diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:10:02 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:10:02 +0000 |
| commit | 49104abddf3d71d5abf5cf75dc7f95fa6c55fa63 (patch) | |
| tree | 28f7a72e5dec4abf908fd7874bdab776281310bc /src/libstrongswan/asn1 | |
| parent | 7b0305f59ddab9ea026b202a8c569912e5bf9a90 (diff) | |
| download | vyos-strongswan-49104abddf3d71d5abf5cf75dc7f95fa6c55fa63.tar.gz vyos-strongswan-49104abddf3d71d5abf5cf75dc7f95fa6c55fa63.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.1.8)
Diffstat (limited to 'src/libstrongswan/asn1')
| -rw-r--r-- | src/libstrongswan/asn1/asn1.c | 102 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/asn1.h | 14 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/oid.c | 385 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/oid.h | 63 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/oid.txt | 5 | ||||
| -rwxr-xr-x | src/libstrongswan/asn1/pem.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/ttodata.c | 185 |
7 files changed, 437 insertions, 321 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 2a0aa4ff6..3191c89bd 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -11,6 +11,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * RCSID $Id: asn1.c 3299 2007-10-12 19:29:00Z andreas $ */ #include <stdio.h> @@ -33,6 +35,13 @@ const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str); /* some popular algorithmIdentifiers */ +static u_char ASN1_md2_id_str[] = { + 0x30, 0x0c, + 0x06, 0x08, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02, + 0x05,0x00, +}; + static u_char ASN1_md5_id_str[] = { 0x30, 0x0C, 0x06, 0x08, @@ -47,6 +56,27 @@ static u_char ASN1_sha1_id_str[] = { 0x05, 0x00 }; +static u_char ASN1_sha256_id_str[] = { + 0x30, 0x0d, + 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00 +}; + +static u_char ASN1_sha384_id_str[] = { + 0x30, 0x0d, + 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, + 0x05, 0x00 +}; + +static u_char ASN1_sha512_id_str[] = { + 0x30, 0x0d, + 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x05,0x00 +}; + static u_char ASN1_md5WithRSA_id_str[] = { 0x30, 0x0D, 0x06, 0x09, @@ -68,8 +98,12 @@ static u_char ASN1_rsaEncryption_id_str[] = { 0x05, 0x00 }; -const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str); -const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str); +const chunk_t ASN1_md2_id = chunk_from_buf(ASN1_md2_id_str); +const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str); +const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str); +const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str); +const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str); +const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str); const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str); const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str); const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str); @@ -279,6 +313,35 @@ time_t asn1totime(const chunk_t *utctime, asn1_t type) } /** + * Convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format + */ +chunk_t timetoasn1(const time_t *time, asn1_t type) +{ + int offset; + const char *format; + char buf[BUF_LEN]; + chunk_t formatted_time; + struct tm *t = gmtime(time); + + if (type == ASN1_GENERALIZEDTIME) + { + format = "%04d%02d%02d%02d%02d%02dZ"; + offset = 1900; + } + else /* ASN1_UTCTIME */ + { + format = "%02d%02d%02d%02d%02d%02dZ"; + offset = (t->tm_year < 100)? 0 : -100; + } + snprintf(buf, BUF_LEN, format, t->tm_year + offset, + t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); + formatted_time.ptr = buf; + formatted_time.len = strlen(buf); + return asn1_simple_object(type, formatted_time); +} + + +/** * Initializes the internal context of the ASN.1 parser */ void asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0, @@ -396,7 +459,7 @@ bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *objec if (blob->len < 2) { - DBG2("L%d - %s: ASN.1 object smaller than 2 octets", + DBG1("L%d - %s: ASN.1 object smaller than 2 octets", *level, obj.name); return FALSE; } @@ -405,7 +468,7 @@ bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *objec if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len) { - DBG2("L%d - %s: length of ASN.1 object invalid or too large", + DBG1("L%d - %s: length of ASN.1 object invalid or too large", *level, obj.name); return FALSE; } @@ -698,38 +761,11 @@ chunk_t asn1_integer_from_mpz(const mpz_t value) { size_t bits = mpz_sizeinbase(value, 2); /* size in bits */ chunk_t n; + n.len = 1 + bits / 8; /* size in bytes */ n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value); - - return asn1_wrap(ASN1_INTEGER, "m", n); -} -/** - * convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format - */ -chunk_t timetoasn1(const time_t *time, asn1_t type) -{ - int offset; - const char *format; - char buf[32]; - chunk_t formatted_time; - struct tm *t = gmtime(time); - - if (type == ASN1_GENERALIZEDTIME) - { - format = "%04d%02d%02d%02d%02d%02dZ"; - offset = 1900; - } - else /* ASN1_UTCTIME */ - { - format = "%02d%02d%02d%02d%02d%02dZ"; - offset = (t->tm_year < 100)? 0 : -100; - } - snprintf(buf, sizeof(buf), format, t->tm_year + offset, - t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); - formatted_time.ptr = buf; - formatted_time.len = strlen(buf); - return asn1_simple_object(type, formatted_time); + return asn1_wrap(ASN1_INTEGER, "m", n); } /** diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 365ccb438..18742d18d 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -11,6 +11,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * RCSID $Id: asn1.h 3299 2007-10-12 19:29:00Z andreas $ */ #ifndef _ASN1_H @@ -23,7 +25,11 @@ #include <asn1/oid.h> -/* Defines some primitive ASN1 types */ +/** + * @brief Definition of some primitive ASN1 types + * + * @ingroup asn1 + */ typedef enum { ASN1_EOC = 0x00, ASN1_BOOLEAN = 0x01, @@ -109,8 +115,13 @@ extern const chunk_t ASN1_INTEGER_1; extern const chunk_t ASN1_INTEGER_2; /* some popular algorithmIdentifiers */ +extern const chunk_t ASN1_md2_id; extern const chunk_t ASN1_md5_id; extern const chunk_t ASN1_sha1_id; +extern const chunk_t ASN1_sha256_id; +extern const chunk_t ASN1_sha384_id; +extern const chunk_t ASN1_sha512_id; + extern const chunk_t ASN1_rsaEncryption_id; extern const chunk_t ASN1_md5WithRSA_id; extern const chunk_t ASN1_sha1WithRSA_id; @@ -120,6 +131,7 @@ extern int known_oid(chunk_t object); extern u_int asn1_length(chunk_t *blob); extern bool is_printablestring(chunk_t str); extern time_t asn1totime(const chunk_t *utctime, asn1_t type); +extern chunk_t timetoasn1(const time_t *time, asn1_t type); extern void asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0, bool implicit, bool private); extern bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx); extern bool parse_asn1_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name); diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index 6b16d5a64..28a915433 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -10,194 +10,199 @@ #include "oid.h" const oid_t oid_names[] = { - {0x02, 7, 1, "ITU-T Administration" }, /* 0 */ - { 0x82, 0, 1, "" }, /* 1 */ - { 0x06, 0, 1, "Germany ITU-T member" }, /* 2 */ - { 0x01, 0, 1, "Deutsche Telekom AG" }, /* 3 */ - { 0x0A, 0, 1, "" }, /* 4 */ - { 0x07, 0, 1, "" }, /* 5 */ - { 0x14, 0, 0, "ND" }, /* 6 */ - {0x09, 18, 1, "data" }, /* 7 */ - { 0x92, 0, 1, "" }, /* 8 */ - { 0x26, 0, 1, "" }, /* 9 */ - { 0x89, 0, 1, "" }, /* 10 */ - { 0x93, 0, 1, "" }, /* 11 */ - { 0xF2, 0, 1, "" }, /* 12 */ - { 0x2C, 0, 1, "" }, /* 13 */ - { 0x64, 0, 1, "pilot" }, /* 14 */ - { 0x01, 0, 1, "pilotAttributeType" }, /* 15 */ - { 0x01, 17, 0, "UID" }, /* 16 */ - { 0x19, 0, 0, "DC" }, /* 17 */ - {0x55, 52, 1, "X.500" }, /* 18 */ - { 0x04, 36, 1, "X.509" }, /* 19 */ - { 0x03, 21, 0, "CN" }, /* 20 */ - { 0x04, 22, 0, "S" }, /* 21 */ - { 0x05, 23, 0, "SN" }, /* 22 */ - { 0x06, 24, 0, "C" }, /* 23 */ - { 0x07, 25, 0, "L" }, /* 24 */ - { 0x08, 26, 0, "ST" }, /* 25 */ - { 0x0A, 27, 0, "O" }, /* 26 */ - { 0x0B, 28, 0, "OU" }, /* 27 */ - { 0x0C, 29, 0, "T" }, /* 28 */ - { 0x0D, 30, 0, "D" }, /* 29 */ - { 0x24, 31, 0, "userCertificate" }, /* 30 */ - { 0x29, 32, 0, "N" }, /* 31 */ - { 0x2A, 33, 0, "G" }, /* 32 */ - { 0x2B, 34, 0, "I" }, /* 33 */ - { 0x2D, 35, 0, "ID" }, /* 34 */ - { 0x48, 0, 0, "role" }, /* 35 */ - { 0x1D, 0, 1, "id-ce" }, /* 36 */ - { 0x09, 38, 0, "subjectDirectoryAttrs" }, /* 37 */ - { 0x0E, 39, 0, "subjectKeyIdentifier" }, /* 38 */ - { 0x0F, 40, 0, "keyUsage" }, /* 39 */ - { 0x10, 41, 0, "privateKeyUsagePeriod" }, /* 40 */ - { 0x11, 42, 0, "subjectAltName" }, /* 41 */ - { 0x12, 43, 0, "issuerAltName" }, /* 42 */ - { 0x13, 44, 0, "basicConstraints" }, /* 43 */ - { 0x14, 45, 0, "crlNumber" }, /* 44 */ - { 0x15, 46, 0, "reasonCode" }, /* 45 */ - { 0x1F, 47, 0, "crlDistributionPoints" }, /* 46 */ - { 0x20, 48, 0, "certificatePolicies" }, /* 47 */ - { 0x23, 49, 0, "authorityKeyIdentifier" }, /* 48 */ - { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */ - { 0x37, 51, 0, "targetInformation" }, /* 50 */ - { 0x38, 0, 0, "noRevAvail" }, /* 51 */ - {0x2A, 94, 1, "" }, /* 52 */ - { 0x86, 0, 1, "" }, /* 53 */ - { 0x48, 0, 1, "" }, /* 54 */ - { 0x86, 0, 1, "" }, /* 55 */ - { 0xF6, 61, 1, "" }, /* 56 */ - { 0x7D, 0, 1, "NortelNetworks" }, /* 57 */ - { 0x07, 0, 1, "Entrust" }, /* 58 */ - { 0x41, 0, 1, "nsn-ce" }, /* 59 */ - { 0x00, 0, 0, "entrustVersInfo" }, /* 60 */ - { 0xF7, 0, 1, "" }, /* 61 */ - { 0x0D, 0, 1, "RSADSI" }, /* 62 */ - { 0x01, 89, 1, "PKCS" }, /* 63 */ - { 0x01, 72, 1, "PKCS-1" }, /* 64 */ - { 0x01, 66, 0, "rsaEncryption" }, /* 65 */ - { 0x02, 67, 0, "md2WithRSAEncryption" }, /* 66 */ - { 0x04, 68, 0, "md5WithRSAEncryption" }, /* 67 */ - { 0x05, 69, 0, "sha-1WithRSAEncryption" }, /* 68 */ - { 0x0B, 70, 0, "sha256WithRSAEncryption"}, /* 69 */ - { 0x0C, 71, 0, "sha384WithRSAEncryption"}, /* 70 */ - { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 71 */ - { 0x07, 79, 1, "PKCS-7" }, /* 72 */ - { 0x01, 74, 0, "data" }, /* 73 */ - { 0x02, 75, 0, "signedData" }, /* 74 */ - { 0x03, 76, 0, "envelopedData" }, /* 75 */ - { 0x04, 77, 0, "signedAndEnvelopedData" }, /* 76 */ - { 0x05, 78, 0, "digestedData" }, /* 77 */ - { 0x06, 0, 0, "encryptedData" }, /* 78 */ - { 0x09, 0, 1, "PKCS-9" }, /* 79 */ - { 0x01, 81, 0, "E" }, /* 80 */ - { 0x02, 82, 0, "unstructuredName" }, /* 81 */ - { 0x03, 83, 0, "contentType" }, /* 82 */ - { 0x04, 84, 0, "messageDigest" }, /* 83 */ - { 0x05, 85, 0, "signingTime" }, /* 84 */ - { 0x06, 86, 0, "counterSignature" }, /* 85 */ - { 0x07, 87, 0, "challengePassword" }, /* 86 */ - { 0x08, 88, 0, "unstructuredAddress" }, /* 87 */ - { 0x0E, 0, 0, "extensionRequest" }, /* 88 */ - { 0x02, 92, 1, "digestAlgorithm" }, /* 89 */ - { 0x02, 91, 0, "md2" }, /* 90 */ - { 0x05, 0, 0, "md5" }, /* 91 */ - { 0x03, 0, 1, "encryptionAlgorithm" }, /* 92 */ - { 0x07, 0, 0, "3des-ede-cbc" }, /* 93 */ - {0x2B, 155, 1, "" }, /* 94 */ - { 0x06, 142, 1, "dod" }, /* 95 */ - { 0x01, 0, 1, "internet" }, /* 96 */ - { 0x04, 111, 1, "private" }, /* 97 */ - { 0x01, 0, 1, "enterprise" }, /* 98 */ - { 0x82, 104, 1, "" }, /* 99 */ - { 0x37, 0, 1, "Microsoft" }, /* 100 */ - { 0x0A, 0, 1, "" }, /* 101 */ - { 0x03, 0, 1, "" }, /* 102 */ - { 0x03, 0, 0, "msSGC" }, /* 103 */ - { 0x89, 0, 1, "" }, /* 104 */ - { 0x31, 0, 1, "" }, /* 105 */ - { 0x01, 0, 1, "" }, /* 106 */ - { 0x01, 0, 1, "" }, /* 107 */ - { 0x02, 0, 1, "" }, /* 108 */ - { 0x02, 110, 0, "" }, /* 109 */ - { 0x4B, 0, 0, "TCGID" }, /* 110 */ - { 0x05, 0, 1, "security" }, /* 111 */ - { 0x05, 0, 1, "mechanisms" }, /* 112 */ - { 0x07, 0, 1, "id-pkix" }, /* 113 */ - { 0x01, 116, 1, "id-pe" }, /* 114 */ - { 0x01, 0, 0, "authorityInfoAccess" }, /* 115 */ - { 0x03, 126, 1, "id-kp" }, /* 116 */ - { 0x01, 118, 0, "serverAuth" }, /* 117 */ - { 0x02, 119, 0, "clientAuth" }, /* 118 */ - { 0x03, 120, 0, "codeSigning" }, /* 119 */ - { 0x04, 121, 0, "emailProtection" }, /* 120 */ - { 0x05, 122, 0, "ipsecEndSystem" }, /* 121 */ - { 0x06, 123, 0, "ipsecTunnel" }, /* 122 */ - { 0x07, 124, 0, "ipsecUser" }, /* 123 */ - { 0x08, 125, 0, "timeStamping" }, /* 124 */ - { 0x09, 0, 0, "ocspSigning" }, /* 125 */ - { 0x08, 128, 1, "id-otherNames" }, /* 126 */ - { 0x05, 0, 0, "xmppAddr" }, /* 127 */ - { 0x0A, 133, 1, "id-aca" }, /* 128 */ - { 0x01, 130, 0, "authenticationInfo" }, /* 129 */ - { 0x02, 131, 0, "accessIdentity" }, /* 130 */ - { 0x03, 132, 0, "chargingIdentity" }, /* 131 */ - { 0x04, 0, 0, "group" }, /* 132 */ - { 0x30, 0, 1, "id-ad" }, /* 133 */ - { 0x01, 0, 1, "ocsp" }, /* 134 */ - { 0x01, 136, 0, "basic" }, /* 135 */ - { 0x02, 137, 0, "nonce" }, /* 136 */ - { 0x03, 138, 0, "crl" }, /* 137 */ - { 0x04, 139, 0, "response" }, /* 138 */ - { 0x05, 140, 0, "noCheck" }, /* 139 */ - { 0x06, 141, 0, "archiveCutoff" }, /* 140 */ - { 0x07, 0, 0, "serviceLocator" }, /* 141 */ - { 0x0E, 148, 1, "oiw" }, /* 142 */ - { 0x03, 0, 1, "secsig" }, /* 143 */ - { 0x02, 0, 1, "algorithms" }, /* 144 */ - { 0x07, 146, 0, "des-cbc" }, /* 145 */ - { 0x1A, 147, 0, "sha-1" }, /* 146 */ - { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 147 */ - { 0x24, 0, 1, "TeleTrusT" }, /* 148 */ - { 0x03, 0, 1, "algorithm" }, /* 149 */ - { 0x03, 0, 1, "signatureAlgorithm" }, /* 150 */ - { 0x01, 0, 1, "rsaSignature" }, /* 151 */ - { 0x02, 153, 0, "rsaSigWithripemd160" }, /* 152 */ - { 0x03, 154, 0, "rsaSigWithripemd128" }, /* 153 */ - { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 154 */ - {0x60, 0, 1, "" }, /* 155 */ - { 0x86, 0, 1, "" }, /* 156 */ - { 0x48, 0, 1, "" }, /* 157 */ - { 0x01, 0, 1, "organization" }, /* 158 */ - { 0x65, 166, 1, "gov" }, /* 159 */ - { 0x03, 0, 1, "csor" }, /* 160 */ - { 0x04, 0, 1, "nistalgorithm" }, /* 161 */ - { 0x02, 0, 1, "hashalgs" }, /* 162 */ - { 0x01, 164, 0, "id-SHA-256" }, /* 163 */ - { 0x02, 165, 0, "id-SHA-384" }, /* 164 */ - { 0x03, 0, 0, "id-SHA-512" }, /* 165 */ - { 0x86, 0, 1, "" }, /* 166 */ - { 0xf8, 0, 1, "" }, /* 167 */ - { 0x42, 180, 1, "netscape" }, /* 168 */ - { 0x01, 175, 1, "" }, /* 169 */ - { 0x01, 171, 0, "nsCertType" }, /* 170 */ - { 0x03, 172, 0, "nsRevocationUrl" }, /* 171 */ - { 0x04, 173, 0, "nsCaRevocationUrl" }, /* 172 */ - { 0x08, 174, 0, "nsCaPolicyUrl" }, /* 173 */ - { 0x0d, 0, 0, "nsComment" }, /* 174 */ - { 0x03, 178, 1, "directory" }, /* 175 */ - { 0x01, 0, 1, "" }, /* 176 */ - { 0x03, 0, 0, "employeeNumber" }, /* 177 */ - { 0x04, 0, 1, "policy" }, /* 178 */ - { 0x01, 0, 0, "nsSGC" }, /* 179 */ - { 0x45, 0, 1, "verisign" }, /* 180 */ - { 0x01, 0, 1, "pki" }, /* 181 */ - { 0x09, 0, 1, "attributes" }, /* 182 */ - { 0x02, 184, 0, "messageType" }, /* 183 */ - { 0x03, 185, 0, "pkiStatus" }, /* 184 */ - { 0x04, 186, 0, "failInfo" }, /* 185 */ - { 0x05, 187, 0, "senderNonce" }, /* 186 */ - { 0x06, 188, 0, "recipientNonce" }, /* 187 */ - { 0x07, 189, 0, "transID" }, /* 188 */ - { 0x08, 0, 0, "extensionReq" } /* 189 */ + {0x02, 7, 1, "ITU-T Administration" }, /* 0 */ + { 0x82, 0, 1, "" }, /* 1 */ + { 0x06, 0, 1, "Germany ITU-T member" }, /* 2 */ + { 0x01, 0, 1, "Deutsche Telekom AG" }, /* 3 */ + { 0x0A, 0, 1, "" }, /* 4 */ + { 0x07, 0, 1, "" }, /* 5 */ + { 0x14, 0, 0, "ND" }, /* 6 */ + {0x09, 18, 1, "data" }, /* 7 */ + { 0x92, 0, 1, "" }, /* 8 */ + { 0x26, 0, 1, "" }, /* 9 */ + { 0x89, 0, 1, "" }, /* 10 */ + { 0x93, 0, 1, "" }, /* 11 */ + { 0xF2, 0, 1, "" }, /* 12 */ + { 0x2C, 0, 1, "" }, /* 13 */ + { 0x64, 0, 1, "pilot" }, /* 14 */ + { 0x01, 0, 1, "pilotAttributeType" }, /* 15 */ + { 0x01, 17, 0, "UID" }, /* 16 */ + { 0x19, 0, 0, "DC" }, /* 17 */ + {0x55, 52, 1, "X.500" }, /* 18 */ + { 0x04, 36, 1, "X.509" }, /* 19 */ + { 0x03, 21, 0, "CN" }, /* 20 */ + { 0x04, 22, 0, "S" }, /* 21 */ + { 0x05, 23, 0, "SN" }, /* 22 */ + { 0x06, 24, 0, "C" }, /* 23 */ + { 0x07, 25, 0, "L" }, /* 24 */ + { 0x08, 26, 0, "ST" }, /* 25 */ + { 0x0A, 27, 0, "O" }, /* 26 */ + { 0x0B, 28, 0, "OU" }, /* 27 */ + { 0x0C, 29, 0, "T" }, /* 28 */ + { 0x0D, 30, 0, "D" }, /* 29 */ + { 0x24, 31, 0, "userCertificate" }, /* 30 */ + { 0x29, 32, 0, "N" }, /* 31 */ + { 0x2A, 33, 0, "G" }, /* 32 */ + { 0x2B, 34, 0, "I" }, /* 33 */ + { 0x2D, 35, 0, "ID" }, /* 34 */ + { 0x48, 0, 0, "role" }, /* 35 */ + { 0x1D, 0, 1, "id-ce" }, /* 36 */ + { 0x09, 38, 0, "subjectDirectoryAttrs" }, /* 37 */ + { 0x0E, 39, 0, "subjectKeyIdentifier" }, /* 38 */ + { 0x0F, 40, 0, "keyUsage" }, /* 39 */ + { 0x10, 41, 0, "privateKeyUsagePeriod" }, /* 40 */ + { 0x11, 42, 0, "subjectAltName" }, /* 41 */ + { 0x12, 43, 0, "issuerAltName" }, /* 42 */ + { 0x13, 44, 0, "basicConstraints" }, /* 43 */ + { 0x14, 45, 0, "crlNumber" }, /* 44 */ + { 0x15, 46, 0, "reasonCode" }, /* 45 */ + { 0x1F, 47, 0, "crlDistributionPoints" }, /* 46 */ + { 0x20, 48, 0, "certificatePolicies" }, /* 47 */ + { 0x23, 49, 0, "authorityKeyIdentifier" }, /* 48 */ + { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */ + { 0x37, 51, 0, "targetInformation" }, /* 50 */ + { 0x38, 0, 0, "noRevAvail" }, /* 51 */ + {0x2A, 94, 1, "" }, /* 52 */ + { 0x86, 0, 1, "" }, /* 53 */ + { 0x48, 0, 1, "" }, /* 54 */ + { 0x86, 0, 1, "" }, /* 55 */ + { 0xF6, 61, 1, "" }, /* 56 */ + { 0x7D, 0, 1, "NortelNetworks" }, /* 57 */ + { 0x07, 0, 1, "Entrust" }, /* 58 */ + { 0x41, 0, 1, "nsn-ce" }, /* 59 */ + { 0x00, 0, 0, "entrustVersInfo" }, /* 60 */ + { 0xF7, 0, 1, "" }, /* 61 */ + { 0x0D, 0, 1, "RSADSI" }, /* 62 */ + { 0x01, 89, 1, "PKCS" }, /* 63 */ + { 0x01, 72, 1, "PKCS-1" }, /* 64 */ + { 0x01, 66, 0, "rsaEncryption" }, /* 65 */ + { 0x02, 67, 0, "md2WithRSAEncryption" }, /* 66 */ + { 0x04, 68, 0, "md5WithRSAEncryption" }, /* 67 */ + { 0x05, 69, 0, "sha-1WithRSAEncryption" }, /* 68 */ + { 0x0B, 70, 0, "sha256WithRSAEncryption" }, /* 69 */ + { 0x0C, 71, 0, "sha384WithRSAEncryption" }, /* 70 */ + { 0x0D, 0, 0, "sha512WithRSAEncryption" }, /* 71 */ + { 0x07, 79, 1, "PKCS-7" }, /* 72 */ + { 0x01, 74, 0, "data" }, /* 73 */ + { 0x02, 75, 0, "signedData" }, /* 74 */ + { 0x03, 76, 0, "envelopedData" }, /* 75 */ + { 0x04, 77, 0, "signedAndEnvelopedData" }, /* 76 */ + { 0x05, 78, 0, "digestedData" }, /* 77 */ + { 0x06, 0, 0, "encryptedData" }, /* 78 */ + { 0x09, 0, 1, "PKCS-9" }, /* 79 */ + { 0x01, 81, 0, "E" }, /* 80 */ + { 0x02, 82, 0, "unstructuredName" }, /* 81 */ + { 0x03, 83, 0, "contentType" }, /* 82 */ + { 0x04, 84, 0, "messageDigest" }, /* 83 */ + { 0x05, 85, 0, "signingTime" }, /* 84 */ + { 0x06, 86, 0, "counterSignature" }, /* 85 */ + { 0x07, 87, 0, "challengePassword" }, /* 86 */ + { 0x08, 88, 0, "unstructuredAddress" }, /* 87 */ + { 0x0E, 0, 0, "extensionRequest" }, /* 88 */ + { 0x02, 92, 1, "digestAlgorithm" }, /* 89 */ + { 0x02, 91, 0, "md2" }, /* 90 */ + { 0x05, 0, 0, "md5" }, /* 91 */ + { 0x03, 0, 1, "encryptionAlgorithm" }, /* 92 */ + { 0x07, 0, 0, "3des-ede-cbc" }, /* 93 */ + {0x2B, 160, 1, "" }, /* 94 */ + { 0x06, 147, 1, "dod" }, /* 95 */ + { 0x01, 0, 1, "internet" }, /* 96 */ + { 0x04, 115, 1, "private" }, /* 97 */ + { 0x01, 0, 1, "enterprise" }, /* 98 */ + { 0x82, 108, 1, "" }, /* 99 */ + { 0x37, 0, 1, "Microsoft" }, /* 100 */ + { 0x0A, 105, 1, "" }, /* 101 */ + { 0x03, 0, 1, "" }, /* 102 */ + { 0x03, 104, 0, "msSGC" }, /* 103 */ + { 0x04, 0, 0, "msEncryptingFileSystem" }, /* 104 */ + { 0x14, 0, 1, "msEnrollmentInfrastructure"}, /* 105 */ + { 0x02, 0, 1, "msCertificateTypeExtension"}, /* 106 */ + { 0x02, 0, 0, "msSmartcardLogon" }, /* 107 */ + { 0x89, 0, 1, "" }, /* 108 */ + { 0x31, 0, 1, "" }, /* 109 */ + { 0x01, 0, 1, "" }, /* 110 */ + { 0x01, 0, 1, "" }, /* 111 */ + { 0x02, 0, 1, "" }, /* 112 */ + { 0x02, 114, 0, "" }, /* 113 */ + { 0x4B, 0, 0, "TCGID" }, /* 114 */ + { 0x05, 0, 1, "security" }, /* 115 */ + { 0x05, 0, 1, "mechanisms" }, /* 116 */ + { 0x07, 0, 1, "id-pkix" }, /* 117 */ + { 0x01, 120, 1, "id-pe" }, /* 118 */ + { 0x01, 0, 0, "authorityInfoAccess" }, /* 119 */ + { 0x03, 130, 1, "id-kp" }, /* 120 */ + { 0x01, 122, 0, "serverAuth" }, /* 121 */ + { 0x02, 123, 0, "clientAuth" }, /* 122 */ + { 0x03, 124, 0, "codeSigning" }, /* 123 */ + { 0x04, 125, 0, "emailProtection" }, /* 124 */ + { 0x05, 126, 0, "ipsecEndSystem" }, /* 125 */ + { 0x06, 127, 0, "ipsecTunnel" }, /* 126 */ + { 0x07, 128, 0, "ipsecUser" }, /* 127 */ + { 0x08, 129, 0, "timeStamping" }, /* 128 */ + { 0x09, 0, 0, "ocspSigning" }, /* 129 */ + { 0x08, 132, 1, "id-otherNames" }, /* 130 */ + { 0x05, 0, 0, "xmppAddr" }, /* 131 */ + { 0x0A, 137, 1, "id-aca" }, /* 132 */ + { 0x01, 134, 0, "authenticationInfo" }, /* 133 */ + { 0x02, 135, 0, "accessIdentity" }, /* 134 */ + { 0x03, 136, 0, "chargingIdentity" }, /* 135 */ + { 0x04, 0, 0, "group" }, /* 136 */ + { 0x30, 0, 1, "id-ad" }, /* 137 */ + { 0x01, 146, 1, "ocsp" }, /* 138 */ + { 0x01, 140, 0, "basic" }, /* 139 */ + { 0x02, 141, 0, "nonce" }, /* 140 */ + { 0x03, 142, 0, "crl" }, /* 141 */ + { 0x04, 143, 0, "response" }, /* 142 */ + { 0x05, 144, 0, "noCheck" }, /* 143 */ + { 0x06, 145, 0, "archiveCutoff" }, /* 144 */ + { 0x07, 0, 0, "serviceLocator" }, /* 145 */ + { 0x02, 0, 0, "caIssuers" }, /* 146 */ + { 0x0E, 153, 1, "oiw" }, /* 147 */ + { 0x03, 0, 1, "secsig" }, /* 148 */ + { 0x02, 0, 1, "algorithms" }, /* 149 */ + { 0x07, 151, 0, "des-cbc" }, /* 150 */ + { 0x1A, 152, 0, "sha-1" }, /* 151 */ + { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 152 */ + { 0x24, 0, 1, "TeleTrusT" }, /* 153 */ + { 0x03, 0, 1, "algorithm" }, /* 154 */ + { 0x03, 0, 1, "signatureAlgorithm" }, /* 155 */ + { 0x01, 0, 1, "rsaSignature" }, /* 156 */ + { 0x02, 158, 0, "rsaSigWithripemd160" }, /* 157 */ + { 0x03, 159, 0, "rsaSigWithripemd128" }, /* 158 */ + { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 159 */ + {0x60, 0, 1, "" }, /* 160 */ + { 0x86, 0, 1, "" }, /* 161 */ + { 0x48, 0, 1, "" }, /* 162 */ + { 0x01, 0, 1, "organization" }, /* 163 */ + { 0x65, 171, 1, "gov" }, /* 164 */ + { 0x03, 0, 1, "csor" }, /* 165 */ + { 0x04, 0, 1, "nistalgorithm" }, /* 166 */ + { 0x02, 0, 1, "hashalgs" }, /* 167 */ + { 0x01, 169, 0, "id-SHA-256" }, /* 168 */ + { 0x02, 170, 0, "id-SHA-384" }, /* 169 */ + { 0x03, 0, 0, "id-SHA-512" }, /* 170 */ + { 0x86, 0, 1, "" }, /* 171 */ + { 0xf8, 0, 1, "" }, /* 172 */ + { 0x42, 185, 1, "netscape" }, /* 173 */ + { 0x01, 180, 1, "" }, /* 174 */ + { 0x01, 176, 0, "nsCertType" }, /* 175 */ + { 0x03, 177, 0, "nsRevocationUrl" }, /* 176 */ + { 0x04, 178, 0, "nsCaRevocationUrl" }, /* 177 */ + { 0x08, 179, 0, "nsCaPolicyUrl" }, /* 178 */ + { 0x0d, 0, 0, "nsComment" }, /* 179 */ + { 0x03, 183, 1, "directory" }, /* 180 */ + { 0x01, 0, 1, "" }, /* 181 */ + { 0x03, 0, 0, "employeeNumber" }, /* 182 */ + { 0x04, 0, 1, "policy" }, /* 183 */ + { 0x01, 0, 0, "nsSGC" }, /* 184 */ + { 0x45, 0, 1, "verisign" }, /* 185 */ + { 0x01, 0, 1, "pki" }, /* 186 */ + { 0x09, 0, 1, "attributes" }, /* 187 */ + { 0x02, 189, 0, "messageType" }, /* 188 */ + { 0x03, 190, 0, "pkiStatus" }, /* 189 */ + { 0x04, 191, 0, "failInfo" }, /* 190 */ + { 0x05, 192, 0, "senderNonce" }, /* 191 */ + { 0x06, 193, 0, "recipientNonce" }, /* 192 */ + { 0x07, 194, 0, "transID" }, /* 193 */ + { 0x08, 0, 0, "extensionReq" } /* 194 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index a29b1f0a1..5814a3ba0 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -49,36 +49,37 @@ extern const oid_t oid_names[]; #define OID_MD2 90 #define OID_MD5 91 #define OID_3DES_EDE_CBC 93 -#define OID_AUTHORITY_INFO_ACCESS 115 -#define OID_OCSP_SIGNING 125 -#define OID_XMPP_ADDR 127 -#define OID_AUTHENTICATION_INFO 129 -#define OID_ACCESS_IDENTITY 130 -#define OID_CHARGING_IDENTITY 131 -#define OID_GROUP 132 -#define OID_OCSP 134 -#define OID_BASIC 135 -#define OID_NONCE 136 -#define OID_CRL 137 -#define OID_RESPONSE 138 -#define OID_NO_CHECK 139 -#define OID_ARCHIVE_CUTOFF 140 -#define OID_SERVICE_LOCATOR 141 -#define OID_DES_CBC 145 -#define OID_SHA1 146 -#define OID_SHA1_WITH_RSA_OIW 147 -#define OID_SHA256 163 -#define OID_SHA384 164 -#define OID_SHA512 165 -#define OID_NS_REVOCATION_URL 171 -#define OID_NS_CA_REVOCATION_URL 172 -#define OID_NS_CA_POLICY_URL 173 -#define OID_NS_COMMENT 174 -#define OID_PKI_MESSAGE_TYPE 183 -#define OID_PKI_STATUS 184 -#define OID_PKI_FAIL_INFO 185 -#define OID_PKI_SENDER_NONCE 186 -#define OID_PKI_RECIPIENT_NONCE 187 -#define OID_PKI_TRANS_ID 188 +#define OID_AUTHORITY_INFO_ACCESS 119 +#define OID_OCSP_SIGNING 129 +#define OID_XMPP_ADDR 131 +#define OID_AUTHENTICATION_INFO 133 +#define OID_ACCESS_IDENTITY 134 +#define OID_CHARGING_IDENTITY 135 +#define OID_GROUP 136 +#define OID_OCSP 138 +#define OID_BASIC 139 +#define OID_NONCE 140 +#define OID_CRL 141 +#define OID_RESPONSE 142 +#define OID_NO_CHECK 143 +#define OID_ARCHIVE_CUTOFF 144 +#define OID_SERVICE_LOCATOR 145 +#define OID_CA_ISSUERS 146 +#define OID_DES_CBC 150 +#define OID_SHA1 151 +#define OID_SHA1_WITH_RSA_OIW 152 +#define OID_SHA256 168 +#define OID_SHA384 169 +#define OID_SHA512 170 +#define OID_NS_REVOCATION_URL 176 +#define OID_NS_CA_REVOCATION_URL 177 +#define OID_NS_CA_POLICY_URL 178 +#define OID_NS_COMMENT 179 +#define OID_PKI_MESSAGE_TYPE 188 +#define OID_PKI_STATUS 189 +#define OID_PKI_FAIL_INFO 190 +#define OID_PKI_SENDER_NONCE 191 +#define OID_PKI_RECIPIENT_NONCE 192 +#define OID_PKI_TRANS_ID 193 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index bd5a26e43..6ae2dc29a 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -102,6 +102,10 @@ 0x0A "" 0x03 "" 0x03 "msSGC" + 0x04 "msEncryptingFileSystem" + 0x14 "msEnrollmentInfrastructure" + 0x02 "msCertificateTypeExtension" + 0x02 "msSmartcardLogon" 0x89 "" 0x31 "" 0x01 "" @@ -140,6 +144,7 @@ 0x05 "noCheck" OID_NO_CHECK 0x06 "archiveCutoff" OID_ARCHIVE_CUTOFF 0x07 "serviceLocator" OID_SERVICE_LOCATOR + 0x02 "caIssuers" OID_CA_ISSUERS 0x0E "oiw" 0x03 "secsig" 0x02 "algorithms" diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c index 641805869..b752a97ab 100755 --- a/src/libstrongswan/asn1/pem.c +++ b/src/libstrongswan/asn1/pem.c @@ -10,6 +10,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * RCSID $Id: pem.c 3256 2007-10-07 13:42:43Z andreas $ */ #include <stdio.h> @@ -40,7 +42,7 @@ static bool present(const char* pattern, chunk_t* ch) { u_int pattern_len = strlen(pattern); - if (ch->len >= pattern_len && strncmp(ch->ptr, pattern, pattern_len) == 0) + if (ch->len >= pattern_len && strneq(ch->ptr, pattern, pattern_len)) { ch->ptr += pattern_len; ch->len -= pattern_len; diff --git a/src/libstrongswan/asn1/ttodata.c b/src/libstrongswan/asn1/ttodata.c index 8114b12c5..125313c2a 100644 --- a/src/libstrongswan/asn1/ttodata.c +++ b/src/libstrongswan/asn1/ttodata.c @@ -62,98 +62,123 @@ const char *ttodatav(const char *src, size_t srclen, int base, char *dst, size_t int skipSpace = 0; if (srclen == 0) + { srclen = strlen(src); + } if (dstlen == 0) + { dst = buf; /* point it somewhere valid */ + } stop = dst + dstlen; - if (base == 0) { + if (base == 0) + { if (srclen < 2) + { return "input too short to be valid"; + } if (*src++ != '0') + { return "input does not begin with format prefix"; - switch (*src++) { - case 'x': - case 'X': - base = 16; + } + switch (*src++) + { + case 'x': + case 'X': + base = 16; + break; + case 's': + case 'S': + base = 64; + break; + case 't': + case 'T': + base = 256; + break; + default: + return "unknown format prefix"; + } + srclen -= 2; + } + switch (base) + { + case 16: + decode = unhex; + underscoreok = 1; + ingroup = 2; break; - case 's': - case 'S': - base = 64; + case 64: + decode = unb64; + underscoreok = 0; + ingroup = 4; + if(flags & TTODATAV_IGNORESPACE) + { + skipSpace = 1; + } break; - case 't': - case 'T': - base = 256; + case 256: + decode = untext; + ingroup = 1; + underscoreok = 0; break; default: - return "unknown format prefix"; - } - srclen -= 2; - } - switch (base) { - case 16: - decode = unhex; - underscoreok = 1; - ingroup = 2; - break; - case 64: - decode = unb64; - underscoreok = 0; - ingroup = 4; - if(flags & TTODATAV_IGNORESPACE) { - skipSpace = 1; - } - break; - - case 256: - decode = untext; - ingroup = 1; - underscoreok = 0; - break; - default: - return "unknown base"; + return "unknown base"; } /* proceed */ ndone = 0; - while (srclen > 0) { + while (srclen > 0) + { char stage[4]; /* staging area for group */ size_t sl = 0; /* Grab ingroup characters into stage, * squeezing out blanks if we are supposed to ignore them. */ - for (sl = 0; sl < ingroup; src++, srclen--) { + for (sl = 0; sl < ingroup; src++, srclen--) + { if (srclen == 0) + { return "input ends in mid-byte, perhaps truncated"; + } else if (!(skipSpace && (*src == ' ' || *src == '\t'))) + { stage[sl++] = *src; + } } nbytes = (*decode)(stage, buf, sizeof(buf)); - switch (nbytes) { - case BADCH0: - case BADCH1: - case BADCH2: - case BADCH3: - return badch(stage, nbytes, errp, errlen); - case SHORT: - return "internal buffer too short (\"can't happen\")"; - case BADPAD: - return "bad (non-zero) padding at end of base64 input"; + switch (nbytes) + { + case BADCH0: + case BADCH1: + case BADCH2: + case BADCH3: + return badch(stage, nbytes, errp, errlen); + case SHORT: + return "internal buffer too short (\"can't happen\")"; + case BADPAD: + return "bad (non-zero) padding at end of base64 input"; } if (nbytes <= 0) + { return "unknown internal error"; - for (i = 0; i < nbytes; i++) { + } + for (i = 0; i < nbytes; i++) + { if (dst < stop) + { *dst++ = buf[i]; + } ndone++; } - while (srclen >= 1 && skipSpace && (*src == ' ' || *src == '\t')){ + while (srclen >= 1 && skipSpace && (*src == ' ' || *src == '\t')) + { src++; srclen--; } - if (underscoreok && srclen > 1 && *src == '_') { + if (underscoreok && srclen > 1 && (*src == '_' || *src == ':')) + { /* srclen > 1 means not last character */ src++; srclen--; @@ -161,9 +186,13 @@ const char *ttodatav(const char *src, size_t srclen, int base, char *dst, size_t } if (ndone == 0) + { return "no data bytes specified by input"; + } if (lenp != NULL) + { *lenp = ndone; + } return NULL; } @@ -201,9 +230,7 @@ size_t atodata(const char *src, size_t srclen, char *dst, size_t dstlen) const char *err; err = ttodata(src, srclen, 0, dst, dstlen, &len); - if (err != NULL) - return 0; - return len; + return (err)? 0:len; } /** @@ -231,21 +258,31 @@ static int unhex(const char *src, char *dst, size_t dstlen) static char hex[] = "0123456789abcdef"; if (dstlen < 1) + { return SHORT; - + } + p = strchr(hex, *src); if (p == NULL) + { p = strchr(hex, tolower(*src)); + } if (p == NULL) + { return BADCH0; + } byte = (p - hex) << 4; src++; p = strchr(hex, *src); if (p == NULL) + { p = strchr(hex, tolower(*src)); + } if (p == NULL) + { return BADCH1; + } byte |= (p - hex); *dst = byte; @@ -272,16 +309,20 @@ static int unb64(const char *src, char *dst, size_t dstlen) "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; if (dstlen < 3) + { return SHORT; - + } p = strchr(base64, *src++); if (p == NULL) + { return BADCH0; + } byte1 = (p - base64) << 2; /* first six bits */ p = strchr(base64, *src++); - if (p == NULL) { + if (p == NULL) + { return BADCH1; } @@ -290,10 +331,14 @@ static int unb64(const char *src, char *dst, size_t dstlen) byte1 = (byte2 & 0xf) << 4; p = strchr(base64, *src++); - if (p == NULL) { - if (*(src-1) == '=' && *src == '=') { + if (p == NULL) + { + if (*(src-1) == '=' && *src == '=') + { if (byte1 != 0) /* bad padding */ + { return BADPAD; + } return 1; } return BADCH2; @@ -304,10 +349,14 @@ static int unb64(const char *src, char *dst, size_t dstlen) byte1 = (byte2 & 0x3) << 6; p = strchr(base64, *src++); - if (p == NULL) { - if (*(src-1) == '=') { + if (p == NULL) + { + if (*(src-1) == '=') + { if (byte1 != 0) /* bad padding */ + { return BADPAD; + } return 2; } return BADCH3; @@ -329,8 +378,9 @@ static int unb64(const char *src, char *dst, size_t dstlen) static int untext(const char *src, char *dst, size_t dstlen) { if (dstlen < 1) + { return SHORT; - + } *dst = *src; return 1; } @@ -359,13 +409,18 @@ static const char *badch(const char *src, int errcode, char *errp, size_t errlen char ch; if (errp == NULL || errlen < REQD) + { return "unknown character in input"; + } strcpy(errp, pre); ch = *(src + BADOFF(errcode)); - if (isprint(ch)) { + if (isprint(ch)) + { buf[0] = ch; buf[1] = '\0'; - } else { + } + else + { buf[0] = '\\'; buf[1] = ((ch & 0700) >> 6) + '0'; buf[2] = ((ch & 0070) >> 3) + '0'; |