
- rightid=@sun.strongswan.org
- auto=add
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4fa0583ed..285350d7b 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
index 11607c8cb..11607c8cb 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..c172a2c13
--- /dev/null
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = 0::0/0
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
index 124e2ae46..124e2ae46 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index 4a0f911a3..000000000
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- mobike=no
-
-conn net-net
- also=host-host
- leftsubnet=fec2::0/16
- rightsubnet=0::0/0
-
-conn host-host
- left=PH_IP6_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftfirewall=yes
- right=PH_IP6_MOON
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
index 4fa0583ed..285350d7b 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/rsa/sunKey.pem
index 55f5f8037..55f5f8037 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/rsa/sunKey.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..68927c36d
--- /dev/null
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = 0::0/0
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509/sunCert.pem
index a93121da1..a93121da1 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509/sunCert.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat
index a14b3cf79..2db7a27c2 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat
@@ -6,8 +6,8 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
index abade5bba..5906883b1 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat b/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat
index 8229b6254..eddc9bf97 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat
@@ -1,14 +1,10 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL.*IPCOMP::YES
-moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL.*IPCOMP::YES
-moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
-moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
moon:: ip xfrm state::proto comp spi::YES
carol::ip xfrm state::proto comp spi::YES
# send two pings because the first is lost due to Path MTU Discovery between alice and moon
carol::ping6 -c 2 -W 1 -s 8184 -p deadbeef ip6-alice.strongswan.org::8192 bytes from ip6-alice.strongswan.org::YES
# reduce the size as the default is already larger than the threshold of 90 bytes
carol::ping6 -c 1 -s 40 ip6-alice.strongswan.org::48 bytes from ip6-alice.strongswan.org::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*cpi-in.*cpi-out.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*cpi-in.*cpi-out.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index bd9a9e59f..000000000
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- crluri=http://ip6-winnetou.strongswan.org/strongswan.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- compress=yes
- leftfirewall=yes
-
-conn home
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- right=PH_IP6_MOON
- rightsubnet=fec1::/16
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
index af5fa19ef..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..279eb3205
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ ipcomp = yes
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index c4f9b5b5b..000000000
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- crluri=http://ip6-winnetou.strongswan.org/strongswan.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- compress=yes
- leftfirewall=yes
-
-conn rw
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=fec1::/16
- right=%any
- auto=add
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
index 93f434598..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b15b952cc
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ ipcomp = yes
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/posttest.dat b/testing/tests/ipv6/rw-compress-ikev2/posttest.dat
index fdaf44080..55b22dfde 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-compress-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-carol::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/rw-compress-ikev2/pretest.dat b/testing/tests/ipv6/rw-compress-ikev2/pretest.dat
index 3f6427f50..96a2d7d9e 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-compress-ikev2/pretest.dat
@@ -6,8 +6,8 @@ carol::ip6tables-restore < /etc/ip6tables.rules
moon::ip6tables -I OUTPUT 1 -o eth1 -p icmpv6 --icmpv6-type 2 -j ACCEPT
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
-carol::ipsec up home
+carol::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-compress-ikev2/test.conf b/testing/tests/ipv6/rw-compress-ikev2/test.conf
index 8098d4720..8eedcd9f9 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/test.conf
@@ -24,3 +24,7 @@ IPSECHOSTS="moon carol"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-ikev1/description.txt b/testing/tests/ipv6/rw-ikev1/description.txt
index 17461370e..c8549777d 100644
--- a/testing/tests/ipv6/rw-ikev1/description.txt
+++ b/testing/tests/ipv6/rw-ikev1/description.txt
@@ -1,7 +1,7 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+Upon the successful establishment of the IPv6 ESP tunnels, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic.
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
using the ping6 command.
diff --git a/testing/tests/ipv6/rw-ikev1/evaltest.dat b/testing/tests/ipv6/rw-ikev1/evaltest.dat
index 0e125b70e..1202a99d2 100644
--- a/testing/tests/ipv6/rw-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/rw-ikev1/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:10 local-port=500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:20 local-port=500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:20 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
index 0835a1605..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..52970208b
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
index 02280ac2f..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..c26ba5780
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
index 02280ac2f..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..f72f9ef86
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev1/posttest.dat b/testing/tests/ipv6/rw-ikev1/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-ikev1/posttest.dat
+++ b/testing/tests/ipv6/rw-ikev1/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-ikev1/pretest.dat b/testing/tests/ipv6/rw-ikev1/pretest.dat
index f60be3887..a8c8a7097 100644
--- a/testing/tests/ipv6/rw-ikev1/pretest.dat
+++ b/testing/tests/ipv6/rw-ikev1/pretest.dat
@@ -7,11 +7,11 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-ikev1/test.conf b/testing/tests/ipv6/rw-ikev1/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-ikev1/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-ikev2/description.txt b/testing/tests/ipv6/rw-ikev2/description.txt
index 17461370e..c8549777d 100644
--- a/testing/tests/ipv6/rw-ikev2/description.txt
+++ b/testing/tests/ipv6/rw-ikev2/description.txt
@@ -1,7 +1,7 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+Upon the successful establishment of the IPv6 ESP tunnels, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic.
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
using the ping6 command.
diff --git a/testing/tests/ipv6/rw-ikev2/evaltest.dat b/testing/tests/ipv6/rw-ikev2/evaltest.dat
index 0e125b70e..d5d5a6b1c 100644
--- a/testing/tests/ipv6/rw-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-ikev2/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=4500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:20 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
index 9c9714a33..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..5bfbe324d
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7fe33bf8f
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b28e49e07
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev2/posttest.dat b/testing/tests/ipv6/rw-ikev2/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-ikev2/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-ikev2/pretest.dat b/testing/tests/ipv6/rw-ikev2/pretest.dat
index f60be3887..a8c8a7097 100644
--- a/testing/tests/ipv6/rw-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-ikev2/pretest.dat
@@ -7,11 +7,11 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-ikev2/test.conf b/testing/tests/ipv6/rw-ikev2/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-ikev2/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt
index f9412611b..ce07226c5 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt
@@ -1,10 +1,10 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel connection each
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address from <b>moon</b> via
-the IKEv1 mode config payload.
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel
+connection each to gateway <b>moon</b>. The authentication is based on <b>X.509
+certificates</b>. Both <b>carol</b> and <b>dave</b> request a virtual IPv6
+address from <b>moon</b> via the IKEv1 mode config payload.
<p/>
-Upon the successful establishment of the ESP tunnels, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
-an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
-using the ping6 command.
+Upon the successful establishment of the ESP tunnels, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic. In order to test
+both tunnel and firewall, both <b>carol</b> and <b>dave</b> send an IPv6 ICMP
+request to the client <b>alice</b> behind the gateway <b>moon</b> using the
+ping6 command.
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat
index f6dc9aa3e..78488871f 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16]
+dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16]
+moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128]
+moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128]
moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
index 9c9714a33..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..fcf530ebe
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+ vips = 0::0
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..51fb8d65c
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+ vips = 0::0
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..72201edc0
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+ pools = rw_pool
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+pools {
+ rw_pool {
+ addrs = fec3::/120
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat
index ebe5e2a80..d8d4bbbec 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat
index e73bde487..9a756eb78 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat
@@ -5,11 +5,11 @@ moon::ip6tables-restore < /etc/ip6tables.rules
carol::ip6tables-restore < /etc/ip6tables.rules
dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec3:\:/16 via fec1:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt
index 237e6fa52..790427243 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt
@@ -1,10 +1,10 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel connection each
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address from <b>moon</b> via
-the IKEv2 configuration payload.
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel
+connection each to gateway <b>moon</b>. The authentication is based on <b>X.509
+certificates</b> Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address
+from <b>moon</b> via the IKEv2 configuration payload.
<p/>
-Upon the successful establishment of the ESP tunnels, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
-an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
-using the ping6 command.
+Upon the successful establishment of the ESP tunnels, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic. In order to test
+both tunnel and firewall, both <b>carol</b> and <b>dave</b> send an IPv6 ICMP
+request to the client <b>alice</b> behind the gateway <b>moon</b> using the
+ping6 command.
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat
index f6dc9aa3e..d0f2bac96 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16]
+dave::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16]
+moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128]
+moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128]
moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
index 9c9714a33..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..1a9ed078f
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+ vips = 0::0
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..1fb687eaa
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+ vips = 0::0
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..6624bfb3e
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+ pools = rw_pool
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+pools {
+ rw_pool {
+ addrs = fec3::/120
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat
index ebe5e2a80..d8d4bbbec 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat
index e73bde487..9a756eb78 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat
@@ -5,11 +5,11 @@ moon::ip6tables-restore < /etc/ip6tables.rules
carol::ip6tables-restore < /etc/ip6tables.rules
dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec3:\:/16 via fec1:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-psk-ikev1/description.txt b/testing/tests/ipv6/rw-psk-ikev1/description.txt
index 66fc09053..fd7369d8f 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/description.txt
+++ b/testing/tests/ipv6/rw-psk-ikev1/description.txt
@@ -1,7 +1,7 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
-<b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall rules that
-let pass the tunneled traffic. In order to test both tunnel and firewall, both
-<b>carol</b> and <b>dave</b> send an IPv6 ICMP request to client <b>alice</b>
-behind the gateway <b>moon</b> using the ping6 command.
+automatically inserted ip6tables-based firewall rules let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to client <b>alice</b> behind the gateway <b>moon</b> using
+the ping6 command.
diff --git a/testing/tests/ipv6/rw-psk-ikev1/evaltest.dat b/testing/tests/ipv6/rw-psk-ikev1/evaltest.dat
index 16982a736..e92aa028d 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev1/evaltest.dat
@@ -1,13 +1,10 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:10].*\[fec0.*:1]::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:20].*\[fec0.*:1]::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:10]::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:20]::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:10 local-port=500 local-id=fec0:\:10 remote-host=fec0:\:1 remote-port=500 remote-id=fec0:\:1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:20 local-port=500 local-id=fec0:\:20 remote-host=fec0:\:1 remote-port=500 remote-id=fec0:\:1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=fec0:\:1 remote-host=fec0:\:10 remote-port=500 remote-id=fec0:\:10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=fec0:\:1 remote-host=fec0:\:20 remote-port=500 remote-id=fec0:\:20.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..524530721
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::10
+ }
+ remote {
+ auth = psk
+ id = fec0::1
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = fec0::1
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7e3cff4ff
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::20
+ }
+ remote {
+ auth = psk
+ id = fec0::1
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = fec0::1
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..70c360ce7
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,37 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::1
+ }
+ remote {
+ auth = psk
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-carol {
+ id = fec0::10
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+
+ ike-dave {
+ id = fec0::20
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/posttest.dat b/testing/tests/ipv6/rw-psk-ikev1/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/posttest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev1/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-psk-ikev1/pretest.dat b/testing/tests/ipv6/rw-psk-ikev1/pretest.dat
index 93a96ec36..48cb77608 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/pretest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev1/pretest.dat
@@ -7,14 +7,14 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::rm /etc/ipsec.d/cacerts/*
-carol::rm /etc/ipsec.d/cacerts/*
-dave::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-psk-ikev1/test.conf b/testing/tests/ipv6/rw-psk-ikev1/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-psk-ikev2/description.txt b/testing/tests/ipv6/rw-psk-ikev2/description.txt
index 66fc09053..0bd1474a0 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/description.txt
+++ b/testing/tests/ipv6/rw-psk-ikev2/description.txt
@@ -1,7 +1,7 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+TThe roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
-<b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall rules that
-let pass the tunneled traffic. In order to test both tunnel and firewall, both
-<b>carol</b> and <b>dave</b> send an IPv6 ICMP request to client <b>alice</b>
-behind the gateway <b>moon</b> using the ping6 command.
+automatically inserted ip6tables-based firewall rules let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to client <b>alice</b> behind the gateway <b>moon</b> using
+the ping6 command.
diff --git a/testing/tests/ipv6/rw-psk-ikev2/evaltest.dat b/testing/tests/ipv6/rw-psk-ikev2/evaltest.dat
index 16982a736..ce79801ec 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev2/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:10].*\[fec0.*:1]::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:20].*\[fec0.*:1]::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:10]::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:20]::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=fec0:\:10 remote-host=fec0:\:1 remote-port=4500 remote-id=fec0:\:1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=4500 local-id=fec0:\:20 remote-host=fec0:\:1 remote-port=4500 remote-id=fec0:\:1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=fec0:\:1 remote-host=fec0:\:10 remote-port=4500 remote-id=fec0:\:10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=fec0:\:1 remote-host=fec0:\:20 remote-port=4500 remote-id=fec0:\:20.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..6d1b0a61b
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::10
+ }
+ remote {
+ auth = psk
+ id = fec0::1
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = fec0::1
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..8d848205b
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::20
+ }
+ remote {
+ auth = psk
+ id = fec0::1
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = fec0::1
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..df4170e96
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,37 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::1
+ }
+ remote {
+ auth = psk
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-carol {
+ id = fec0::10
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+
+ ike-dave {
+ id = fec0::20
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/posttest.dat b/testing/tests/ipv6/rw-psk-ikev2/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev2/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-psk-ikev2/pretest.dat b/testing/tests/ipv6/rw-psk-ikev2/pretest.dat
index 93a96ec36..48cb77608 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev2/pretest.dat
@@ -7,14 +7,14 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::rm /etc/ipsec.d/cacerts/*
-carol::rm /etc/ipsec.d/cacerts/*
-dave::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-psk-ikev2/test.conf b/testing/tests/ipv6/rw-psk-ikev2/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat
index 551eae263..082416d60 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat
@@ -1,18 +1,13 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/daemon.log::TS fec0:\:10/128 is contained in address block constraint fec0:\:10/128::YES
moon:: cat /var/log/daemon.log::TS fec0:\:20/128 is contained in address block constraint fec0:\:20/128::YES
carol::cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES
dave:: cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
-moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=4500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:20 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index a2e054e13..000000000
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
-
-conn home
- left=PH_IP6_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- leftfirewall=yes
- right=PH_IP6_MOON
- rightid=@moon.strongswan.org
- rightsubnet=0::0/0
- keyexchange=ikev2
- auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
index da170cb15..285350d7b 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem
index a75622149..a75622149 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..54fb36da4
--- /dev/null
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 0::0/0
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem
index bf8a4919d..bf8a4919d 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 8d275e2bd..000000000
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
-
-conn home
- left=PH_IP6_DAVE
- leftcert=daveCert.pem
- leftid=dave@strongswan.org
- leftfirewall=yes
- right=PH_IP6_MOON
- rightid=@moon.strongswan.org
- rightsubnet=0::0/0
- keyexchange=ikev2
- auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
index 4fa0583ed..285350d7b 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem
index f72970c4d..f72970c4d 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..098ba6db7
--- /dev/null
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 0::0/0
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem
index 88ce01ed5..88ce01ed5 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 236302350..000000000
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
-
-conn rw
- left=PH_IP6_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=fec1::/16
- leftfirewall=yes
- right=%any
- keyexchange=ikev2
- auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4fa0583ed..285350d7b 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
index 11607c8cb..11607c8cb 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4edc8cd86
--- /dev/null
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
index 124e2ae46..124e2ae46 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat
index f60be3887..a8c8a7097 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat
@@ -7,11 +7,11 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/transport-ikev1/description.txt b/testing/tests/ipv6/transport-ikev1/description.txt
index 2d54790aa..c464aa25b 100644
--- a/testing/tests/ipv6/transport-ikev1/description.txt
+++ b/testing/tests/ipv6/transport-ikev1/description.txt
@@ -1,5 +1,6 @@
-An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
-The authentication is based on X.509 certificates. Upon the successful establishment of
-the IPsec SA, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
-rules that let pass the protected traffic. In order to test both the transport connection
-and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
+An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is
+successfully set up. The authentication is based on X.509 certificates. Upon the
+successful establishment of the IPsec SA, automatically inserted ip6tables-based
+firewall rules let pass the protected traffic. In order to test both the transport
+connection and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to
+<b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/transport-ikev1/evaltest.dat b/testing/tests/ipv6/transport-ikev1/evaltest.dat
index 5ae9d2c12..736425d36 100644
--- a/testing/tests/ipv6/transport-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/transport-ikev1/evaltest.dat
@@ -1,9 +1,7 @@
-moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
moon::ip xfrm state::mode transport::YES
sun:: ip xfrm state::mode transport::YES
moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TRANSPORT protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:1/128] remote-ts=\[fec0:\:2/128]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::host-host.*version=1 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TRANSPORT protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:2/128] remote-ts=\[fec0:\:1/128]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
index 02280ac2f..15f8ad5bc 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..016d51707
--- /dev/null
+++ b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ mode = transport
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
index 02280ac2f..15f8ad5bc 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..deee09d83
--- /dev/null
+++ b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ mode = transport
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/transport-ikev1/posttest.dat b/testing/tests/ipv6/transport-ikev1/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/transport-ikev1/posttest.dat
+++ b/testing/tests/ipv6/transport-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/transport-ikev1/pretest.dat b/testing/tests/ipv6/transport-ikev1/pretest.dat
index 46c015387..7ab42a1ce 100644
--- a/testing/tests/ipv6/transport-ikev1/pretest.dat
+++ b/testing/tests/ipv6/transport-ikev1/pretest.dat
@@ -2,8 +2,8 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection host-host
sun::expect-connection host-host
-moon::ipsec up host-host
+moon::swanctl --initiate --child host-host 2> /dev/null
diff --git a/testing/tests/ipv6/transport-ikev1/test.conf b/testing/tests/ipv6/transport-ikev1/test.conf
index e1d17aa16..459baf2d9 100644
--- a/testing/tests/ipv6/transport-ikev1/test.conf
+++ b/testing/tests/ipv6/transport-ikev1/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="moon winnetou sun"
-
+
# Corresponding block diagram
#
DIAGRAM="m-w-s-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/transport-ikev2/description.txt b/testing/tests/ipv6/transport-ikev2/description.txt
index 2d54790aa..c464aa25b 100644
--- a/testing/tests/ipv6/transport-ikev2/description.txt
+++ b/testing/tests/ipv6/transport-ikev2/description.txt
@@ -1,5 +1,6 @@
-An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
-The authentication is based on X.509 certificates. Upon the successful establishment of
-the IPsec SA, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
-rules that let pass the protected traffic. In order to test both the transport connection
-and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
+An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is
+successfully set up. The authentication is based on X.509 certificates. Upon the
+successful establishment of the IPsec SA, automatically inserted ip6tables-based
+firewall rules let pass the protected traffic. In order to test both the transport
+connection and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to
+<b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/transport-ikev2/evaltest.dat b/testing/tests/ipv6/transport-ikev2/evaltest.dat
index 0dfba54ea..48ddcd069 100644
--- a/testing/tests/ipv6/transport-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/transport-ikev2/evaltest.dat
@@ -1,10 +1,7 @@
-moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
moon::ip xfrm state::mode transport::YES
sun:: ip xfrm state::mode transport::YES
moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TRANSPORT protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:1/128] remote-ts=\[fec0:\:2/128]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TRANSPORT protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:2/128] remote-ts=\[fec0:\:1/128]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..2f06bbab4
--- /dev/null
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ mode = transport
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..dc981a7a7
--- /dev/null
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ mode = transport
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/transport-ikev2/posttest.dat b/testing/tests/ipv6/transport-ikev2/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/transport-ikev2/posttest.dat
+++ b/testing/tests/ipv6/transport-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/transport-ikev2/pretest.dat b/testing/tests/ipv6/transport-ikev2/pretest.dat
index 46c015387..cb7fe951f 100644
--- a/testing/tests/ipv6/transport-ikev2/pretest.dat
+++ b/testing/tests/ipv6/transport-ikev2/pretest.dat
@@ -2,8 +2,8 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection host-host
sun::expect-connection host-host
-moon::ipsec up host-host
+moon::swanctl --initiate --child host-host
diff --git a/testing/tests/ipv6/transport-ikev2/test.conf b/testing/tests/ipv6/transport-ikev2/test.conf
index e1d17aa16..459baf2d9 100644
--- a/testing/tests/ipv6/transport-ikev2/test.conf
+++ b/testing/tests/ipv6/transport-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="moon winnetou sun"
-
+
# Corresponding block diagram
#
DIAGRAM="m-w-s-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/host2host-cert/evaltest.dat b/testing/tests/libipsec/host2host-cert/evaltest.dat
index 77c2528ea..f482c558a 100644
--- a/testing/tests/libipsec/host2host-cert/evaltest.dat
+++ b/testing/tests/libipsec/host2host-cert/evaltest.dat
@@ -1,7 +1,5 @@
-moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.2/32]
+sun::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.1/32]
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 6e8329a44..000000000
--- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn host-host
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- auto=add
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
index c8897b084..7fac82eb7 100644
--- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+
multiple_authentication = no
plugins {
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..8f8b04029
--- /dev/null
+++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,26 @@
+connections {
+
+ host-host {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /etc/updown
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index becb97e04..000000000
--- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn host-host
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
index c8897b084..7fac82eb7 100644
--- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+
multiple_authentication = no
plugins {
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..a0739647c
--- /dev/null
+++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,26 @@
+connections {
+
+ host-host {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /etc/updown
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/libipsec/host2host-cert/posttest.dat b/testing/tests/libipsec/host2host-cert/posttest.dat
index 8b6052f38..23ebee582 100644
--- a/testing/tests/libipsec/host2host-cert/posttest.dat
+++ b/testing/tests/libipsec/host2host-cert/posttest.dat
@@ -1,5 +1,6 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike host-host 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::sysctl --pattern net.ipv4.conf.all.rp_filter --system
diff --git a/testing/tests/libipsec/host2host-cert/pretest.dat b/testing/tests/libipsec/host2host-cert/pretest.dat
index 35c0f3e1c..00e5c199f 100644
--- a/testing/tests/libipsec/host2host-cert/pretest.dat
+++ b/testing/tests/libipsec/host2host-cert/pretest.dat
@@ -2,8 +2,8 @@ moon::sysctl -w net.ipv4.conf.all.rp_filter=2
sun::sysctl -w net.ipv4.conf.all.rp_filter=2
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
sun::expect-connection host-host
moon::expect-connection host-host
-moon::ipsec up host-host
+moon::swanctl --initiate --child host-host 2> /dev/null
diff --git a/testing/tests/libipsec/host2host-cert/test.conf b/testing/tests/libipsec/host2host-cert/test.conf
index 9647dc6a2..52d886dcc 100644
--- a/testing/tests/libipsec/host2host-cert/test.conf
+++ b/testing/tests/libipsec/host2host-cert/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/net2net-3des/evaltest.dat b/testing/tests/libipsec/net2net-3des/evaltest.dat
index 9365a8f44..36c0ee781 100644
--- a/testing/tests/libipsec/net2net-3des/evaltest.dat
+++ b/testing/tests/libipsec/net2net-3des/evaltest.dat
@@ -1,11 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES
-sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
-moon::ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
-sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES]
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 141b4a3ed..000000000
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=3des-sha1-modp2048!
- esp=3des-sha1-modp2048!
- mobike=no
-
-conn net-net
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
index 467da3ac9..2d6b814dd 100644
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..fe2a4dd75
--- /dev/null
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = 3des-sha1-modp2048
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = 3des-sha1-modp2048
+ }
+}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index 0108a04a3..000000000
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=3des-sha1-modp2048!
- esp=3des-sha1-modp2048!
- mobike=no
-
-conn net-net
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftsubnet=10.2.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
index 467da3ac9..2d6b814dd 100644
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..54c35b3e1
--- /dev/null
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = 3des-sha1-modp2048
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = 3des-sha1-modp2048
+ }
+}
diff --git a/testing/tests/libipsec/net2net-3des/posttest.dat b/testing/tests/libipsec/net2net-3des/posttest.dat
index 1f7aa73a1..755f0e5f8 100644
--- a/testing/tests/libipsec/net2net-3des/posttest.dat
+++ b/testing/tests/libipsec/net2net-3des/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-3des/pretest.dat b/testing/tests/libipsec/net2net-3des/pretest.dat
index bcc2cb04d..9440ddab0 100644
--- a/testing/tests/libipsec/net2net-3des/pretest.dat
+++ b/testing/tests/libipsec/net2net-3des/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
-sun::expect-connection net-net
-moon::expect-connection net-net
-moon::ipsec up net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-3des/test.conf b/testing/tests/libipsec/net2net-3des/test.conf
index 646b8b3e6..07a3b247a 100644
--- a/testing/tests/libipsec/net2net-3des/test.conf
+++ b/testing/tests/libipsec/net2net-3des/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/description.txt b/testing/tests/libipsec/net2net-cert-ipv6/description.txt
new file mode 100644
index 000000000..ab582c3a5
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/description.txt
@@ -0,0 +1,14 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b> and the <b>kernel-libipsec</b>
+plugin is used for userland IPsec ESP encryption.
+<p/>
+Upon the successful establishment of the IPsec tunnel, an updown script automatically
+inserts iptables-based firewall rules that let pass the traffic tunneled via the
+<b>ipsec0</b> tun interface. In order to test both tunnel and firewall, client <b>alice</b>
+behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>.
+<p/>
+This scenario is mainly to test how fragmented IPv6 packets are handled (e.g. determining
+the protocol via IPv6 extension headers). Three pings are required due to PMTUD, the first
+is rejected by <b>moon</b>, so <b>alice</b> adjusts the MTU. The second gets through,
+but the response is rejected by <b>sun</b>, so <b>bob</b> will adjust the MTU. The third
+finally is successful.
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/evaltest.dat b/testing/tests/libipsec/net2net-cert-ipv6/evaltest.dat
new file mode 100644
index 000000000..e9a30b9ac
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/evaltest.dat
@@ -0,0 +1,5 @@
+alice::ping6 -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef ip6-bob.strongswan.org::8192 bytes from ip6-bob.strongswan.org: icmp_seq=3::YES
+moon ::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=ECP_384.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[fec1::/16\[ipv6-icmp]] remote-ts=\[fec2::/16\[ipv6-icmp]]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=ECP_384.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[fec2::/16\[ipv6-icmp]] remote-ts=\[fec1::/16\[ipv6-icmp]]::YES
+sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..6870d32fe
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 x509 openssl curl revocation vici kernel-libipsec kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..586cc57c1
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16[ipv6-icmp]
+ remote_ts = fec2::0/16[ipv6-icmp]
+
+ updown = /etc/updown
+ esp_proposals = aes256gcm128-ecp384
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes256-sha384-ecp384
+ }
+}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/updown
index 6a5b18de6..e7c3640d4 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/updown
@@ -223,50 +223,21 @@ case "$PLUTO_VERB:$1" in
up-host:)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
;;
down-host:)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
PLUTO_INTERFACE=ipsec0
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
+ iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
+ iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
;;
down-client:)
# connection to my client subnet going down
@@ -278,18 +249,6 @@ down-client:)
iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
;;
up-host:iptables)
# connection to me, with (left/right)firewall=yes, coming up
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..6870d32fe
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 x509 openssl curl revocation vici kernel-libipsec kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..74977608d
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16[ipv6-icmp]
+ remote_ts = fec1::0/16[ipv6-icmp]
+
+ updown = /etc/updown
+ esp_proposals = aes256gcm128-ecp384
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes256-sha384-ecp384
+ }
+}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/updown
index 6a5b18de6..e7c3640d4 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/updown
@@ -223,50 +223,21 @@ case "$PLUTO_VERB:$1" in
up-host:)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
;;
down-host:)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
PLUTO_INTERFACE=ipsec0
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
+ iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
+ iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
;;
down-client:)
# connection to my client subnet going down
@@ -278,18 +249,6 @@ down-client:)
iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
;;
up-host:iptables)
# connection to me, with (left/right)firewall=yes, coming up
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/posttest.dat b/testing/tests/libipsec/net2net-cert-ipv6/posttest.dat
new file mode 100644
index 000000000..8cbf20027
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/posttest.dat
@@ -0,0 +1,9 @@
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/pretest.dat b/testing/tests/libipsec/net2net-cert-ipv6/pretest.dat
new file mode 100644
index 000000000..20aca8291
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/pretest.dat
@@ -0,0 +1,11 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/test.conf b/testing/tests/libipsec/net2net-cert-ipv6/test.conf
new file mode 100644
index 000000000..07a3b247a
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/net2net-cert/evaltest.dat b/testing/tests/libipsec/net2net-cert/evaltest.dat
index e489fec64..5364c1e82 100644
--- a/testing/tests/libipsec/net2net-cert/evaltest.dat
+++ b/testing/tests/libipsec/net2net-cert/evaltest.dat
@@ -1,7 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES]
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 631adfcd3..000000000
--- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- mobike=no
-
-conn net-net
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
index fa7c0ece2..e6a98b407 100644
--- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..239b7a4fe
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index b16440aa1..000000000
--- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- mobike=no
-
-conn net-net
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftsubnet=10.2.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
index fa7c0ece2..e6a98b407 100644
--- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..75b1c46f1
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/libipsec/net2net-cert/posttest.dat b/testing/tests/libipsec/net2net-cert/posttest.dat
index 1f7aa73a1..755f0e5f8 100644
--- a/testing/tests/libipsec/net2net-cert/posttest.dat
+++ b/testing/tests/libipsec/net2net-cert/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-cert/pretest.dat b/testing/tests/libipsec/net2net-cert/pretest.dat
index bcc2cb04d..9440ddab0 100644
--- a/testing/tests/libipsec/net2net-cert/pretest.dat
+++ b/testing/tests/libipsec/net2net-cert/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
-sun::expect-connection net-net
-moon::expect-connection net-net
-moon::ipsec up net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-cert/test.conf b/testing/tests/libipsec/net2net-cert/test.conf
index 646b8b3e6..07a3b247a 100644
--- a/testing/tests/libipsec/net2net-cert/test.conf
+++ b/testing/tests/libipsec/net2net-cert/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/net2net-null/evaltest.dat b/testing/tests/libipsec/net2net-null/evaltest.dat
index c1aae4032..af619f4b8 100644
--- a/testing/tests/libipsec/net2net-null/evaltest.dat
+++ b/testing/tests/libipsec/net2net-null/evaltest.dat
@@ -1,11 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-moon::ipsec statusall 2> /dev/null::net-net\[1].*NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-sun:: ipsec statusall 2> /dev/null::net-net\[1].*NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
-moon::ipsec statusall 2> /dev/null::net-net[{]1}.*NULL/HMAC_SHA2_256::YES
-sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*NULL/HMAC_SHA2_256::YES
+moon ::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=NULL integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=NULL integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=NULL integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=NULL integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-null/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index f206a16fb..000000000
--- a/testing/tests/libipsec/net2net-null/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=null-sha256-modp3072!
- esp=null-sha256-modp3072!
- mobike=no
-
-conn net-net
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf
index 2beff1b76..9e2091f31 100644
--- a/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce pem pkcs1 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 revocation openssl curl vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-null/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..15b978249
--- /dev/null
+++ b/testing/tests/libipsec/net2net-null/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = null-sha256-modp3072
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = null-sha256-modp3072
+ }
+}
diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-null/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index 21b116595..000000000
--- a/testing/tests/libipsec/net2net-null/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=null-sha256-modp3072!
- esp=null-sha256-modp3072!
- mobike=no
-
-conn net-net
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftsubnet=10.2.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf
index 2beff1b76..9e2091f31 100644
--- a/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce pem pkcs1 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 revocation openssl curl vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-null/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..df65eb085
--- /dev/null
+++ b/testing/tests/libipsec/net2net-null/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = null-sha256-modp3072
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = null-sha256-modp3072
+ }
+}
diff --git a/testing/tests/libipsec/net2net-null/posttest.dat b/testing/tests/libipsec/net2net-null/posttest.dat
index 1f7aa73a1..755f0e5f8 100644
--- a/testing/tests/libipsec/net2net-null/posttest.dat
+++ b/testing/tests/libipsec/net2net-null/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-null/pretest.dat b/testing/tests/libipsec/net2net-null/pretest.dat
index bcc2cb04d..9440ddab0 100644
--- a/testing/tests/libipsec/net2net-null/pretest.dat
+++ b/testing/tests/libipsec/net2net-null/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
-sun::expect-connection net-net
-moon::expect-connection net-net
-moon::ipsec up net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-null/test.conf b/testing/tests/libipsec/net2net-null/test.conf
index 646b8b3e6..07a3b247a 100644
--- a/testing/tests/libipsec/net2net-null/test.conf
+++ b/testing/tests/libipsec/net2net-null/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/rw-suite-b/description.txt b/testing/tests/libipsec/rw-suite-b/description.txt
deleted file mode 100644
index a1b09405a..000000000
--- a/testing/tests/libipsec/rw-suite-b/description.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
-The authentication is based on Suite B with <b>128 bit</b> security based on <b>X.509 ECDSA</b>
-certificates, <b>ECP Diffie-Hellman</b> groups and <b>AES-GCM</b> authenticated encryption.
-The <b>kernel-libipsec</b> plugin is used for userland IPsec AES-GCM authenticated ESP
-encryption.
-<p/>
-Upon the successful establishment of the IPsec tunnel, an updown script automatically
-inserts iptables-based firewall rules that let pass the traffic tunneled via the <b>ipsec0</b>
-tun interface. In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/libipsec/rw-suite-b/evaltest.dat b/testing/tests/libipsec/rw-suite-b/evaltest.dat
deleted file mode 100644
index 487a21c57..000000000
--- a/testing/tests/libipsec/rw-suite-b/evaltest.dat
+++ /dev/null
@@ -1,19 +0,0 @@
-carol::cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
-dave:: cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
-moon:: cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
-moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA_WITH_SHA256_DER successful::YES
-moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA_WITH_SHA256_DER successful::YES
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon::tcpdump::IP carol.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > carol.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
-moon::tcpdump::IP dave.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > dave.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index 8106e28d2..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=aes128gcm128-prfsha256-ecp256!
- esp=aes128gcm128-ecp256!
-
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- leftsourceip=%config
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644
index 3480a434a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index a85635faf..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
-A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
-zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
-BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
-GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
-bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
-YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
-nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
-Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
-hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index d29ddb9ee..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIMDstKxdv/vNBPfM8iHvn5g5/8T5aRSnlh27HHt6iTfGoAoGCCqGSM49
-AwEHoUQDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAjBuX3bs5ZIn7B
-rRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2nw==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.secrets b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 3d6725162..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA carolKey.pem
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 4ab9a617f..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
-
- initiator_only = yes
-
- plugins {
- openssl {
- fips_mode = 2
- }
- }
-}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 9b6ca682a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=aes128gcm128-prfsha256-ecp256!
- esp=aes128gcm128-ecp256!
-
-conn home
- left=PH_IP_DAVE
- leftcert=daveCert.pem
- leftid=dave@strongswan.org
- leftsourceip=%config
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644
index 3480a434a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/certs/daveCert.pem
deleted file mode 100644
index c83be145d..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICXDCCAb2gAwIBAgIBCzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
-A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MzMyOFoXDTE4MDYwMjA3MzMyOFowXjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQ0aUuue3BcBvF6aEISID4c+mVBJyvSm2fPVRRkAQqh
-RktTHMYDWY6B8e/iGr4GDeF5bjr46vMB5eEtVx3chWbQo4GBMH8wHwYDVR0jBBgw
-FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
-d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAd5ols9c
-CP6HPtfMXbPlSpUDKSRyB3c5Ix2Yn3z5ogMM1QSoS88FW8D7KKsb0qTY5TnlAls3
-45PmauVwEbI2cV6qAkIBphvsmhYWMnt/QMOij7DinihEL9Ib1vxOS2boUos6sHWi
-gj3wfHyfgHM3Pgt0YYoZxELDIxcLVJeoa1TmNey7IaI=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/private/daveKey.pem
deleted file mode 100644
index 17e94022e..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEICwxFtCsSqIAzwZDyxHclTRdz/tGzAY7fP/vPoxqr8vuoAoGCCqGSM49
-AwEHoUQDQgAENGlLrntwXAbxemhCEiA+HPplQScr0ptnz1UUZAEKoUZLUxzGA1mO
-gfHv4hq+Bg3heW46+OrzAeXhLVcd3IVm0A==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.secrets b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index ebd3a2839..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA daveKey.pem
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.flush b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.flush
deleted file mode 100644
index b3ab63c51..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.flush
+++ /dev/null
@@ -1,21 +0,0 @@
-*filter
-
--F
-
--P INPUT ACCEPT
--P OUTPUT ACCEPT
--P FORWARD ACCEPT
-
-COMMIT
-
-*nat
-
--F
-
-COMMIT
-
-*mangle
-
--F
-
-COMMIT
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.rules b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.rules
deleted file mode 100644
index 3d99c0197..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.rules
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-# allow traffic tunnelled via IPsec
--A INPUT -i eth0 -m policy --dir in --pol ipsec --proto esp -j ACCEPT
--A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index 4ab9a617f..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
-
- initiator_only = yes
-
- plugins {
- openssl {
- fips_mode = 2
- }
- }
-}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index abb34ac91..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- charondebug="knl 3, esp 3"
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekey=no
- reauth=no
- keyexchange=ikev2
- ike=aes128gcm128-prfsha256-ecp256!
- esp=aes128gcm128-ecp256!
-
-conn rw
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=%any
- rightsourceip=10.3.0.0/24
- auto=add
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644
index 3480a434a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/certs/moonCert.pem
deleted file mode 100644
index a3b043e82..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICXDCCAb2gAwIBAgIBBzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
-A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MTc0M1oXDTE4MDYwMjA3MTc0M1owXjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAATf97+pfDnyPIA9gf6bYTZiIjNBAbCjCIqxxWou/oMq
-/9V1O20vyI/dg2g3yzTdzESUa+X81fop+i2n9ymBqI1No4GBMH8wHwYDVR0jBBgw
-FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
-d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCALNndw3C
-DDWCb0f+6P6hxkqiYmUpv39XrioZrLbw+MjMD2WAchbj60KibBep1cVwIq3kWIJ6
-Jj0tYXG+f6yjmImqAkIBGOGRm+MQZxPFdYZoJZq5QXwIN0w2hJxmLIxBASW4PLdl
-RLIlvW/XTJObdb0VVYmClg0HTSvuuYOJrzwdyd8D1w0=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/private/moonKey.pem
deleted file mode 100644
index 5bd2778a9..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIHWBnv6tDi/CTTWOQi/0XME7r8Wd5GRPaXx3wNTElpSvoAoGCCqGSM49
-AwEHoUQDQgAE3/e/qXw58jyAPYH+m2E2YiIzQQGwowiKscVqLv6DKv/VdTttL8iP
-3YNoN8s03cxElGvl/NX6Kfotp/cpgaiNTQ==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.secrets b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 1ef3eccb5..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA moonKey.pem
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index d68b6e57a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
-
- plugins {
- openssl {
- fips_mode = 2
- }
- }
-}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
deleted file mode 100755
index 6a5b18de6..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
+++ /dev/null
@@ -1,638 +0,0 @@
-#!/bin/sh
-# default updown script
-#
-# Copyright (C) 2003-2004 Nigel Meteringham
-# Copyright (C) 2003-2004 Tuomo Soini
-# Copyright (C) 2002-2004 Michael Richardson
-# Copyright (C) 2005-2007 Andreas Steffen <andreas.steffen@strongswan.org>
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# for more details.
-
-# CAUTION: Installing a new version of strongSwan will install a new
-# copy of this script, wiping out any custom changes you make. If
-# you need changes, make a copy of this under another name, and customize
-# that, and use the (left/right)updown parameters in ipsec.conf to make
-# strongSwan use yours instead of this default one.
-
-# PLUTO_VERSION
-# indicates what version of this interface is being
-# used. This document describes version 1.1. This
-# is upwardly compatible with version 1.0.
-#
-# PLUTO_VERB
-# specifies the name of the operation to be performed
-# (prepare-host, prepare-client, up-host, up-client,
-# down-host, or down-client). If the address family
-# for security gateway to security gateway communica-
-# tions is IPv6, then a suffix of -v6 is added to the
-# verb.
-#
-# PLUTO_CONNECTION
-# is the name of the connection for which we are
-# routing.
-#
-# PLUTO_INTERFACE
-# is the name of the ipsec interface to be used.
-#
-# PLUTO_REQID
-# is the requid of the AH|ESP policy
-#
-# PLUTO_PROTO
-# is the negotiated IPsec protocol, ah|esp
-#
-# PLUTO_IPCOMP
-# is not empty if IPComp was negotiated
-#
-# PLUTO_UNIQUEID
-# is the unique identifier of the associated IKE_SA
-#
-# PLUTO_ME
-# is the IP address of our host.
-#
-# PLUTO_MY_ID
-# is the ID of our host.
-#
-# PLUTO_MY_CLIENT
-# is the IP address / count of our client subnet. If
-# the client is just the host, this will be the
-# host's own IP address / max (where max is 32 for
-# IPv4 and 128 for IPv6).
-#
-# PLUTO_MY_SOURCEIP
-# PLUTO_MY_SOURCEIP4_$i
-# PLUTO_MY_SOURCEIP6_$i
-# contains IPv4/IPv6 virtual IP received from a responder,
-# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
-# virtual IP, IPv4 or IPv6.
-#
-# PLUTO_MY_PROTOCOL
-# is the IP protocol that will be transported.
-#
-# PLUTO_MY_PORT
-# is the UDP/TCP port to which the IPsec SA is
-# restricted on our side. For ICMP/ICMPv6 this contains the
-# message type, and PLUTO_PEER_PORT the message code.
-#
-# PLUTO_PEER
-# is the IP address of our peer.
-#
-# PLUTO_PEER_ID
-# is the ID of our peer.
-#
-# PLUTO_PEER_CLIENT
-# is the IP address / count of the peer's client sub-
-# net. If the client is just the peer, this will be
-# the peer's own IP address / max (where max is 32
-# for IPv4 and 128 for IPv6).
-#
-# PLUTO_PEER_SOURCEIP
-# PLUTO_PEER_SOURCEIP4_$i
-# PLUTO_PEER_SOURCEIP6_$i
-# contains IPv4/IPv6 virtual IP sent to an initiator,
-# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
-# virtual IP, IPv4 or IPv6.
-#
-# PLUTO_PEER_PROTOCOL
-# is the IP protocol that will be transported.
-#
-# PLUTO_PEER_PORT
-# is the UDP/TCP port to which the IPsec SA is
-# restricted on the peer side. For ICMP/ICMPv6 this contains the
-# message code, and PLUTO_MY_PORT the message type.
-#
-# PLUTO_XAUTH_ID
-# is an optional user ID employed by the XAUTH protocol
-#
-# PLUTO_MARK_IN
-# is an optional XFRM mark set on the inbound IPsec SA
-#
-# PLUTO_MARK_OUT
-# is an optional XFRM mark set on the outbound IPsec SA
-#
-# PLUTO_UDP_ENC
-# contains the remote UDP port in the case of ESP_IN_UDP
-# encapsulation
-#
-# PLUTO_DNS4_$i
-# PLUTO_DNS6_$i
-# contains IPv4/IPv6 DNS server attribute received from a
-# responder, $i enumerates from 1 to the number of servers per
-# address family.
-#
-
-# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin"
-export PATH
-
-# comment to disable logging VPN connections to syslog
-VPN_LOGGING=1
-#
-# tag put in front of each log entry:
-TAG=vpn
-#
-# syslog facility and priority used:
-FAC_PRIO=local0.notice
-#
-# to create a special vpn logging file, put the following line into
-# the syslog configuration file /etc/syslog.conf:
-#
-# local0.notice -/var/log/vpn
-
-# check interface version
-case "$PLUTO_VERSION" in
-1.[0|1]) # Older release?!? Play it safe, script may be using new features.
- echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
- echo "$0: called by obsolete release?" >&2
- exit 2
- ;;
-1.*) ;;
-*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
- exit 2
- ;;
-esac
-
-# check parameter(s)
-case "$1:$*" in
-':') # no parameters
- ;;
-iptables:iptables) # due to (left/right)firewall; for default script only
- ;;
-custom:*) # custom parameters (see above CAUTION comment)
- ;;
-*) echo "$0: unknown parameters \`$*'" >&2
- exit 2
- ;;
-esac
-
-IPSEC_POLICY="-m policy --pol ipsec --proto $PLUTO_PROTO --reqid $PLUTO_REQID"
-IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
-IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
-
-# use protocol specific options to set ports
-case "$PLUTO_MY_PROTOCOL" in
-1) # ICMP
- ICMP_TYPE_OPTION="--icmp-type"
- ;;
-58) # ICMPv6
- ICMP_TYPE_OPTION="--icmpv6-type"
- ;;
-*)
- ;;
-esac
-
-# are there port numbers?
-if [ "$PLUTO_MY_PORT" != 0 ]
-then
- if [ -n "$ICMP_TYPE_OPTION" ]
- then
- S_MY_PORT="$ICMP_TYPE_OPTION $PLUTO_MY_PORT"
- D_MY_PORT="$ICMP_TYPE_OPTION $PLUTO_MY_PORT"
- else
- S_MY_PORT="--sport $PLUTO_MY_PORT"
- D_MY_PORT="--dport $PLUTO_MY_PORT"
- fi
-fi
-if [ "$PLUTO_PEER_PORT" != 0 ]
-then
- if [ -n "$ICMP_TYPE_OPTION" ]
- then
- # the syntax is --icmp[v6]-type type[/code], so add it to the existing option
- S_MY_PORT="$S_MY_PORT/$PLUTO_PEER_PORT"
- D_MY_PORT="$D_MY_PORT/$PLUTO_PEER_PORT"
- else
- S_PEER_PORT="--sport $PLUTO_PEER_PORT"
- D_PEER_PORT="--dport $PLUTO_PEER_PORT"
- fi
-fi
-
-# resolve octal escape sequences
-PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
-PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
-
-case "$PLUTO_VERB:$1" in
-up-host:)
- # connection to me coming up
- # If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- ;;
-down-host:)
- # connection to me going down
- # If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- ;;
-up-client:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
- ;;
-down-client:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
- ;;
-up-host:iptables)
- # connection to me, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- #
- # allow IPIP traffic because of the implicit SA created by the kernel if
- # IPComp is used (for small inbound packets that are not compressed)
- if [ -n "$PLUTO_IPCOMP" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec host connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-down-host:iptables)
- # connection to me, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- #
- # IPIP exception teardown
- if [ -n "$PLUTO_IPCOMP" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec host connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-up-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # allow IPIP traffic because of the implicit SA created by the kernel if
- # IPComp is used (for small inbound packets that are not compressed).
- # INPUT is correct here even for forwarded traffic.
- if [ -n "$PLUTO_IPCOMP" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec client connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-down-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # IPIP exception teardown
- if [ -n "$PLUTO_IPCOMP" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec client connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-#
-# IPv6
-#
-up-host-v6:)
- # connection to me coming up
- # If you are doing a custom version, firewall commands go here.
- ;;
-down-host-v6:)
- # connection to me going down
- # If you are doing a custom version, firewall commands go here.
- ;;
-up-client-v6:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
- ;;
-down-client-v6:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
- ;;
-up-host-v6:iptables)
- # connection to me, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- #
- # allow IP6IP6 traffic because of the implicit SA created by the kernel if
- # IPComp is used (for small inbound packets that are not compressed)
- if [ -n "$PLUTO_IPCOMP" ]
- then
- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec host connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/128" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-down-host-v6:iptables)
- # connection to me, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- #
- # IP6IP6 exception teardown
- if [ -n "$PLUTO_IPCOMP" ]
- then
- ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec host connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/128" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-up-client-v6:iptables)
- # connection to client subnet, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
- then
- ip6tables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
- ip6tables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # allow IP6IP6 traffic because of the implicit SA created by the kernel if
- # IPComp is used (for small inbound packets that are not compressed).
- # INPUT is correct here even for forwarded traffic.
- if [ -n "$PLUTO_IPCOMP" ]
- then
- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec client connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/128" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-down-client-v6:iptables)
- # connection to client subnet, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
- then
- ip6tables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- ip6tables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # IP6IP6 exception teardown
- if [ -n "$PLUTO_IPCOMP" ]
- then
- ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec client connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/128" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
- exit 1
- ;;
-esac
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
index c8f63bced..ee8cbcdef 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
index f2c60511b..f5b116b3b 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = pem pkcs1 random nonce openssl curl revocation stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
index 28a5cad31..2236a5f71 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
index 7af4b4e37..4aa2068f4 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -3,6 +3,11 @@
charon {
load = pem pkcs1 random nonce openssl curl revocation stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
libtls {
diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf
index dcd98b4de..ec3daa00a 100644
--- a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
lifetime=10s
diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
index 4234eb134..855ba919d 100644
--- a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
@@ -4,4 +4,9 @@ charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
# remove rekeyed inbound SA a bit quicker for the test scenario
delete_rekeyed_delay = 2
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/sql/ip-pool-db-expired/evaltest.dat b/testing/tests/sql/ip-pool-db-expired/evaltest.dat
index a105fc040..cf289abd0 100644
--- a/testing/tests/sql/ip-pool-db-expired/evaltest.dat
+++ b/testing/tests/sql/ip-pool-db-expired/evaltest.dat
@@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
moon:: cat /var/log/daemon.log::assigning virtual IP::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
-moon:: ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.0.6.*1h.*2::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
+moon:: ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.0.6.*60m.*2::YES
moon:: ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
moon:: ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/ip-pool-db-expired/posttest.dat b/testing/tests/sql/ip-pool-db-expired/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/ip-pool-db-expired/posttest.dat
+++ b/testing/tests/sql/ip-pool-db-expired/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/ip-pool-db-expired/pretest.dat b/testing/tests/sql/ip-pool-db-expired/pretest.dat
index 068d72917..f8b710495 100644
--- a/testing/tests/sql/ip-pool-db-expired/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-expired/pretest.dat
@@ -5,12 +5,15 @@ moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --leases 2> /dev/null
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/ip-pool-db-restart/posttest.dat b/testing/tests/sql/ip-pool-db-restart/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/ip-pool-db-restart/posttest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/ip-pool-db-restart/pretest.dat b/testing/tests/sql/ip-pool-db-restart/pretest.dat
index 374693e36..e918fc238 100644
--- a/testing/tests/sql/ip-pool-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/pretest.dat
@@ -5,12 +5,15 @@ moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --leases 2> /dev/null
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/ip-pool-db/posttest.dat b/testing/tests/sql/ip-pool-db/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/ip-pool-db/posttest.dat
+++ b/testing/tests/sql/ip-pool-db/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/ip-pool-db/pretest.dat b/testing/tests/sql/ip-pool-db/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/ip-pool-db/pretest.dat
+++ b/testing/tests/sql/ip-pool-db/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/ip-split-pools-db-restart/posttest.dat b/testing/tests/sql/ip-split-pools-db-restart/posttest.dat
index b257564dc..ea0241af0 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/posttest.dat
+++ b/testing/tests/sql/ip-split-pools-db-restart/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
diff --git a/testing/tests/sql/ip-split-pools-db-restart/pretest.dat b/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
index d0c7b9c76..084bcd2f4 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
@@ -6,9 +6,12 @@ carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --status 2> /dev/null
moon::ipsec pool --leases 2> /dev/null
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/ip-split-pools-db/posttest.dat b/testing/tests/sql/ip-split-pools-db/posttest.dat
index b257564dc..ea0241af0 100644
--- a/testing/tests/sql/ip-split-pools-db/posttest.dat
+++ b/testing/tests/sql/ip-split-pools-db/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
diff --git a/testing/tests/sql/ip-split-pools-db/pretest.dat b/testing/tests/sql/ip-split-pools-db/pretest.dat
index e1f0c22ae..94df5b360 100644
--- a/testing/tests/sql/ip-split-pools-db/pretest.dat
+++ b/testing/tests/sql/ip-split-pools-db/pretest.dat
@@ -5,9 +5,12 @@ moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --status 2> /dev/null
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/multi-level-ca/posttest.dat b/testing/tests/sql/multi-level-ca/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/multi-level-ca/posttest.dat
+++ b/testing/tests/sql/multi-level-ca/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/multi-level-ca/pretest.dat b/testing/tests/sql/multi-level-ca/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/multi-level-ca/pretest.dat
+++ b/testing/tests/sql/multi-level-ca/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/net2net-cert/posttest.dat b/testing/tests/sql/net2net-cert/posttest.dat
index 59badb867..8b792b878 100644
--- a/testing/tests/sql/net2net-cert/posttest.dat
+++ b/testing/tests/sql/net2net-cert/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-cert/pretest.dat b/testing/tests/sql/net2net-cert/pretest.dat
index 6580e7604..dd91c3859 100644
--- a/testing/tests/sql/net2net-cert/pretest.dat
+++ b/testing/tests/sql/net2net-cert/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
-moon::expect-connection net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection net-net
sun::expect-connection net-net
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/sql/net2net-psk/posttest.dat b/testing/tests/sql/net2net-psk/posttest.dat
index 59badb867..8b792b878 100644
--- a/testing/tests/sql/net2net-psk/posttest.dat
+++ b/testing/tests/sql/net2net-psk/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-psk/pretest.dat b/testing/tests/sql/net2net-psk/pretest.dat
index 6580e7604..dd91c3859 100644
--- a/testing/tests/sql/net2net-psk/pretest.dat
+++ b/testing/tests/sql/net2net-psk/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
-moon::expect-connection net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection net-net
sun::expect-connection net-net
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/sql/net2net-route-pem/posttest.dat b/testing/tests/sql/net2net-route-pem/posttest.dat
index 59badb867..8b792b878 100644
--- a/testing/tests/sql/net2net-route-pem/posttest.dat
+++ b/testing/tests/sql/net2net-route-pem/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-route-pem/pretest.dat b/testing/tests/sql/net2net-route-pem/pretest.dat
index 576bd6738..614109c91 100644
--- a/testing/tests/sql/net2net-route-pem/pretest.dat
+++ b/testing/tests/sql/net2net-route-pem/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
alice::ping -c 1 -W 1 10.2.0.10
bob::ping -c 1 -W 1 10.1.0.20
diff --git a/testing/tests/sql/net2net-start-pem/posttest.dat b/testing/tests/sql/net2net-start-pem/posttest.dat
index 59badb867..8b792b878 100644
--- a/testing/tests/sql/net2net-start-pem/posttest.dat
+++ b/testing/tests/sql/net2net-start-pem/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-start-pem/pretest.dat b/testing/tests/sql/net2net-start-pem/pretest.dat
index 8fc6d1a1c..f5eef5528 100644
--- a/testing/tests/sql/net2net-start-pem/pretest.dat
+++ b/testing/tests/sql/net2net-start-pem/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
sun::expect-connection net-net
-moon::service charon start 2> /dev/null
-moon::sleep 4
+moon::systemctl start strongswan-swanctl
+moon::sleep 4
diff --git a/testing/tests/sql/rw-cert/posttest.dat b/testing/tests/sql/rw-cert/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-cert/posttest.dat
+++ b/testing/tests/sql/rw-cert/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-cert/pretest.dat b/testing/tests/sql/rw-cert/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-cert/pretest.dat
+++ b/testing/tests/sql/rw-cert/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-eap-aka-rsa/posttest.dat b/testing/tests/sql/rw-eap-aka-rsa/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/posttest.dat
+++ b/testing/tests/sql/rw-eap-aka-rsa/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-eap-aka-rsa/pretest.dat b/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
index d964629a2..3b1742150 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
+++ b/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-eap-aka
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-psk-ipv4/posttest.dat b/testing/tests/sql/rw-psk-ipv4/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-psk-ipv4/posttest.dat
+++ b/testing/tests/sql/rw-psk-ipv4/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-psk-ipv4/pretest.dat b/testing/tests/sql/rw-psk-ipv4/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/sql/rw-psk-ipv4/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-psk-ipv6/posttest.dat b/testing/tests/sql/rw-psk-ipv6/posttest.dat
index 3f82576b6..8248b2d4d 100644
--- a/testing/tests/sql/rw-psk-ipv6/posttest.dat
+++ b/testing/tests/sql/rw-psk-ipv6/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-psk-ipv6/pretest.dat b/testing/tests/sql/rw-psk-ipv6/pretest.dat
index 60a1055a2..0659eabbc 100644
--- a/testing/tests/sql/rw-psk-ipv6/pretest.dat
+++ b/testing/tests/sql/rw-psk-ipv6/pretest.dat
@@ -4,6 +4,9 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
@@ -13,9 +16,9 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-psk-rsa-split/posttest.dat b/testing/tests/sql/rw-psk-rsa-split/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-psk-rsa-split/posttest.dat
+++ b/testing/tests/sql/rw-psk-rsa-split/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-psk-rsa-split/pretest.dat b/testing/tests/sql/rw-psk-rsa-split/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-psk-rsa-split/pretest.dat
+++ b/testing/tests/sql/rw-psk-rsa-split/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-rsa-keyid/posttest.dat b/testing/tests/sql/rw-rsa-keyid/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-rsa-keyid/posttest.dat
+++ b/testing/tests/sql/rw-rsa-keyid/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-rsa-keyid/pretest.dat b/testing/tests/sql/rw-rsa-keyid/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-rsa-keyid/pretest.dat
+++ b/testing/tests/sql/rw-rsa-keyid/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-rsa/posttest.dat b/testing/tests/sql/rw-rsa/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-rsa/posttest.dat
+++ b/testing/tests/sql/rw-rsa/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-rsa/pretest.dat b/testing/tests/sql/rw-rsa/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-rsa/pretest.dat
+++ b/testing/tests/sql/rw-rsa/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/shunt-policies-nat-rw/posttest.dat b/testing/tests/sql/shunt-policies-nat-rw/posttest.dat
index b02b19357..f66c5c57c 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/posttest.dat
+++ b/testing/tests/sql/shunt-policies-nat-rw/posttest.dat
@@ -1,5 +1,5 @@
-alice::service charon stop 2> /dev/null
-venus::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+alice::systemctl stop strongswan-swanctl
+venus::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
sun::iptables-restore < /etc/iptables.flush
moon::iptables -t nat -F
diff --git a/testing/tests/sql/shunt-policies-nat-rw/pretest.dat b/testing/tests/sql/shunt-policies-nat-rw/pretest.dat
index 8d61e4c87..d95028998 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/pretest.dat
+++ b/testing/tests/sql/shunt-policies-nat-rw/pretest.dat
@@ -4,12 +4,15 @@ sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipse
alice::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
venus::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+alice::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+venus::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-sun::service charon start 2> /dev/null
-alice::service charon start 2> /dev/null
-venus::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+alice::systemctl start strongswan-swanctl
+venus::systemctl start strongswan-swanctl
sun::expect-connection nat-t
alice::expect-connection nat-t
alice::swanctl --initiate --child nat-t 2> /dev/null
diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
index 1f367c2a0..ad4c18e43 100755
--- a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
index 1f367c2a0..ad4c18e43 100755
--- a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
index ff6e7193e..ad4c18e43 100755
--- a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/config-payload/posttest.dat b/testing/tests/swanctl/config-payload/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/config-payload/posttest.dat
+++ b/testing/tests/swanctl/config-payload/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/config-payload/pretest.dat b/testing/tests/swanctl/config-payload/pretest.dat
index 9c281d032..706c08b5f 100755
--- a/testing/tests/swanctl/config-payload/pretest.dat
+++ b/testing/tests/swanctl/config-payload/pretest.dat
@@ -2,9 +2,9 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
moon::cat /etc/swanctl/swanctl_base.conf
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-carol
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf
index 61ff4005b..48e34abba 100644
--- a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
cache_crls = yes
}
diff --git a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf
index 61ff4005b..48e34abba 100644
--- a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
cache_crls = yes
}
diff --git a/testing/tests/swanctl/crl-to-cache/posttest.dat b/testing/tests/swanctl/crl-to-cache/posttest.dat
index 210685a90..58dfa27b8 100644
--- a/testing/tests/swanctl/crl-to-cache/posttest.dat
+++ b/testing/tests/swanctl/crl-to-cache/posttest.dat
@@ -1,4 +1,4 @@
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/x509crl/*
carol::rm /etc/swanctl/x509crl/*
diff --git a/testing/tests/swanctl/crl-to-cache/pretest.dat b/testing/tests/swanctl/crl-to-cache/pretest.dat
index 8f72f9cc7..b9e2a8eee 100644
--- a/testing/tests/swanctl/crl-to-cache/pretest.dat
+++ b/testing/tests/swanctl/crl-to-cache/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf
index dda67e0fc..9932df379 100755
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf
index dda67e0fc..9932df379 100755
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf
index 1f1e0a652..c00d3dc4b 100755
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -4,14 +4,9 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
plugins {
dhcp {
server = 10.1.255.255
diff --git a/testing/tests/swanctl/dhcp-dynamic/posttest.dat b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
index 87e731511..37e8b02d8 100644
--- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
venus::cat /var/state/dhcp/dhcpd.leases
venus::server isc-dhcp-server stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/dhcp-dynamic/pretest.dat b/testing/tests/swanctl/dhcp-dynamic/pretest.dat
index fd3d1bf5b..ace13851a 100644
--- a/testing/tests/swanctl/dhcp-dynamic/pretest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/pretest.dat
@@ -3,9 +3,9 @@ carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
venus::cat /etc/dhcp/dhcpd.conf
venus::service isc-dhcp-server start 2> /dev/null
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
index 2a7eaaa15..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
index 2a7eaaa15..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
index 2a7eaaa15..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/frags-ipv4/posttest.dat b/testing/tests/swanctl/frags-ipv4/posttest.dat
index 17e36599c..2b4cc0c1a 100755
--- a/testing/tests/swanctl/frags-ipv4/posttest.dat
+++ b/testing/tests/swanctl/frags-ipv4/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/frags-ipv4/pretest.dat b/testing/tests/swanctl/frags-ipv4/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/frags-ipv4/pretest.dat
+++ b/testing/tests/swanctl/frags-ipv4/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
index f9c0ace55..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
index f9c0ace55..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
index f9c0ace55..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
}
diff --git a/testing/tests/swanctl/frags-ipv6/posttest.dat b/testing/tests/swanctl/frags-ipv6/posttest.dat
index 39b16a9be..07434159c 100755
--- a/testing/tests/swanctl/frags-ipv6/posttest.dat
+++ b/testing/tests/swanctl/frags-ipv6/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/frags-ipv6/pretest.dat b/testing/tests/swanctl/frags-ipv6/pretest.dat
index 9593ac9f8..131ec9937 100755
--- a/testing/tests/swanctl/frags-ipv6/pretest.dat
+++ b/testing/tests/swanctl/frags-ipv6/pretest.dat
@@ -7,9 +7,9 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
index 11b1576e4..886b31f9b 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
index be90bde25..886b31f9b 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
index 885d986c3..31cf56d24 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
plugins {
attr-sql {
@@ -21,4 +16,5 @@ charon {
pool {
load = sqlite
+ database = sqlite:///etc/db.d/ipsec.db
}
diff --git a/testing/tests/swanctl/ip-pool-db/posttest.dat b/testing/tests/swanctl/ip-pool-db/posttest.dat
index 2644b3941..9767f38a5 100755
--- a/testing/tests/swanctl/ip-pool-db/posttest.dat
+++ b/testing/tests/swanctl/ip-pool-db/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/ip-pool-db/pretest.dat b/testing/tests/swanctl/ip-pool-db/pretest.dat
index 955a3c9be..9573581df 100755
--- a/testing/tests/swanctl/ip-pool-db/pretest.dat
+++ b/testing/tests/swanctl/ip-pool-db/pretest.dat
@@ -7,9 +7,9 @@ moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
index 67e5a616a..ad4c18e43 100755
--- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/ip-pool/posttest.dat b/testing/tests/swanctl/ip-pool/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/ip-pool/posttest.dat
+++ b/testing/tests/swanctl/ip-pool/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/ip-pool/pretest.dat b/testing/tests/swanctl/ip-pool/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/ip-pool/pretest.dat
+++ b/testing/tests/swanctl/ip-pool/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/manual-prio/posttest.dat b/testing/tests/swanctl/manual-prio/posttest.dat
index fd9726374..c9dcaa167 100755
--- a/testing/tests/swanctl/manual-prio/posttest.dat
+++ b/testing/tests/swanctl/manual-prio/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/swanctl/manual-prio/pretest.dat b/testing/tests/swanctl/manual-prio/pretest.dat
index 8613a0189..ba345ffea 100755
--- a/testing/tests/swanctl/manual-prio/pretest.dat
+++ b/testing/tests/swanctl/manual-prio/pretest.dat
@@ -1,9 +1,9 @@
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
carol::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
index 7e2ee002e..54b79b35d 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
index 7e2ee002e..54b79b35d 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
index 40b0c5962..b18ba6809 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat
index 25354d363..010a4f9c4 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat
@@ -1,4 +1,4 @@
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat
index a6909c89f..57d39a5e6 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat
@@ -5,9 +5,9 @@ alice::cat /etc/freeradius/triplets.dat
carol::cat /etc/ipsec.d/triplets.dat
dave::cat /etc/ipsec.d/triplets.dat
alice::radiusd
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
index 7c5aca6bf..f3b571a1b 100644
--- a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
index 7c5aca6bf..f3b571a1b 100644
--- a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
index 6d368f08b..f3b571a1b 100644
--- a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/multi-level-ca/posttest.dat b/testing/tests/swanctl/multi-level-ca/posttest.dat
index acac04a3b..53013d08d 100644
--- a/testing/tests/swanctl/multi-level-ca/posttest.dat
+++ b/testing/tests/swanctl/multi-level-ca/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
-carol::rm -r /etc/swanctl
-dave::rm -r /etc/swanctl
-moon::rm -r /etc/swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
diff --git a/testing/tests/swanctl/multi-level-ca/pretest.dat b/testing/tests/swanctl/multi-level-ca/pretest.dat
index 4c1be2e14..e7f2ef179 100644
--- a/testing/tests/swanctl/multi-level-ca/pretest.dat
+++ b/testing/tests/swanctl/multi-level-ca/pretest.dat
@@ -1,6 +1,6 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection research
carol::expect-connection alice
carol::swanctl --initiate --child alice 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-cert/posttest.dat b/testing/tests/swanctl/net2net-cert/posttest.dat
index 30d10b555..755f0e5f8 100755
--- a/testing/tests/swanctl/net2net-cert/posttest.dat
+++ b/testing/tests/swanctl/net2net-cert/posttest.dat
@@ -1,5 +1,5 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-cert/pretest.dat b/testing/tests/swanctl/net2net-cert/pretest.dat
index b128bef44..9440ddab0 100755
--- a/testing/tests/swanctl/net2net-cert/pretest.dat
+++ b/testing/tests/swanctl/net2net-cert/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf
index d766a705c..a35aea01c 100755
--- a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf
@@ -1,22 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- default = 1
- }
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf
index d766a705c..a35aea01c 100755
--- a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf
@@ -1,22 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- default = 1
- }
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-ed25519/posttest.dat b/testing/tests/swanctl/net2net-ed25519/posttest.dat
index 8d47767a0..30f6ede76 100755
--- a/testing/tests/swanctl/net2net-ed25519/posttest.dat
+++ b/testing/tests/swanctl/net2net-ed25519/posttest.dat
@@ -1,6 +1,6 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::rm /etc/swanctl/pkcs8/*
diff --git a/testing/tests/swanctl/net2net-ed25519/pretest.dat b/testing/tests/swanctl/net2net-ed25519/pretest.dat
index f939b3ac4..410253e54 100755
--- a/testing/tests/swanctl/net2net-ed25519/pretest.dat
+++ b/testing/tests/swanctl/net2net-ed25519/pretest.dat
@@ -2,8 +2,8 @@ moon::rm /etc/swanctl/rsa/moonKey.pem
sun::rm /etc/swanctl/rsa/sunKey.pem
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
index 4f54f610a..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
index 4f54f610a..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
index 4f54f610a..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-gw/posttest.dat b/testing/tests/swanctl/net2net-gw/posttest.dat
index 94914f832..b29cf321e 100755
--- a/testing/tests/swanctl/net2net-gw/posttest.dat
+++ b/testing/tests/swanctl/net2net-gw/posttest.dat
@@ -1,8 +1,8 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
sun::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
-carol::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-gw/pretest.dat b/testing/tests/swanctl/net2net-gw/pretest.dat
index e3136491c..acfd0e95e 100755
--- a/testing/tests/swanctl/net2net-gw/pretest.dat
+++ b/testing/tests/swanctl/net2net-gw/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
carol::expect-connection gw-moon
carol::expect-connection gw-sun
moon::expect-connection gw-gw
diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf
index 2ff6ac024..812c12bf9 100644
--- a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf
@@ -4,15 +4,11 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
multiple_authentication = no
+
plugins {
forecast {
groups = 224.0.0.251
diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf
index b119e8274..1c5da7b88 100644
--- a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
multiple_authentication = no
+
plugins {
forecast {
groups = 224.0.0.251
diff --git a/testing/tests/swanctl/net2net-multicast/posttest.dat b/testing/tests/swanctl/net2net-multicast/posttest.dat
index ba484f90d..dc6949dbb 100644
--- a/testing/tests/swanctl/net2net-multicast/posttest.dat
+++ b/testing/tests/swanctl/net2net-multicast/posttest.dat
@@ -1,3 +1,3 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
diff --git a/testing/tests/swanctl/net2net-multicast/pretest.dat b/testing/tests/swanctl/net2net-multicast/pretest.dat
index 5b8d98879..c5b1bdbfd 100644
--- a/testing/tests/swanctl/net2net-multicast/pretest.dat
+++ b/testing/tests/swanctl/net2net-multicast/pretest.dat
@@ -1,7 +1,7 @@
moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf
index 531e286ce..29e75f7b8 100644
--- a/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf
index 531e286ce..29e75f7b8 100644
--- a/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-pubkey/posttest.dat b/testing/tests/swanctl/net2net-pubkey/posttest.dat
index c2227a5dd..a8696960d 100644
--- a/testing/tests/swanctl/net2net-pubkey/posttest.dat
+++ b/testing/tests/swanctl/net2net-pubkey/posttest.dat
@@ -1,6 +1,6 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::rm /etc/swanctl/pubkey/*
diff --git a/testing/tests/swanctl/net2net-pubkey/pretest.dat b/testing/tests/swanctl/net2net-pubkey/pretest.dat
index b4f48af72..021675bc5 100644
--- a/testing/tests/swanctl/net2net-pubkey/pretest.dat
+++ b/testing/tests/swanctl/net2net-pubkey/pretest.dat
@@ -2,8 +2,8 @@ sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
sun::cd /etc/swanctl; rm x509/* x509ca/*
moon::cd /etc/swanctl; rm x509/* x509ca/*
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
sun::expect-connection gw-gw
moon::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
index 4ca179a5f..61d2bd9e4 100755
--- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-route/posttest.dat b/testing/tests/swanctl/net2net-route/posttest.dat
index 30d10b555..755f0e5f8 100755
--- a/testing/tests/swanctl/net2net-route/posttest.dat
+++ b/testing/tests/swanctl/net2net-route/posttest.dat
@@ -1,5 +1,5 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-route/pretest.dat b/testing/tests/swanctl/net2net-route/pretest.dat
index 459879bbc..fa303b64e 100755
--- a/testing/tests/swanctl/net2net-route/pretest.dat
+++ b/testing/tests/swanctl/net2net-route/pretest.dat
@@ -1,7 +1,7 @@
sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
sun::expect-connection gw-gw
moon::expect-connection gw-gw
alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB
diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
index f102eeeae..73bb5f6b3 100755
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
index f102eeeae..73bb5f6b3 100755
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat
index 30d10b555..755f0e5f8 100755
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat
@@ -1,5 +1,5 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat
index b128bef44..9440ddab0 100755
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
index 1f367c2a0..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
index 1f367c2a0..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-start/posttest.dat b/testing/tests/swanctl/net2net-start/posttest.dat
index 30d10b555..755f0e5f8 100755
--- a/testing/tests/swanctl/net2net-start/posttest.dat
+++ b/testing/tests/swanctl/net2net-start/posttest.dat
@@ -1,5 +1,5 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-start/pretest.dat b/testing/tests/swanctl/net2net-start/pretest.dat
index 6c1783b74..681293753 100755
--- a/testing/tests/swanctl/net2net-start/pretest.dat
+++ b/testing/tests/swanctl/net2net-start/pretest.dat
@@ -1,5 +1,5 @@
sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
moon::sleep 0.5
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
index e3eb4e36d..79b138bd5 100644
--- a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auths = /usr/local/sbin/swanctl --load-authorities
- }
plugins {
revocation {
enable_ocsp = no
}
- }
+ }
}
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
index 3912f5e07..2e78d2279 100644
--- a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
@@ -1,12 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
revocation {
enable_ocsp = no
diff --git a/testing/tests/swanctl/ocsp-disabled/posttest.dat b/testing/tests/swanctl/ocsp-disabled/posttest.dat
index 672f4188c..f13bb51b0 100644
--- a/testing/tests/swanctl/ocsp-disabled/posttest.dat
+++ b/testing/tests/swanctl/ocsp-disabled/posttest.dat
@@ -1,3 +1,3 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
diff --git a/testing/tests/swanctl/ocsp-disabled/pretest.dat b/testing/tests/swanctl/ocsp-disabled/pretest.dat
index e6d60458d..864909e24 100644
--- a/testing/tests/swanctl/ocsp-disabled/pretest.dat
+++ b/testing/tests/swanctl/ocsp-disabled/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
index acf2151a9..f3b571a1b 100644
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
index 6d368f08b..f3b571a1b 100644
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
index 6d368f08b..f3b571a1b 100644
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ocsp-multi-level/posttest.dat b/testing/tests/swanctl/ocsp-multi-level/posttest.dat
index acac04a3b..53013d08d 100644
--- a/testing/tests/swanctl/ocsp-multi-level/posttest.dat
+++ b/testing/tests/swanctl/ocsp-multi-level/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
-carol::rm -r /etc/swanctl
-dave::rm -r /etc/swanctl
-moon::rm -r /etc/swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
diff --git a/testing/tests/swanctl/ocsp-multi-level/pretest.dat b/testing/tests/swanctl/ocsp-multi-level/pretest.dat
index 7b83e219d..505f17572 100644
--- a/testing/tests/swanctl/ocsp-multi-level/pretest.dat
+++ b/testing/tests/swanctl/ocsp-multi-level/pretest.dat
@@ -1,6 +1,6 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection research
carol::expect-connection home
carol::swanctl --initiate --child alice 2> /dev/null
diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
index 9ea516013..c7b494ddc 100644
--- a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auths = /usr/local/sbin/swanctl --load-authorities
- }
}
diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
index 9ba617c0a..d9c31430b 100644
--- a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ocsp-signer-cert/posttest.dat b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat
index 672f4188c..f13bb51b0 100644
--- a/testing/tests/swanctl/ocsp-signer-cert/posttest.dat
+++ b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat
@@ -1,3 +1,3 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
diff --git a/testing/tests/swanctl/ocsp-signer-cert/pretest.dat b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat
index e6d60458d..864909e24 100644
--- a/testing/tests/swanctl/ocsp-signer-cert/pretest.dat
+++ b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
diff --git a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf
index 383a24213..91e32f7ba 100644
--- a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
index 383a24213..91e32f7ba 100644
--- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/protoport-dual/posttest.dat b/testing/tests/swanctl/protoport-dual/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/swanctl/protoport-dual/posttest.dat
+++ b/testing/tests/swanctl/protoport-dual/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/protoport-dual/pretest.dat b/testing/tests/swanctl/protoport-dual/pretest.dat
index 87ee29bf6..2bdc109ab 100644
--- a/testing/tests/swanctl/protoport-dual/pretest.dat
+++ b/testing/tests/swanctl/protoport-dual/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection icmp
moon::expect-connection ssh
carol::expect-connection icmp
diff --git a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf
index 383a24213..91e32f7ba 100644
--- a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf
index 383a24213..91e32f7ba 100644
--- a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/protoport-range/posttest.dat b/testing/tests/swanctl/protoport-range/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/swanctl/protoport-range/posttest.dat
+++ b/testing/tests/swanctl/protoport-range/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/protoport-range/pretest.dat b/testing/tests/swanctl/protoport-range/pretest.dat
index b45d4b3c6..7f38b7662 100644
--- a/testing/tests/swanctl/protoport-range/pretest.dat
+++ b/testing/tests/swanctl/protoport-range/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection icmp-req
moon::expect-connection icmp-rep
moon::expect-connection ftp-ssh
diff --git a/testing/tests/swanctl/rw-cert-pss/description.txt b/testing/tests/swanctl/rw-cert-pss/description.txt
new file mode 100755
index 000000000..41c02b519
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/description.txt
@@ -0,0 +1,8 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
+and <b>IKEv2 AUTH</b> payloads based on RSA-PSS signatures.
+<p/>
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/swanctl/rw-cert-pss/evaltest.dat b/testing/tests/swanctl/rw-cert-pss/evaltest.dat
new file mode 100755
index 000000000..a62fda968
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/evaltest.dat
@@ -0,0 +1,14 @@
+carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PSS_SHA2_256 successful::YES
+moon ::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PSS_SHA2_256 successful::YES
+moon ::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA_EMSA_PSS_SHA2_512 successful::YES
+moon ::cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with RSA_EMSA_PSS_SHA2_384 successful::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave :: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon :: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon :: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..3a9630fc1
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,18 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..1454ec54c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
+
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7aceb6913
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = rsa/pss-sha512
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ rsa-carol {
+ file = carolKey.pem
+ secret = "nH5ZQEWtku0RJEZ6"
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..3a9630fc1
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,18 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4c7c177ed
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = rsa/pss-sha384
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..4bd975a00
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,20 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4ba02ad6c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/posttest.dat b/testing/tests/swanctl/rw-cert-pss/posttest.dat
new file mode 100755
index 000000000..b909ac76c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-cert-pss/pretest.dat b/testing/tests/swanctl/rw-cert-pss/pretest.dat
new file mode 100755
index 000000000..dd1a17ccb
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/pretest.dat
@@ -0,0 +1,11 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/libipsec/rw-suite-b/test.conf b/testing/tests/swanctl/rw-cert-pss/test.conf
index f29298850..1227b9d1c 100644..100755
--- a/testing/tests/libipsec/rw-suite-b/test.conf
+++ b/testing/tests/swanctl/rw-cert-pss/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
index 909bca0fc..b415e075c 100755
--- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
index 909bca0fc..b415e075c 100755
--- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
index 909bca0fc..b415e075c 100755
--- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-cert/posttest.dat b/testing/tests/swanctl/rw-cert/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-cert/posttest.dat
+++ b/testing/tests/swanctl/rw-cert/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-cert/pretest.dat b/testing/tests/swanctl/rw-cert/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/rw-cert/pretest.dat
+++ b/testing/tests/swanctl/rw-cert/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf
index ec6625370..6339790cd 100644
--- a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
plugins {
ipseckey {
enable = yes
diff --git a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf
index ec6625370..6339790cd 100644
--- a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
plugins {
ipseckey {
enable = yes
diff --git a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf
index dcca175db..617b812d5 100644
--- a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
diff --git a/testing/tests/swanctl/rw-dnssec/posttest.dat b/testing/tests/swanctl/rw-dnssec/posttest.dat
index 48a4abe78..dba97a988 100644
--- a/testing/tests/swanctl/rw-dnssec/posttest.dat
+++ b/testing/tests/swanctl/rw-dnssec/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
diff --git a/testing/tests/swanctl/rw-dnssec/pretest.dat b/testing/tests/swanctl/rw-dnssec/pretest.dat
index 5faf602fc..ca44e08fc 100644
--- a/testing/tests/swanctl/rw-dnssec/pretest.dat
+++ b/testing/tests/swanctl/rw-dnssec/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm x509/* x509ca/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
index dd99cdbf9..653488a66 100644
--- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-simaka-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
index dd99cdbf9..653488a66 100644
--- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
@@ -1,16 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-simaka-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat
+++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat
index 3842250e6..2fa2d200d 100644
--- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat
+++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat
@@ -3,8 +3,8 @@ carol::iptables-restore < /etc/iptables.rules
carol::cd /etc/ipsec.d; cat tables.sql data.sql > ipsec.sql; cat ipsec.sql | sqlite3 ipsec.db
moon::cd /etc/ipsec.d; cat tables.sql data.sql > ipsec.sql; cat ipsec.sql | sqlite3 ipsec.db
carol::cd /etc/swanctl; rm rsa/* x509/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-eap
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
index 4b8e68e6d..d2cc789b3 100644
--- a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
index 4b8e68e6d..d2cc789b3 100644
--- a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat
index 96c1ed114..8cc1c4dc5 100644
--- a/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat
@@ -1,8 +1,8 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
carol::cd /etc/swanctl; rm rsa/* x509/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-eap
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
index 14afb43a1..cae0025f6 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
}
libtls {
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
index 14afb43a1..cae0025f6 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
}
libtls {
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
index c090d6853..9c4e819c5 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
index d58694c38..90f42a1c5 100755
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
hash_and_url = yes
}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
index d58694c38..90f42a1c5 100755
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
hash_and_url = yes
}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
index d58694c38..90f42a1c5 100755
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
hash_and_url = yes
}
diff --git a/testing/tests/swanctl/rw-hash-and-url/posttest.dat b/testing/tests/swanctl/rw-hash-and-url/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-hash-and-url/posttest.dat
+++ b/testing/tests/swanctl/rw-hash-and-url/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-hash-and-url/pretest.dat b/testing/tests/swanctl/rw-hash-and-url/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/rw-hash-and-url/pretest.dat
+++ b/testing/tests/swanctl/rw-hash-and-url/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
index 22b318472..b8874523b 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,23 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
index a55b90a5d..c2b18d966 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,23 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
index e7b5caaf8..85354251d 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,23 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
index 37029c074..dc541004d 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection net-1
moon::expect-connection net-2
carol::expect-connection home
diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
index 6bfef3d39..16dcf16a1 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
@@ -1,17 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
index 1d90adb5d..475705026 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
@@ -1,17 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
index d4e3ca2e5..16dcf16a1 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-newhope-bliss/posttest.dat b/testing/tests/swanctl/rw-newhope-bliss/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/posttest.dat
+++ b/testing/tests/swanctl/rw-newhope-bliss/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-newhope-bliss/pretest.dat b/testing/tests/swanctl/rw-newhope-bliss/pretest.dat
index a550a2f6d..7772b25eb 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/pretest.dat
+++ b/testing/tests/swanctl/rw-newhope-bliss/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem
carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem
dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
index b158ccdb3..d655720cf 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
index b158ccdb3..d655720cf 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
index c6dd6be45..d655720cf 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-ntru-bliss/posttest.dat b/testing/tests/swanctl/rw-ntru-bliss/posttest.dat
index 58d5b8675..84935ec51 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/posttest.dat
+++ b/testing/tests/swanctl/rw-ntru-bliss/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-ntru-bliss/pretest.dat b/testing/tests/swanctl/rw-ntru-bliss/pretest.dat
index a550a2f6d..7772b25eb 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/pretest.dat
+++ b/testing/tests/swanctl/rw-ntru-bliss/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem
carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem
dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index 335f38995..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
index 335f38995..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index 335f38995..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/posttest.dat b/testing/tests/swanctl/rw-psk-fqdn/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/posttest.dat
+++ b/testing/tests/swanctl/rw-psk-fqdn/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
index 519b168ae..48849c8b0 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
index e539ea5f4..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -4,20 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
index 02f6c1b36..a12456f26 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -4,20 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
index c42979965..f196d2431 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -4,20 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ikev1/posttest.dat b/testing/tests/swanctl/rw-psk-ikev1/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/posttest.dat
+++ b/testing/tests/swanctl/rw-psk-ikev1/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-psk-ikev1/pretest.dat b/testing/tests/swanctl/rw-psk-ikev1/pretest.dat
index 3393f516d..51c301923 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-ikev1/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection net-1
moon::expect-connection net-2
carol::expect-connection home
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 53973cf61..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index 53973cf61..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 5efaed621..0325fe9a2 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/posttest.dat b/testing/tests/swanctl/rw-psk-ipv4/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/posttest.dat
+++ b/testing/tests/swanctl/rw-psk-ipv4/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
index 519b168ae..48849c8b0 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf
index dc166b588..331d5bc94 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf
index dc166b588..331d5bc94 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf
index 720e903c9..6b99d98a9 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-anon/posttest.dat b/testing/tests/swanctl/rw-pubkey-anon/posttest.dat
index 48a4abe78..dba97a988 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/posttest.dat
+++ b/testing/tests/swanctl/rw-pubkey-anon/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
diff --git a/testing/tests/swanctl/rw-pubkey-anon/pretest.dat b/testing/tests/swanctl/rw-pubkey-anon/pretest.dat
index 5faf602fc..ca44e08fc 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/pretest.dat
+++ b/testing/tests/swanctl/rw-pubkey-anon/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm x509/* x509ca/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf
index dc166b588..331d5bc94 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf
index dc166b588..331d5bc94 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf
index 720e903c9..6b99d98a9 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat b/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat
index 48a4abe78..dba97a988 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat
+++ b/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat b/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat
index de43d510d..e0ca17a4c 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat
+++ b/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat
@@ -5,9 +5,9 @@ moon::cd /etc/swanctl; rm x509/* x509ca/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
moon::cat /etc/swanctl/swanctl_base.conf
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-carol
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
index ee5b26120..bf799a29b 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,11 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
keep_alive = 5
}
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
index e5c0136d8..91e32f7ba 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,11 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
index ee5b26120..bf799a29b 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,11 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
keep_alive = 5
}
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat
index b02b19357..f66c5c57c 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat
@@ -1,5 +1,5 @@
-alice::service charon stop 2> /dev/null
-venus::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+alice::systemctl stop strongswan-swanctl
+venus::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
sun::iptables-restore < /etc/iptables.flush
moon::iptables -t nat -F
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat
index d6bc0709e..e871fba2b 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat
@@ -1,9 +1,9 @@
sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-sun::service charon start 2> /dev/null
-alice::service charon start 2> /dev/null
-venus::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+alice::systemctl start strongswan-swanctl
+venus::systemctl start strongswan-swanctl
sun::expect-connection nat-t
alice::expect-connection nat-t
venus::expect-connection nat-t
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf
index 2976558fc..fccc73f22 100644
--- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf
index 2976558fc..fccc73f22 100644
--- a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf
index 2976558fc..fccc73f22 100644
--- a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/xauth-rsa/posttest.dat b/testing/tests/swanctl/xauth-rsa/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/swanctl/xauth-rsa/posttest.dat
+++ b/testing/tests/swanctl/xauth-rsa/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/xauth-rsa/pretest.dat b/testing/tests/swanctl/xauth-rsa/pretest.dat
index 762c35418..dd1a17ccb 100644
--- a/testing/tests/swanctl/xauth-rsa/pretest.dat
+++ b/testing/tests/swanctl/xauth-rsa/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
index 063bb6fc9..b094a3aaa 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
}
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
index 063bb6fc9..b094a3aaa 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
}
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
index a3d85b054..aacee2221 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
}
diff --git a/testing/tests/tnc/tnccs-11-fhh/posttest.dat b/testing/tests/tnc/tnccs-11-fhh/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-11-fhh/posttest.dat
+++ b/testing/tests/tnc/tnccs-11-fhh/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11-fhh/pretest.dat b/testing/tests/tnc/tnccs-11-fhh/pretest.dat
index f0f6446bf..79340af29 100644
--- a/testing/tests/tnc/tnccs-11-fhh/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-fhh/pretest.dat
@@ -10,9 +10,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
index 80c96b677..305a9d1e6 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
index 691cdbc2d..5d17eb638 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
index 71fc7dd0c..4c9dd6e1f 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
- secret = gv6URkSs
- server = 10.1.0.10
+ secret = gv6URkSs
+ server = 10.1.0.10
filter_id = yes
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat b/testing/tests/tnc/tnccs-11-radius-block/posttest.dat
index 2989f347c..0d96563c1 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-block/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
moon::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
index cc0ce6c31..efddc609e 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
@@ -11,9 +11,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
index 978cc6659..a534ac66e 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
index 0bc6e3525..469e81156 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
@@ -1,19 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
retransmit_tries = 5
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
index 387236ebc..cbaf67c89 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
- secret = gv6URkSs
- server = 10.1.0.10
+ secret = gv6URkSs
+ server = 10.1.0.10
filter_id = yes
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat b/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat
index db806c3c9..ab96df0ed 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
carol::echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
index 5745ffede..7d0dfa385 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
@@ -15,9 +15,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
index 09ca9d0e4..1ca6c3d10 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
index 9c6f28fe3..9df983c80 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
+ syslog {
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
index 71fc7dd0c..4c9dd6e1f 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
- secret = gv6URkSs
- server = 10.1.0.10
+ secret = gv6URkSs
+ server = 10.1.0.10
filter_id = yes
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius/posttest.dat b/testing/tests/tnc/tnccs-11-radius/posttest.dat
index 2989f347c..0d96563c1 100644
--- a/testing/tests/tnc/tnccs-11-radius/posttest.dat
+++ b/testing/tests/tnc/tnccs-11-radius/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
moon::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat
index 57e2ee6b4..bb2ce93b3 100644
--- a/testing/tests/tnc/tnccs-11-radius/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius/pretest.dat
@@ -11,9 +11,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
index af30c204d..649426628 100644
--- a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
index 524536228..0a20b9407 100644
--- a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
index bba631b1f..ad5cb6205 100644
--- a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-11/posttest.dat b/testing/tests/tnc/tnccs-11/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-11/posttest.dat
+++ b/testing/tests/tnc/tnccs-11/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11/pretest.dat b/testing/tests/tnc/tnccs-11/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-11/pretest.dat
+++ b/testing/tests/tnc/tnccs-11/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
index fac3dc02d..aa8bb7cd3 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
index 168e4ec64..b3d3049be 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
index bb15d3ffa..b3845a3ee 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-20-block/posttest.dat b/testing/tests/tnc/tnccs-20-block/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-block/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-block/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-block/pretest.dat b/testing/tests/tnc/tnccs-20-block/pretest.dat
index c09abf917..13677a470 100644
--- a/testing/tests/tnc/tnccs-20-block/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-block/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
index aceddc368..fa3458e22 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
}
@@ -27,7 +20,7 @@ libtls {
libimcv {
plugins {
imc-test {
- command = isolate
+ command = isolate
retry = yes
retry_command = allow
}
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
index 7ac1a5d70..f4d6543aa 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
plugins {
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
index a0b807755..10d0ae864 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 2
@@ -34,7 +27,7 @@ libtls {
libimcv {
plugins {
imv-test {
- rounds = 0
+ rounds = 0
}
imv-scanner {
closed_port_policy = yes
diff --git a/testing/tests/tnc/tnccs-20-client-retry/posttest.dat b/testing/tests/tnc/tnccs-20-client-retry/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-client-retry/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
index 2248d002c..a327dae63 100644
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
@@ -11,7 +11,7 @@ alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by T
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::role=.softwareCreator licensor tagCreator::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
@@ -20,5 +20,5 @@ alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by passwo
alice::cat /var/log/daemon.log::received software ID events with ... items for request 9 at last eid 2 of epoch::YES
alice::cat /var/log/daemon.log::3 SWID tag target::YES
alice::cat /var/log/daemon.log::received software inventory with 3 items for request 9 at last eid 2 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf
index 1148b945a..04d7dbacc 100644
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,15 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
- auth {
- default = 0
- }
daemon {
tls = 2
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -32,7 +29,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swima {
@@ -44,6 +41,6 @@ libimcv {
}
imv_policy_manager {
- command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
- command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
+ command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
+ command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
}
diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat
index 09c8a6cbc..c0049d7fd 100644
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat
@@ -1,8 +1,8 @@
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::service charon stop
-alice::service apache2 stop
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat
index c0d732368..3e4fbefa1 100644
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat
@@ -13,8 +13,8 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
alice::rm /etc/swanctl/x509/aliceCert.pem
alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::service charon start
-alice::service apache2 start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
alice::swanctl --load-creds
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
index 073355713..e91440326 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
index 6c1b9917b..6c84f3abb 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
@@ -24,7 +17,7 @@ charon {
}
tnccs-20 {
tests {
- pb_tnc_noskip = yes
+ pb_tnc_noskip = yes
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
index 165c5ccb9..1e9995eb6 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-20-fail-init/posttest.dat b/testing/tests/tnc/tnccs-20-fail-init/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-init/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
index 56fa7a967..66c6cb541 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
index cb6abf305..a6e58ba4e 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/posttest.dat b/testing/tests/tnc/tnccs-20-fail-resp/posttest.dat
index 9af5f39a2..8158822a6 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-resp/posttest.dat
@@ -1,4 +1,4 @@
-carol::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
index 5af3b7500..d61ea90ad 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
@@ -4,8 +4,8 @@ moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
carol::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
index c3338d43b..aa4934fb1 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
index 89d9e50bd..8fc1c8729 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
index 0cd34865c..4732fbd4b 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 2
diff --git a/testing/tests/tnc/tnccs-20-fhh/posttest.dat b/testing/tests/tnc/tnccs-20-fhh/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-fhh/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-fhh/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-fhh/pretest.dat b/testing/tests/tnc/tnccs-20-fhh/pretest.dat
index f0f6446bf..79340af29 100644
--- a/testing/tests/tnc/tnccs-20-fhh/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-fhh/pretest.dat
@@ -10,9 +10,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
index 195534315..fb77fd87e 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -36,5 +30,5 @@ charon {
libimcv {
debug_level = 3
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
index f0a6c4bde..883f154b8 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 3
}
}
@@ -43,7 +36,7 @@ libimcv {
plugins {
imc-hcd {
- push_info = no
+ push_info = no
subtypes {
system {
attributes_natural_language = en
@@ -78,7 +71,7 @@ libimcv {
resident_application {
resident-app-1 {
- name = Resident App XYZ
+ name = Resident App XYZ
patches = "xmas patch 2014-12-24\r\nservice patch for App XYZ 2015-05-22\r\n"
string_version = 2.5
version = 00000002000000050000000000000000
@@ -137,7 +130,7 @@ libimcv {
version = 00000007000000080000000000000000
}
}
-
+
resident_application {
resident-app-if {
name = Resident Interface App
@@ -150,10 +143,10 @@ libimcv {
scanner {
attributes_natural_language = en
-
+
firmware {
fw-scanner {
- name = Scanner Firmware
+ name = Scanner Firmware
patches = "security patch 2013-08-11\r\nsecurity patch 2015-5-30\r\n"
string_version = 2.5.3
version = 00000002000000050000000300000000
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
index f5c3440c1..9f1718992 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 3
}
}
@@ -52,18 +45,18 @@ libimcv {
vendor_smi_code = 36906
pstn_fax_enabled = yes
time_source = 0.ch.pool.ntp.org
- user_application_enabled = no
+ user_application_enabled = no
user_application_persistence_enabled = no
firmware {
fw-1 {
- name = Firmware ABC
+ name = Firmware ABC
patches = "security patch 2014-05-08\r\nupgrade 2014-08-16\r\nsecurity patch 2015-3-22\r\n"
string_version = 1.0.7
version = 00000001000000000000000700000000
}
fw-2 {
- name = Firmware UVW
+ name = Firmware UVW
string_version = 13.8.5
version = 0000000D000000080000000500000000
}
@@ -71,7 +64,7 @@ libimcv {
resident_application {
resident-app-1 {
- name = Resident App XYZ
+ name = Resident App XYZ
patches = "xmas patch 2014-12-24\r\nservice patch 2015-05-22\r\n"
string_version = 2.5
version = 00000002000000050000000000000000
@@ -96,7 +89,7 @@ libimcv {
interface {
attributes_natural_language = en
-
+
firmware {
fw-if {
name = Interface Firmware
@@ -118,10 +111,10 @@ libimcv {
scanner {
attributes_natural_language = en
-
+
firmware {
fw-scanner {
- name = Scanner Firmware
+ name = Scanner Firmware
patches = "security patch 2013-08-11\r\nsecurity patch 2015-5-30\r\n"
string_version = 2.5.3
version = 00000002000000050000000300000000
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
index 4dae69352..08e5e38e5 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
@@ -1,17 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
secret = gv6URkSs
- #server = PH_IP6_ALICE
+ #server = PH_IP6_ALICE
server = PH_IP_ALICE
filter_id = yes
}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat
index bcd655353..33a60f9ab 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat
@@ -1,7 +1,7 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
-alice::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+alice::systemctl stop strongswan-swanctl
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
index f9b4159d9..decc2394a 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
@@ -9,10 +9,10 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
alice::rm /etc/swanctl/rsa/aliceKey.pem
alice::rm /etc/swanctl/x509/aliceCert.pem
-alice::service charon start
-moon::service charon start
-carol::service charon start
-dave::service charon start
+alice::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf
index a555970ec..a773b17be 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -36,10 +29,10 @@ libtls {
libimcv {
plugins {
imc-test {
- command = allow
+ command = allow
}
imv-test {
rounds = 1
- }
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf
index b2280db18..7e049dc02 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf
@@ -1,20 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
- multiple_authentication = no
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ multiple_authentication = no
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -38,10 +30,10 @@ libtls {
libimcv {
plugins {
imc-test {
- command = none
+ command = none
}
imv-test {
- rounds = 1
- }
+ rounds = 1
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat
index 4677e46f0..8b792b878 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop
-sun::service charon stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
index ac707d436..1a20775d8 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start
-sun::service charon start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
sun::expect-connection mutual
moon::expect-connection mutual
moon::swanctl --initiate --child mutual
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf
index 1212e2356..a773b17be 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -40,6 +33,6 @@ libimcv {
}
imv-test {
rounds = 1
- }
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf
index f29175d67..879a3cdac 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf
@@ -1,20 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
- multiple_authentication = no
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ multiple_authentication = no
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -38,10 +30,10 @@ libtls {
libimcv {
plugins {
imc-test {
- command = allow
+ command = allow
}
imv-test {
- rounds = 1
- }
+ rounds = 1
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat
index 4677e46f0..8b792b878 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop
-sun::service charon stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
index ac707d436..1a20775d8 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start
-sun::service charon start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
sun::expect-connection mutual
moon::expect-connection mutual
moon::swanctl --initiate --child mutual
diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf
index 9e694bc01..b596dbc1b 100644
--- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20
+charon-systemd {
+ load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -36,10 +30,10 @@ libtls {
libimcv {
plugins {
imc-test {
- command = allow
+ command = allow
}
imv-test {
- rounds = 1
- }
+ rounds = 1
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat
index d1f83a319..767e8f2ba 100644
--- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat
@@ -1 +1 @@
-sun::service charon stop
+sun::systemctl stop strongswan-swanctl
diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat
index 8642292a8..9da18266e 100644
--- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat
@@ -1,4 +1,4 @@
-sun::service charon start
+sun::systemctl start strongswan-swanctl
moon::cat /etc/pts/options
moon::sleep 1
moon::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
index 198b2bde3..7850e2e74 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
@@ -10,7 +10,7 @@ alice::cat /var/log/daemon.log::certificate status is good::YES
alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
@@ -21,5 +21,5 @@ alice::cat /var/log/daemon.log::received software ID inventory with ... items fo
alice::cat /var/log/daemon.log::1 SWID tag target::YES
alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
index 1148b945a..04d7dbacc 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,15 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
- auth {
- default = 0
- }
daemon {
tls = 2
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -32,7 +29,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swima {
@@ -44,6 +41,6 @@ libimcv {
}
imv_policy_manager {
- command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
- command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
+ command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
+ command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
index 09c8a6cbc..c0049d7fd 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
@@ -1,8 +1,8 @@
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::service charon stop
-alice::service apache2 stop
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
index d8ac3ab41..c895148f2 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
@@ -13,8 +13,8 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
alice::rm /etc/swanctl/x509/aliceCert.pem
alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::service charon start
-alice::service apache2 start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
alice::swanctl --load-creds
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
index 8056a90e9..5dbfa8247 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
@@ -1,19 +1,19 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*carol@strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*dave@strongswan.org - isolate::YES
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
index d3941d811..3e4d76f10 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imc = 3
pts = 3
}
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
index 134cd991c..2e249d48d 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
retransmit_tries = 5
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imc = 3
pts = 3
}
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
index e58bab611..a683ba77c 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imv = 3
pts = 3
}
@@ -34,10 +27,10 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-attestation {
- hash_algorithm = sha1
+ hash_algorithm = sha256
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-os-pts/posttest.dat b/testing/tests/tnc/tnccs-20-os-pts/posttest.dat
index ce72d2ca9..9c55c19cd 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
index 03e5f22af..1167f55ea 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
@@ -12,14 +12,14 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
-carol::expect-connection home
-carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
moon::ipsec attest --sessions
moon::ipsec attest --devices
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
index ef90078f2..3ec0227b2 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imc = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
index 4af05ad31..7de2756a9 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imc = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
index 53c515f77..8e8fda6c4 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imv = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-os/posttest.dat b/testing/tests/tnc/tnccs-20-os/posttest.dat
index ce72d2ca9..9c55c19cd 100644
--- a/testing/tests/tnc/tnccs-20-os/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-os/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-os/pretest.dat b/testing/tests/tnc/tnccs-20-os/pretest.dat
index 13ae2b71f..3c5037aae 100644
--- a/testing/tests/tnc/tnccs-20-os/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os/pretest.dat
@@ -13,9 +13,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
index 240ebbafb..e01fe4b4c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -35,7 +29,7 @@ charon {
}
libimcv {
- debug_level = 3
+ debug_level = 3
database = sqlite:///etc/db.d/config.db
policy_script = /usr/local/libexec/ipsec/imv_policy_manager
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
index 47b9affed..a8aff3883 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
index d00808398..852e0714e 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
index 8b931afc9..bcf316622 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
secret = gv6URkSs
- #server = PH_IP6_ALICE
+ #server = PH_IP6_ALICE
server = PH_IP_ALICE
filter_id = yes
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat
index e5ec2afc7..97850dc97 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat
@@ -1,8 +1,8 @@
-moon::service charon stop
-carol::service charon stop
-dave::service charon stop
-alice::service charon stop
-alice::service apache2 stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::rm /etc/swanctl/rsa/aaaKey.pem
moon::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
index 385cc305a..15dcc54d8 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
@@ -17,11 +17,11 @@ alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db
alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
-alice::service apache2 start
-alice::service charon start
-moon::service charon start
-dave::service charon start
-carol::service charon start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
index fc232bfde..bf4191618 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
@@ -9,7 +9,7 @@ alice::cat /var/log/daemon.log::certificate status is good::YES
alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
alice::cat /var/log/daemon.log::received SWID tag inventory with ... items for request 3 at eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
@@ -19,5 +19,5 @@ alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items fo
alice::cat /var/log/daemon.log::1 SWID tag target::YES
alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES
alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index b08a85bb4..944a5928d 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,15 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
- auth {
- default = 0
- }
daemon {
tls = 2
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -29,7 +26,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swid {
@@ -39,6 +36,6 @@ libimcv {
}
imv_policy_manager {
- command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
- command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
+ command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
+ command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat
index 09c8a6cbc..c0049d7fd 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat
@@ -1,8 +1,8 @@
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::service charon stop
-alice::service apache2 stop
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
index d8ac3ab41..c895148f2 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
@@ -13,8 +13,8 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
alice::rm /etc/swanctl/x509/aliceCert.pem
alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::service charon start
-alice::service apache2 start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
alice::swanctl --load-creds
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
index f4fb7e2dc..3b477dd81 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
index b7a772692..9da89723d 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
index 46ed39bb8..1e5f7becf 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
@@ -34,7 +27,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-attestation {
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat
index ce72d2ca9..9c55c19cd 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
index d89aa2309..2e95da89d 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
@@ -12,9 +12,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-dave::service charon start
-carol::service charon start
+moon::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
index 2eb34841d..8ebf56878 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
@@ -1,22 +1,15 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 3
imc = 3
- pts = 3
+ pts = 3
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
index e9fa8cb80..0b47d35e7 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
index e58bab611..bf14fe327 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
@@ -34,7 +27,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-attestation {
hash_algorithm = sha1
diff --git a/testing/tests/tnc/tnccs-20-pts/posttest.dat b/testing/tests/tnc/tnccs-20-pts/posttest.dat
index ce72d2ca9..9c55c19cd 100644
--- a/testing/tests/tnc/tnccs-20-pts/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat
index d89aa2309..2e95da89d 100644
--- a/testing/tests/tnc/tnccs-20-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/pretest.dat
@@ -12,9 +12,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-dave::service charon start
-carol::service charon start
+moon::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
index 7e51900a1..7f7f52869 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
}
@@ -27,7 +20,7 @@ libtls {
libimcv {
plugins {
imc-test {
- command = retry
+ command = retry
retry_command = allow
}
}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
index 4aeda6674..d93482b10 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
plugins {
@@ -32,7 +25,7 @@ libtls {
libimcv {
plugins {
imc-test {
- command = retry
+ command = retry
retry_command = isolate
}
imc-scanner {
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
index 902e837f5..10d0ae864 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imv = 2
+ imv = 2
}
}
plugins {
@@ -34,7 +27,7 @@ libtls {
libimcv {
plugins {
imv-test {
- rounds = 0
+ rounds = 0
}
imv-scanner {
closed_port_policy = yes
diff --git a/testing/tests/tnc/tnccs-20-server-retry/posttest.dat b/testing/tests/tnc/tnccs-20-server-retry/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-server-retry/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
index 73f32424e..dab32e727 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
}
}
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
index 07df4c086..e26da3e7a 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
}
}
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
index 7aef92f39..66799c1e4 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imv = 2
}
}
diff --git a/testing/tests/tnc/tnccs-20-tls/posttest.dat b/testing/tests/tnc/tnccs-20-tls/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-tls/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-tls/pretest.dat b/testing/tests/tnc/tnccs-20-tls/pretest.dat
index 1d11baa99..57985e682 100644
--- a/testing/tests/tnc/tnccs-20-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-tls/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
dave::cat /etc/tnc_config
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
index 887806475..da21bc6f8 100644
--- a/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
index e78272b43..e90055fad 100644
--- a/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
index 165c5ccb9..1e9995eb6 100644
--- a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-20/posttest.dat b/testing/tests/tnc/tnccs-20/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20/posttest.dat
+++ b/testing/tests/tnc/tnccs-20/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20/pretest.dat b/testing/tests/tnc/tnccs-20/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-20/pretest.dat
+++ b/testing/tests/tnc/tnccs-20/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
index 609852bc7..f0f941815 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,19 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
integrity_test = yes
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
index 2c0deca5e..e5925a4cf 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,19 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication=no
integrity_test = yes
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
index d61bcd111..0261fe1b0 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,19 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown
multiple_authentication=no
integrity_test = yes
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-dynamic/posttest.dat b/testing/tests/tnc/tnccs-dynamic/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-dynamic/posttest.dat
+++ b/testing/tests/tnc/tnccs-dynamic/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-dynamic/pretest.dat b/testing/tests/tnc/tnccs-dynamic/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-dynamic/pretest.dat
+++ b/testing/tests/tnc/tnccs-dynamic/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home