summaryrefslogtreecommitdiff
path: root/src/libstrongswan
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-03-24 11:59:32 +0100
committerYves-Alexis Perez <corsac@debian.org>2016-03-24 11:59:32 +0100
commit518dd33c94e041db0444c7d1f33da363bb8e3faf (patch)
treee8d1665ffadff7ec40228dda47e81f8f4691cd07 /src/libstrongswan
parentf42f239a632306ed082f6fde878977248eea85cf (diff)
downloadvyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.tar.gz
vyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.zip
Imported Upstream version 5.4.0
Diffstat (limited to 'src/libstrongswan')
-rw-r--r--src/libstrongswan/Android.mk3
-rw-r--r--src/libstrongswan/Makefile.am4
-rw-r--r--src/libstrongswan/Makefile.in18
-rw-r--r--src/libstrongswan/asn1/asn1.h1
-rw-r--r--src/libstrongswan/asn1/oid.c889
-rw-r--r--src/libstrongswan/asn1/oid.h429
-rw-r--r--src/libstrongswan/asn1/oid.txt1
-rw-r--r--src/libstrongswan/collections/array.c10
-rw-r--r--src/libstrongswan/collections/array.h15
-rw-r--r--src/libstrongswan/collections/linked_list.c54
-rw-r--r--src/libstrongswan/collections/linked_list.h23
-rw-r--r--src/libstrongswan/credentials/auth_cfg.c248
-rw-r--r--src/libstrongswan/credentials/auth_cfg.h13
-rw-r--r--src/libstrongswan/credentials/certificates/certificate.c9
-rw-r--r--src/libstrongswan/credentials/certificates/certificate_printer.c753
-rw-r--r--src/libstrongswan/credentials/certificates/certificate_printer.h70
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_response.h7
-rw-r--r--src/libstrongswan/credentials/certificates/x509.c27
-rw-r--r--src/libstrongswan/credentials/certificates/x509.h4
-rw-r--r--src/libstrongswan/credentials/credential_manager.c8
-rw-r--r--src/libstrongswan/credentials/credential_manager.h7
-rw-r--r--src/libstrongswan/library.c33
-rw-r--r--src/libstrongswan/library.h12
-rw-r--r--src/libstrongswan/plugins/acert/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/aesni/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/af_alg/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/bliss/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/bliss/tests/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/chapoly/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c21
-rw-r--r--src/libstrongswan/plugins/cmac/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/constraints/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/files/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c8
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.c16
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/keychain/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/nonce/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/ntru/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c46
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs12/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs7/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pkcs8/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_cert.c8
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_cert.h7
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/rc2/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/rdrand/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sha3/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/soup/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/sshkey/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/unbound/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/winhttp/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c4
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c42
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in2
-rw-r--r--src/libstrongswan/processing/watcher.c7
-rw-r--r--src/libstrongswan/tests/Makefile.am1
-rw-r--r--src/libstrongswan/tests/Makefile.in21
-rw-r--r--src/libstrongswan/tests/suites/test_array.c43
-rw-r--r--src/libstrongswan/tests/suites/test_auth_cfg.c122
-rw-r--r--src/libstrongswan/tests/suites/test_identification.c261
-rw-r--r--src/libstrongswan/tests/suites/test_linked_list.c91
-rw-r--r--src/libstrongswan/tests/tests.h1
-rw-r--r--src/libstrongswan/threading/thread.c34
-rw-r--r--src/libstrongswan/threading/thread.h8
-rw-r--r--src/libstrongswan/threading/windows/thread.c4
-rw-r--r--src/libstrongswan/utils/compat/windows.c1
-rw-r--r--src/libstrongswan/utils/debug.c6
-rw-r--r--src/libstrongswan/utils/identification.c389
-rw-r--r--src/libstrongswan/utils/identification.h2
-rw-r--r--src/libstrongswan/utils/utils/byteorder.h78
101 files changed, 3081 insertions, 886 deletions
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index db3da8e15..da5f34e87 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -21,7 +21,8 @@ credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
credentials/certificates/certificate.c credentials/certificates/crl.c \
-credentials/certificates/ocsp_response.c \
+credentials/certificates/ocsp_response.c credentials/certificates/x509.c \
+credentials/certificates/certificate_printer.c \
credentials/containers/container.c credentials/containers/pkcs12.c \
credentials/credential_manager.c \
credentials/sets/auth_cfg_wrapper.c credentials/sets/ocsp_response_wrapper.c \
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index ed3b85dd4..0bac61b44 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -19,7 +19,8 @@ credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
credentials/certificates/certificate.c credentials/certificates/crl.c \
-credentials/certificates/ocsp_response.c \
+credentials/certificates/ocsp_response.c credentials/certificates/x509.c \
+credentials/certificates/certificate_printer.c \
credentials/containers/container.c credentials/containers/pkcs12.c \
credentials/credential_manager.c \
credentials/sets/auth_cfg_wrapper.c credentials/sets/ocsp_response_wrapper.c \
@@ -83,6 +84,7 @@ credentials/certificates/ac.h credentials/certificates/crl.h \
credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \
credentials/certificates/ocsp_response.h \
credentials/certificates/pgp_certificate.h \
+credentials/certificates/certificate_printer.h \
credentials/containers/container.h credentials/containers/pkcs7.h \
credentials/containers/pkcs12.h \
credentials/credential_manager.h credentials/sets/auth_cfg_wrapper.h \
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 284960f5c..d88c96f03 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -322,6 +322,8 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
credentials/certificates/certificate.c \
credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c \
+ credentials/certificates/x509.c \
+ credentials/certificates/certificate_printer.c \
credentials/containers/container.c \
credentials/containers/pkcs12.c \
credentials/credential_manager.c \
@@ -407,6 +409,8 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
credentials/certificates/certificate.lo \
credentials/certificates/crl.lo \
credentials/certificates/ocsp_response.lo \
+ credentials/certificates/x509.lo \
+ credentials/certificates/certificate_printer.lo \
credentials/containers/container.lo \
credentials/containers/pkcs12.lo \
credentials/credential_manager.lo \
@@ -539,6 +543,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
credentials/certificates/ocsp_request.h \
credentials/certificates/ocsp_response.h \
credentials/certificates/pgp_certificate.h \
+ credentials/certificates/certificate_printer.h \
credentials/containers/container.h \
credentials/containers/pkcs7.h credentials/containers/pkcs12.h \
credentials/credential_manager.h \
@@ -865,6 +870,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
@@ -900,6 +907,8 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
credentials/certificates/certificate.c \
credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c \
+ credentials/certificates/x509.c \
+ credentials/certificates/certificate_printer.c \
credentials/containers/container.c \
credentials/containers/pkcs12.c \
credentials/credential_manager.c \
@@ -961,6 +970,7 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE@credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \
@USE_DEV_HEADERS_TRUE@credentials/certificates/ocsp_response.h \
@USE_DEV_HEADERS_TRUE@credentials/certificates/pgp_certificate.h \
+@USE_DEV_HEADERS_TRUE@credentials/certificates/certificate_printer.h \
@USE_DEV_HEADERS_TRUE@credentials/containers/container.h credentials/containers/pkcs7.h \
@USE_DEV_HEADERS_TRUE@credentials/containers/pkcs12.h \
@USE_DEV_HEADERS_TRUE@credentials/credential_manager.h credentials/sets/auth_cfg_wrapper.h \
@@ -1341,6 +1351,12 @@ credentials/certificates/crl.lo: \
credentials/certificates/ocsp_response.lo: \
credentials/certificates/$(am__dirstamp) \
credentials/certificates/$(DEPDIR)/$(am__dirstamp)
+credentials/certificates/x509.lo: \
+ credentials/certificates/$(am__dirstamp) \
+ credentials/certificates/$(DEPDIR)/$(am__dirstamp)
+credentials/certificates/certificate_printer.lo: \
+ credentials/certificates/$(am__dirstamp) \
+ credentials/certificates/$(DEPDIR)/$(am__dirstamp)
credentials/containers/$(am__dirstamp):
@$(MKDIR_P) credentials/containers
@: > credentials/containers/$(am__dirstamp)
@@ -1735,8 +1751,10 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@credentials/$(DEPDIR)/credential_factory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/$(DEPDIR)/credential_manager.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/certificates/$(DEPDIR)/certificate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@credentials/certificates/$(DEPDIR)/certificate_printer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/certificates/$(DEPDIR)/crl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/certificates/$(DEPDIR)/ocsp_response.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@credentials/certificates/$(DEPDIR)/x509.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/containers/$(DEPDIR)/container.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/containers/$(DEPDIR)/pkcs12.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@credentials/keys/$(DEPDIR)/private_key.Plo@am__quote@
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 7a48292af..8ac005610 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -26,6 +26,7 @@
#include <stdarg.h>
#include <library.h>
+#include <asn1/asn1.h>
/**
* Definition of some primitive ASN1 types
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index a088b0527..ed953d482 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -28,8 +28,8 @@ const oid_t oid_names[] = {
{ 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */
{ 0x01, 17, 0, 9, "UID" }, /* 16 */
{ 0x19, 0, 0, 9, "DC" }, /* 17 */
- {0x55, 65, 1, 0, "X.500" }, /* 18 */
- { 0x04, 37, 1, 1, "X.509" }, /* 19 */
+ {0x55, 66, 1, 0, "X.500" }, /* 18 */
+ { 0x04, 38, 1, 1, "X.509" }, /* 19 */
{ 0x03, 21, 0, 2, "CN" }, /* 20 */
{ 0x04, 22, 0, 2, "S" }, /* 21 */
{ 0x05, 23, 0, 2, "SN" }, /* 22 */
@@ -46,446 +46,447 @@ const oid_t oid_names[] = {
{ 0x2B, 34, 0, 2, "I" }, /* 33 */
{ 0x2D, 35, 0, 2, "ID" }, /* 34 */
{ 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */
- { 0x48, 0, 0, 2, "role" }, /* 36 */
- { 0x1D, 0, 1, 1, "id-ce" }, /* 37 */
- { 0x09, 39, 0, 2, "subjectDirectoryAttrs" }, /* 38 */
- { 0x0E, 40, 0, 2, "subjectKeyIdentifier" }, /* 39 */
- { 0x0F, 41, 0, 2, "keyUsage" }, /* 40 */
- { 0x10, 42, 0, 2, "privateKeyUsagePeriod" }, /* 41 */
- { 0x11, 43, 0, 2, "subjectAltName" }, /* 42 */
- { 0x12, 44, 0, 2, "issuerAltName" }, /* 43 */
- { 0x13, 45, 0, 2, "basicConstraints" }, /* 44 */
- { 0x14, 46, 0, 2, "crlNumber" }, /* 45 */
- { 0x15, 47, 0, 2, "reasonCode" }, /* 46 */
- { 0x17, 48, 0, 2, "holdInstructionCode" }, /* 47 */
- { 0x18, 49, 0, 2, "invalidityDate" }, /* 48 */
- { 0x1B, 50, 0, 2, "deltaCrlIndicator" }, /* 49 */
- { 0x1C, 51, 0, 2, "issuingDistributionPoint" }, /* 50 */
- { 0x1D, 52, 0, 2, "certificateIssuer" }, /* 51 */
- { 0x1E, 53, 0, 2, "nameConstraints" }, /* 52 */
- { 0x1F, 54, 0, 2, "crlDistributionPoints" }, /* 53 */
- { 0x20, 56, 1, 2, "certificatePolicies" }, /* 54 */
- { 0x00, 0, 0, 3, "anyPolicy" }, /* 55 */
- { 0x21, 57, 0, 2, "policyMappings" }, /* 56 */
- { 0x23, 58, 0, 2, "authorityKeyIdentifier" }, /* 57 */
- { 0x24, 59, 0, 2, "policyConstraints" }, /* 58 */
- { 0x25, 61, 1, 2, "extendedKeyUsage" }, /* 59 */
- { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 60 */
- { 0x2E, 62, 0, 2, "freshestCRL" }, /* 61 */
- { 0x36, 63, 0, 2, "inhibitAnyPolicy" }, /* 62 */
- { 0x37, 64, 0, 2, "targetInformation" }, /* 63 */
- { 0x38, 0, 0, 2, "noRevAvail" }, /* 64 */
- {0x2A, 189, 1, 0, "" }, /* 65 */
- { 0x83, 78, 1, 1, "" }, /* 66 */
- { 0x08, 0, 1, 2, "jp" }, /* 67 */
- { 0x8C, 0, 1, 3, "" }, /* 68 */
- { 0x9A, 0, 1, 4, "" }, /* 69 */
- { 0x4B, 0, 1, 5, "" }, /* 70 */
- { 0x3D, 0, 1, 6, "" }, /* 71 */
- { 0x01, 0, 1, 7, "security" }, /* 72 */
- { 0x01, 0, 1, 8, "algorithm" }, /* 73 */
- { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 74 */
- { 0x02, 76, 0, 10, "camellia128-cbc" }, /* 75 */
- { 0x03, 77, 0, 10, "camellia192-cbc" }, /* 76 */
- { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 77 */
- { 0x86, 0, 1, 1, "" }, /* 78 */
- { 0x48, 0, 1, 2, "us" }, /* 79 */
- { 0x86, 148, 1, 3, "" }, /* 80 */
- { 0xF6, 86, 1, 4, "" }, /* 81 */
- { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 82 */
- { 0x07, 0, 1, 6, "Entrust" }, /* 83 */
- { 0x41, 0, 1, 7, "nsn-ce" }, /* 84 */
- { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 85 */
- { 0xF7, 0, 1, 4, "" }, /* 86 */
- { 0x0D, 0, 1, 5, "RSADSI" }, /* 87 */
- { 0x01, 143, 1, 6, "PKCS" }, /* 88 */
- { 0x01, 101, 1, 7, "PKCS-1" }, /* 89 */
- { 0x01, 91, 0, 8, "rsaEncryption" }, /* 90 */
- { 0x02, 92, 0, 8, "md2WithRSAEncryption" }, /* 91 */
- { 0x04, 93, 0, 8, "md5WithRSAEncryption" }, /* 92 */
- { 0x05, 94, 0, 8, "sha-1WithRSAEncryption" }, /* 93 */
- { 0x07, 95, 0, 8, "id-RSAES-OAEP" }, /* 94 */
- { 0x08, 96, 0, 8, "id-mgf1" }, /* 95 */
- { 0x09, 97, 0, 8, "id-pSpecified" }, /* 96 */
- { 0x0B, 98, 0, 8, "sha256WithRSAEncryption" }, /* 97 */
- { 0x0C, 99, 0, 8, "sha384WithRSAEncryption" }, /* 98 */
- { 0x0D, 100, 0, 8, "sha512WithRSAEncryption" }, /* 99 */
- { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 100 */
- { 0x05, 106, 1, 7, "PKCS-5" }, /* 101 */
- { 0x03, 103, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 102 */
- { 0x0A, 104, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 103 */
- { 0x0C, 105, 0, 8, "id-PBKDF2" }, /* 104 */
- { 0x0D, 0, 0, 8, "id-PBES2" }, /* 105 */
- { 0x07, 113, 1, 7, "PKCS-7" }, /* 106 */
- { 0x01, 108, 0, 8, "data" }, /* 107 */
- { 0x02, 109, 0, 8, "signedData" }, /* 108 */
- { 0x03, 110, 0, 8, "envelopedData" }, /* 109 */
- { 0x04, 111, 0, 8, "signedAndEnvelopedData" }, /* 110 */
- { 0x05, 112, 0, 8, "digestedData" }, /* 111 */
- { 0x06, 0, 0, 8, "encryptedData" }, /* 112 */
- { 0x09, 127, 1, 7, "PKCS-9" }, /* 113 */
- { 0x01, 115, 0, 8, "E" }, /* 114 */
- { 0x02, 116, 0, 8, "unstructuredName" }, /* 115 */
- { 0x03, 117, 0, 8, "contentType" }, /* 116 */
- { 0x04, 118, 0, 8, "messageDigest" }, /* 117 */
- { 0x05, 119, 0, 8, "signingTime" }, /* 118 */
- { 0x06, 120, 0, 8, "counterSignature" }, /* 119 */
- { 0x07, 121, 0, 8, "challengePassword" }, /* 120 */
- { 0x08, 122, 0, 8, "unstructuredAddress" }, /* 121 */
- { 0x0E, 123, 0, 8, "extensionRequest" }, /* 122 */
- { 0x0F, 124, 0, 8, "S/MIME Capabilities" }, /* 123 */
- { 0x16, 0, 1, 8, "certTypes" }, /* 124 */
- { 0x01, 126, 0, 9, "X.509" }, /* 125 */
- { 0x02, 0, 0, 9, "SDSI" }, /* 126 */
- { 0x0c, 0, 1, 7, "PKCS-12" }, /* 127 */
- { 0x01, 135, 1, 8, "pbeIds" }, /* 128 */
- { 0x01, 130, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 129 */
- { 0x02, 131, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 130 */
- { 0x03, 132, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 131 */
- { 0x04, 133, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 132 */
- { 0x05, 134, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 133 */
- { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 134 */
- { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 135 */
- { 0x01, 0, 1, 9, "bagIds" }, /* 136 */
- { 0x01, 138, 0, 10, "keyBag" }, /* 137 */
- { 0x02, 139, 0, 10, "pkcs8ShroudedKeyBag" }, /* 138 */
- { 0x03, 140, 0, 10, "certBag" }, /* 139 */
- { 0x04, 141, 0, 10, "crlBag" }, /* 140 */
- { 0x05, 142, 0, 10, "secretBag" }, /* 141 */
- { 0x06, 0, 0, 10, "safeContentsBag" }, /* 142 */
- { 0x02, 146, 1, 6, "digestAlgorithm" }, /* 143 */
- { 0x02, 145, 0, 7, "md2" }, /* 144 */
- { 0x05, 0, 0, 7, "md5" }, /* 145 */
- { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 146 */
- { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 147 */
- { 0xCE, 0, 1, 3, "" }, /* 148 */
- { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 149 */
- { 0x02, 152, 1, 5, "id-publicKeyType" }, /* 150 */
- { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 151 */
- { 0x03, 182, 1, 5, "ellipticCurve" }, /* 152 */
- { 0x00, 174, 1, 6, "c-TwoCurve" }, /* 153 */
- { 0x01, 155, 0, 7, "c2pnb163v1" }, /* 154 */
- { 0x02, 156, 0, 7, "c2pnb163v2" }, /* 155 */
- { 0x03, 157, 0, 7, "c2pnb163v3" }, /* 156 */
- { 0x04, 158, 0, 7, "c2pnb176w1" }, /* 157 */
- { 0x05, 159, 0, 7, "c2tnb191v1" }, /* 158 */
- { 0x06, 160, 0, 7, "c2tnb191v2" }, /* 159 */
- { 0x07, 161, 0, 7, "c2tnb191v3" }, /* 160 */
- { 0x08, 162, 0, 7, "c2onb191v4" }, /* 161 */
- { 0x09, 163, 0, 7, "c2onb191v5" }, /* 162 */
- { 0x0A, 164, 0, 7, "c2pnb208w1" }, /* 163 */
- { 0x0B, 165, 0, 7, "c2tnb239v1" }, /* 164 */
- { 0x0C, 166, 0, 7, "c2tnb239v2" }, /* 165 */
- { 0x0D, 167, 0, 7, "c2tnb239v3" }, /* 166 */
- { 0x0E, 168, 0, 7, "c2onb239v4" }, /* 167 */
- { 0x0F, 169, 0, 7, "c2onb239v5" }, /* 168 */
- { 0x10, 170, 0, 7, "c2pnb272w1" }, /* 169 */
- { 0x11, 171, 0, 7, "c2pnb304w1" }, /* 170 */
- { 0x12, 172, 0, 7, "c2tnb359v1" }, /* 171 */
- { 0x13, 173, 0, 7, "c2pnb368w1" }, /* 172 */
- { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 173 */
- { 0x01, 0, 1, 6, "primeCurve" }, /* 174 */
- { 0x01, 176, 0, 7, "prime192v1" }, /* 175 */
- { 0x02, 177, 0, 7, "prime192v2" }, /* 176 */
- { 0x03, 178, 0, 7, "prime192v3" }, /* 177 */
- { 0x04, 179, 0, 7, "prime239v1" }, /* 178 */
- { 0x05, 180, 0, 7, "prime239v2" }, /* 179 */
- { 0x06, 181, 0, 7, "prime239v3" }, /* 180 */
- { 0x07, 0, 0, 7, "prime256v1" }, /* 181 */
- { 0x04, 0, 1, 5, "id-ecSigType" }, /* 182 */
- { 0x01, 184, 0, 6, "ecdsa-with-SHA1" }, /* 183 */
- { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 184 */
- { 0x01, 186, 0, 7, "ecdsa-with-SHA224" }, /* 185 */
- { 0x02, 187, 0, 7, "ecdsa-with-SHA256" }, /* 186 */
- { 0x03, 188, 0, 7, "ecdsa-with-SHA384" }, /* 187 */
- { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 188 */
- {0x2B, 416, 1, 0, "" }, /* 189 */
- { 0x06, 330, 1, 1, "dod" }, /* 190 */
- { 0x01, 0, 1, 2, "internet" }, /* 191 */
- { 0x04, 281, 1, 3, "private" }, /* 192 */
- { 0x01, 0, 1, 4, "enterprise" }, /* 193 */
- { 0x82, 231, 1, 5, "" }, /* 194 */
- { 0x37, 207, 1, 6, "Microsoft" }, /* 195 */
- { 0x0A, 200, 1, 7, "" }, /* 196 */
- { 0x03, 0, 1, 8, "" }, /* 197 */
- { 0x03, 199, 0, 9, "msSGC" }, /* 198 */
- { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 199 */
- { 0x14, 204, 1, 7, "msEnrollmentInfrastructure" }, /* 200 */
- { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 201 */
- { 0x02, 203, 0, 9, "msSmartcardLogon" }, /* 202 */
- { 0x03, 0, 0, 9, "msUPN" }, /* 203 */
- { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 204 */
- { 0x07, 206, 0, 8, "msCertTemplate" }, /* 205 */
- { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 206 */
- { 0xA0, 0, 1, 6, "" }, /* 207 */
- { 0x2A, 0, 1, 7, "ITA" }, /* 208 */
- { 0x01, 210, 0, 8, "strongSwan" }, /* 209 */
- { 0x02, 211, 0, 8, "cps" }, /* 210 */
- { 0x03, 212, 0, 8, "e-voting" }, /* 211 */
- { 0x05, 0, 1, 8, "BLISS" }, /* 212 */
- { 0x01, 215, 1, 9, "keyType" }, /* 213 */
- { 0x01, 0, 0, 10, "blissPublicKey" }, /* 214 */
- { 0x02, 224, 1, 9, "parameters" }, /* 215 */
- { 0x01, 217, 0, 10, "BLISS-I" }, /* 216 */
- { 0x02, 218, 0, 10, "BLISS-II" }, /* 217 */
- { 0x03, 219, 0, 10, "BLISS-III" }, /* 218 */
- { 0x04, 220, 0, 10, "BLISS-IV" }, /* 219 */
- { 0x05, 221, 0, 10, "BLISS-B-I" }, /* 220 */
- { 0x06, 222, 0, 10, "BLISS-B-II" }, /* 221 */
- { 0x07, 223, 0, 10, "BLISS-B-III" }, /* 222 */
- { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 223 */
- { 0x03, 0, 1, 9, "blissSigType" }, /* 224 */
- { 0x01, 226, 0, 10, "BLISS-with-SHA2-512" }, /* 225 */
- { 0x02, 227, 0, 10, "BLISS-with-SHA2-384" }, /* 226 */
- { 0x03, 228, 0, 10, "BLISS-with-SHA2-256" }, /* 227 */
- { 0x04, 229, 0, 10, "BLISS-with-SHA3-512" }, /* 228 */
- { 0x05, 230, 0, 10, "BLISS-with-SHA3-384" }, /* 229 */
- { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 230 */
- { 0x89, 238, 1, 5, "" }, /* 231 */
- { 0x31, 0, 1, 6, "" }, /* 232 */
- { 0x01, 0, 1, 7, "" }, /* 233 */
- { 0x01, 0, 1, 8, "" }, /* 234 */
- { 0x02, 0, 1, 9, "" }, /* 235 */
- { 0x02, 0, 1, 10, "" }, /* 236 */
- { 0x4B, 0, 0, 11, "TCGID" }, /* 237 */
- { 0x97, 242, 1, 5, "" }, /* 238 */
- { 0x55, 0, 1, 6, "" }, /* 239 */
- { 0x01, 0, 1, 7, "" }, /* 240 */
- { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 241 */
- { 0xC1, 0, 1, 5, "" }, /* 242 */
- { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 243 */
- { 0x01, 0, 1, 7, "eess" }, /* 244 */
- { 0x01, 0, 1, 8, "eess1" }, /* 245 */
- { 0x01, 250, 1, 9, "eess1-algs" }, /* 246 */
- { 0x01, 248, 0, 10, "ntru-EESS1v1-SVES" }, /* 247 */
- { 0x02, 249, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 248 */
- { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 249 */
- { 0x02, 280, 1, 9, "eess1-params" }, /* 250 */
- { 0x01, 252, 0, 10, "ees251ep1" }, /* 251 */
- { 0x02, 253, 0, 10, "ees347ep1" }, /* 252 */
- { 0x03, 254, 0, 10, "ees503ep1" }, /* 253 */
- { 0x07, 255, 0, 10, "ees251sp2" }, /* 254 */
- { 0x0C, 256, 0, 10, "ees251ep4" }, /* 255 */
- { 0x0D, 257, 0, 10, "ees251ep5" }, /* 256 */
- { 0x0E, 258, 0, 10, "ees251sp3" }, /* 257 */
- { 0x0F, 259, 0, 10, "ees251sp4" }, /* 258 */
- { 0x10, 260, 0, 10, "ees251sp5" }, /* 259 */
- { 0x11, 261, 0, 10, "ees251sp6" }, /* 260 */
- { 0x12, 262, 0, 10, "ees251sp7" }, /* 261 */
- { 0x13, 263, 0, 10, "ees251sp8" }, /* 262 */
- { 0x14, 264, 0, 10, "ees251sp9" }, /* 263 */
- { 0x22, 265, 0, 10, "ees401ep1" }, /* 264 */
- { 0x23, 266, 0, 10, "ees449ep1" }, /* 265 */
- { 0x24, 267, 0, 10, "ees677ep1" }, /* 266 */
- { 0x25, 268, 0, 10, "ees1087ep2" }, /* 267 */
- { 0x26, 269, 0, 10, "ees541ep1" }, /* 268 */
- { 0x27, 270, 0, 10, "ees613ep1" }, /* 269 */
- { 0x28, 271, 0, 10, "ees887ep1" }, /* 270 */
- { 0x29, 272, 0, 10, "ees1171ep1" }, /* 271 */
- { 0x2A, 273, 0, 10, "ees659ep1" }, /* 272 */
- { 0x2B, 274, 0, 10, "ees761ep1" }, /* 273 */
- { 0x2C, 275, 0, 10, "ees1087ep1" }, /* 274 */
- { 0x2D, 276, 0, 10, "ees1499ep1" }, /* 275 */
- { 0x2E, 277, 0, 10, "ees401ep2" }, /* 276 */
- { 0x2F, 278, 0, 10, "ees439ep1" }, /* 277 */
- { 0x30, 279, 0, 10, "ees593ep1" }, /* 278 */
- { 0x31, 0, 0, 10, "ees743ep1" }, /* 279 */
- { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 280 */
- { 0x05, 0, 1, 3, "security" }, /* 281 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 282 */
- { 0x07, 327, 1, 5, "id-pkix" }, /* 283 */
- { 0x01, 288, 1, 6, "id-pe" }, /* 284 */
- { 0x01, 286, 0, 7, "authorityInfoAccess" }, /* 285 */
- { 0x03, 287, 0, 7, "qcStatements" }, /* 286 */
- { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 287 */
- { 0x02, 291, 1, 6, "id-qt" }, /* 288 */
- { 0x01, 290, 0, 7, "cps" }, /* 289 */
- { 0x02, 0, 0, 7, "unotice" }, /* 290 */
- { 0x03, 301, 1, 6, "id-kp" }, /* 291 */
- { 0x01, 293, 0, 7, "serverAuth" }, /* 292 */
- { 0x02, 294, 0, 7, "clientAuth" }, /* 293 */
- { 0x03, 295, 0, 7, "codeSigning" }, /* 294 */
- { 0x04, 296, 0, 7, "emailProtection" }, /* 295 */
- { 0x05, 297, 0, 7, "ipsecEndSystem" }, /* 296 */
- { 0x06, 298, 0, 7, "ipsecTunnel" }, /* 297 */
- { 0x07, 299, 0, 7, "ipsecUser" }, /* 298 */
- { 0x08, 300, 0, 7, "timeStamping" }, /* 299 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 300 */
- { 0x08, 309, 1, 6, "id-otherNames" }, /* 301 */
- { 0x01, 303, 0, 7, "personalData" }, /* 302 */
- { 0x02, 304, 0, 7, "userGroup" }, /* 303 */
- { 0x03, 305, 0, 7, "id-on-permanentIdentifier" }, /* 304 */
- { 0x04, 306, 0, 7, "id-on-hardwareModuleName" }, /* 305 */
- { 0x05, 307, 0, 7, "xmppAddr" }, /* 306 */
- { 0x06, 308, 0, 7, "id-on-SIM" }, /* 307 */
- { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 308 */
- { 0x0A, 314, 1, 6, "id-aca" }, /* 309 */
- { 0x01, 311, 0, 7, "authenticationInfo" }, /* 310 */
- { 0x02, 312, 0, 7, "accessIdentity" }, /* 311 */
- { 0x03, 313, 0, 7, "chargingIdentity" }, /* 312 */
- { 0x04, 0, 0, 7, "group" }, /* 313 */
- { 0x0B, 315, 0, 6, "subjectInfoAccess" }, /* 314 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 315 */
- { 0x01, 324, 1, 7, "ocsp" }, /* 316 */
- { 0x01, 318, 0, 8, "basic" }, /* 317 */
- { 0x02, 319, 0, 8, "nonce" }, /* 318 */
- { 0x03, 320, 0, 8, "crl" }, /* 319 */
- { 0x04, 321, 0, 8, "response" }, /* 320 */
- { 0x05, 322, 0, 8, "noCheck" }, /* 321 */
- { 0x06, 323, 0, 8, "archiveCutoff" }, /* 322 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 323 */
- { 0x02, 325, 0, 7, "caIssuers" }, /* 324 */
- { 0x03, 326, 0, 7, "timeStamping" }, /* 325 */
- { 0x05, 0, 0, 7, "caRepository" }, /* 326 */
- { 0x08, 0, 1, 5, "ipsec" }, /* 327 */
- { 0x02, 0, 1, 6, "certificate" }, /* 328 */
- { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 329 */
- { 0x0E, 336, 1, 1, "oiw" }, /* 330 */
- { 0x03, 0, 1, 2, "secsig" }, /* 331 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 332 */
- { 0x07, 334, 0, 4, "des-cbc" }, /* 333 */
- { 0x1A, 335, 0, 4, "sha-1" }, /* 334 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 335 */
- { 0x24, 382, 1, 1, "TeleTrusT" }, /* 336 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 337 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 338 */
- { 0x01, 343, 1, 4, "rsaSignature" }, /* 339 */
- { 0x02, 341, 0, 5, "rsaSigWithripemd160" }, /* 340 */
- { 0x03, 342, 0, 5, "rsaSigWithripemd128" }, /* 341 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 342 */
- { 0x02, 0, 1, 4, "ecSign" }, /* 343 */
- { 0x01, 345, 0, 5, "ecSignWithsha1" }, /* 344 */
- { 0x02, 346, 0, 5, "ecSignWithripemd160" }, /* 345 */
- { 0x03, 347, 0, 5, "ecSignWithmd2" }, /* 346 */
- { 0x04, 348, 0, 5, "ecSignWithmd5" }, /* 347 */
- { 0x05, 365, 1, 5, "ttt-ecg" }, /* 348 */
- { 0x01, 353, 1, 6, "fieldType" }, /* 349 */
- { 0x01, 0, 1, 7, "characteristictwoField" }, /* 350 */
- { 0x01, 0, 1, 8, "basisType" }, /* 351 */
- { 0x01, 0, 0, 9, "ipBasis" }, /* 352 */
- { 0x02, 355, 1, 6, "keyType" }, /* 353 */
- { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 354 */
- { 0x03, 356, 0, 6, "curve" }, /* 355 */
- { 0x04, 363, 1, 6, "signatures" }, /* 356 */
- { 0x01, 358, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 357 */
- { 0x02, 359, 0, 7, "ecgdsa-with-SHA1" }, /* 358 */
- { 0x03, 360, 0, 7, "ecgdsa-with-SHA224" }, /* 359 */
- { 0x04, 361, 0, 7, "ecgdsa-with-SHA256" }, /* 360 */
- { 0x05, 362, 0, 7, "ecgdsa-with-SHA384" }, /* 361 */
- { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 362 */
- { 0x05, 0, 1, 6, "module" }, /* 363 */
- { 0x01, 0, 0, 7, "1" }, /* 364 */
- { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 365 */
- { 0x01, 0, 1, 6, "ellipticCurve" }, /* 366 */
- { 0x01, 0, 1, 7, "versionOne" }, /* 367 */
- { 0x01, 369, 0, 8, "brainpoolP160r1" }, /* 368 */
- { 0x02, 370, 0, 8, "brainpoolP160t1" }, /* 369 */
- { 0x03, 371, 0, 8, "brainpoolP192r1" }, /* 370 */
- { 0x04, 372, 0, 8, "brainpoolP192t1" }, /* 371 */
- { 0x05, 373, 0, 8, "brainpoolP224r1" }, /* 372 */
- { 0x06, 374, 0, 8, "brainpoolP224t1" }, /* 373 */
- { 0x07, 375, 0, 8, "brainpoolP256r1" }, /* 374 */
- { 0x08, 376, 0, 8, "brainpoolP256t1" }, /* 375 */
- { 0x09, 377, 0, 8, "brainpoolP320r1" }, /* 376 */
- { 0x0A, 378, 0, 8, "brainpoolP320t1" }, /* 377 */
- { 0x0B, 379, 0, 8, "brainpoolP384r1" }, /* 378 */
- { 0x0C, 380, 0, 8, "brainpoolP384t1" }, /* 379 */
- { 0x0D, 381, 0, 8, "brainpoolP512r1" }, /* 380 */
- { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 381 */
- { 0x81, 0, 1, 1, "" }, /* 382 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 383 */
- { 0x00, 0, 1, 3, "curve" }, /* 384 */
- { 0x01, 386, 0, 4, "sect163k1" }, /* 385 */
- { 0x02, 387, 0, 4, "sect163r1" }, /* 386 */
- { 0x03, 388, 0, 4, "sect239k1" }, /* 387 */
- { 0x04, 389, 0, 4, "sect113r1" }, /* 388 */
- { 0x05, 390, 0, 4, "sect113r2" }, /* 389 */
- { 0x06, 391, 0, 4, "secp112r1" }, /* 390 */
- { 0x07, 392, 0, 4, "secp112r2" }, /* 391 */
- { 0x08, 393, 0, 4, "secp160r1" }, /* 392 */
- { 0x09, 394, 0, 4, "secp160k1" }, /* 393 */
- { 0x0A, 395, 0, 4, "secp256k1" }, /* 394 */
- { 0x0F, 396, 0, 4, "sect163r2" }, /* 395 */
- { 0x10, 397, 0, 4, "sect283k1" }, /* 396 */
- { 0x11, 398, 0, 4, "sect283r1" }, /* 397 */
- { 0x16, 399, 0, 4, "sect131r1" }, /* 398 */
- { 0x17, 400, 0, 4, "sect131r2" }, /* 399 */
- { 0x18, 401, 0, 4, "sect193r1" }, /* 400 */
- { 0x19, 402, 0, 4, "sect193r2" }, /* 401 */
- { 0x1A, 403, 0, 4, "sect233k1" }, /* 402 */
- { 0x1B, 404, 0, 4, "sect233r1" }, /* 403 */
- { 0x1C, 405, 0, 4, "secp128r1" }, /* 404 */
- { 0x1D, 406, 0, 4, "secp128r2" }, /* 405 */
- { 0x1E, 407, 0, 4, "secp160r2" }, /* 406 */
- { 0x1F, 408, 0, 4, "secp192k1" }, /* 407 */
- { 0x20, 409, 0, 4, "secp224k1" }, /* 408 */
- { 0x21, 410, 0, 4, "secp224r1" }, /* 409 */
- { 0x22, 411, 0, 4, "secp384r1" }, /* 410 */
- { 0x23, 412, 0, 4, "secp521r1" }, /* 411 */
- { 0x24, 413, 0, 4, "sect409k1" }, /* 412 */
- { 0x25, 414, 0, 4, "sect409r1" }, /* 413 */
- { 0x26, 415, 0, 4, "sect571k1" }, /* 414 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 415 */
- {0x60, 470, 1, 0, "" }, /* 416 */
- { 0x86, 0, 1, 1, "" }, /* 417 */
- { 0x48, 0, 1, 2, "" }, /* 418 */
- { 0x01, 0, 1, 3, "organization" }, /* 419 */
- { 0x65, 446, 1, 4, "gov" }, /* 420 */
- { 0x03, 0, 1, 5, "csor" }, /* 421 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 422 */
- { 0x01, 433, 1, 7, "aes" }, /* 423 */
- { 0x02, 425, 0, 8, "id-aes128-CBC" }, /* 424 */
- { 0x06, 426, 0, 8, "id-aes128-GCM" }, /* 425 */
- { 0x07, 427, 0, 8, "id-aes128-CCM" }, /* 426 */
- { 0x16, 428, 0, 8, "id-aes192-CBC" }, /* 427 */
- { 0x1A, 429, 0, 8, "id-aes192-GCM" }, /* 428 */
- { 0x1B, 430, 0, 8, "id-aes192-CCM" }, /* 429 */
- { 0x2A, 431, 0, 8, "id-aes256-CBC" }, /* 430 */
- { 0x2E, 432, 0, 8, "id-aes256-GCM" }, /* 431 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 432 */
- { 0x02, 0, 1, 7, "hashalgs" }, /* 433 */
- { 0x01, 435, 0, 8, "id-sha256" }, /* 434 */
- { 0x02, 436, 0, 8, "id-sha384" }, /* 435 */
- { 0x03, 437, 0, 8, "id-sha512" }, /* 436 */
- { 0x04, 438, 0, 8, "id-sha224" }, /* 437 */
- { 0x05, 439, 0, 8, "id-sha512-224" }, /* 438 */
- { 0x06, 440, 0, 8, "id-sha512-256" }, /* 439 */
- { 0x07, 441, 0, 8, "id-sha3-224" }, /* 440 */
- { 0x08, 442, 0, 8, "id-sha3-256" }, /* 441 */
- { 0x09, 443, 0, 8, "id-sha3-384" }, /* 442 */
- { 0x0A, 444, 0, 8, "id-sha3-512" }, /* 443 */
- { 0x0B, 445, 0, 8, "id-shake128" }, /* 444 */
- { 0x0C, 0, 0, 8, "id-shake256" }, /* 445 */
- { 0x86, 0, 1, 4, "" }, /* 446 */
- { 0xf8, 0, 1, 5, "" }, /* 447 */
- { 0x42, 460, 1, 6, "netscape" }, /* 448 */
- { 0x01, 455, 1, 7, "" }, /* 449 */
- { 0x01, 451, 0, 8, "nsCertType" }, /* 450 */
- { 0x03, 452, 0, 8, "nsRevocationUrl" }, /* 451 */
- { 0x04, 453, 0, 8, "nsCaRevocationUrl" }, /* 452 */
- { 0x08, 454, 0, 8, "nsCaPolicyUrl" }, /* 453 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 454 */
- { 0x03, 458, 1, 7, "directory" }, /* 455 */
- { 0x01, 0, 1, 8, "" }, /* 456 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 457 */
- { 0x04, 0, 1, 7, "policy" }, /* 458 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 459 */
- { 0x45, 0, 1, 6, "verisign" }, /* 460 */
- { 0x01, 0, 1, 7, "pki" }, /* 461 */
- { 0x09, 0, 1, 8, "attributes" }, /* 462 */
- { 0x02, 464, 0, 9, "messageType" }, /* 463 */
- { 0x03, 465, 0, 9, "pkiStatus" }, /* 464 */
- { 0x04, 466, 0, 9, "failInfo" }, /* 465 */
- { 0x05, 467, 0, 9, "senderNonce" }, /* 466 */
- { 0x06, 468, 0, 9, "recipientNonce" }, /* 467 */
- { 0x07, 469, 0, 9, "transID" }, /* 468 */
- { 0x08, 0, 0, 9, "extensionReq" }, /* 469 */
- {0x67, 0, 1, 0, "" }, /* 470 */
- { 0x81, 0, 1, 1, "" }, /* 471 */
- { 0x05, 0, 1, 2, "" }, /* 472 */
- { 0x02, 0, 1, 3, "tcg-attribute" }, /* 473 */
- { 0x01, 475, 0, 4, "tcg-at-tpmManufacturer" }, /* 474 */
- { 0x02, 476, 0, 4, "tcg-at-tpmModel" }, /* 475 */
- { 0x03, 477, 0, 4, "tcg-at-tpmVersion" }, /* 476 */
- { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 477 */
+ { 0x41, 37, 0, 2, "pseudonym" }, /* 36 */
+ { 0x48, 0, 0, 2, "role" }, /* 37 */
+ { 0x1D, 0, 1, 1, "id-ce" }, /* 38 */
+ { 0x09, 40, 0, 2, "subjectDirectoryAttrs" }, /* 39 */
+ { 0x0E, 41, 0, 2, "subjectKeyIdentifier" }, /* 40 */
+ { 0x0F, 42, 0, 2, "keyUsage" }, /* 41 */
+ { 0x10, 43, 0, 2, "privateKeyUsagePeriod" }, /* 42 */
+ { 0x11, 44, 0, 2, "subjectAltName" }, /* 43 */
+ { 0x12, 45, 0, 2, "issuerAltName" }, /* 44 */
+ { 0x13, 46, 0, 2, "basicConstraints" }, /* 45 */
+ { 0x14, 47, 0, 2, "crlNumber" }, /* 46 */
+ { 0x15, 48, 0, 2, "reasonCode" }, /* 47 */
+ { 0x17, 49, 0, 2, "holdInstructionCode" }, /* 48 */
+ { 0x18, 50, 0, 2, "invalidityDate" }, /* 49 */
+ { 0x1B, 51, 0, 2, "deltaCrlIndicator" }, /* 50 */
+ { 0x1C, 52, 0, 2, "issuingDistributionPoint" }, /* 51 */
+ { 0x1D, 53, 0, 2, "certificateIssuer" }, /* 52 */
+ { 0x1E, 54, 0, 2, "nameConstraints" }, /* 53 */
+ { 0x1F, 55, 0, 2, "crlDistributionPoints" }, /* 54 */
+ { 0x20, 57, 1, 2, "certificatePolicies" }, /* 55 */
+ { 0x00, 0, 0, 3, "anyPolicy" }, /* 56 */
+ { 0x21, 58, 0, 2, "policyMappings" }, /* 57 */
+ { 0x23, 59, 0, 2, "authorityKeyIdentifier" }, /* 58 */
+ { 0x24, 60, 0, 2, "policyConstraints" }, /* 59 */
+ { 0x25, 62, 1, 2, "extendedKeyUsage" }, /* 60 */
+ { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 61 */
+ { 0x2E, 63, 0, 2, "freshestCRL" }, /* 62 */
+ { 0x36, 64, 0, 2, "inhibitAnyPolicy" }, /* 63 */
+ { 0x37, 65, 0, 2, "targetInformation" }, /* 64 */
+ { 0x38, 0, 0, 2, "noRevAvail" }, /* 65 */
+ {0x2A, 190, 1, 0, "" }, /* 66 */
+ { 0x83, 79, 1, 1, "" }, /* 67 */
+ { 0x08, 0, 1, 2, "jp" }, /* 68 */
+ { 0x8C, 0, 1, 3, "" }, /* 69 */
+ { 0x9A, 0, 1, 4, "" }, /* 70 */
+ { 0x4B, 0, 1, 5, "" }, /* 71 */
+ { 0x3D, 0, 1, 6, "" }, /* 72 */
+ { 0x01, 0, 1, 7, "security" }, /* 73 */
+ { 0x01, 0, 1, 8, "algorithm" }, /* 74 */
+ { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 75 */
+ { 0x02, 77, 0, 10, "camellia128-cbc" }, /* 76 */
+ { 0x03, 78, 0, 10, "camellia192-cbc" }, /* 77 */
+ { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 78 */
+ { 0x86, 0, 1, 1, "" }, /* 79 */
+ { 0x48, 0, 1, 2, "us" }, /* 80 */
+ { 0x86, 149, 1, 3, "" }, /* 81 */
+ { 0xF6, 87, 1, 4, "" }, /* 82 */
+ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 83 */
+ { 0x07, 0, 1, 6, "Entrust" }, /* 84 */
+ { 0x41, 0, 1, 7, "nsn-ce" }, /* 85 */
+ { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 86 */
+ { 0xF7, 0, 1, 4, "" }, /* 87 */
+ { 0x0D, 0, 1, 5, "RSADSI" }, /* 88 */
+ { 0x01, 144, 1, 6, "PKCS" }, /* 89 */
+ { 0x01, 102, 1, 7, "PKCS-1" }, /* 90 */
+ { 0x01, 92, 0, 8, "rsaEncryption" }, /* 91 */
+ { 0x02, 93, 0, 8, "md2WithRSAEncryption" }, /* 92 */
+ { 0x04, 94, 0, 8, "md5WithRSAEncryption" }, /* 93 */
+ { 0x05, 95, 0, 8, "sha-1WithRSAEncryption" }, /* 94 */
+ { 0x07, 96, 0, 8, "id-RSAES-OAEP" }, /* 95 */
+ { 0x08, 97, 0, 8, "id-mgf1" }, /* 96 */
+ { 0x09, 98, 0, 8, "id-pSpecified" }, /* 97 */
+ { 0x0B, 99, 0, 8, "sha256WithRSAEncryption" }, /* 98 */
+ { 0x0C, 100, 0, 8, "sha384WithRSAEncryption" }, /* 99 */
+ { 0x0D, 101, 0, 8, "sha512WithRSAEncryption" }, /* 100 */
+ { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 101 */
+ { 0x05, 107, 1, 7, "PKCS-5" }, /* 102 */
+ { 0x03, 104, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 103 */
+ { 0x0A, 105, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 104 */
+ { 0x0C, 106, 0, 8, "id-PBKDF2" }, /* 105 */
+ { 0x0D, 0, 0, 8, "id-PBES2" }, /* 106 */
+ { 0x07, 114, 1, 7, "PKCS-7" }, /* 107 */
+ { 0x01, 109, 0, 8, "data" }, /* 108 */
+ { 0x02, 110, 0, 8, "signedData" }, /* 109 */
+ { 0x03, 111, 0, 8, "envelopedData" }, /* 110 */
+ { 0x04, 112, 0, 8, "signedAndEnvelopedData" }, /* 111 */
+ { 0x05, 113, 0, 8, "digestedData" }, /* 112 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 113 */
+ { 0x09, 128, 1, 7, "PKCS-9" }, /* 114 */
+ { 0x01, 116, 0, 8, "E" }, /* 115 */
+ { 0x02, 117, 0, 8, "unstructuredName" }, /* 116 */
+ { 0x03, 118, 0, 8, "contentType" }, /* 117 */
+ { 0x04, 119, 0, 8, "messageDigest" }, /* 118 */
+ { 0x05, 120, 0, 8, "signingTime" }, /* 119 */
+ { 0x06, 121, 0, 8, "counterSignature" }, /* 120 */
+ { 0x07, 122, 0, 8, "challengePassword" }, /* 121 */
+ { 0x08, 123, 0, 8, "unstructuredAddress" }, /* 122 */
+ { 0x0E, 124, 0, 8, "extensionRequest" }, /* 123 */
+ { 0x0F, 125, 0, 8, "S/MIME Capabilities" }, /* 124 */
+ { 0x16, 0, 1, 8, "certTypes" }, /* 125 */
+ { 0x01, 127, 0, 9, "X.509" }, /* 126 */
+ { 0x02, 0, 0, 9, "SDSI" }, /* 127 */
+ { 0x0c, 0, 1, 7, "PKCS-12" }, /* 128 */
+ { 0x01, 136, 1, 8, "pbeIds" }, /* 129 */
+ { 0x01, 131, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 130 */
+ { 0x02, 132, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 131 */
+ { 0x03, 133, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 132 */
+ { 0x04, 134, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 133 */
+ { 0x05, 135, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 134 */
+ { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 135 */
+ { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 136 */
+ { 0x01, 0, 1, 9, "bagIds" }, /* 137 */
+ { 0x01, 139, 0, 10, "keyBag" }, /* 138 */
+ { 0x02, 140, 0, 10, "pkcs8ShroudedKeyBag" }, /* 139 */
+ { 0x03, 141, 0, 10, "certBag" }, /* 140 */
+ { 0x04, 142, 0, 10, "crlBag" }, /* 141 */
+ { 0x05, 143, 0, 10, "secretBag" }, /* 142 */
+ { 0x06, 0, 0, 10, "safeContentsBag" }, /* 143 */
+ { 0x02, 147, 1, 6, "digestAlgorithm" }, /* 144 */
+ { 0x02, 146, 0, 7, "md2" }, /* 145 */
+ { 0x05, 0, 0, 7, "md5" }, /* 146 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 147 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 148 */
+ { 0xCE, 0, 1, 3, "" }, /* 149 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 150 */
+ { 0x02, 153, 1, 5, "id-publicKeyType" }, /* 151 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 152 */
+ { 0x03, 183, 1, 5, "ellipticCurve" }, /* 153 */
+ { 0x00, 175, 1, 6, "c-TwoCurve" }, /* 154 */
+ { 0x01, 156, 0, 7, "c2pnb163v1" }, /* 155 */
+ { 0x02, 157, 0, 7, "c2pnb163v2" }, /* 156 */
+ { 0x03, 158, 0, 7, "c2pnb163v3" }, /* 157 */
+ { 0x04, 159, 0, 7, "c2pnb176w1" }, /* 158 */
+ { 0x05, 160, 0, 7, "c2tnb191v1" }, /* 159 */
+ { 0x06, 161, 0, 7, "c2tnb191v2" }, /* 160 */
+ { 0x07, 162, 0, 7, "c2tnb191v3" }, /* 161 */
+ { 0x08, 163, 0, 7, "c2onb191v4" }, /* 162 */
+ { 0x09, 164, 0, 7, "c2onb191v5" }, /* 163 */
+ { 0x0A, 165, 0, 7, "c2pnb208w1" }, /* 164 */
+ { 0x0B, 166, 0, 7, "c2tnb239v1" }, /* 165 */
+ { 0x0C, 167, 0, 7, "c2tnb239v2" }, /* 166 */
+ { 0x0D, 168, 0, 7, "c2tnb239v3" }, /* 167 */
+ { 0x0E, 169, 0, 7, "c2onb239v4" }, /* 168 */
+ { 0x0F, 170, 0, 7, "c2onb239v5" }, /* 169 */
+ { 0x10, 171, 0, 7, "c2pnb272w1" }, /* 170 */
+ { 0x11, 172, 0, 7, "c2pnb304w1" }, /* 171 */
+ { 0x12, 173, 0, 7, "c2tnb359v1" }, /* 172 */
+ { 0x13, 174, 0, 7, "c2pnb368w1" }, /* 173 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 174 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 175 */
+ { 0x01, 177, 0, 7, "prime192v1" }, /* 176 */
+ { 0x02, 178, 0, 7, "prime192v2" }, /* 177 */
+ { 0x03, 179, 0, 7, "prime192v3" }, /* 178 */
+ { 0x04, 180, 0, 7, "prime239v1" }, /* 179 */
+ { 0x05, 181, 0, 7, "prime239v2" }, /* 180 */
+ { 0x06, 182, 0, 7, "prime239v3" }, /* 181 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 182 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 183 */
+ { 0x01, 185, 0, 6, "ecdsa-with-SHA1" }, /* 184 */
+ { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 185 */
+ { 0x01, 187, 0, 7, "ecdsa-with-SHA224" }, /* 186 */
+ { 0x02, 188, 0, 7, "ecdsa-with-SHA256" }, /* 187 */
+ { 0x03, 189, 0, 7, "ecdsa-with-SHA384" }, /* 188 */
+ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 189 */
+ {0x2B, 417, 1, 0, "" }, /* 190 */
+ { 0x06, 331, 1, 1, "dod" }, /* 191 */
+ { 0x01, 0, 1, 2, "internet" }, /* 192 */
+ { 0x04, 282, 1, 3, "private" }, /* 193 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 194 */
+ { 0x82, 232, 1, 5, "" }, /* 195 */
+ { 0x37, 208, 1, 6, "Microsoft" }, /* 196 */
+ { 0x0A, 201, 1, 7, "" }, /* 197 */
+ { 0x03, 0, 1, 8, "" }, /* 198 */
+ { 0x03, 200, 0, 9, "msSGC" }, /* 199 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 200 */
+ { 0x14, 205, 1, 7, "msEnrollmentInfrastructure" }, /* 201 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 202 */
+ { 0x02, 204, 0, 9, "msSmartcardLogon" }, /* 203 */
+ { 0x03, 0, 0, 9, "msUPN" }, /* 204 */
+ { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 205 */
+ { 0x07, 207, 0, 8, "msCertTemplate" }, /* 206 */
+ { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 207 */
+ { 0xA0, 0, 1, 6, "" }, /* 208 */
+ { 0x2A, 0, 1, 7, "ITA" }, /* 209 */
+ { 0x01, 211, 0, 8, "strongSwan" }, /* 210 */
+ { 0x02, 212, 0, 8, "cps" }, /* 211 */
+ { 0x03, 213, 0, 8, "e-voting" }, /* 212 */
+ { 0x05, 0, 1, 8, "BLISS" }, /* 213 */
+ { 0x01, 216, 1, 9, "keyType" }, /* 214 */
+ { 0x01, 0, 0, 10, "blissPublicKey" }, /* 215 */
+ { 0x02, 225, 1, 9, "parameters" }, /* 216 */
+ { 0x01, 218, 0, 10, "BLISS-I" }, /* 217 */
+ { 0x02, 219, 0, 10, "BLISS-II" }, /* 218 */
+ { 0x03, 220, 0, 10, "BLISS-III" }, /* 219 */
+ { 0x04, 221, 0, 10, "BLISS-IV" }, /* 220 */
+ { 0x05, 222, 0, 10, "BLISS-B-I" }, /* 221 */
+ { 0x06, 223, 0, 10, "BLISS-B-II" }, /* 222 */
+ { 0x07, 224, 0, 10, "BLISS-B-III" }, /* 223 */
+ { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 224 */
+ { 0x03, 0, 1, 9, "blissSigType" }, /* 225 */
+ { 0x01, 227, 0, 10, "BLISS-with-SHA2-512" }, /* 226 */
+ { 0x02, 228, 0, 10, "BLISS-with-SHA2-384" }, /* 227 */
+ { 0x03, 229, 0, 10, "BLISS-with-SHA2-256" }, /* 228 */
+ { 0x04, 230, 0, 10, "BLISS-with-SHA3-512" }, /* 229 */
+ { 0x05, 231, 0, 10, "BLISS-with-SHA3-384" }, /* 230 */
+ { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 231 */
+ { 0x89, 239, 1, 5, "" }, /* 232 */
+ { 0x31, 0, 1, 6, "" }, /* 233 */
+ { 0x01, 0, 1, 7, "" }, /* 234 */
+ { 0x01, 0, 1, 8, "" }, /* 235 */
+ { 0x02, 0, 1, 9, "" }, /* 236 */
+ { 0x02, 0, 1, 10, "" }, /* 237 */
+ { 0x4B, 0, 0, 11, "TCGID" }, /* 238 */
+ { 0x97, 243, 1, 5, "" }, /* 239 */
+ { 0x55, 0, 1, 6, "" }, /* 240 */
+ { 0x01, 0, 1, 7, "" }, /* 241 */
+ { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 242 */
+ { 0xC1, 0, 1, 5, "" }, /* 243 */
+ { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 244 */
+ { 0x01, 0, 1, 7, "eess" }, /* 245 */
+ { 0x01, 0, 1, 8, "eess1" }, /* 246 */
+ { 0x01, 251, 1, 9, "eess1-algs" }, /* 247 */
+ { 0x01, 249, 0, 10, "ntru-EESS1v1-SVES" }, /* 248 */
+ { 0x02, 250, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 249 */
+ { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 250 */
+ { 0x02, 281, 1, 9, "eess1-params" }, /* 251 */
+ { 0x01, 253, 0, 10, "ees251ep1" }, /* 252 */
+ { 0x02, 254, 0, 10, "ees347ep1" }, /* 253 */
+ { 0x03, 255, 0, 10, "ees503ep1" }, /* 254 */
+ { 0x07, 256, 0, 10, "ees251sp2" }, /* 255 */
+ { 0x0C, 257, 0, 10, "ees251ep4" }, /* 256 */
+ { 0x0D, 258, 0, 10, "ees251ep5" }, /* 257 */
+ { 0x0E, 259, 0, 10, "ees251sp3" }, /* 258 */
+ { 0x0F, 260, 0, 10, "ees251sp4" }, /* 259 */
+ { 0x10, 261, 0, 10, "ees251sp5" }, /* 260 */
+ { 0x11, 262, 0, 10, "ees251sp6" }, /* 261 */
+ { 0x12, 263, 0, 10, "ees251sp7" }, /* 262 */
+ { 0x13, 264, 0, 10, "ees251sp8" }, /* 263 */
+ { 0x14, 265, 0, 10, "ees251sp9" }, /* 264 */
+ { 0x22, 266, 0, 10, "ees401ep1" }, /* 265 */
+ { 0x23, 267, 0, 10, "ees449ep1" }, /* 266 */
+ { 0x24, 268, 0, 10, "ees677ep1" }, /* 267 */
+ { 0x25, 269, 0, 10, "ees1087ep2" }, /* 268 */
+ { 0x26, 270, 0, 10, "ees541ep1" }, /* 269 */
+ { 0x27, 271, 0, 10, "ees613ep1" }, /* 270 */
+ { 0x28, 272, 0, 10, "ees887ep1" }, /* 271 */
+ { 0x29, 273, 0, 10, "ees1171ep1" }, /* 272 */
+ { 0x2A, 274, 0, 10, "ees659ep1" }, /* 273 */
+ { 0x2B, 275, 0, 10, "ees761ep1" }, /* 274 */
+ { 0x2C, 276, 0, 10, "ees1087ep1" }, /* 275 */
+ { 0x2D, 277, 0, 10, "ees1499ep1" }, /* 276 */
+ { 0x2E, 278, 0, 10, "ees401ep2" }, /* 277 */
+ { 0x2F, 279, 0, 10, "ees439ep1" }, /* 278 */
+ { 0x30, 280, 0, 10, "ees593ep1" }, /* 279 */
+ { 0x31, 0, 0, 10, "ees743ep1" }, /* 280 */
+ { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 281 */
+ { 0x05, 0, 1, 3, "security" }, /* 282 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 283 */
+ { 0x07, 328, 1, 5, "id-pkix" }, /* 284 */
+ { 0x01, 289, 1, 6, "id-pe" }, /* 285 */
+ { 0x01, 287, 0, 7, "authorityInfoAccess" }, /* 286 */
+ { 0x03, 288, 0, 7, "qcStatements" }, /* 287 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 288 */
+ { 0x02, 292, 1, 6, "id-qt" }, /* 289 */
+ { 0x01, 291, 0, 7, "cps" }, /* 290 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 291 */
+ { 0x03, 302, 1, 6, "id-kp" }, /* 292 */
+ { 0x01, 294, 0, 7, "serverAuth" }, /* 293 */
+ { 0x02, 295, 0, 7, "clientAuth" }, /* 294 */
+ { 0x03, 296, 0, 7, "codeSigning" }, /* 295 */
+ { 0x04, 297, 0, 7, "emailProtection" }, /* 296 */
+ { 0x05, 298, 0, 7, "ipsecEndSystem" }, /* 297 */
+ { 0x06, 299, 0, 7, "ipsecTunnel" }, /* 298 */
+ { 0x07, 300, 0, 7, "ipsecUser" }, /* 299 */
+ { 0x08, 301, 0, 7, "timeStamping" }, /* 300 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 301 */
+ { 0x08, 310, 1, 6, "id-otherNames" }, /* 302 */
+ { 0x01, 304, 0, 7, "personalData" }, /* 303 */
+ { 0x02, 305, 0, 7, "userGroup" }, /* 304 */
+ { 0x03, 306, 0, 7, "id-on-permanentIdentifier" }, /* 305 */
+ { 0x04, 307, 0, 7, "id-on-hardwareModuleName" }, /* 306 */
+ { 0x05, 308, 0, 7, "xmppAddr" }, /* 307 */
+ { 0x06, 309, 0, 7, "id-on-SIM" }, /* 308 */
+ { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 309 */
+ { 0x0A, 315, 1, 6, "id-aca" }, /* 310 */
+ { 0x01, 312, 0, 7, "authenticationInfo" }, /* 311 */
+ { 0x02, 313, 0, 7, "accessIdentity" }, /* 312 */
+ { 0x03, 314, 0, 7, "chargingIdentity" }, /* 313 */
+ { 0x04, 0, 0, 7, "group" }, /* 314 */
+ { 0x0B, 316, 0, 6, "subjectInfoAccess" }, /* 315 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 316 */
+ { 0x01, 325, 1, 7, "ocsp" }, /* 317 */
+ { 0x01, 319, 0, 8, "basic" }, /* 318 */
+ { 0x02, 320, 0, 8, "nonce" }, /* 319 */
+ { 0x03, 321, 0, 8, "crl" }, /* 320 */
+ { 0x04, 322, 0, 8, "response" }, /* 321 */
+ { 0x05, 323, 0, 8, "noCheck" }, /* 322 */
+ { 0x06, 324, 0, 8, "archiveCutoff" }, /* 323 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 324 */
+ { 0x02, 326, 0, 7, "caIssuers" }, /* 325 */
+ { 0x03, 327, 0, 7, "timeStamping" }, /* 326 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 327 */
+ { 0x08, 0, 1, 5, "ipsec" }, /* 328 */
+ { 0x02, 0, 1, 6, "certificate" }, /* 329 */
+ { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 330 */
+ { 0x0E, 337, 1, 1, "oiw" }, /* 331 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 332 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 333 */
+ { 0x07, 335, 0, 4, "des-cbc" }, /* 334 */
+ { 0x1A, 336, 0, 4, "sha-1" }, /* 335 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 336 */
+ { 0x24, 383, 1, 1, "TeleTrusT" }, /* 337 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 338 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 339 */
+ { 0x01, 344, 1, 4, "rsaSignature" }, /* 340 */
+ { 0x02, 342, 0, 5, "rsaSigWithripemd160" }, /* 341 */
+ { 0x03, 343, 0, 5, "rsaSigWithripemd128" }, /* 342 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 343 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 344 */
+ { 0x01, 346, 0, 5, "ecSignWithsha1" }, /* 345 */
+ { 0x02, 347, 0, 5, "ecSignWithripemd160" }, /* 346 */
+ { 0x03, 348, 0, 5, "ecSignWithmd2" }, /* 347 */
+ { 0x04, 349, 0, 5, "ecSignWithmd5" }, /* 348 */
+ { 0x05, 366, 1, 5, "ttt-ecg" }, /* 349 */
+ { 0x01, 354, 1, 6, "fieldType" }, /* 350 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 351 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 352 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 353 */
+ { 0x02, 356, 1, 6, "keyType" }, /* 354 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 355 */
+ { 0x03, 357, 0, 6, "curve" }, /* 356 */
+ { 0x04, 364, 1, 6, "signatures" }, /* 357 */
+ { 0x01, 359, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 358 */
+ { 0x02, 360, 0, 7, "ecgdsa-with-SHA1" }, /* 359 */
+ { 0x03, 361, 0, 7, "ecgdsa-with-SHA224" }, /* 360 */
+ { 0x04, 362, 0, 7, "ecgdsa-with-SHA256" }, /* 361 */
+ { 0x05, 363, 0, 7, "ecgdsa-with-SHA384" }, /* 362 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 363 */
+ { 0x05, 0, 1, 6, "module" }, /* 364 */
+ { 0x01, 0, 0, 7, "1" }, /* 365 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 366 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 367 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 368 */
+ { 0x01, 370, 0, 8, "brainpoolP160r1" }, /* 369 */
+ { 0x02, 371, 0, 8, "brainpoolP160t1" }, /* 370 */
+ { 0x03, 372, 0, 8, "brainpoolP192r1" }, /* 371 */
+ { 0x04, 373, 0, 8, "brainpoolP192t1" }, /* 372 */
+ { 0x05, 374, 0, 8, "brainpoolP224r1" }, /* 373 */
+ { 0x06, 375, 0, 8, "brainpoolP224t1" }, /* 374 */
+ { 0x07, 376, 0, 8, "brainpoolP256r1" }, /* 375 */
+ { 0x08, 377, 0, 8, "brainpoolP256t1" }, /* 376 */
+ { 0x09, 378, 0, 8, "brainpoolP320r1" }, /* 377 */
+ { 0x0A, 379, 0, 8, "brainpoolP320t1" }, /* 378 */
+ { 0x0B, 380, 0, 8, "brainpoolP384r1" }, /* 379 */
+ { 0x0C, 381, 0, 8, "brainpoolP384t1" }, /* 380 */
+ { 0x0D, 382, 0, 8, "brainpoolP512r1" }, /* 381 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 382 */
+ { 0x81, 0, 1, 1, "" }, /* 383 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 384 */
+ { 0x00, 0, 1, 3, "curve" }, /* 385 */
+ { 0x01, 387, 0, 4, "sect163k1" }, /* 386 */
+ { 0x02, 388, 0, 4, "sect163r1" }, /* 387 */
+ { 0x03, 389, 0, 4, "sect239k1" }, /* 388 */
+ { 0x04, 390, 0, 4, "sect113r1" }, /* 389 */
+ { 0x05, 391, 0, 4, "sect113r2" }, /* 390 */
+ { 0x06, 392, 0, 4, "secp112r1" }, /* 391 */
+ { 0x07, 393, 0, 4, "secp112r2" }, /* 392 */
+ { 0x08, 394, 0, 4, "secp160r1" }, /* 393 */
+ { 0x09, 395, 0, 4, "secp160k1" }, /* 394 */
+ { 0x0A, 396, 0, 4, "secp256k1" }, /* 395 */
+ { 0x0F, 397, 0, 4, "sect163r2" }, /* 396 */
+ { 0x10, 398, 0, 4, "sect283k1" }, /* 397 */
+ { 0x11, 399, 0, 4, "sect283r1" }, /* 398 */
+ { 0x16, 400, 0, 4, "sect131r1" }, /* 399 */
+ { 0x17, 401, 0, 4, "sect131r2" }, /* 400 */
+ { 0x18, 402, 0, 4, "sect193r1" }, /* 401 */
+ { 0x19, 403, 0, 4, "sect193r2" }, /* 402 */
+ { 0x1A, 404, 0, 4, "sect233k1" }, /* 403 */
+ { 0x1B, 405, 0, 4, "sect233r1" }, /* 404 */
+ { 0x1C, 406, 0, 4, "secp128r1" }, /* 405 */
+ { 0x1D, 407, 0, 4, "secp128r2" }, /* 406 */
+ { 0x1E, 408, 0, 4, "secp160r2" }, /* 407 */
+ { 0x1F, 409, 0, 4, "secp192k1" }, /* 408 */
+ { 0x20, 410, 0, 4, "secp224k1" }, /* 409 */
+ { 0x21, 411, 0, 4, "secp224r1" }, /* 410 */
+ { 0x22, 412, 0, 4, "secp384r1" }, /* 411 */
+ { 0x23, 413, 0, 4, "secp521r1" }, /* 412 */
+ { 0x24, 414, 0, 4, "sect409k1" }, /* 413 */
+ { 0x25, 415, 0, 4, "sect409r1" }, /* 414 */
+ { 0x26, 416, 0, 4, "sect571k1" }, /* 415 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 416 */
+ {0x60, 471, 1, 0, "" }, /* 417 */
+ { 0x86, 0, 1, 1, "" }, /* 418 */
+ { 0x48, 0, 1, 2, "" }, /* 419 */
+ { 0x01, 0, 1, 3, "organization" }, /* 420 */
+ { 0x65, 447, 1, 4, "gov" }, /* 421 */
+ { 0x03, 0, 1, 5, "csor" }, /* 422 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 423 */
+ { 0x01, 434, 1, 7, "aes" }, /* 424 */
+ { 0x02, 426, 0, 8, "id-aes128-CBC" }, /* 425 */
+ { 0x06, 427, 0, 8, "id-aes128-GCM" }, /* 426 */
+ { 0x07, 428, 0, 8, "id-aes128-CCM" }, /* 427 */
+ { 0x16, 429, 0, 8, "id-aes192-CBC" }, /* 428 */
+ { 0x1A, 430, 0, 8, "id-aes192-GCM" }, /* 429 */
+ { 0x1B, 431, 0, 8, "id-aes192-CCM" }, /* 430 */
+ { 0x2A, 432, 0, 8, "id-aes256-CBC" }, /* 431 */
+ { 0x2E, 433, 0, 8, "id-aes256-GCM" }, /* 432 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 433 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 434 */
+ { 0x01, 436, 0, 8, "id-sha256" }, /* 435 */
+ { 0x02, 437, 0, 8, "id-sha384" }, /* 436 */
+ { 0x03, 438, 0, 8, "id-sha512" }, /* 437 */
+ { 0x04, 439, 0, 8, "id-sha224" }, /* 438 */
+ { 0x05, 440, 0, 8, "id-sha512-224" }, /* 439 */
+ { 0x06, 441, 0, 8, "id-sha512-256" }, /* 440 */
+ { 0x07, 442, 0, 8, "id-sha3-224" }, /* 441 */
+ { 0x08, 443, 0, 8, "id-sha3-256" }, /* 442 */
+ { 0x09, 444, 0, 8, "id-sha3-384" }, /* 443 */
+ { 0x0A, 445, 0, 8, "id-sha3-512" }, /* 444 */
+ { 0x0B, 446, 0, 8, "id-shake128" }, /* 445 */
+ { 0x0C, 0, 0, 8, "id-shake256" }, /* 446 */
+ { 0x86, 0, 1, 4, "" }, /* 447 */
+ { 0xf8, 0, 1, 5, "" }, /* 448 */
+ { 0x42, 461, 1, 6, "netscape" }, /* 449 */
+ { 0x01, 456, 1, 7, "" }, /* 450 */
+ { 0x01, 452, 0, 8, "nsCertType" }, /* 451 */
+ { 0x03, 453, 0, 8, "nsRevocationUrl" }, /* 452 */
+ { 0x04, 454, 0, 8, "nsCaRevocationUrl" }, /* 453 */
+ { 0x08, 455, 0, 8, "nsCaPolicyUrl" }, /* 454 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 455 */
+ { 0x03, 459, 1, 7, "directory" }, /* 456 */
+ { 0x01, 0, 1, 8, "" }, /* 457 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 458 */
+ { 0x04, 0, 1, 7, "policy" }, /* 459 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 460 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 461 */
+ { 0x01, 0, 1, 7, "pki" }, /* 462 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 463 */
+ { 0x02, 465, 0, 9, "messageType" }, /* 464 */
+ { 0x03, 466, 0, 9, "pkiStatus" }, /* 465 */
+ { 0x04, 467, 0, 9, "failInfo" }, /* 466 */
+ { 0x05, 468, 0, 9, "senderNonce" }, /* 467 */
+ { 0x06, 469, 0, 9, "recipientNonce" }, /* 468 */
+ { 0x07, 470, 0, 9, "transID" }, /* 469 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 470 */
+ {0x67, 0, 1, 0, "" }, /* 471 */
+ { 0x81, 0, 1, 1, "" }, /* 472 */
+ { 0x05, 0, 1, 2, "" }, /* 473 */
+ { 0x02, 0, 1, 3, "tcg-attribute" }, /* 474 */
+ { 0x01, 476, 0, 4, "tcg-at-tpmManufacturer" }, /* 475 */
+ { 0x02, 477, 0, 4, "tcg-at-tpmModel" }, /* 476 */
+ { 0x03, 478, 0, 4, "tcg-at-tpmVersion" }, /* 477 */
+ { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 478 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index b9ed08d2e..1120156e5 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -40,220 +40,221 @@ extern const oid_t oid_names[];
#define OID_INITIALS 33
#define OID_UNIQUE_IDENTIFIER 34
#define OID_DN_QUALIFIER 35
-#define OID_ROLE 36
-#define OID_SUBJECT_KEY_ID 39
-#define OID_KEY_USAGE 40
-#define OID_SUBJECT_ALT_NAME 42
-#define OID_BASIC_CONSTRAINTS 44
-#define OID_CRL_NUMBER 45
-#define OID_CRL_REASON_CODE 46
-#define OID_DELTA_CRL_INDICATOR 49
-#define OID_ISSUING_DIST_POINT 50
-#define OID_NAME_CONSTRAINTS 52
-#define OID_CRL_DISTRIBUTION_POINTS 53
-#define OID_CERTIFICATE_POLICIES 54
-#define OID_ANY_POLICY 55
-#define OID_POLICY_MAPPINGS 56
-#define OID_AUTHORITY_KEY_ID 57
-#define OID_POLICY_CONSTRAINTS 58
-#define OID_EXTENDED_KEY_USAGE 59
-#define OID_FRESHEST_CRL 61
-#define OID_INHIBIT_ANY_POLICY 62
-#define OID_TARGET_INFORMATION 63
-#define OID_NO_REV_AVAIL 64
-#define OID_CAMELLIA128_CBC 75
-#define OID_CAMELLIA192_CBC 76
-#define OID_CAMELLIA256_CBC 77
-#define OID_RSA_ENCRYPTION 90
-#define OID_MD2_WITH_RSA 91
-#define OID_MD5_WITH_RSA 92
-#define OID_SHA1_WITH_RSA 93
-#define OID_RSAES_OAEP 94
-#define OID_SHA256_WITH_RSA 97
-#define OID_SHA384_WITH_RSA 98
-#define OID_SHA512_WITH_RSA 99
-#define OID_SHA224_WITH_RSA 100
-#define OID_PBE_MD5_DES_CBC 102
-#define OID_PBE_SHA1_DES_CBC 103
-#define OID_PBKDF2 104
-#define OID_PBES2 105
-#define OID_PKCS7_DATA 107
-#define OID_PKCS7_SIGNED_DATA 108
-#define OID_PKCS7_ENVELOPED_DATA 109
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 110
-#define OID_PKCS7_DIGESTED_DATA 111
-#define OID_PKCS7_ENCRYPTED_DATA 112
-#define OID_EMAIL_ADDRESS 114
-#define OID_UNSTRUCTURED_NAME 115
-#define OID_PKCS9_CONTENT_TYPE 116
-#define OID_PKCS9_MESSAGE_DIGEST 117
-#define OID_PKCS9_SIGNING_TIME 118
-#define OID_CHALLENGE_PASSWORD 120
-#define OID_UNSTRUCTURED_ADDRESS 121
-#define OID_EXTENSION_REQUEST 122
-#define OID_X509_CERTIFICATE 125
-#define OID_PBE_SHA1_RC4_128 129
-#define OID_PBE_SHA1_RC4_40 130
-#define OID_PBE_SHA1_3DES_CBC 131
-#define OID_PBE_SHA1_3DES_2KEY_CBC 132
-#define OID_PBE_SHA1_RC2_CBC_128 133
-#define OID_PBE_SHA1_RC2_CBC_40 134
-#define OID_P12_KEY_BAG 137
-#define OID_P12_PKCS8_KEY_BAG 138
-#define OID_P12_CERT_BAG 139
-#define OID_P12_CRL_BAG 140
-#define OID_MD2 144
-#define OID_MD5 145
-#define OID_3DES_EDE_CBC 147
-#define OID_EC_PUBLICKEY 151
-#define OID_C2PNB163V1 154
-#define OID_C2PNB163V2 155
-#define OID_C2PNB163V3 156
-#define OID_C2PNB176W1 157
-#define OID_C2PNB191V1 158
-#define OID_C2PNB191V2 159
-#define OID_C2PNB191V3 160
-#define OID_C2PNB191V4 161
-#define OID_C2PNB191V5 162
-#define OID_C2PNB208W1 163
-#define OID_C2PNB239V1 164
-#define OID_C2PNB239V2 165
-#define OID_C2PNB239V3 166
-#define OID_C2PNB239V4 167
-#define OID_C2PNB239V5 168
-#define OID_C2PNB272W1 169
-#define OID_C2PNB304W1 170
-#define OID_C2PNB359V1 171
-#define OID_C2PNB368W1 172
-#define OID_C2PNB431R1 173
-#define OID_PRIME192V1 175
-#define OID_PRIME192V2 176
-#define OID_PRIME192V3 177
-#define OID_PRIME239V1 178
-#define OID_PRIME239V2 179
-#define OID_PRIME239V3 180
-#define OID_PRIME256V1 181
-#define OID_ECDSA_WITH_SHA1 183
-#define OID_ECDSA_WITH_SHA224 185
-#define OID_ECDSA_WITH_SHA256 186
-#define OID_ECDSA_WITH_SHA384 187
-#define OID_ECDSA_WITH_SHA512 188
-#define OID_MS_SMARTCARD_LOGON 202
-#define OID_USER_PRINCIPAL_NAME 203
-#define OID_STRONGSWAN 209
-#define OID_BLISS_PUBLICKEY 214
-#define OID_BLISS_I 216
-#define OID_BLISS_II 217
-#define OID_BLISS_III 218
-#define OID_BLISS_IV 219
-#define OID_BLISS_B_I 220
-#define OID_BLISS_B_II 221
-#define OID_BLISS_B_III 222
-#define OID_BLISS_B_IV 223
-#define OID_BLISS_WITH_SHA2_512 225
-#define OID_BLISS_WITH_SHA2_384 226
-#define OID_BLISS_WITH_SHA2_256 227
-#define OID_BLISS_WITH_SHA3_512 228
-#define OID_BLISS_WITH_SHA3_384 229
-#define OID_BLISS_WITH_SHA3_256 230
-#define OID_TCGID 237
-#define OID_BLOWFISH_CBC 241
-#define OID_AUTHORITY_INFO_ACCESS 285
-#define OID_IP_ADDR_BLOCKS 287
-#define OID_POLICY_QUALIFIER_CPS 289
-#define OID_POLICY_QUALIFIER_UNOTICE 290
-#define OID_SERVER_AUTH 292
-#define OID_CLIENT_AUTH 293
-#define OID_OCSP_SIGNING 300
-#define OID_XMPP_ADDR 306
-#define OID_AUTHENTICATION_INFO 310
-#define OID_ACCESS_IDENTITY 311
-#define OID_CHARGING_IDENTITY 312
-#define OID_GROUP 313
-#define OID_OCSP 316
-#define OID_BASIC 317
-#define OID_NONCE 318
-#define OID_CRL 319
-#define OID_RESPONSE 320
-#define OID_NO_CHECK 321
-#define OID_ARCHIVE_CUTOFF 322
-#define OID_SERVICE_LOCATOR 323
-#define OID_CA_ISSUERS 324
-#define OID_IKE_INTERMEDIATE 329
-#define OID_DES_CBC 333
-#define OID_SHA1 334
-#define OID_SHA1_WITH_RSA_OIW 335
-#define OID_ECGDSA_PUBKEY 354
-#define OID_ECGDSA_SIG_WITH_RIPEMD160 357
-#define OID_ECGDSA_SIG_WITH_SHA1 358
-#define OID_ECGDSA_SIG_WITH_SHA224 359
-#define OID_ECGDSA_SIG_WITH_SHA256 360
-#define OID_ECGDSA_SIG_WITH_SHA384 361
-#define OID_ECGDSA_SIG_WITH_SHA512 362
-#define OID_SECT163K1 385
-#define OID_SECT163R1 386
-#define OID_SECT239K1 387
-#define OID_SECT113R1 388
-#define OID_SECT113R2 389
-#define OID_SECT112R1 390
-#define OID_SECT112R2 391
-#define OID_SECT160R1 392
-#define OID_SECT160K1 393
-#define OID_SECT256K1 394
-#define OID_SECT163R2 395
-#define OID_SECT283K1 396
-#define OID_SECT283R1 397
-#define OID_SECT131R1 398
-#define OID_SECT131R2 399
-#define OID_SECT193R1 400
-#define OID_SECT193R2 401
-#define OID_SECT233K1 402
-#define OID_SECT233R1 403
-#define OID_SECT128R1 404
-#define OID_SECT128R2 405
-#define OID_SECT160R2 406
-#define OID_SECT192K1 407
-#define OID_SECT224K1 408
-#define OID_SECT224R1 409
-#define OID_SECT384R1 410
-#define OID_SECT521R1 411
-#define OID_SECT409K1 412
-#define OID_SECT409R1 413
-#define OID_SECT571K1 414
-#define OID_SECT571R1 415
-#define OID_AES128_CBC 424
-#define OID_AES128_GCM 425
-#define OID_AES128_CCM 426
-#define OID_AES192_CBC 427
-#define OID_AES192_GCM 428
-#define OID_AES192_CCM 429
-#define OID_AES256_CBC 430
-#define OID_AES256_GCM 431
-#define OID_AES256_CCM 432
-#define OID_SHA256 434
-#define OID_SHA384 435
-#define OID_SHA512 436
-#define OID_SHA224 437
-#define OID_SHA3_224 440
-#define OID_SHA3_256 441
-#define OID_SHA3_384 442
-#define OID_SHA3_512 443
-#define OID_NS_REVOCATION_URL 451
-#define OID_NS_CA_REVOCATION_URL 452
-#define OID_NS_CA_POLICY_URL 453
-#define OID_NS_COMMENT 454
-#define OID_EMPLOYEE_NUMBER 457
-#define OID_PKI_MESSAGE_TYPE 463
-#define OID_PKI_STATUS 464
-#define OID_PKI_FAIL_INFO 465
-#define OID_PKI_SENDER_NONCE 466
-#define OID_PKI_RECIPIENT_NONCE 467
-#define OID_PKI_TRANS_ID 468
-#define OID_TPM_MANUFACTURER 474
-#define OID_TPM_MODEL 475
-#define OID_TPM_VERSION 476
-#define OID_TPM_ID_LABEL 477
+#define OID_PSEUDONYM 36
+#define OID_ROLE 37
+#define OID_SUBJECT_KEY_ID 40
+#define OID_KEY_USAGE 41
+#define OID_SUBJECT_ALT_NAME 43
+#define OID_BASIC_CONSTRAINTS 45
+#define OID_CRL_NUMBER 46
+#define OID_CRL_REASON_CODE 47
+#define OID_DELTA_CRL_INDICATOR 50
+#define OID_ISSUING_DIST_POINT 51
+#define OID_NAME_CONSTRAINTS 53
+#define OID_CRL_DISTRIBUTION_POINTS 54
+#define OID_CERTIFICATE_POLICIES 55
+#define OID_ANY_POLICY 56
+#define OID_POLICY_MAPPINGS 57
+#define OID_AUTHORITY_KEY_ID 58
+#define OID_POLICY_CONSTRAINTS 59
+#define OID_EXTENDED_KEY_USAGE 60
+#define OID_FRESHEST_CRL 62
+#define OID_INHIBIT_ANY_POLICY 63
+#define OID_TARGET_INFORMATION 64
+#define OID_NO_REV_AVAIL 65
+#define OID_CAMELLIA128_CBC 76
+#define OID_CAMELLIA192_CBC 77
+#define OID_CAMELLIA256_CBC 78
+#define OID_RSA_ENCRYPTION 91
+#define OID_MD2_WITH_RSA 92
+#define OID_MD5_WITH_RSA 93
+#define OID_SHA1_WITH_RSA 94
+#define OID_RSAES_OAEP 95
+#define OID_SHA256_WITH_RSA 98
+#define OID_SHA384_WITH_RSA 99
+#define OID_SHA512_WITH_RSA 100
+#define OID_SHA224_WITH_RSA 101
+#define OID_PBE_MD5_DES_CBC 103
+#define OID_PBE_SHA1_DES_CBC 104
+#define OID_PBKDF2 105
+#define OID_PBES2 106
+#define OID_PKCS7_DATA 108
+#define OID_PKCS7_SIGNED_DATA 109
+#define OID_PKCS7_ENVELOPED_DATA 110
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 111
+#define OID_PKCS7_DIGESTED_DATA 112
+#define OID_PKCS7_ENCRYPTED_DATA 113
+#define OID_EMAIL_ADDRESS 115
+#define OID_UNSTRUCTURED_NAME 116
+#define OID_PKCS9_CONTENT_TYPE 117
+#define OID_PKCS9_MESSAGE_DIGEST 118
+#define OID_PKCS9_SIGNING_TIME 119
+#define OID_CHALLENGE_PASSWORD 121
+#define OID_UNSTRUCTURED_ADDRESS 122
+#define OID_EXTENSION_REQUEST 123
+#define OID_X509_CERTIFICATE 126
+#define OID_PBE_SHA1_RC4_128 130
+#define OID_PBE_SHA1_RC4_40 131
+#define OID_PBE_SHA1_3DES_CBC 132
+#define OID_PBE_SHA1_3DES_2KEY_CBC 133
+#define OID_PBE_SHA1_RC2_CBC_128 134
+#define OID_PBE_SHA1_RC2_CBC_40 135
+#define OID_P12_KEY_BAG 138
+#define OID_P12_PKCS8_KEY_BAG 139
+#define OID_P12_CERT_BAG 140
+#define OID_P12_CRL_BAG 141
+#define OID_MD2 145
+#define OID_MD5 146
+#define OID_3DES_EDE_CBC 148
+#define OID_EC_PUBLICKEY 152
+#define OID_C2PNB163V1 155
+#define OID_C2PNB163V2 156
+#define OID_C2PNB163V3 157
+#define OID_C2PNB176W1 158
+#define OID_C2PNB191V1 159
+#define OID_C2PNB191V2 160
+#define OID_C2PNB191V3 161
+#define OID_C2PNB191V4 162
+#define OID_C2PNB191V5 163
+#define OID_C2PNB208W1 164
+#define OID_C2PNB239V1 165
+#define OID_C2PNB239V2 166
+#define OID_C2PNB239V3 167
+#define OID_C2PNB239V4 168
+#define OID_C2PNB239V5 169
+#define OID_C2PNB272W1 170
+#define OID_C2PNB304W1 171
+#define OID_C2PNB359V1 172
+#define OID_C2PNB368W1 173
+#define OID_C2PNB431R1 174
+#define OID_PRIME192V1 176
+#define OID_PRIME192V2 177
+#define OID_PRIME192V3 178
+#define OID_PRIME239V1 179
+#define OID_PRIME239V2 180
+#define OID_PRIME239V3 181
+#define OID_PRIME256V1 182
+#define OID_ECDSA_WITH_SHA1 184
+#define OID_ECDSA_WITH_SHA224 186
+#define OID_ECDSA_WITH_SHA256 187
+#define OID_ECDSA_WITH_SHA384 188
+#define OID_ECDSA_WITH_SHA512 189
+#define OID_MS_SMARTCARD_LOGON 203
+#define OID_USER_PRINCIPAL_NAME 204
+#define OID_STRONGSWAN 210
+#define OID_BLISS_PUBLICKEY 215
+#define OID_BLISS_I 217
+#define OID_BLISS_II 218
+#define OID_BLISS_III 219
+#define OID_BLISS_IV 220
+#define OID_BLISS_B_I 221
+#define OID_BLISS_B_II 222
+#define OID_BLISS_B_III 223
+#define OID_BLISS_B_IV 224
+#define OID_BLISS_WITH_SHA2_512 226
+#define OID_BLISS_WITH_SHA2_384 227
+#define OID_BLISS_WITH_SHA2_256 228
+#define OID_BLISS_WITH_SHA3_512 229
+#define OID_BLISS_WITH_SHA3_384 230
+#define OID_BLISS_WITH_SHA3_256 231
+#define OID_TCGID 238
+#define OID_BLOWFISH_CBC 242
+#define OID_AUTHORITY_INFO_ACCESS 286
+#define OID_IP_ADDR_BLOCKS 288
+#define OID_POLICY_QUALIFIER_CPS 290
+#define OID_POLICY_QUALIFIER_UNOTICE 291
+#define OID_SERVER_AUTH 293
+#define OID_CLIENT_AUTH 294
+#define OID_OCSP_SIGNING 301
+#define OID_XMPP_ADDR 307
+#define OID_AUTHENTICATION_INFO 311
+#define OID_ACCESS_IDENTITY 312
+#define OID_CHARGING_IDENTITY 313
+#define OID_GROUP 314
+#define OID_OCSP 317
+#define OID_BASIC 318
+#define OID_NONCE 319
+#define OID_CRL 320
+#define OID_RESPONSE 321
+#define OID_NO_CHECK 322
+#define OID_ARCHIVE_CUTOFF 323
+#define OID_SERVICE_LOCATOR 324
+#define OID_CA_ISSUERS 325
+#define OID_IKE_INTERMEDIATE 330
+#define OID_DES_CBC 334
+#define OID_SHA1 335
+#define OID_SHA1_WITH_RSA_OIW 336
+#define OID_ECGDSA_PUBKEY 355
+#define OID_ECGDSA_SIG_WITH_RIPEMD160 358
+#define OID_ECGDSA_SIG_WITH_SHA1 359
+#define OID_ECGDSA_SIG_WITH_SHA224 360
+#define OID_ECGDSA_SIG_WITH_SHA256 361
+#define OID_ECGDSA_SIG_WITH_SHA384 362
+#define OID_ECGDSA_SIG_WITH_SHA512 363
+#define OID_SECT163K1 386
+#define OID_SECT163R1 387
+#define OID_SECT239K1 388
+#define OID_SECT113R1 389
+#define OID_SECT113R2 390
+#define OID_SECT112R1 391
+#define OID_SECT112R2 392
+#define OID_SECT160R1 393
+#define OID_SECT160K1 394
+#define OID_SECT256K1 395
+#define OID_SECT163R2 396
+#define OID_SECT283K1 397
+#define OID_SECT283R1 398
+#define OID_SECT131R1 399
+#define OID_SECT131R2 400
+#define OID_SECT193R1 401
+#define OID_SECT193R2 402
+#define OID_SECT233K1 403
+#define OID_SECT233R1 404
+#define OID_SECT128R1 405
+#define OID_SECT128R2 406
+#define OID_SECT160R2 407
+#define OID_SECT192K1 408
+#define OID_SECT224K1 409
+#define OID_SECT224R1 410
+#define OID_SECT384R1 411
+#define OID_SECT521R1 412
+#define OID_SECT409K1 413
+#define OID_SECT409R1 414
+#define OID_SECT571K1 415
+#define OID_SECT571R1 416
+#define OID_AES128_CBC 425
+#define OID_AES128_GCM 426
+#define OID_AES128_CCM 427
+#define OID_AES192_CBC 428
+#define OID_AES192_GCM 429
+#define OID_AES192_CCM 430
+#define OID_AES256_CBC 431
+#define OID_AES256_GCM 432
+#define OID_AES256_CCM 433
+#define OID_SHA256 435
+#define OID_SHA384 436
+#define OID_SHA512 437
+#define OID_SHA224 438
+#define OID_SHA3_224 441
+#define OID_SHA3_256 442
+#define OID_SHA3_384 443
+#define OID_SHA3_512 444
+#define OID_NS_REVOCATION_URL 452
+#define OID_NS_CA_REVOCATION_URL 453
+#define OID_NS_CA_POLICY_URL 454
+#define OID_NS_COMMENT 455
+#define OID_EMPLOYEE_NUMBER 458
+#define OID_PKI_MESSAGE_TYPE 464
+#define OID_PKI_STATUS 465
+#define OID_PKI_FAIL_INFO 466
+#define OID_PKI_SENDER_NONCE 467
+#define OID_PKI_RECIPIENT_NONCE 468
+#define OID_PKI_TRANS_ID 469
+#define OID_TPM_MANUFACTURER 475
+#define OID_TPM_MODEL 476
+#define OID_TPM_VERSION 477
+#define OID_TPM_ID_LABEL 478
-#define OID_MAX 478
+#define OID_MAX 479
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 64dedcb33..b5ec15f3c 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -34,6 +34,7 @@
0x2B "I" OID_INITIALS
0x2D "ID" OID_UNIQUE_IDENTIFIER
0x2E "dnQualifier" OID_DN_QUALIFIER
+ 0x41 "pseudonym" OID_PSEUDONYM
0x48 "role" OID_ROLE
0x1D "id-ce"
0x09 "subjectDirectoryAttrs"
diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c
index 61c696bc1..a45a68aaf 100644
--- a/src/libstrongswan/collections/array.c
+++ b/src/libstrongswan/collections/array.c
@@ -277,6 +277,16 @@ void array_insert_create(array_t **array, int idx, void *ptr)
array_insert(*array, idx, ptr);
}
+void array_insert_create_value(array_t **array, u_int esize,
+ int idx, void *val)
+{
+ if (*array == NULL)
+ {
+ *array = array_create(esize, 0);
+ }
+ array_insert(*array, idx, val);
+}
+
void array_insert_enumerator(array_t *array, int idx, enumerator_t *enumerator)
{
void *ptr;
diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h
index 0659c70bd..c3be1a15d 100644
--- a/src/libstrongswan/collections/array.h
+++ b/src/libstrongswan/collections/array.h
@@ -139,6 +139,21 @@ void array_insert(array_t *array, int idx, void *data);
void array_insert_create(array_t **array, int idx, void *ptr);
/**
+ * Create a value based array if it does not exist, insert value.
+ *
+ * This is a convenience function to insert a value and implicitly
+ * create a value based array if array is NULL. Array is set the the newly
+ * created array, if any.
+ *
+ * @param array pointer to array reference, potentially NULL
+ * @param esize element size of this array
+ * @param idx index to insert item at
+ * @param val pointer to value to insert
+ */
+void array_insert_create_value(array_t **array, u_int esize,
+ int idx, void *val);
+
+/**
* Insert all items from an enumerator to an array.
*
* @param array array to add items to
diff --git a/src/libstrongswan/collections/linked_list.c b/src/libstrongswan/collections/linked_list.c
index a176e5a54..b8fe81578 100644
--- a/src/libstrongswan/collections/linked_list.c
+++ b/src/libstrongswan/collections/linked_list.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2011 Tobias Brunner
+ * Copyright (C) 2007-2015 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -433,6 +433,56 @@ METHOD(linked_list_t, clone_offset, linked_list_t*,
return clone;
}
+METHOD(linked_list_t, equals_offset, bool,
+ private_linked_list_t *this, linked_list_t *other_pub, size_t offset)
+{
+ private_linked_list_t *other = (private_linked_list_t*)other_pub;
+ element_t *cur_t, *cur_o;
+
+ if (this->count != other->count)
+ {
+ return FALSE;
+ }
+ cur_t = this->first;
+ cur_o = other->first;
+ while (cur_t && cur_o)
+ {
+ bool (**method)(void*,void*) = cur_t->value + offset;
+ if (!(*method)(cur_t->value, cur_o->value))
+ {
+ return FALSE;
+ }
+ cur_t = cur_t->next;
+ cur_o = cur_o->next;
+ }
+ return TRUE;
+}
+
+METHOD(linked_list_t, equals_function, bool,
+ private_linked_list_t *this, linked_list_t *other_pub,
+ bool (*fn)(void*,void*))
+{
+ private_linked_list_t *other = (private_linked_list_t*)other_pub;
+ element_t *cur_t, *cur_o;
+
+ if (this->count != other->count)
+ {
+ return FALSE;
+ }
+ cur_t = this->first;
+ cur_o = other->first;
+ while (cur_t && cur_o)
+ {
+ if (!fn(cur_t->value, cur_o->value))
+ {
+ return FALSE;
+ }
+ cur_t = cur_t->next;
+ cur_o = cur_o->next;
+ }
+ return TRUE;
+}
+
METHOD(linked_list_t, destroy, void,
private_linked_list_t *this)
{
@@ -503,6 +553,8 @@ linked_list_t *linked_list_create()
.invoke_offset = (void*)_invoke_offset,
.invoke_function = (void*)_invoke_function,
.clone_offset = _clone_offset,
+ .equals_offset = _equals_offset,
+ .equals_function = _equals_function,
.destroy = _destroy,
.destroy_offset = _destroy_offset,
.destroy_function = _destroy_function,
diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h
index abc33c12a..5edaa07aa 100644
--- a/src/libstrongswan/collections/linked_list.h
+++ b/src/libstrongswan/collections/linked_list.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2011 Tobias Brunner
+ * Copyright (C) 2007-2015 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -218,6 +218,27 @@ struct linked_list_t {
linked_list_t *(*clone_offset) (linked_list_t *this, size_t offset);
/**
+ * Compare two lists and their objects for equality using the given equals
+ * method.
+ *
+ * @param other list to compare
+ * @param offset offset of the objects equals method
+ * @return TRUE if lists and objects are equal, FALSE otherwise
+ */
+ bool (*equals_offset) (linked_list_t *this, linked_list_t *other,
+ size_t offset);
+
+ /**
+ * Compare two lists and their objects for equality using the given function.
+ *
+ * @param other list to compare
+ * @param function function to compare the objects
+ * @return TRUE if lists and objects are equal, FALSE otherwise
+ */
+ bool (*equals_function) (linked_list_t *this, linked_list_t *other,
+ bool (*)(void*,void*));
+
+ /**
* Destroys a linked_list object.
*/
void (*destroy) (linked_list_t *this);
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 9988d8021..956ce08c9 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2015 Tobias Brunner
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -46,11 +46,13 @@ ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_AC_CERT,
"RULE_SUBJECT_CERT",
"RULE_CRL_VALIDATION",
"RULE_OCSP_VALIDATION",
+ "RULE_CERT_VALIDATION_SUSPENDED",
"RULE_GROUP",
"RULE_RSA_STRENGTH",
"RULE_ECDSA_STRENGTH",
"RULE_BLISS_STRENGTH",
"RULE_SIGNATURE_SCHEME",
+ "RULE_IKE_SIGNATURE_SCHEME",
"RULE_CERT_POLICY",
"HELPER_IM_CERT",
"HELPER_SUBJECT_CERT",
@@ -79,6 +81,7 @@ static inline bool is_multi_value_rule(auth_rule_t type)
case AUTH_RULE_AAA_IDENTITY:
case AUTH_RULE_XAUTH_IDENTITY:
case AUTH_RULE_XAUTH_BACKEND:
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
case AUTH_HELPER_SUBJECT_CERT:
case AUTH_HELPER_SUBJECT_HASH_URL:
case AUTH_RULE_MAX:
@@ -91,6 +94,7 @@ static inline bool is_multi_value_rule(auth_rule_t type)
case AUTH_RULE_IM_CERT:
case AUTH_RULE_CERT_POLICY:
case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_HELPER_IM_CERT:
case AUTH_HELPER_IM_HASH_URL:
case AUTH_HELPER_REVOCATION_CERT:
@@ -211,6 +215,8 @@ static void init_entry(entry_t *this, auth_rule_t type, va_list args)
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
/* integer type */
this->value = (void*)(uintptr_t)va_arg(args, u_int);
break;
@@ -260,6 +266,8 @@ static bool entry_equals(entry_t *e1, entry_t *e2)
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
{
return e1->value == e2->value;
}
@@ -351,6 +359,8 @@ static void destroy_entry_value(entry_t *entry)
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
case AUTH_RULE_MAX:
break;
}
@@ -383,6 +393,8 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
/* integer type */
entry->value = (void*)(uintptr_t)va_arg(args, u_int);
break;
@@ -459,11 +471,13 @@ METHOD(auth_cfg_t, get, void*,
case AUTH_RULE_BLISS_STRENGTH:
return (void*)0;
case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
return (void*)HASH_UNKNOWN;
case AUTH_RULE_CRL_VALIDATION:
case AUTH_RULE_OCSP_VALIDATION:
return (void*)VALIDATION_FAILED;
case AUTH_RULE_IDENTITY_LOOSE:
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
return (void*)FALSE;
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
@@ -510,6 +524,183 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
}
}
+METHOD(auth_cfg_t, add_pubkey_constraints, void,
+ private_auth_cfg_t *this, char* constraints, bool ike)
+{
+ enumerator_t *enumerator;
+ bool is_ike = FALSE, ike_added = FALSE;
+ key_type_t expected_type = -1;
+ auth_rule_t expected_strength = AUTH_RULE_MAX;
+ int strength;
+ char *token;
+ auth_rule_t type;
+ void *value;
+
+ enumerator = enumerator_create_token(constraints, "-", "");
+ while (enumerator->enumerate(enumerator, &token))
+ {
+ bool found = FALSE;
+ int i;
+ struct {
+ char *name;
+ signature_scheme_t scheme;
+ key_type_t key;
+ } schemes[] = {
+ { "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
+ { "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
+ { "sha224", SIGN_RSA_EMSA_PKCS1_SHA224, KEY_RSA, },
+ { "sha256", SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, },
+ { "sha384", SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, },
+ { "sha512", SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, },
+ { "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
+ { "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
+ { "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
+ { "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, },
+ { "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
+ { "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
+ { "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
+ { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
+ { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
+ { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
+ };
+
+ if (expected_strength != AUTH_RULE_MAX)
+ { /* expecting a key strength token */
+ strength = atoi(token);
+ if (strength)
+ {
+ add(this, expected_strength, (uintptr_t)strength);
+ }
+ expected_strength = AUTH_RULE_MAX;
+ if (strength)
+ {
+ continue;
+ }
+ }
+ if (streq(token, "rsa") || streq(token, "ike:rsa"))
+ {
+ expected_type = KEY_RSA;
+ expected_strength = AUTH_RULE_RSA_STRENGTH;
+ is_ike = strpfx(token, "ike:");
+ continue;
+ }
+ if (streq(token, "ecdsa") || streq(token, "ike:ecdsa"))
+ {
+ expected_type = KEY_ECDSA;
+ expected_strength = AUTH_RULE_ECDSA_STRENGTH;
+ is_ike = strpfx(token, "ike:");
+ continue;
+ }
+ if (streq(token, "bliss") || streq(token, "ike:bliss"))
+ {
+ expected_type = KEY_BLISS;
+ expected_strength = AUTH_RULE_BLISS_STRENGTH;
+ is_ike = strpfx(token, "ike:");
+ continue;
+ }
+ if (streq(token, "pubkey") || streq(token, "ike:pubkey"))
+ {
+ expected_type = KEY_ANY;
+ is_ike = strpfx(token, "ike:");
+ continue;
+ }
+ if (is_ike && !ike)
+ {
+ continue;
+ }
+
+ for (i = 0; i < countof(schemes); i++)
+ {
+ if (streq(schemes[i].name, token))
+ {
+ if (expected_type == KEY_ANY || expected_type == schemes[i].key)
+ {
+ if (is_ike)
+ {
+ add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME,
+ (uintptr_t)schemes[i].scheme);
+ ike_added = TRUE;
+ }
+ else
+ {
+ add(this, AUTH_RULE_SIGNATURE_SCHEME,
+ (uintptr_t)schemes[i].scheme);
+ }
+ }
+ found = TRUE;
+ }
+ }
+ if (!found)
+ {
+ DBG1(DBG_CFG, "ignoring invalid auth token: '%s'", token);
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* if no explicit IKE signature contraints were added we add them for all
+ * configured signature contraints */
+ if (ike && !ike_added &&
+ lib->settings->get_bool(lib->settings,
+ "%s.signature_authentication_constraints", TRUE,
+ lib->ns))
+ {
+ enumerator = create_enumerator(this);
+ while (enumerator->enumerate(enumerator, &type, &value))
+ {
+ if (type == AUTH_RULE_SIGNATURE_SCHEME)
+ {
+ add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME,
+ (uintptr_t)value);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+}
+
+/**
+ * Check if signature schemes of a specific type are compliant
+ */
+static bool complies_scheme(private_auth_cfg_t *this, auth_cfg_t *constraints,
+ auth_rule_t type, bool log_error)
+{
+ enumerator_t *e1, *e2;
+ auth_rule_t t1, t2;
+ signature_scheme_t scheme;
+ void *value;
+ bool success = TRUE;
+
+ e2 = create_enumerator(this);
+ while (e2->enumerate(e2, &t2, &scheme))
+ {
+ if (t2 == type)
+ {
+ success = FALSE;
+ e1 = constraints->create_enumerator(constraints);
+ while (e1->enumerate(e1, &t1, &value))
+ {
+ if (t1 == type && (uintptr_t)value == scheme)
+ {
+ success = TRUE;
+ break;
+ }
+ }
+ e1->destroy(e1);
+ if (!success)
+ {
+ if (log_error)
+ {
+ DBG1(DBG_CFG, "%s signature scheme %N not acceptable",
+ AUTH_RULE_SIGNATURE_SCHEME == type ? "X.509" : "IKE",
+ signature_scheme_names, (int)scheme);
+ }
+ break;
+ }
+ }
+ }
+ e2->destroy(e2);
+ return success;
+}
+
METHOD(auth_cfg_t, complies, bool,
private_auth_cfg_t *this, auth_cfg_t *constraints, bool log_error)
{
@@ -518,7 +709,7 @@ METHOD(auth_cfg_t, complies, bool,
bool ca_match = FALSE, cert_match = FALSE;
identification_t *require_group = NULL;
certificate_t *require_ca = NULL, *require_cert = NULL;
- signature_scheme_t scheme = SIGN_UNKNOWN;
+ signature_scheme_t ike_scheme = SIGN_UNKNOWN, scheme = SIGN_UNKNOWN;
u_int strength = 0;
auth_rule_t t1, t2;
char *key_type;
@@ -573,6 +764,11 @@ METHOD(auth_cfg_t, complies, bool,
{
uintptr_t validated;
+ if (get(this, AUTH_RULE_CERT_VALIDATION_SUSPENDED))
+ { /* skip validation, may happen later */
+ break;
+ }
+
e2 = create_enumerator(this);
while (e2->enumerate(e2, &t2, &validated))
{
@@ -714,6 +910,11 @@ METHOD(auth_cfg_t, complies, bool,
strength = (uintptr_t)value;
break;
}
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ {
+ ike_scheme = (uintptr_t)value;
+ break;
+ }
case AUTH_RULE_SIGNATURE_SCHEME:
{
scheme = (uintptr_t)value;
@@ -745,6 +946,8 @@ METHOD(auth_cfg_t, complies, bool,
/* just an indication when verifying AUTH_RULE_IDENTITY */
case AUTH_RULE_XAUTH_BACKEND:
/* not enforced, just a hint for local authentication */
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
+ /* not a constraint */
case AUTH_HELPER_IM_CERT:
case AUTH_HELPER_SUBJECT_CERT:
case AUTH_HELPER_IM_HASH_URL:
@@ -766,35 +969,13 @@ METHOD(auth_cfg_t, complies, bool,
* signature schemes. */
if (success && scheme != SIGN_UNKNOWN)
{
- e2 = create_enumerator(this);
- while (e2->enumerate(e2, &t2, &scheme))
- {
- if (t2 == AUTH_RULE_SIGNATURE_SCHEME)
- {
- success = FALSE;
- e1 = constraints->create_enumerator(constraints);
- while (e1->enumerate(e1, &t1, &value))
- {
- if (t1 == AUTH_RULE_SIGNATURE_SCHEME &&
- (uintptr_t)value == scheme)
- {
- success = TRUE;
- break;
- }
- }
- e1->destroy(e1);
- if (!success)
- {
- if (log_error)
- {
- DBG1(DBG_CFG, "signature scheme %N not acceptable",
- signature_scheme_names, (int)scheme);
- }
- break;
- }
- }
- }
- e2->destroy(e2);
+ success = complies_scheme(this, constraints,
+ AUTH_RULE_SIGNATURE_SCHEME, log_error);
+ }
+ if (success && ike_scheme != SIGN_UNKNOWN)
+ {
+ success = complies_scheme(this, constraints,
+ AUTH_RULE_IKE_SIGNATURE_SCHEME, log_error);
}
/* Check if we have a matching constraint (or none at all) for used
@@ -918,6 +1099,8 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
{
add(this, type, (uintptr_t)value);
break;
@@ -1088,6 +1271,8 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*,
case AUTH_RULE_ECDSA_STRENGTH:
case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_SIGNATURE_SCHEME:
+ case AUTH_RULE_IKE_SIGNATURE_SCHEME:
+ case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
clone->add(clone, type, (uintptr_t)value);
break;
case AUTH_RULE_MAX:
@@ -1116,6 +1301,7 @@ auth_cfg_t *auth_cfg_create()
INIT(this,
.public = {
.add = (void(*)(auth_cfg_t*, auth_rule_t type, ...))add,
+ .add_pubkey_constraints = _add_pubkey_constraints,
.get = _get,
.create_enumerator = _create_enumerator,
.replace = (void(*)(auth_cfg_t*,enumerator_t*,auth_rule_t,...))replace,
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index 53f1b3805..6940069de 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -94,6 +94,8 @@ enum auth_rule_t {
AUTH_RULE_CRL_VALIDATION,
/** result of a OCSP validation, cert_validation_t */
AUTH_RULE_OCSP_VALIDATION,
+ /** CRL/OCSP validation is disabled, bool */
+ AUTH_RULE_CERT_VALIDATION_SUSPENDED,
/** subject is member of a group, identification_t*
* The group membership constraint is fulfilled if the subject is member of
* one group defined in the constraints. */
@@ -106,6 +108,8 @@ enum auth_rule_t {
AUTH_RULE_BLISS_STRENGTH,
/** required signature scheme, signature_scheme_t */
AUTH_RULE_SIGNATURE_SCHEME,
+ /** required signature scheme for IKE authentication, signature_scheme_t */
+ AUTH_RULE_IKE_SIGNATURE_SCHEME,
/** certificatePolicy constraint, numerical OID as char* */
AUTH_RULE_CERT_POLICY,
@@ -182,6 +186,15 @@ struct auth_cfg_t {
void (*add)(auth_cfg_t *this, auth_rule_t rule, ...);
/**
+ * Add public key and signature scheme constraints to the set.
+ *
+ * @param constraints constraints string (e.g. "rsa-sha384")
+ * @param ike whether to add/parse constraints for IKE signatures
+ */
+ void (*add_pubkey_constraints)(auth_cfg_t *this, char *constraints,
+ bool ike);
+
+ /**
* Get a rule value.
*
* For rules we expect only once the latest value is returned.
diff --git a/src/libstrongswan/credentials/certificates/certificate.c b/src/libstrongswan/credentials/certificates/certificate.c
index b281c1669..761082986 100644
--- a/src/libstrongswan/credentials/certificates/certificate.c
+++ b/src/libstrongswan/credentials/certificates/certificate.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -22,10 +23,10 @@ ENUM(certificate_type_names, CERT_ANY, CERT_GPG,
"ANY",
"X509",
"X509_CRL",
- "X509_OCSP_REQUEST",
- "X509_OCSP_RESPONSE",
+ "OCSP_REQUEST",
+ "OCSP_RESPONSE",
"X509_AC",
- "TRUSTED_PUBKEY",
+ "PUBKEY",
"PKCS10_REQUEST",
"PGP",
);
diff --git a/src/libstrongswan/credentials/certificates/certificate_printer.c b/src/libstrongswan/credentials/certificates/certificate_printer.c
new file mode 100644
index 000000000..c618e80bf
--- /dev/null
+++ b/src/libstrongswan/credentials/certificates/certificate_printer.c
@@ -0,0 +1,753 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "certificate_printer.h"
+#include "credentials/certificates/x509.h"
+#include "credentials/certificates/crl.h"
+#include "credentials/certificates/ac.h"
+#include "credentials/certificates/ocsp_response.h"
+#include "credentials/certificates/pgp_certificate.h"
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+#include <selectors/traffic_selector.h>
+
+#include <time.h>
+
+typedef struct private_certificate_printer_t private_certificate_printer_t;
+
+/**
+ * Private data of an certificate_printer_t object.
+ */
+struct private_certificate_printer_t {
+
+ /**
+ * Public certificate_printer_t interface.
+ */
+ certificate_printer_t public;
+
+ /**
+ * File to print to
+ */
+ FILE *f;
+
+ /**
+ * Print detailed certificate information
+ */
+ bool detailed;
+
+ /**
+ * Print time information in UTC
+ */
+ bool utc;
+
+ /**
+ * Previous certificate type
+ */
+ certificate_type_t type;
+
+ /**
+ * Previous X.509 certificate flag
+ */
+ x509_flag_t flag;
+
+};
+
+/**
+ * Print X509 specific certificate information
+ */
+static void print_x509(private_certificate_printer_t *this, x509_t *x509)
+{
+ enumerator_t *enumerator;
+ identification_t *id;
+ traffic_selector_t *block;
+ chunk_t chunk;
+ bool first;
+ char *uri;
+ int len, explicit, inhibit;
+ x509_flag_t flags;
+ x509_cdp_t *cdp;
+ x509_cert_policy_t *policy;
+ x509_policy_mapping_t *mapping;
+ FILE *f = this->f;
+
+ chunk = chunk_skip_zero(x509->get_serial(x509));
+ fprintf(f, " serial: %#B\n", &chunk);
+
+ first = TRUE;
+ enumerator = x509->create_subjectAltName_enumerator(x509);
+ while (enumerator->enumerate(enumerator, &id))
+ {
+ if (first)
+ {
+ fprintf(f, " altNames: ");
+ first = FALSE;
+ }
+ else
+ {
+ fprintf(f, ", ");
+ }
+ fprintf(f, "%Y", id);
+ }
+ if (!first)
+ {
+ fprintf(f, "\n");
+ }
+ enumerator->destroy(enumerator);
+
+ if (this->detailed)
+ {
+ flags = x509->get_flags(x509);
+ if (flags != X509_NONE)
+ {
+ fprintf(f, " flags: ");
+ if (flags & X509_CA)
+ {
+ fprintf(f, "CA ");
+ }
+ if (flags & X509_CRL_SIGN)
+ {
+ fprintf(f, "CRLSign ");
+ }
+ if (flags & X509_OCSP_SIGNER)
+ {
+ fprintf(f, "ocspSigning ");
+ }
+ if (flags & X509_SERVER_AUTH)
+ {
+ fprintf(f, "serverAuth ");
+ }
+ if (flags & X509_CLIENT_AUTH)
+ {
+ fprintf(f, "clientAuth ");
+ }
+ if (flags & X509_IKE_INTERMEDIATE)
+ {
+ fprintf(f, "ikeIntermediate ");
+ }
+ if (flags & X509_MS_SMARTCARD_LOGON)
+ {
+ fprintf(f, "msSmartcardLogon");
+ }
+ if (flags & X509_SELF_SIGNED)
+ {
+ fprintf(f, "self-signed ");
+ }
+ fprintf(f, "\n");
+ }
+
+ first = TRUE;
+ enumerator = x509->create_crl_uri_enumerator(x509);
+ while (enumerator->enumerate(enumerator, &cdp))
+ {
+ if (first)
+ {
+ fprintf(f, " CRL URIs: %s", cdp->uri);
+ first = FALSE;
+ }
+ else
+ {
+ fprintf(f, " %s", cdp->uri);
+ }
+ if (cdp->issuer)
+ {
+ fprintf(f, " (CRL issuer: %Y)", cdp->issuer);
+ }
+ fprintf(f, "\n");
+ }
+ enumerator->destroy(enumerator);
+
+ first = TRUE;
+ enumerator = x509->create_ocsp_uri_enumerator(x509);
+ while (enumerator->enumerate(enumerator, &uri))
+ {
+ if (first)
+ {
+ fprintf(f, " OCSP URIs: %s\n", uri);
+ first = FALSE;
+ }
+ else
+ {
+ fprintf(f, " %s\n", uri);
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ len = x509->get_constraint(x509, X509_PATH_LEN);
+ if (len != X509_NO_CONSTRAINT)
+ {
+ fprintf(f, " pathlen: %d\n", len);
+ }
+
+ first = TRUE;
+ enumerator = x509->create_name_constraint_enumerator(x509, TRUE);
+ while (enumerator->enumerate(enumerator, &id))
+ {
+ if (first)
+ {
+ fprintf(f, " permitted nameConstraints:\n");
+ first = FALSE;
+ }
+ fprintf(f, " %Y\n", id);
+ }
+ enumerator->destroy(enumerator);
+
+ first = TRUE;
+ enumerator = x509->create_name_constraint_enumerator(x509, FALSE);
+ while (enumerator->enumerate(enumerator, &id))
+ {
+ if (first)
+ {
+ fprintf(f, " excluded nameConstraints:\n");
+ first = FALSE;
+ }
+ fprintf(f, " %Y\n", id);
+ }
+ enumerator->destroy(enumerator);
+
+ first = TRUE;
+ enumerator = x509->create_cert_policy_enumerator(x509);
+ while (enumerator->enumerate(enumerator, &policy))
+ {
+ char *oid;
+
+ if (first)
+ {
+ fprintf(f, " certificatePolicies:\n");
+ first = FALSE;
+ }
+ oid = asn1_oid_to_string(policy->oid);
+ if (oid)
+ {
+ fprintf(f, " %s\n", oid);
+ free(oid);
+ }
+ else
+ {
+ fprintf(f, " %#B\n", &policy->oid);
+ }
+ if (policy->cps_uri)
+ {
+ fprintf(f, " CPS: %s\n", policy->cps_uri);
+ }
+ if (policy->unotice_text)
+ {
+ fprintf(f, " Notice: %s\n", policy->unotice_text);
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ first = TRUE;
+ enumerator = x509->create_policy_mapping_enumerator(x509);
+ while (enumerator->enumerate(enumerator, &mapping))
+ {
+ char *issuer_oid, *subject_oid;
+
+ if (first)
+ {
+ fprintf(f, " policyMappings:\n");
+ first = FALSE;
+ }
+ issuer_oid = asn1_oid_to_string(mapping->issuer);
+ subject_oid = asn1_oid_to_string(mapping->subject);
+ fprintf(f, " %s => %s\n", issuer_oid, subject_oid);
+ free(issuer_oid);
+ free(subject_oid);
+ }
+ enumerator->destroy(enumerator);
+
+ explicit = x509->get_constraint(x509, X509_REQUIRE_EXPLICIT_POLICY);
+ inhibit = x509->get_constraint(x509, X509_INHIBIT_POLICY_MAPPING);
+ len = x509->get_constraint(x509, X509_INHIBIT_ANY_POLICY);
+
+ if (explicit != X509_NO_CONSTRAINT || inhibit != X509_NO_CONSTRAINT ||
+ len != X509_NO_CONSTRAINT)
+ {
+ fprintf(f, " policyConstraints:\n");
+ if (explicit != X509_NO_CONSTRAINT)
+ {
+ fprintf(f, " requireExplicitPolicy: %d\n", explicit);
+ }
+ if (inhibit != X509_NO_CONSTRAINT)
+ {
+ fprintf(f, " inhibitPolicyMapping: %d\n", inhibit);
+ }
+ if (len != X509_NO_CONSTRAINT)
+ {
+ fprintf(f, " inhibitAnyPolicy: %d\n", len);
+ }
+ }
+
+ if (x509->get_flags(x509) & X509_IP_ADDR_BLOCKS)
+ {
+ first = TRUE;
+ fprintf(f, " addresses: ");
+ enumerator = x509->create_ipAddrBlock_enumerator(x509);
+ while (enumerator->enumerate(enumerator, &block))
+ {
+ if (first)
+ {
+ first = FALSE;
+ }
+ else
+ {
+ fprintf(f, ", ");
+ }
+ fprintf(f, "%R", block);
+ }
+ enumerator->destroy(enumerator);
+ fprintf(f, "\n");
+ }
+ }
+
+ chunk = x509->get_authKeyIdentifier(x509);
+ if (chunk.ptr)
+ {
+ fprintf(f, " authkeyId: %#B\n", &chunk);
+ }
+
+ chunk = x509->get_subjectKeyIdentifier(x509);
+ if (chunk.ptr)
+ {
+ fprintf(f, " subjkeyId: %#B\n", &chunk);
+ }
+}
+
+/**
+ * Print CRL specific information
+ */
+static void print_crl(private_certificate_printer_t *this, crl_t *crl)
+{
+ enumerator_t *enumerator;
+ time_t ts;
+ crl_reason_t reason;
+ chunk_t chunk;
+ int count = 0;
+ bool first;
+ x509_cdp_t *cdp;
+ FILE *f = this->f;
+
+ chunk = chunk_skip_zero(crl->get_serial(crl));
+ fprintf(f, " serial: %#B\n", &chunk);
+
+ if (crl->is_delta_crl(crl, &chunk))
+ {
+ chunk = chunk_skip_zero(chunk);
+ fprintf(f, " delta CRL: for serial %#B\n", &chunk);
+ }
+ chunk = crl->get_authKeyIdentifier(crl);
+ fprintf(f, " authKeyId: %#B\n", &chunk);
+
+ first = TRUE;
+ enumerator = crl->create_delta_crl_uri_enumerator(crl);
+ while (enumerator->enumerate(enumerator, &cdp))
+ {
+ if (first)
+ {
+ fprintf(f, " freshest: %s", cdp->uri);
+ first = FALSE;
+ }
+ else
+ {
+ fprintf(f, " %s", cdp->uri);
+ }
+ if (cdp->issuer)
+ {
+ fprintf(f, " (CRL issuer: %Y)", cdp->issuer);
+ }
+ fprintf(f, "\n");
+ }
+ enumerator->destroy(enumerator);
+
+ enumerator = crl->create_enumerator(crl);
+ while (enumerator->enumerate(enumerator, &chunk, &ts, &reason))
+ {
+ count++;
+ }
+ enumerator->destroy(enumerator);
+
+ fprintf(f, " %d revoked certificate%s%s\n", count, (count == 1) ? "" : "s",
+ (count && this->detailed) ? ":" : "");
+
+ if (this->detailed)
+ {
+ enumerator = crl->create_enumerator(crl);
+ while (enumerator->enumerate(enumerator, &chunk, &ts, &reason))
+ {
+ chunk = chunk_skip_zero(chunk);
+ fprintf(f, " %#B: %T, %N\n", &chunk, &ts, this->utc,
+ crl_reason_names, reason);
+ }
+ enumerator->destroy(enumerator);
+ }
+}
+
+/**
+ * Print AC specific information
+ */
+static void print_ac(private_certificate_printer_t *this, ac_t *ac)
+{
+ ac_group_type_t type;
+ identification_t *id;
+ enumerator_t *groups;
+ chunk_t chunk;
+ bool first = TRUE;
+ FILE *f = this->f;
+
+ chunk = chunk_skip_zero(ac->get_serial(ac));
+ fprintf(f, " serial: %#B\n", &chunk);
+
+ id = ac->get_holderIssuer(ac);
+ if (id)
+ {
+ fprintf(f, " hissuer: \"%Y\"\n", id);
+ }
+ chunk = chunk_skip_zero(ac->get_holderSerial(ac));
+ if (chunk.ptr)
+ {
+ fprintf(f, " hserial: %#B\n", &chunk);
+ }
+ groups = ac->create_group_enumerator(ac);
+ while (groups->enumerate(groups, &type, &chunk))
+ {
+ int oid;
+ char *str;
+
+ if (first)
+ {
+ fprintf(f, " groups: ");
+ first = FALSE;
+ }
+ else
+ {
+ fprintf(f, " ");
+ }
+ switch (type)
+ {
+ case AC_GROUP_TYPE_STRING:
+ fprintf(f, "%.*s", (int)chunk.len, chunk.ptr);
+ break;
+ case AC_GROUP_TYPE_OID:
+ oid = asn1_known_oid(chunk);
+ if (oid == OID_UNKNOWN)
+ {
+ str = asn1_oid_to_string(chunk);
+ if (str)
+ {
+ fprintf(f, "%s", str);
+ free(str);
+ }
+ else
+ {
+ fprintf(f, "OID:%#B", &chunk);
+ }
+ }
+ else
+ {
+ fprintf(f, "%s", oid_names[oid].name);
+ }
+ break;
+ case AC_GROUP_TYPE_OCTETS:
+ fprintf(f, "%#B", &chunk);
+ break;
+ }
+ fprintf(f, "\n");
+ }
+ groups->destroy(groups);
+
+ chunk = ac->get_authKeyIdentifier(ac);
+ if (chunk.ptr)
+ {
+ fprintf(f, " authkey: %#B\n", &chunk);
+ }
+}
+
+/**
+ * Print OCSP response specific information
+ */
+static void print_ocsp_response(private_certificate_printer_t *this,
+ ocsp_response_t *ocsp_response)
+{
+ enumerator_t *enumerator;
+ chunk_t serialNumber;
+ cert_validation_t status;
+ char *status_text;
+ time_t revocationTime;
+ crl_reason_t *revocationReason;
+ bool first = TRUE;
+ FILE *f = this->f;
+
+ if (this->detailed)
+ {
+ fprintf(f, " responses: ");
+
+ enumerator = ocsp_response->create_response_enumerator(ocsp_response);
+ while (enumerator->enumerate(enumerator, &serialNumber, &status,
+ &revocationTime, &revocationReason))
+ {
+ if (first)
+ {
+ first = FALSE;
+ }
+ else
+ {
+ fprintf(f, " ");
+ }
+ serialNumber = chunk_skip_zero(serialNumber);
+
+ switch (status)
+ {
+ case VALIDATION_GOOD:
+ status_text = "good";
+ break;
+ case VALIDATION_REVOKED:
+ status_text = "revoked";
+ break;
+ default:
+ status_text = "unknown";
+ }
+ fprintf(f, "%#B: %s", &serialNumber, status_text);
+
+ if (status == VALIDATION_REVOKED)
+ {
+ fprintf(f, " on %T, %N", &revocationTime, this->utc,
+ crl_reason_names, revocationReason);
+ }
+ fprintf(f, "\n");
+ }
+ enumerator->destroy(enumerator);
+ }
+}
+
+/**
+ * Print public key information
+ */
+static void print_pubkey(private_certificate_printer_t *this, public_key_t *key,
+ bool has_privkey)
+{
+ chunk_t chunk;
+ FILE *f = this->f;
+
+ fprintf(f, " pubkey: %N %d bits", key_type_names, key->get_type(key),
+ key->get_keysize(key));
+ if (has_privkey)
+ {
+ fprintf(f, ", has private key");
+ }
+ fprintf(f, "\n");
+ if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &chunk))
+ {
+ fprintf(f, " keyid: %#B\n", &chunk);
+ }
+ if (key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &chunk))
+ {
+ fprintf(f, " subjkey: %#B\n", &chunk);
+ }
+}
+
+METHOD(certificate_printer_t, print, void,
+ private_certificate_printer_t *this, certificate_t *cert, bool has_privkey)
+{
+ time_t now, notAfter, notBefore;
+ certificate_type_t type;
+ identification_t *subject;
+ char *t0, *t1, *t2;
+ public_key_t *key;
+ FILE *f = this->f;
+
+ now = time(NULL);
+ type = cert->get_type(cert);
+ subject = cert->get_subject(cert);
+
+ if ((type != CERT_X509_CRL && type != CERT_X509_OCSP_RESPONSE &&
+ type != CERT_TRUSTED_PUBKEY) ||
+ (type == CERT_TRUSTED_PUBKEY && subject->get_type(subject) != ID_KEY_ID))
+ {
+ fprintf(f, " subject: \"%Y\"\n", subject);
+ }
+ if (type != CERT_TRUSTED_PUBKEY && type != CERT_GPG)
+ {
+ fprintf(f, " issuer: \"%Y\"\n", cert->get_issuer(cert));
+ }
+
+ /* list validity if set */
+ cert->get_validity(cert, &now, &notBefore, &notAfter);
+ if (notBefore != UNDEFINED_TIME && notAfter != UNDEFINED_TIME)
+ {
+ if (type == CERT_GPG)
+ {
+ fprintf(f, " created: %T\n", &notBefore, this->utc);
+ fprintf(f, " until: %T%s\n", &notAfter, this->utc,
+ (notAfter == TIME_32_BIT_SIGNED_MAX) ?" expires never" : "");
+ }
+ else
+ {
+ if (type == CERT_X509_CRL || type == CERT_X509_OCSP_RESPONSE)
+ {
+ t0 = "update: ";
+ t1 = "this on";
+ t2 = "next on";
+ }
+ else
+ {
+ t0 = "validity:";
+ t1 = "not before";
+ t2 = "not after ";
+ }
+ fprintf(f, " %s %s %T, ", t0, t1, &notBefore, this->utc);
+ if (now < notBefore)
+ {
+ fprintf(f, "not valid yet (valid in %V)\n", &now, &notBefore);
+ }
+ else
+ {
+ fprintf(f, "ok\n");
+ }
+ fprintf(f, " %s %T, ", t2, &notAfter, this->utc);
+ if (now > notAfter)
+ {
+ fprintf(f, "expired (%V ago)\n", &now, &notAfter);
+ }
+ else
+ {
+ fprintf(f, "ok (expires in %V)\n", &now, &notAfter);
+ }
+ }
+ }
+
+ switch (cert->get_type(cert))
+ {
+ case CERT_X509:
+ print_x509(this, (x509_t*)cert);
+ break;
+ case CERT_X509_CRL:
+ print_crl(this, (crl_t*)cert);
+ break;
+ case CERT_X509_AC:
+ print_ac(this, (ac_t*)cert);
+ break;
+ case CERT_X509_OCSP_RESPONSE:
+ print_ocsp_response(this, (ocsp_response_t*)cert);
+ break;
+ case CERT_TRUSTED_PUBKEY:
+ default:
+ break;
+ }
+ if (type == CERT_GPG)
+ {
+ pgp_certificate_t *pgp_cert = (pgp_certificate_t*)cert;
+ chunk_t fingerprint = pgp_cert->get_fingerprint(pgp_cert);
+
+ fprintf(f, " pgpDigest: %#B\n", &fingerprint);
+ }
+ key = cert->get_public_key(cert);
+ if (key)
+ {
+ print_pubkey(this, key, has_privkey);
+ key->destroy(key);
+ }
+}
+
+METHOD(certificate_printer_t, print_caption, void,
+ private_certificate_printer_t *this, certificate_type_t type,
+ x509_flag_t flag)
+{
+ char *caption;
+
+ if (type != this->type || (type == CERT_X509 && flag != this->flag))
+ {
+ switch (type)
+ {
+ case CERT_X509:
+ switch (flag)
+ {
+ case X509_NONE:
+ caption = "X.509 End Entity Certificate";
+ break;
+ case X509_CA:
+ caption = "X.509 CA Certificate";
+ break;
+ case X509_AA:
+ caption = "X.509 AA Certificate";
+ break;
+ case X509_OCSP_SIGNER:
+ caption = "X.509 OCSP Signer Certificate";
+ break;
+ default:
+ return;
+ }
+ break;
+ case CERT_X509_AC:
+ caption = "X.509 Attribute Certificate";
+ break;
+ case CERT_X509_CRL:
+ caption = "X.509 CRL";
+ break;
+ case CERT_X509_OCSP_RESPONSE:
+ caption = "OCSP Response";
+ break;
+ case CERT_TRUSTED_PUBKEY:
+ caption = "Raw Public Key";
+ break;
+ case CERT_GPG:
+ caption = "PGP End Entity Certificate";
+ break;
+ default:
+ return;
+ }
+ fprintf(this->f, "\nList of %ss\n", caption);
+
+ /* Update to current type and flag value */
+ this->type = type;
+ if (type == CERT_X509)
+ {
+ this->flag = flag;
+ }
+ }
+ fprintf(this->f, "\n");
+}
+
+METHOD(certificate_printer_t, destroy, void,
+ private_certificate_printer_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+certificate_printer_t *certificate_printer_create(FILE *f, bool detailed,
+ bool utc)
+{
+ private_certificate_printer_t *this;
+
+ INIT(this,
+ .public = {
+ .print = _print,
+ .print_caption = _print_caption,
+ .destroy = _destroy,
+ },
+ .f = f,
+ .detailed = detailed,
+ .utc = utc,
+ .type = CERT_ANY,
+ .flag = X509_ANY,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/credentials/certificates/certificate_printer.h b/src/libstrongswan/credentials/certificates/certificate_printer.h
new file mode 100644
index 000000000..7953eb060
--- /dev/null
+++ b/src/libstrongswan/credentials/certificates/certificate_printer.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup certificate_printer certificate_printer
+ * @{ @ingroup certificates
+ */
+
+#ifndef CERTIFICATE_PRINTER_H_
+#define CERTIFICATE_PRINTER_H_
+
+typedef struct certificate_printer_t certificate_printer_t;
+
+#include "credentials/certificates/certificate.h"
+#include "credentials/certificates/x509.h"
+
+#include <stdio.h>
+
+/**
+ * An object for printing certificate information.
+ */
+struct certificate_printer_t {
+
+ /**
+ * Print a certificate.
+ *
+ * @param cert certificate to be printed
+ * @param has_privkey indicates that certificate has a matching private key
+ */
+ void (*print)(certificate_printer_t *this, certificate_t *cert,
+ bool has_privkey);
+
+ /**
+ * Print a caption if the certificate type changed.
+ *
+ * @param type certificate type
+ * @param flag X.509 certificate flag
+ */
+ void (*print_caption)(certificate_printer_t *this, certificate_type_t type,
+ x509_flag_t flag);
+
+ /**
+ * Destroy the certificate_printer object.
+ */
+ void (*destroy)(certificate_printer_t *this);
+};
+
+/**
+ * Create a certificate_printer object
+ *
+ * @param f file where print output is directed to (usually stdout)
+ * @param detailed print more detailed certificate information
+ * @param utc print time inforamtion in UTC
+ */
+certificate_printer_t* certificate_printer_create(FILE *f, bool detailed,
+ bool utc);
+
+#endif /** CERTIFICATE_PRINTER_H_ @}*/
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h
index 9c5637b9f..c6a4c1277 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.h
@@ -77,6 +77,13 @@ struct ocsp_response_t {
* @return enumerator over certificate_t*
*/
enumerator_t* (*create_cert_enumerator)(ocsp_response_t *this);
+
+ /**
+ * Create an enumerator over the contained responses.
+ *
+ * @return enumerator over major response fields
+ */
+ enumerator_t* (*create_response_enumerator)(ocsp_response_t *this);
};
#endif /** OCSP_RESPONSE_H_ @}*/
diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c
new file mode 100644
index 000000000..5eefa0bb4
--- /dev/null
+++ b/src/libstrongswan/credentials/certificates/x509.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "x509.h"
+
+ENUM_BEGIN(x509_flag_names, X509_NONE, X509_AA,
+ "NONE",
+ "CA",
+ "AA");
+ENUM_NEXT(x509_flag_names, X509_OCSP_SIGNER, X509_OCSP_SIGNER, X509_AA,
+ "OCSP");
+ENUM_NEXT(x509_flag_names, X509_ANY, X509_ANY, X509_OCSP_SIGNER,
+ "ANY");
+ENUM_END(x509_flag_names, X509_ANY);
+
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 6cbfcdeed..601c034ef 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -46,6 +46,8 @@ enum x509_flag_t {
X509_AA = (1<<1),
/** cert has OCSP signer constraint */
X509_OCSP_SIGNER = (1<<2),
+ /** cert has either CA, AA or OCSP constraint */
+ X509_ANY = X509_CA | X509_AA | X509_OCSP_SIGNER,
/** cert has serverAuth key usage */
X509_SERVER_AUTH = (1<<3),
/** cert has clientAuth key usage */
@@ -62,6 +64,8 @@ enum x509_flag_t {
X509_MS_SMARTCARD_LOGON = (1<<9),
};
+extern enum_name_t *x509_flag_names;
+
/**
* Different numerical X.509 constraints.
*/
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 371e6404d..95c5cd777 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -917,6 +918,8 @@ METHOD(enumerator_t, trusted_destroy, void,
DESTROY_IF(this->auth);
DESTROY_IF(this->candidates);
this->failed->destroy_offset(this->failed, offsetof(certificate_t, destroy));
+ /* check for delayed certificate cache queue */
+ cache_queue(this->this);
free(this);
}
@@ -985,7 +988,6 @@ METHOD(enumerator_t, public_destroy, void,
this->wrapper->destroy(this->wrapper);
}
this->this->lock->unlock(this->this->lock);
-
/* check for delayed certificate cache queue */
cache_queue(this->this);
free(this);
@@ -993,7 +995,7 @@ METHOD(enumerator_t, public_destroy, void,
METHOD(credential_manager_t, create_public_enumerator, enumerator_t*,
private_credential_manager_t *this, key_type_t type, identification_t *id,
- auth_cfg_t *auth)
+ auth_cfg_t *auth, bool online)
{
public_enumerator_t *enumerator;
@@ -1002,7 +1004,7 @@ METHOD(credential_manager_t, create_public_enumerator, enumerator_t*,
.enumerate = (void*)_public_enumerate,
.destroy = _public_destroy,
},
- .inner = create_trusted_enumerator(this, type, id, TRUE),
+ .inner = create_trusted_enumerator(this, type, id, online),
.this = this,
);
if (auth)
diff --git a/src/libstrongswan/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h
index 445ea3f9c..022ca566c 100644
--- a/src/libstrongswan/credentials/credential_manager.h
+++ b/src/libstrongswan/credentials/credential_manager.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -202,14 +203,18 @@ struct credential_manager_t {
* where the auth config helper contains rules for constraint checks.
* This function is very similar to create_trusted_enumerator(), but
* gets public keys directly.
+ * If online is set, revocations are checked online for the whole
+ * trustchain.
*
* @param type type of the key to get
* @param id owner of the key, signer of the signature
* @param auth authentication infos
+ * @param online whether revocations should be checked online
* @return enumerator
*/
enumerator_t* (*create_public_enumerator)(credential_manager_t *this,
- key_type_t type, identification_t *id, auth_cfg_t *auth);
+ key_type_t type, identification_t *id, auth_cfg_t *auth,
+ bool online);
/**
* Cache a certificate by invoking cache_cert() on all registered sets.
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index dc73ccc68..e130b93ee 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Tobias Brunner
+ * Copyright (C) 2009-2016 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -61,6 +61,31 @@ struct private_library_t {
refcount_t ref;
};
+#define MAX_NAMESPACES 5
+
+/**
+ * Additional namespaces registered using __atrribute__((constructor))
+ */
+static char *namespaces[MAX_NAMESPACES];
+static int ns_count;
+
+/**
+ * Described in header
+ */
+void library_add_namespace(char *ns)
+{
+ if (ns_count < MAX_NAMESPACES - 1)
+ {
+ namespaces[ns_count] = ns;
+ ns_count++;
+ }
+ else
+ {
+ fprintf(stderr, "failed to register additional namespace alias, please "
+ "increase MAX_NAMESPACES");
+ }
+}
+
/**
* library instance
*/
@@ -248,6 +273,7 @@ bool library_init(char *settings, const char *namespace)
{
private_library_t *this;
printf_hook_t *pfh;
+ int i;
if (lib)
{ /* already initialized, increase refcount */
@@ -311,6 +337,11 @@ bool library_init(char *settings, const char *namespace)
(hashtable_equals_t)equals, 4);
this->public.settings = settings_create(this->public.conf);
+ /* add registered aliases */
+ for (i = 0; i < ns_count; ++i)
+ {
+ lib->settings->add_fallback(lib->settings, lib->ns, namespaces[i]);
+ }
/* all namespace settings may fall back to libstrongswan */
lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 3a6dd1ba4..08316fd13 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2014 Tobias Brunner
+ * Copyright (C) 2010-2016 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -276,4 +276,14 @@ void library_deinit();
*/
extern library_t *lib;
+/**
+ * Add additional names used as alias for the namespace registered with
+ * library_init().
+ *
+ * To be called from __attribute__((constructor)) functions.
+ *
+ * @param ns additional namespace
+ */
+void library_add_namespace(char *ns);
+
#endif /** LIBRARY_H_ @}*/
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index 65542ea5d..034ab48e0 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 9d79c81ee..6ad68a55a 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in
index 34adaa390..7f91e439c 100644
--- a/src/libstrongswan/plugins/aesni/Makefile.in
+++ b/src/libstrongswan/plugins/aesni/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index 4a86f9640..7aaea450c 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -417,6 +417,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 292c2fd90..cbdc8e84e 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in
index 1361dd340..8f91cdcbe 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/Makefile.in
@@ -433,6 +433,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in
index 5a1ce3d50..43e508ba0 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index f19616552..a6c3287f4 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index ca7cadbe4..3d56b9802 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in
index 98e1f4d9e..b3506587d 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.in
+++ b/src/libstrongswan/plugins/chapoly/Makefile.in
@@ -428,6 +428,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c b/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c
index 54e934e6a..dfed4d53d 100644
--- a/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c
+++ b/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c
@@ -58,27 +58,6 @@ struct private_chapoly_drv_portable_t {
};
/**
- * Convert unaligned little endian to host byte order
- */
-static inline u_int32_t uletoh32(void *p)
-{
- u_int32_t ret;
-
- memcpy(&ret, p, sizeof(ret));
- ret = le32toh(ret);
- return ret;
-}
-
-/**
- * Convert host byte order to unaligned little endian
- */
-static inline void htoule32(void *p, u_int32_t v)
-{
- v = htole32(v);
- memcpy(p, &v, sizeof(v));
-}
-
-/**
* XOR a 32-bit integer into an unaligned destination
*/
static inline void xor32u(void *p, u_int32_t x)
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index 9e249399b..2ffaa0662 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 2e623ad3b..f263f7764 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 7b7231b85..9558f878e 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index d525eac02..8fc366cca 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 96b2f6055..6a09d63c9 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 910289906..55ebb3419 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in
index 31dc4a3ac..6c2e792f5 100644
--- a/src/libstrongswan/plugins/files/Makefile.in
+++ b/src/libstrongswan/plugins/files/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index b7ca1ce97..252035ca8 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index e125ab884..f9c4a6950 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 4ce7438fc..774c447f6 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -417,6 +417,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 04f1f43ef..7ecba8fa9 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -98,14 +98,14 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(HASHER, HASH_SHA512),
/* MODP DH groups */
PLUGIN_REGISTER(DH, gcrypt_dh_create),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
PLUGIN_PROVIDE(DH, MODP_6144_BIT),
PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
PLUGIN_PROVIDE(DH, MODP_1024_BIT),
PLUGIN_PROVIDE(DH, MODP_1024_160),
PLUGIN_PROVIDE(DH, MODP_768_BIT),
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 788cb931e..9a2d30192 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index d93aa14a1..ea75896a1 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -45,14 +45,6 @@ METHOD(plugin_t, get_features, int,
static plugin_feature_t f[] = {
/* DH groups */
PLUGIN_REGISTER(DH, gmp_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
- PLUGIN_DEPENDS(RNG, RNG_STRONG),
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
- PLUGIN_DEPENDS(RNG, RNG_STRONG),
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
@@ -61,6 +53,14 @@ METHOD(plugin_t, get_features, int,
PLUGIN_DEPENDS(RNG, RNG_STRONG),
PLUGIN_PROVIDE(DH, MODP_8192_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
PLUGIN_PROVIDE(DH, MODP_1024_BIT),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
PLUGIN_PROVIDE(DH, MODP_1024_160),
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index a8c39cbab..46fac4a8c 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index 8f6a6f54d..eb0bdf387 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 5316323a4..0a03fd819 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index d5f9c6c81..4dbdbe020 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 1dd3892cd..6fc25b023 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index e2fb7e720..17409dbc3 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index 0b51ba5d8..68be3f44a 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index 5636692ab..97a70679d 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index a667ca47e..302016937 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -423,6 +423,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index e48efe3e9..aeb9be409 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -365,28 +365,41 @@ METHOD(plugin_t, get_features, int,
#ifndef OPENSSL_NO_AES
/* AES GCM */
PLUGIN_REGISTER(AEAD, openssl_gcm_create),
- PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
- PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
- PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
- PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
- PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
- PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
#endif /* OPENSSL_NO_AES */
#endif /* OPENSSL_VERSION_NUMBER */
+#ifndef OPENSSL_NO_ECDH
+ /* EC DH groups */
+ PLUGIN_REGISTER(DH, openssl_ec_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_PROVIDE(DH, ECP_384_BIT),
+ PLUGIN_PROVIDE(DH, ECP_521_BIT),
+ PLUGIN_PROVIDE(DH, ECP_224_BIT),
+ PLUGIN_PROVIDE(DH, ECP_192_BIT),
+ PLUGIN_PROVIDE(DH, ECP_256_BP),
+ PLUGIN_PROVIDE(DH, ECP_384_BP),
+ PLUGIN_PROVIDE(DH, ECP_512_BP),
+ PLUGIN_PROVIDE(DH, ECP_224_BP),
+#endif
#ifndef OPENSSL_NO_DH
/* MODP DH groups */
PLUGIN_REGISTER(DH, openssl_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_PROVIDE(DH, MODP_2048_256),
- PLUGIN_PROVIDE(DH, MODP_1536_BIT),
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
PLUGIN_PROVIDE(DH, MODP_6144_BIT),
PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
PLUGIN_PROVIDE(DH, MODP_1024_BIT),
PLUGIN_PROVIDE(DH, MODP_1024_160),
PLUGIN_PROVIDE(DH, MODP_768_BIT),
@@ -446,19 +459,6 @@ METHOD(plugin_t, get_features, int,
#endif /* OPENSSL_VERSION_NUMBER */
PLUGIN_REGISTER(CONTAINER_DECODE, openssl_pkcs12_load, TRUE),
PLUGIN_PROVIDE(CONTAINER_DECODE, CONTAINER_PKCS12),
-#ifndef OPENSSL_NO_ECDH
- /* EC DH groups */
- PLUGIN_REGISTER(DH, openssl_ec_diffie_hellman_create),
- PLUGIN_PROVIDE(DH, ECP_256_BIT),
- PLUGIN_PROVIDE(DH, ECP_384_BIT),
- PLUGIN_PROVIDE(DH, ECP_521_BIT),
- PLUGIN_PROVIDE(DH, ECP_224_BIT),
- PLUGIN_PROVIDE(DH, ECP_192_BIT),
- PLUGIN_PROVIDE(DH, ECP_224_BP),
- PLUGIN_PROVIDE(DH, ECP_256_BP),
- PLUGIN_PROVIDE(DH, ECP_384_BP),
- PLUGIN_PROVIDE(DH, ECP_512_BP),
-#endif
#ifndef OPENSSL_NO_ECDSA
/* EC private/public key loading */
PLUGIN_REGISTER(PRIVKEY, openssl_ec_private_key_load, TRUE),
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 44603afb1..2d6006bca 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 4c982fdf5..16dfbed3a 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 4d4215bfe..a55877952 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 2a708364a..a265818b0 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index de033a3fb..f4bded41a 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -418,6 +418,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index 3fa0a3890..7fd31583b 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index 3266e5d5f..5fc439b99 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -417,6 +417,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index 2130c9c93..162868af5 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index a9f3dd14c..007bdbd00 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
index b7ba5ad43..0631a6857 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
@@ -196,6 +196,13 @@ METHOD(certificate_t, destroy, void,
}
}
+METHOD(pubkey_cert_t, set_subject, void,
+ private_pubkey_cert_t *this, identification_t *subject)
+{
+ DESTROY_IF(this->subject);
+ this->subject = subject->clone(subject);
+}
+
/*
* see header file
*/
@@ -222,6 +229,7 @@ static pubkey_cert_t *pubkey_cert_create(public_key_t *key,
.get_ref = _get_ref,
.destroy = _destroy,
},
+ .set_subject = _set_subject,
},
.ref = 1,
.key = key,
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
index a2d735342..06e4e0fa3 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
@@ -35,6 +35,13 @@ struct pubkey_cert_t {
* Implements certificate_t.
*/
certificate_t interface;
+
+ /**
+ * Set the subject of the trusted public key.
+ *
+ * @param subject subject to be set
+ */
+ void (*set_subject)(pubkey_cert_t *this, identification_t *subject);
};
/**
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 11a13463b..f6dc73e09 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index b81acef55..b9fc8bdf6 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index 028464bf3..f6bdf9c59 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index 342c544d9..4c7f2723b 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 18771e4f9..1de07d754 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 6aaa06b20..d4af8fbcf 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in
index 3034ea537..9aa58e236 100644
--- a/src/libstrongswan/plugins/sha3/Makefile.in
+++ b/src/libstrongswan/plugins/sha3/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index 02290b4a2..acb05d570 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -414,6 +414,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 3e234f1ca..ca59bb7df 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index a8d5a1020..feb9313ff 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 100f3b15a..431b60724 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -432,6 +432,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index c84717bdc..59590d1a9 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in
index f8db1ffac..acfc57bb6 100644
--- a/src/libstrongswan/plugins/winhttp/Makefile.in
+++ b/src/libstrongswan/plugins/winhttp/Makefile.in
@@ -416,6 +416,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index b31bfbed1..c58dfe210 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 96280a033..2b83f3328 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -2143,8 +2143,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
msSmartcardLogon = asn1_build_known_oid(OID_MS_SMARTCARD_LOGON);
}
- if (serverAuth.ptr || clientAuth.ptr || ikeIntermediate.ptr ||
- ocspSigning.ptr)
+ if (serverAuth.ptr || clientAuth.ptr || ikeIntermediate.ptr ||
+ ocspSigning.ptr || msSmartcardLogon.ptr)
{
extendedKeyUsage = asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_build_known_oid(OID_EXTENDED_KEY_USAGE),
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 60133fc7f..b46af30fe 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -1,7 +1,8 @@
/**
* Copyright (C) 2008-2009 Martin Willi
- * Copyright (C) 2007-2014 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2007-2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
*
* This program is free software; you can redistribute it and/or modify it
@@ -228,6 +229,42 @@ METHOD(ocsp_response_t, create_cert_enumerator, enumerator_t*,
}
/**
+ * enumerator filter callback for create_response_enumerator
+ */
+static bool filter(void *data, single_response_t **response,
+ chunk_t *serialNumber,
+ void *p2, cert_validation_t *status,
+ void *p3, time_t *revocationTime,
+ void *p4, crl_reason_t *revocationReason)
+{
+ if (serialNumber)
+ {
+ *serialNumber = (*response)->serialNumber;
+ }
+ if (status)
+ {
+ *status = (*response)->status;
+ }
+ if (revocationTime)
+ {
+ *revocationTime = (*response)->revocationTime;
+ }
+ if (revocationReason)
+ {
+ *revocationReason = (*response)->revocationReason;
+ }
+ return TRUE;
+}
+
+METHOD(ocsp_response_t, create_response_enumerator, enumerator_t*,
+ private_x509_ocsp_response_t *this)
+{
+ return enumerator_create_filter(
+ this->responses->create_enumerator(this->responses),
+ (void*)filter, NULL, NULL);
+}
+
+/**
* ASN.1 definition of singleResponse
*/
static const asn1Object_t singleResponseObjects[] = {
@@ -828,6 +865,7 @@ static x509_ocsp_response_t *load(chunk_t blob)
},
.get_status = _get_status,
.create_cert_enumerator = _create_cert_enumerator,
+ .create_response_enumerator = _create_response_enumerator,
},
},
.ref = 1,
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 6c9901e6c..6f69fb100 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -413,6 +413,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c
index 5b94208bf..b7628501a 100644
--- a/src/libstrongswan/processing/watcher.c
+++ b/src/libstrongswan/processing/watcher.c
@@ -345,6 +345,13 @@ static job_requeue_t watch(private_watcher_t *this)
old = thread_cancelability(TRUE);
res = poll(pfd, count, -1);
+ if (res == -1 && errno == EINTR)
+ {
+ /* LinuxThreads interrupts poll(), but does not make it a
+ * cancellation point. Manually test if we got cancelled. */
+ thread_cancellation_point();
+ }
+
thread_cancelability(old);
thread_cleanup_pop(FALSE);
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index d86584ad1..b2d456035 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -44,6 +44,7 @@ tests_SOURCES = tests.h tests.c \
suites/test_certpolicy.c \
suites/test_certnames.c \
suites/test_host.c \
+ suites/test_auth_cfg.c \
suites/test_hasher.c \
suites/test_crypter.c \
suites/test_crypto_factory.c \
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 13fd4cc25..0a0f5893d 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -140,6 +140,7 @@ am_tests_OBJECTS = tests-tests.$(OBJEXT) \
suites/tests-test_certpolicy.$(OBJEXT) \
suites/tests-test_certnames.$(OBJEXT) \
suites/tests-test_host.$(OBJEXT) \
+ suites/tests-test_auth_cfg.$(OBJEXT) \
suites/tests-test_hasher.$(OBJEXT) \
suites/tests-test_crypter.$(OBJEXT) \
suites/tests-test_crypto_factory.$(OBJEXT) \
@@ -452,6 +453,8 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
systemd_daemon_LIBS = @systemd_daemon_LIBS@
systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
@@ -505,6 +508,7 @@ tests_SOURCES = tests.h tests.c \
suites/test_certpolicy.c \
suites/test_certnames.c \
suites/test_host.c \
+ suites/test_auth_cfg.c \
suites/test_hasher.c \
suites/test_crypter.c \
suites/test_crypto_factory.c \
@@ -648,6 +652,8 @@ suites/tests-test_certnames.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_host.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_auth_cfg.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_hasher.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_crypter.$(OBJEXT): suites/$(am__dirstamp) \
@@ -690,6 +696,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_array.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_asn1.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_asn1_parser.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_auth_cfg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_bio_reader.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_bio_writer.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_certnames.Po@am__quote@
@@ -1119,6 +1126,20 @@ suites/tests-test_host.obj: suites/test_host.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi`
+suites/tests-test_auth_cfg.o: suites/test_auth_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_auth_cfg.o -MD -MP -MF suites/$(DEPDIR)/tests-test_auth_cfg.Tpo -c -o suites/tests-test_auth_cfg.o `test -f 'suites/test_auth_cfg.c' || echo '$(srcdir)/'`suites/test_auth_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_auth_cfg.Tpo suites/$(DEPDIR)/tests-test_auth_cfg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_auth_cfg.c' object='suites/tests-test_auth_cfg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_auth_cfg.o `test -f 'suites/test_auth_cfg.c' || echo '$(srcdir)/'`suites/test_auth_cfg.c
+
+suites/tests-test_auth_cfg.obj: suites/test_auth_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_auth_cfg.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_auth_cfg.Tpo -c -o suites/tests-test_auth_cfg.obj `if test -f 'suites/test_auth_cfg.c'; then $(CYGPATH_W) 'suites/test_auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_auth_cfg.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_auth_cfg.Tpo suites/$(DEPDIR)/tests-test_auth_cfg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_auth_cfg.c' object='suites/tests-test_auth_cfg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_auth_cfg.obj `if test -f 'suites/test_auth_cfg.c'; then $(CYGPATH_W) 'suites/test_auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_auth_cfg.c'; fi`
+
suites/tests-test_hasher.o: suites/test_hasher.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po
diff --git a/src/libstrongswan/tests/suites/test_array.c b/src/libstrongswan/tests/suites/test_array.c
index ba2aff460..eda72e10a 100644
--- a/src/libstrongswan/tests/suites/test_array.c
+++ b/src/libstrongswan/tests/suites/test_array.c
@@ -491,6 +491,44 @@ START_TEST(test_invoke_offset)
}
END_TEST
+START_TEST(test_insert_create)
+{
+ array_t *array = NULL;
+ uintptr_t x;
+
+ array_insert_create(&array, ARRAY_TAIL, (void*)(uintptr_t)1);
+ array_insert_create(&array, ARRAY_TAIL, (void*)(uintptr_t)2);
+ ck_assert(array != NULL);
+
+ ck_assert(array_get(array, ARRAY_HEAD, &x));
+ ck_assert_int_eq(x, 1);
+ ck_assert(array_get(array, ARRAY_TAIL, &x));
+ ck_assert_int_eq(x, 2);
+
+ array_destroy(array);
+}
+END_TEST
+
+START_TEST(test_insert_create_value)
+{
+ array_t *array = NULL;
+ u_int16_t v;
+
+ v = 1;
+ array_insert_create_value(&array, sizeof(v), ARRAY_TAIL, &v);
+ v = 2;
+ array_insert_create_value(&array, sizeof(v), ARRAY_TAIL, &v);
+ ck_assert(array != NULL);
+
+ ck_assert(array_get(array, ARRAY_HEAD, &v));
+ ck_assert_int_eq(v, 1);
+ ck_assert(array_get(array, ARRAY_TAIL, &v));
+ ck_assert_int_eq(v, 2);
+
+ array_destroy(array);
+}
+END_TEST
+
Suite *array_suite_create()
{
Suite *s;
@@ -528,5 +566,10 @@ Suite *array_suite_create()
tcase_add_test(tc, test_invoke_offset);
suite_add_tcase(s, tc);
+ tc = tcase_create("insert create");
+ tcase_add_test(tc, test_insert_create);
+ tcase_add_test(tc, test_insert_create_value);
+ suite_add_tcase(s, tc);
+
return s;
}
diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c
new file mode 100644
index 000000000..e046725b8
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_auth_cfg.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright (C) 2016 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <credentials/auth_cfg.h>
+
+struct {
+ char *constraints;
+ signature_scheme_t sig[5];
+ signature_scheme_t ike[5];
+} sig_constraints_tests[] = {
+ { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+ { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}},
+ { "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
+ { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
+ { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
+ { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
+ { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
+ { "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+ { "rsa4096-sha256", {0}, {0}},
+ { "sha256", {0}, {0}},
+ { "ike:sha256", {0}, {0}},
+};
+
+static void check_sig_constraints(auth_cfg_t *cfg, auth_rule_t type,
+ signature_scheme_t expected[])
+{
+ enumerator_t *enumerator;
+ auth_rule_t t;
+ void *value;
+ int i = 0;
+
+ enumerator = cfg->create_enumerator(cfg);
+ while (enumerator->enumerate(enumerator, &t, &value))
+ {
+ if (t == type)
+ {
+ ck_assert(expected[i]);
+ ck_assert_int_eq(expected[i], (signature_scheme_t)value);
+ i++;
+ }
+ }
+ enumerator->destroy(enumerator);
+ ck_assert(!expected[i]);
+}
+
+START_TEST(test_sig_contraints)
+{
+ auth_cfg_t *cfg;
+ signature_scheme_t none[] = {0};
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, FALSE);
+ check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
+ check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, none);
+ cfg->destroy(cfg);
+
+ lib->settings->set_bool(lib->settings, "%s.signature_authentication_constraints",
+ FALSE, lib->ns);
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, TRUE);
+ check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
+ check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].ike);
+ cfg->destroy(cfg);
+}
+END_TEST
+
+START_TEST(test_ike_contraints_fallback)
+{
+ auth_cfg_t *cfg;
+
+ lib->settings->set_bool(lib->settings, "%s.signature_authentication_constraints",
+ TRUE, lib->ns);
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_tests[_i].constraints, TRUE);
+ check_sig_constraints(cfg, AUTH_RULE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
+ if (sig_constraints_tests[_i].ike[0])
+ {
+ check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].ike);
+ }
+ else
+ {
+ check_sig_constraints(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, sig_constraints_tests[_i].sig);
+ }
+ cfg->destroy(cfg);
+}
+END_TEST
+
+Suite *auth_cfg_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("auth_cfg");
+
+ tc = tcase_create("add_pubkey_constraints");
+ tcase_add_loop_test(tc, test_sig_contraints, 0, countof(sig_constraints_tests));
+ tcase_add_loop_test(tc, test_ike_contraints_fallback, 0, countof(sig_constraints_tests));
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c
index 9554d2919..c0a21fe34 100644
--- a/src/libstrongswan/tests/suites/test_identification.c
+++ b/src/libstrongswan/tests/suites/test_identification.c
@@ -1,7 +1,8 @@
/*
* Copyright (C) 2013-2015 Tobias Brunner
+ * Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -122,67 +123,122 @@ static struct {
} data;
} result;
} string_data[] = {
- {NULL, ID_ANY, { .type = ENC_CHUNK }},
- {"", ID_ANY, { .type = ENC_CHUNK }},
- {"%any", ID_ANY, { .type = ENC_CHUNK }},
- {"%any6", ID_ANY, { .type = ENC_CHUNK }},
- {"0.0.0.0", ID_ANY, { .type = ENC_CHUNK }},
- {"0::0", ID_ANY, { .type = ENC_CHUNK }},
- {"::", ID_ANY, { .type = ENC_CHUNK }},
- {"*", ID_ANY, { .type = ENC_CHUNK }},
- {"any", ID_FQDN, { .type = ENC_SIMPLE }},
- {"any6", ID_FQDN, { .type = ENC_SIMPLE }},
- {"0", ID_FQDN, { .type = ENC_SIMPLE }},
- {"**", ID_FQDN, { .type = ENC_SIMPLE }},
- {"192.168.1.1", ID_IPV4_ADDR, { .type = ENC_CHUNK,
+ {NULL, ID_ANY, { .type = ENC_CHUNK }},
+ {"", ID_ANY, { .type = ENC_CHUNK }},
+ {"%any", ID_ANY, { .type = ENC_CHUNK }},
+ {"%any6", ID_ANY, { .type = ENC_CHUNK }},
+ {"0.0.0.0", ID_ANY, { .type = ENC_CHUNK }},
+ {"0::0", ID_ANY, { .type = ENC_CHUNK }},
+ {"::", ID_ANY, { .type = ENC_CHUNK }},
+ {"*", ID_ANY, { .type = ENC_CHUNK }},
+ {"any", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"any6", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"0", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"**", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"192.168.1.1", ID_IPV4_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
- {"192.168.", ID_FQDN, { .type = ENC_SIMPLE }},
- {".", ID_FQDN, { .type = ENC_SIMPLE }},
- {"fec0::1", ID_IPV6_ADDR, { .type = ENC_CHUNK,
+ {"192.168.", ID_FQDN, { .type = ENC_SIMPLE }},
+ {".", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"192.168.1.1/33", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"192.168.1.1/32", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01,0xff,0xff,0xff,0xff) }},
+ {"192.168.1.1/31", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xff,0xff,0xff,0xfe) }},
+ {"192.168.1.8/30", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x08,0xff,0xff,0xff,0xfc) }},
+ {"192.168.1.128/25", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x80,0xff,0xff,0xff,0x80) }},
+ {"192.168.1.0/24", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xff,0xff,0xff,0x00) }},
+ {"192.168.1.0/23", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x00,0x00,0xff,0xff,0xfe,0x00) }},
+ {"192.168.4.0/22", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x04,0x00,0xff,0xff,0xfc,0x00) }},
+ {"0.0.0.0/0", ID_IPV4_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
+ {"192.168.1.0-192.168.1.40",ID_IPV4_ADDR_RANGE, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x00,0xc0,0xa8,0x01,0x28) }},
+ {"0.0.0.0-255.255.255.255", ID_IPV4_ADDR_RANGE, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff) }},
+ {"192.168.1.40-192.168.1.0",ID_FQDN, { .type = ENC_SIMPLE }},
+ {"fec0::1", ID_IPV6_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01) }},
- {"fec0::", ID_IPV6_ADDR, { .type = ENC_CHUNK,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01) }},
+ {"fec0::", ID_IPV6_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
- {"fec0:", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {":", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"alice@strongswan.org", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice@strongswan", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice@", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"alice", ID_FQDN, { .type = ENC_SIMPLE }},
- {"@", ID_FQDN, { .type = ENC_CHUNK }},
- {" @", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
- {"@strongswan.org", ID_FQDN, { .type = ENC_STRING,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00) }},
+ {"fec0:", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {":", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"fec0::1/129", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"fec0::1/128", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff ) }},
+ {"fec0::1/127", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe ) }},
+ {"fec0::4/126", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfc ) }},
+ {"fec0::100/120", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00 ) }},
+ {"::/0", ID_IPV6_ADDR_SUBNET, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ) }},
+ {"fec0::1-fec0::4fff", ID_IPV6_ADDR_RANGE, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+ 0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x4f,0xff ) }},
+ {"fec0::4fff-fec0::1", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"fec0::1-", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"alice@strongswan.org", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice@strongswan", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice@", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"alice", ID_FQDN, { .type = ENC_SIMPLE }},
+ {"@", ID_FQDN, { .type = ENC_CHUNK }},
+ {" @", ID_RFC822_ADDR, { .type = ENC_SIMPLE }},
+ {"@strongswan.org", ID_FQDN, { .type = ENC_STRING,
.data.s = "strongswan.org" }},
- {"@#deadbeef", ID_KEY_ID, { .type = ENC_CHUNK,
+ {"@#deadbeef", ID_KEY_ID, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xde,0xad,0xbe,0xef) }},
- {"@#deadbee", ID_KEY_ID, { .type = ENC_CHUNK,
+ {"@#deadbee", ID_KEY_ID, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x0d,0xea,0xdb,0xee) }},
- {"foo=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"foo=", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"C=", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ {"foo=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"foo=", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"=bar", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"C=", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x30,0x0b,0x31,0x09,0x30,0x07,0x06,
0x03,0x55,0x04,0x06,0x13,0x00) }},
- {"C=CH", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ {"C=CH", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
- {"C=CH,", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ {"C=CH,", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
- {"C=CH, ", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
+ {"C=CH, ", ID_DER_ASN1_DN, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,
0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48) }},
- {"C=CH, O", ID_KEY_ID, { .type = ENC_SIMPLE }},
- {"IPv4:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
+ {"C=CH, O", ID_KEY_ID, { .type = ENC_SIMPLE }},
+ {"IPv4:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
- { "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING,
+ { "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING,
.data.s = "tester" }},
- { "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
+ { "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
- { "{0x02}:tester", ID_FQDN, { .type = ENC_STRING,
+ { "{0x02}:tester", ID_FQDN, { .type = ENC_STRING,
.data.s = "tester" }},
- { "{99}:somedata", 99, { .type = ENC_STRING,
+ { "{99}:somedata", 99, { .type = ENC_STRING,
.data.s = "somedata" }},
};
@@ -264,14 +320,33 @@ START_TEST(test_printf_hook)
string_equals("192.168.1.1", "192.168.1.1");
string_equals_id("(invalid ID_IPV4_ADDR)",
- identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty));
+ identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty));
+ string_equals("192.168.1.1/32", "192.168.1.1/32");
+ string_equals("192.168.1.2/31", "192.168.1.2/31");
+ string_equals("192.168.1.0/24", "192.168.1.0/24");
+ string_equals("192.168.2.0/23", "192.168.2.0/23");
+ string_equals("0.0.0.0/0", "0.0.0.0/0");
+ string_equals_id("(invalid ID_IPV4_ADDR_SUBNET)",
+ identification_create_from_encoding(ID_IPV4_ADDR_SUBNET, chunk_empty));
+ string_equals("192.168.1.1-192.168.1.254", "192.168.1.1-192.168.1.254");
+ string_equals("0.0.0.0-255.255.255.255", "0.0.0.0-255.255.255.255");
+ string_equals_id("(invalid ID_IPV4_ADDR_RANGE)",
+ identification_create_from_encoding(ID_IPV4_ADDR_RANGE, chunk_empty));
string_equals("fec0::1", "fec0::1");
string_equals("fec0::1", "fec0:0:0::1");
string_equals_id("(invalid ID_IPV6_ADDR)",
- identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty));
-
+ identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty));
+ string_equals("fec0::1/128", "fec0::1/128");
+ string_equals("fec0::2/127", "fec0::2/127");
+ string_equals("fec0::100/120", "fec0::100/120");
+ string_equals("::/0", "::/0");
+ string_equals_id("(invalid ID_IPV6_ADDR_SUBNET)",
+ identification_create_from_encoding(ID_IPV6_ADDR_SUBNET, chunk_empty));
+ string_equals("fec0::1-fec0::4fff", "fec0::1-fec0::4fff");
+ string_equals_id("(invalid ID_IPV6_ADDR_RANGE)",
+ identification_create_from_encoding(ID_IPV6_ADDR_RANGE, chunk_empty));
string_equals_id("(unknown ID type: 255)",
- identification_create_from_encoding(255, chunk_empty));
+ identification_create_from_encoding(255, chunk_empty));
string_equals("moon@strongswan.org", "moon@strongswan.org");
string_equals("MOON@STRONGSWAN.ORG", "MOON@STRONGSWAN.ORG");
@@ -324,11 +399,11 @@ START_TEST(test_printf_hook)
string_equals("C=CH, E=moon@strongswan.org, CN=moon",
"C=CH, emailAddress=moon@strongswan.org, CN=moon");
- /* C=CH, pseudonym=ANO (pseudonym is currently not recognized) */
- string_equals_id("C=CH, 55:04:41=ANO", identification_create_from_encoding(ID_DER_ASN1_DN,
+ /* C=CH, telexNumber=123 (telexNumber is currently not recognized) */
+ string_equals_id("C=CH, 55:04:15=123", identification_create_from_encoding(ID_DER_ASN1_DN,
chunk_from_chars(0x30, 0x19, 0x31, 0x17, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x30, 0x0a, 0x06,
- 0x03, 0x55, 0x04, 0x41, 0x13, 0x03, 0x41, 0x4e, 0x4f)));
+ 0x03, 0x55, 0x04, 0x15, 0x13, 0x03, 0x31, 0x32, 0x33)));
/* C=CH, O=strongSwan (but instead of a 2nd OID -0x06- we got NULL -0x05) */
string_equals_id("C=CH, (invalid ID_DER_ASN1_DN)", identification_create_from_encoding(ID_DER_ASN1_DN,
chunk_from_chars(0x30, 0x20, 0x31, 0x1e, 0x30, 0x09, 0x06, 0x03, 0x55,
@@ -595,6 +670,89 @@ START_TEST(test_matches_binary)
}
END_TEST
+START_TEST(test_matches_range)
+{
+ identification_t *a, *b;
+
+ /* IPv4 addresses */
+ a = identification_create_from_string("192.168.1.1");
+ ck_assert(a->get_type(a) == ID_IPV4_ADDR);
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "0.0.0.0/0", ID_MATCH_MAX_WILDCARDS));
+ ck_assert(id_matches(a, "192.168.1.1", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "192.168.1.2", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "192.168.1.1/32", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "192.168.1.0/32", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "192.168.1.0/24", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "192.168.0.0/24", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "192.168.1.1-192.168.1.1", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "192.168.1.0-192.168.1.64", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "192.168.1.2-192.168.1.64", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "192.168.0.240-192.168.1.0", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "foo@bar", ID_MATCH_NONE));
+
+ /* Malformed IPv4 subnet and range encoding */
+ b = identification_create_from_encoding(ID_IPV4_ADDR_SUBNET, chunk_empty);
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+ b = identification_create_from_encoding(ID_IPV4_ADDR_RANGE, chunk_empty);
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+ b = identification_create_from_encoding(ID_IPV4_ADDR_RANGE,
+ chunk_from_chars(0xc0,0xa8,0x01,0x28,0xc0,0xa8,0x01,0x00));
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+
+ a->destroy(a);
+
+ /* IPv6 addresses */
+ a = identification_create_from_string("fec0::1");
+ ck_assert(a->get_type(a) == ID_IPV6_ADDR);
+ ck_assert(id_matches(a, "%any", ID_MATCH_ANY));
+ ck_assert(id_matches(a, "::/0", ID_MATCH_MAX_WILDCARDS));
+ ck_assert(id_matches(a, "fec0::1", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "fec0::2", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "fec0::1/128", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "fec0::/128", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "fec0::/120", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "fec0::100/120", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "fec0::1-fec0::1", ID_MATCH_PERFECT));
+ ck_assert(id_matches(a, "fec0::0-fec0::5", ID_MATCH_ONE_WILDCARD));
+ ck_assert(id_matches(a, "fec0::4001-fec0::4ffe", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "feb0::1-fec0::0", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "foo@bar", ID_MATCH_NONE));
+
+ /* Malformed IPv6 subnet and range encoding */
+ b = identification_create_from_encoding(ID_IPV6_ADDR_SUBNET, chunk_empty);
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+ b = identification_create_from_encoding(ID_IPV6_ADDR_RANGE, chunk_empty);
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+ b = identification_create_from_encoding(ID_IPV6_ADDR_RANGE,
+ chunk_from_chars(0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x4f,0xff,
+ 0xfe,0xc0,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 ));
+ ck_assert(a->matches(a, b) == ID_MATCH_NONE);
+ b->destroy(b);
+
+ a->destroy(a);
+
+ /* Malformed IPv4 address encoding */
+ a = identification_create_from_encoding(ID_IPV4_ADDR, chunk_empty);
+ ck_assert(id_matches(a, "0.0.0.0/0", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "0.0.0.0-255.255.255.255", ID_MATCH_NONE));
+ a->destroy(a);
+
+ /* Malformed IPv6 address encoding */
+ a = identification_create_from_encoding(ID_IPV6_ADDR, chunk_empty);
+ ck_assert(id_matches(a, "::/0", ID_MATCH_NONE));
+ ck_assert(id_matches(a, "::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", ID_MATCH_NONE));
+ a->destroy(a);
+}
+END_TEST
+
START_TEST(test_matches_string)
{
identification_t *a;
@@ -929,6 +1087,7 @@ Suite *identification_suite_create()
tcase_add_test(tc, test_matches);
tcase_add_test(tc, test_matches_any);
tcase_add_test(tc, test_matches_binary);
+ tcase_add_test(tc, test_matches_range);
tcase_add_test(tc, test_matches_string);
tcase_add_loop_test(tc, test_matches_empty, ID_ANY, ID_KEY_ID + 1);
tcase_add_loop_test(tc, test_matches_empty_reverse, ID_ANY, ID_KEY_ID + 1);
diff --git a/src/libstrongswan/tests/suites/test_linked_list.c b/src/libstrongswan/tests/suites/test_linked_list.c
index 922f954e3..7a161817c 100644
--- a/src/libstrongswan/tests/suites/test_linked_list.c
+++ b/src/libstrongswan/tests/suites/test_linked_list.c
@@ -348,6 +348,91 @@ START_TEST(test_clone_offset)
}
END_TEST
+
+/*******************************************************************************
+ * equals
+ */
+
+typedef struct equals_t equals_t;
+
+struct equals_t {
+ int val;
+ bool (*equals)(equals_t *a, equals_t *b);
+};
+
+static bool equalsfn(equals_t *a, equals_t *b)
+{
+ return a->val == b->val;
+}
+
+START_TEST(test_equals_offset)
+{
+ linked_list_t *other;
+ equals_t *x, items[] = {
+ { .val = 1, .equals = equalsfn, },
+ { .val = 2, .equals = equalsfn, },
+ { .val = 3, .equals = equalsfn, },
+ { .val = 4, .equals = equalsfn, },
+ { .val = 5, .equals = equalsfn, },
+ };
+ int i;
+
+ for (i = 0; i < countof(items); i++)
+ {
+ list->insert_last(list, &items[i]);
+ }
+ ck_assert(list->equals_offset(list, list, offsetof(equals_t, equals)));
+ other = linked_list_create_from_enumerator(list->create_enumerator(list));
+ ck_assert(list->equals_offset(list, other, offsetof(equals_t, equals)));
+ other->remove_last(other, (void**)&x);
+ ck_assert(!list->equals_offset(list, other, offsetof(equals_t, equals)));
+ list->remove_last(list, (void**)&x);
+ ck_assert(list->equals_offset(list, other, offsetof(equals_t, equals)));
+ other->remove_first(other, (void**)&x);
+ ck_assert(!list->equals_offset(list, other, offsetof(equals_t, equals)));
+ list->remove_first(list, (void**)&x);
+ ck_assert(list->equals_offset(list, other, offsetof(equals_t, equals)));
+ while (list->remove_first(list, (void**)&x) == SUCCESS);
+ while (other->remove_first(other, (void**)&x) == SUCCESS);
+ ck_assert(list->equals_offset(list, other, offsetof(equals_t, equals)));
+ other->destroy(other);
+}
+END_TEST
+
+START_TEST(test_equals_function)
+{
+ linked_list_t *other;
+ equals_t *x, items[] = {
+ { .val = 1, },
+ { .val = 2, },
+ { .val = 3, },
+ { .val = 4, },
+ { .val = 5, },
+ };
+ int i;
+
+ for (i = 0; i < countof(items); i++)
+ {
+ list->insert_last(list, &items[i]);
+ }
+ ck_assert(list->equals_function(list, list, (void*)equalsfn));
+ other = linked_list_create_from_enumerator(list->create_enumerator(list));
+ ck_assert(list->equals_function(list, other, (void*)equalsfn));
+ other->remove_last(other, (void**)&x);
+ ck_assert(!list->equals_function(list, other, (void*)equalsfn));
+ list->remove_last(list, (void**)&x);
+ ck_assert(list->equals_function(list, other, (void*)equalsfn));
+ other->remove_first(other, (void**)&x);
+ ck_assert(!list->equals_function(list, other, (void*)equalsfn));
+ list->remove_first(list, (void**)&x);
+ ck_assert(list->equals_function(list, other, (void*)equalsfn));
+ while (list->remove_first(list, (void**)&x) == SUCCESS);
+ while (other->remove_first(other, (void**)&x) == SUCCESS);
+ ck_assert(list->equals_function(list, other, (void*)equalsfn));
+ other->destroy(other);
+}
+END_TEST
+
Suite *linked_list_suite_create()
{
Suite *s;
@@ -386,5 +471,11 @@ Suite *linked_list_suite_create()
tcase_add_test(tc, test_clone_offset);
suite_add_tcase(s, tc);
+ tc = tcase_create("equals");
+ tcase_add_checked_fixture(tc, setup_list, teardown_list);
+ tcase_add_test(tc, test_equals_offset);
+ tcase_add_test(tc, test_equals_function);
+ suite_add_tcase(s, tc);
+
return s;
}
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index e1074b931..824c88022 100644
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -37,6 +37,7 @@ TEST_SUITE_DEPEND(certpolicy_suite_create, CERT_ENCODE, CERT_X509)
TEST_SUITE_DEPEND(certnames_suite_create, CERT_ENCODE, CERT_X509)
TEST_SUITE(host_suite_create)
TEST_SUITE(printf_suite_create)
+TEST_SUITE(auth_cfg_suite_create)
TEST_SUITE(hasher_suite_create)
TEST_SUITE(crypter_suite_create)
TEST_SUITE(crypto_factory_suite_create)
diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c
index 7a243e826..3d87e7fca 100644
--- a/src/libstrongswan/threading/thread.c
+++ b/src/libstrongswan/threading/thread.c
@@ -48,7 +48,7 @@ struct private_thread_t {
thread_t public;
/**
- * Human-readable ID of this thread.
+ * Identificator of this thread (human-readable/thread ID).
*/
u_int id;
@@ -157,6 +157,23 @@ static void thread_destroy(private_thread_t *this)
free(this);
}
+/**
+ * Determine the ID of the current thread
+ */
+static u_int get_thread_id()
+{
+ u_int id;
+
+#if defined(USE_THREAD_IDS) && defined(HAVE_GETTID)
+ id = gettid();
+#else
+ id_mutex->lock(id_mutex);
+ id = next_id++;
+ id_mutex->unlock(id_mutex);
+#endif
+ return id;
+}
+
METHOD(thread_t, cancel, void,
private_thread_t *this)
{
@@ -284,6 +301,8 @@ static void *thread_main(private_thread_t *this)
{
void *res;
+ this->id = get_thread_id();
+
current_thread->set(current_thread, this);
pthread_cleanup_push((thread_cleanup_t)thread_cleanup, this);
@@ -315,9 +334,6 @@ thread_t *thread_create(thread_main_t main, void *arg)
this->main = main;
this->arg = arg;
- id_mutex->lock(id_mutex);
- this->id = next_id++;
- id_mutex->unlock(id_mutex);
if (pthread_create(&this->thread_id, NULL, (void*)thread_main, this) != 0)
{
@@ -341,11 +357,7 @@ thread_t *thread_current()
if (!this)
{
this = thread_create_internal();
-
- id_mutex->lock(id_mutex);
- this->id = next_id++;
- id_mutex->unlock(id_mutex);
-
+ this->id = get_thread_id();
current_thread->set(current_thread, (void*)this);
}
return &this->public;
@@ -475,12 +487,12 @@ void threads_init()
dummy1 = thread_value_create(NULL);
- next_id = 1;
- main_thread->id = 0;
+ next_id = 0;
main_thread->thread_id = pthread_self();
current_thread = thread_value_create(NULL);
current_thread->set(current_thread, (void*)main_thread);
id_mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ main_thread->id = get_thread_id();
#ifndef HAVE_PTHREAD_CANCEL
{ /* install a signal handler for our custom SIG_CANCEL */
diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h
index c24772839..35da24459 100644
--- a/src/libstrongswan/threading/thread.h
+++ b/src/libstrongswan/threading/thread.h
@@ -97,11 +97,13 @@ thread_t *thread_create(thread_main_t main, void *arg);
thread_t *thread_current();
/**
- * Get the human-readable ID of the current thread.
+ * Get the ID of the current thread.
*
- * The IDs are assigned incrementally starting from 1.
+ * Depending on the build configuration thread IDs are either assigned
+ * incrementally starting from 1, or equal the value returned by an appropriate
+ * syscall (like gettid() or GetCurrentThreadId()), if available.
*
- * @return human-readable ID
+ * @return ID of the current thread
*/
u_int thread_current_id();
diff --git a/src/libstrongswan/threading/windows/thread.c b/src/libstrongswan/threading/windows/thread.c
index 610524722..798d75be7 100644
--- a/src/libstrongswan/threading/windows/thread.c
+++ b/src/libstrongswan/threading/windows/thread.c
@@ -516,7 +516,11 @@ thread_t *thread_current()
*/
u_int thread_current_id()
{
+#ifdef USE_THREAD_IDS
+ return get_current_thread()->id;
+#else
return get_current_thread()->tid;
+#endif
}
/**
diff --git a/src/libstrongswan/utils/compat/windows.c b/src/libstrongswan/utils/compat/windows.c
index 1f22ffa02..12ee59916 100644
--- a/src/libstrongswan/utils/compat/windows.c
+++ b/src/libstrongswan/utils/compat/windows.c
@@ -82,7 +82,6 @@ static void* dlsym_default(const char *name)
{
const char *dlls[] = {
"libstrongswan-0.dll",
- "libhydra-0.dll",
"libcharon-0.dll",
"libtnccs-0.dll",
NULL /* .exe */
diff --git a/src/libstrongswan/utils/debug.c b/src/libstrongswan/utils/debug.c
index e8c9e6b98..8a80b81a2 100644
--- a/src/libstrongswan/utils/debug.c
+++ b/src/libstrongswan/utils/debug.c
@@ -17,7 +17,7 @@
#include "debug.h"
-ENUM(debug_names, DBG_DMN, DBG_LIB,
+ENUM(debug_names, DBG_DMN, DBG_ANY,
"DMN",
"MGR",
"IKE",
@@ -36,9 +36,10 @@ ENUM(debug_names, DBG_DMN, DBG_LIB,
"APP",
"ESP",
"LIB",
+ "ANY",
);
-ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
+ENUM(debug_lower_names, DBG_DMN, DBG_ANY,
"dmn",
"mgr",
"ike",
@@ -57,6 +58,7 @@ ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
"app",
"esp",
"lib",
+ "any",
);
/**
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index da23d143c..2b2e907f0 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -1,8 +1,9 @@
/*
+ * Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2009-2015 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -79,6 +80,7 @@ static const x501rdn_t x501rdns[] = {
{"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING},
{"I", OID_INITIALS, ASN1_PRINTABLESTRING},
{"dnQualifier", OID_DN_QUALIFIER, ASN1_PRINTABLESTRING},
+ {"pseudonym", OID_PSEUDONYM, ASN1_PRINTABLESTRING},
{"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING},
{"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING},
{"employeeNumber", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING},
@@ -218,6 +220,7 @@ METHOD(enumerator_t, rdn_part_enumerate, bool,
{OID_GIVEN_NAME, ID_PART_RDN_G},
{OID_INITIALS, ID_PART_RDN_I},
{OID_DN_QUALIFIER, ID_PART_RDN_DNQ},
+ {OID_PSEUDONYM, ID_PART_RDN_PN},
{OID_UNIQUE_IDENTIFIER, ID_PART_RDN_ID},
{OID_EMAIL_ADDRESS, ID_PART_RDN_E},
{OID_EMPLOYEE_NUMBER, ID_PART_RDN_EN},
@@ -822,6 +825,154 @@ METHOD(identification_t, matches_dn, id_match_t,
}
/**
+ * Transform netmask to CIDR bits
+ */
+static int netmask_to_cidr(char *netmask, size_t address_size)
+{
+ uint8_t byte;
+ int i, netbits = 0;
+
+ for (i = 0; i < address_size; i++)
+ {
+ byte = netmask[i];
+
+ if (byte == 0x00)
+ {
+ break;
+ }
+ if (byte == 0xff)
+ {
+ netbits += 8;
+ }
+ else
+ {
+ while (byte & 0x80)
+ {
+ netbits++;
+ byte <<= 1;
+ }
+ }
+ }
+ return netbits;
+}
+
+METHOD(identification_t, matches_range, id_match_t,
+ private_identification_t *this, identification_t *other)
+{
+ chunk_t other_encoding;
+ uint8_t *address, *from, *to, *network, *netmask;
+ size_t address_size = 0;
+ int netbits, range_sign, i;
+
+ if (other->get_type(other) == ID_ANY)
+ {
+ return ID_MATCH_ANY;
+ }
+ if (this->type == other->get_type(other) &&
+ chunk_equals(this->encoded, other->get_encoding(other)))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if ((this->type == ID_IPV4_ADDR &&
+ other->get_type(other) == ID_IPV4_ADDR_SUBNET))
+ {
+ address_size = sizeof(struct in_addr);
+ }
+ else if ((this->type == ID_IPV6_ADDR &&
+ other->get_type(other) == ID_IPV6_ADDR_SUBNET))
+ {
+ address_size = sizeof(struct in6_addr);
+ }
+ if (address_size)
+ {
+ other_encoding = other->get_encoding(other);
+ if (this->encoded.len != address_size ||
+ other_encoding.len != 2 * address_size)
+ {
+ return ID_MATCH_NONE;
+ }
+ address = this->encoded.ptr;
+ network = other_encoding.ptr;
+ netmask = other_encoding.ptr + address_size;
+ netbits = netmask_to_cidr(netmask, address_size);
+
+ if (netbits == 0)
+ {
+ return ID_MATCH_MAX_WILDCARDS;
+ }
+ if (netbits == 8 * address_size)
+ {
+ return memeq(address, network, address_size) ?
+ ID_MATCH_PERFECT : ID_MATCH_NONE;
+ }
+ for (i = 0; i < (netbits + 7)/8; i++)
+ {
+ if ((address[i] ^ network[i]) & netmask[i])
+ {
+ return ID_MATCH_NONE;
+ }
+ }
+ return ID_MATCH_ONE_WILDCARD;
+ }
+ if ((this->type == ID_IPV4_ADDR &&
+ other->get_type(other) == ID_IPV4_ADDR_RANGE))
+ {
+ address_size = sizeof(struct in_addr);
+ }
+ else if ((this->type == ID_IPV6_ADDR &&
+ other->get_type(other) == ID_IPV6_ADDR_RANGE))
+ {
+ address_size = sizeof(struct in6_addr);
+ }
+ if (address_size)
+ {
+ other_encoding = other->get_encoding(other);
+ if (this->encoded.len != address_size ||
+ other_encoding.len != 2 * address_size)
+ {
+ return ID_MATCH_NONE;
+ }
+ address = this->encoded.ptr;
+ from = other_encoding.ptr;
+ to = other_encoding.ptr + address_size;
+
+ range_sign = memcmp(to, from, address_size);
+ if (range_sign < 0)
+ { /* to is smaller than from */
+ return ID_MATCH_NONE;
+ }
+
+ /* check lower bound */
+ for (i = 0; i < address_size; i++)
+ {
+ if (address[i] != from[i])
+ {
+ if (address[i] < from[i])
+ {
+ return ID_MATCH_NONE;
+ }
+ break;
+ }
+ }
+
+ /* check upper bound */
+ for (i = 0; i < address_size; i++)
+ {
+ if (address[i] != to[i])
+ {
+ if (address[i] > to[i])
+ {
+ return ID_MATCH_NONE;
+ }
+ break;
+ }
+ }
+ return range_sign ? ID_MATCH_ONE_WILDCARD : ID_MATCH_PERFECT;
+ }
+ return ID_MATCH_NONE;
+}
+
+/**
* Described in header.
*/
int identification_printf_hook(printf_hook_data_t *data,
@@ -829,7 +980,9 @@ int identification_printf_hook(printf_hook_data_t *data,
{
private_identification_t *this = *((private_identification_t**)(args[0]));
chunk_t proper;
- char buf[512];
+ char buf[BUF_LEN], *pos;
+ size_t len, address_size;
+ int written;
if (this == NULL)
{
@@ -839,49 +992,115 @@ int identification_printf_hook(printf_hook_data_t *data,
switch (this->type)
{
case ID_ANY:
- snprintf(buf, sizeof(buf), "%%any");
+ snprintf(buf, BUF_LEN, "%%any");
break;
case ID_IPV4_ADDR:
if (this->encoded.len < sizeof(struct in_addr) ||
- inet_ntop(AF_INET, this->encoded.ptr, buf, sizeof(buf)) == NULL)
+ inet_ntop(AF_INET, this->encoded.ptr, buf, BUF_LEN) == NULL)
{
- snprintf(buf, sizeof(buf), "(invalid ID_IPV4_ADDR)");
+ snprintf(buf, BUF_LEN, "(invalid ID_IPV4_ADDR)");
+ }
+ break;
+ case ID_IPV4_ADDR_SUBNET:
+ address_size = sizeof(struct in_addr);
+ if (this->encoded.len < 2 * address_size ||
+ inet_ntop(AF_INET, this->encoded.ptr, buf, BUF_LEN) == NULL)
+ {
+ snprintf(buf, BUF_LEN, "(invalid ID_IPV4_ADDR_SUBNET)");
+ break;
+ }
+ written = strlen(buf);
+ snprintf(buf + written, BUF_LEN - written, "/%d",
+ netmask_to_cidr(this->encoded.ptr + address_size,
+ address_size));
+ break;
+ case ID_IPV4_ADDR_RANGE:
+ address_size = sizeof(struct in_addr);
+ if (this->encoded.len < 2 * address_size ||
+ inet_ntop(AF_INET, this->encoded.ptr, buf, BUF_LEN) == NULL)
+ {
+ snprintf(buf, BUF_LEN, "(invalid ID_IPV4_ADDR_RANGE)");
+ break;
+ }
+ written = strlen(buf);
+ pos = buf + written;
+ len = BUF_LEN - written;
+ written = snprintf(pos, len, "-");
+ if (written < 0 || written >= len ||
+ inet_ntop(AF_INET, this->encoded.ptr + address_size,
+ pos + written, len - written) == NULL)
+ {
+ snprintf(buf, BUF_LEN, "(invalid ID_IPV4_ADDR_RANGE)");
}
break;
case ID_IPV6_ADDR:
if (this->encoded.len < sizeof(struct in6_addr) ||
- inet_ntop(AF_INET6, this->encoded.ptr, buf, INET6_ADDRSTRLEN) == NULL)
+ inet_ntop(AF_INET6, this->encoded.ptr, buf, BUF_LEN) == NULL)
+ {
+ snprintf(buf, BUF_LEN, "(invalid ID_IPV6_ADDR)");
+ }
+ break;
+ case ID_IPV6_ADDR_SUBNET:
+ address_size = sizeof(struct in6_addr);
+ if (this->encoded.len < 2 * address_size ||
+ inet_ntop(AF_INET6, this->encoded.ptr, buf, BUF_LEN) == NULL)
+ {
+ snprintf(buf, BUF_LEN, "(invalid ID_IPV6_ADDR_SUBNET)");
+ }
+ else
{
- snprintf(buf, sizeof(buf), "(invalid ID_IPV6_ADDR)");
+ written = strlen(buf);
+ snprintf(buf + written, BUF_LEN - written, "/%d",
+ netmask_to_cidr(this->encoded.ptr + address_size,
+ address_size));
+ }
+ break;
+ case ID_IPV6_ADDR_RANGE:
+ address_size = sizeof(struct in6_addr);
+ if (this->encoded.len < 2 * address_size ||
+ inet_ntop(AF_INET6, this->encoded.ptr, buf, BUF_LEN) == NULL)
+ {
+ snprintf(buf, BUF_LEN, "(invalid ID_IPV6_ADDR_RANGE)");
+ break;
+ }
+ written = strlen(buf);
+ pos = buf + written;
+ len = BUF_LEN - written;
+ written = snprintf(pos, len, "-");
+ if (written < 0 || written >= len ||
+ inet_ntop(AF_INET6, this->encoded.ptr + address_size,
+ pos + written, len - written) == NULL)
+ {
+ snprintf(buf, BUF_LEN, "(invalid ID_IPV6_ADDR_RANGE)");
}
break;
case ID_FQDN:
case ID_RFC822_ADDR:
case ID_DER_ASN1_GN_URI:
chunk_printable(this->encoded, &proper, '?');
- snprintf(buf, sizeof(buf), "%.*s", (int)proper.len, proper.ptr);
+ snprintf(buf, BUF_LEN, "%.*s", (int)proper.len, proper.ptr);
chunk_free(&proper);
break;
case ID_DER_ASN1_DN:
- dntoa(this->encoded, buf, sizeof(buf));
+ dntoa(this->encoded, buf, BUF_LEN);
break;
case ID_DER_ASN1_GN:
- snprintf(buf, sizeof(buf), "(ASN.1 general name)");
+ snprintf(buf, BUF_LEN, "(ASN.1 general name)");
break;
case ID_KEY_ID:
if (chunk_printable(this->encoded, NULL, '?') &&
this->encoded.len != HASH_SIZE_SHA1)
{ /* fully printable, use ascii version */
- snprintf(buf, sizeof(buf), "%.*s", (int)this->encoded.len,
+ snprintf(buf, BUF_LEN, "%.*s", (int)this->encoded.len,
this->encoded.ptr);
}
else
{ /* not printable, hex dump */
- snprintf(buf, sizeof(buf), "%#B", &this->encoded);
+ snprintf(buf, BUF_LEN, "%#B", &this->encoded);
}
break;
default:
- snprintf(buf, sizeof(buf), "(unknown ID type: %d)", this->type);
+ snprintf(buf, BUF_LEN, "(unknown ID type: %d)", this->type);
break;
}
if (spec->minus)
@@ -950,6 +1169,13 @@ static private_identification_t *identification_create(id_type_t type)
this->public.matches = _matches_dn;
this->public.contains_wildcards = _contains_wildcards_dn;
break;
+ case ID_IPV4_ADDR:
+ case ID_IPV6_ADDR:
+ this->public.hash = _hash_binary;
+ this->public.equals = _equals_binary;
+ this->public.matches = _matches_range;
+ this->public.contains_wildcards = return_false;
+ break;
default:
this->public.hash = _hash_binary;
this->public.equals = _equals_binary;
@@ -971,6 +1197,10 @@ static private_identification_t* create_from_string_with_prefix_type(char *str)
} prefixes[] = {
{ "ipv4:", ID_IPV4_ADDR },
{ "ipv6:", ID_IPV6_ADDR },
+ { "ipv4net:", ID_IPV4_ADDR_SUBNET },
+ { "ipv6net:", ID_IPV6_ADDR_SUBNET },
+ { "ipv4range:", ID_IPV4_ADDR_RANGE },
+ { "ipv6range:", ID_IPV6_ADDR_RANGE },
{ "rfc822:", ID_RFC822_ADDR },
{ "email:", ID_RFC822_ADDR },
{ "userfqdn:", ID_USER_FQDN },
@@ -1036,6 +1266,115 @@ static private_identification_t* create_from_string_with_num_type(char *str)
return this;
}
+/**
+ * Convert to an IPv4/IPv6 host address, subnet or address range
+ */
+static private_identification_t* create_ip_address_from_string(char *string,
+ bool is_ipv4)
+{
+ private_identification_t *this;
+ uint8_t encoding[32];
+ uint8_t *str, *pos, *address, *to_address, *netmask;
+ size_t address_size;
+ int bits, bytes, i;
+ bool has_subnet = FALSE, has_range = FALSE;
+
+ address = encoding;
+ address_size = is_ipv4 ? sizeof(struct in_addr) : sizeof(struct in6_addr);
+
+ str = strdup(string);
+ pos = strchr(str, '/');
+ if (pos)
+ { /* separate IP address from optional netmask */
+
+ *pos = '\0';
+ has_subnet = TRUE;
+ }
+ else
+ {
+ pos = strchr(str, '-');
+ if (pos)
+ { /* separate lower address from upper address of IP range */
+ *pos = '\0';
+ has_range = TRUE;
+ }
+ }
+
+ if (inet_pton(is_ipv4 ? AF_INET : AF_INET6, str, address) != 1)
+ {
+ free(str);
+ return NULL;
+ }
+
+ if (has_subnet)
+ { /* is IP subnet */
+ bits = atoi(pos + 1);
+ if (bits > 8 * address_size)
+ {
+ free(str);
+ return NULL;
+ }
+ bytes = bits / 8;
+ bits -= 8 * bytes;
+ netmask = encoding + address_size;
+
+ for (i = 0; i < address_size; i++)
+ {
+ if (bytes)
+ {
+ *netmask = 0xff;
+ bytes--;
+ }
+ else if (bits)
+ {
+ *netmask = 0xff << (8 - bits);
+ bits = 0;
+ }
+ else
+ {
+ *netmask = 0x00;
+ }
+ *address++ &= *netmask++;
+ }
+ this = identification_create(is_ipv4 ? ID_IPV4_ADDR_SUBNET :
+ ID_IPV6_ADDR_SUBNET);
+ this->encoded = chunk_clone(chunk_create(encoding, 2 * address_size));
+ }
+ else if (has_range)
+ { /* is IP range */
+ to_address = encoding + address_size;
+
+ if (inet_pton(is_ipv4 ? AF_INET : AF_INET6, pos + 1, to_address) != 1)
+ {
+ free(str);
+ return NULL;
+ }
+ for (i = 0; i < address_size; i++)
+ {
+ if (address[i] != to_address[i])
+ {
+ if (address[i] > to_address[i])
+ {
+ free(str);
+ return NULL;
+ }
+ break;
+ }
+ }
+ this = identification_create(is_ipv4 ? ID_IPV4_ADDR_RANGE :
+ ID_IPV6_ADDR_RANGE);
+ this->encoded = chunk_clone(chunk_create(encoding, 2 * address_size));
+ }
+ else
+ { /* is IP host address */
+ this = identification_create(is_ipv4 ? ID_IPV4_ADDR : ID_IPV6_ADDR);
+ this->encoded = chunk_clone(chunk_create(encoding, address_size));
+ }
+ free(str);
+
+ return this;
+}
+
/*
* Described in header.
*/
@@ -1093,15 +1432,9 @@ identification_t *identification_create_from_string(char *string)
{
if (strchr(string, ':') == NULL)
{
- struct in_addr address;
- chunk_t chunk = {(void*)&address, sizeof(address)};
-
- if (inet_pton(AF_INET, string, &address) > 0)
- { /* is IPv4 */
- this = identification_create(ID_IPV4_ADDR);
- this->encoded = chunk_clone(chunk);
- }
- else
+ /* IPv4 address or subnet */
+ this = create_ip_address_from_string(string, TRUE);
+ if (!this)
{ /* not IPv4, mostly FQDN */
this = identification_create(ID_FQDN);
this->encoded = chunk_from_str(strdup(string));
@@ -1110,15 +1443,9 @@ identification_t *identification_create_from_string(char *string)
}
else
{
- struct in6_addr address;
- chunk_t chunk = {(void*)&address, sizeof(address)};
-
- if (inet_pton(AF_INET6, string, &address) > 0)
- { /* is IPv6 */
- this = identification_create(ID_IPV6_ADDR);
- this->encoded = chunk_clone(chunk);
- }
- else
+ /* IPv6 address or subnet */
+ this = create_ip_address_from_string(string, FALSE);
+ if (!this)
{ /* not IPv4/6 fallback to KEY_ID */
this = identification_create(ID_KEY_ID);
this->encoded = chunk_from_str(strdup(string));
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index 5f27ba112..51d132491 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -168,6 +168,8 @@ enum id_part_t {
ID_PART_RDN_I,
/** DN Qualifier RDN of a DN */
ID_PART_RDN_DNQ,
+ /** Pseudonym RDN of a DN */
+ ID_PART_RDN_PN,
/** UniqueIdentifier RDN of a DN */
ID_PART_RDN_ID,
/** Locality RDN of a DN */
diff --git a/src/libstrongswan/utils/utils/byteorder.h b/src/libstrongswan/utils/utils/byteorder.h
index 48cf1d526..3ccbad5f1 100644
--- a/src/libstrongswan/utils/utils/byteorder.h
+++ b/src/libstrongswan/utils/utils/byteorder.h
@@ -44,6 +44,36 @@
#define BITFIELD5(t, a, b, c, d, e,...) struct { t e; t d; t c; t b; t a; __VA_ARGS__}
#endif
+#ifndef le32toh
+# if BYTE_ORDER == BIG_ENDIAN
+# define le32toh(x) __builtin_bswap32(x)
+# define htole32(x) __builtin_bswap32(x)
+# else
+# define le32toh(x) (x)
+# define htole32(x) (x)
+# endif
+#endif
+
+#ifndef le64toh
+# if BYTE_ORDER == BIG_ENDIAN
+# define le64toh(x) __builtin_bswap64(x)
+# define htole64(x) __builtin_bswap64(x)
+# else
+# define le64toh(x) (x)
+# define htole64(x) (x)
+# endif
+#endif
+
+#ifndef be64toh
+# if BYTE_ORDER == BIG_ENDIAN
+# define be64toh(x) (x)
+# define htobe64(x) (x)
+# else
+# define be64toh(x) __builtin_bswap64(x)
+# define htobe64(x) __builtin_bswap64(x)
+# endif
+#endif
+
/**
* Write a 16-bit host order value in network order to an unaligned address.
*
@@ -82,21 +112,8 @@ static inline void htoun64(void *network, u_int64_t host)
{
char *unaligned = (char*)network;
-#ifdef be64toh
host = htobe64(host);
memcpy((char*)unaligned, &host, sizeof(host));
-#else
- u_int32_t high_part, low_part;
-
- high_part = host >> 32;
- high_part = htonl(high_part);
- low_part = host & 0xFFFFFFFFLL;
- low_part = htonl(low_part);
-
- memcpy(unaligned, &high_part, sizeof(high_part));
- unaligned += sizeof(high_part);
- memcpy(unaligned, &low_part, sizeof(low_part));
-#endif
}
/**
@@ -138,24 +155,37 @@ static inline u_int32_t untoh32(void *network)
static inline u_int64_t untoh64(void *network)
{
char *unaligned = (char*)network;
-
-#ifdef be64toh
u_int64_t tmp;
memcpy(&tmp, unaligned, sizeof(tmp));
return be64toh(tmp);
-#else
- u_int32_t high_part, low_part;
+}
- memcpy(&high_part, unaligned, sizeof(high_part));
- unaligned += sizeof(high_part);
- memcpy(&low_part, unaligned, sizeof(low_part));
+/**
+ * Read a 32-bit value in little-endian order from unaligned address.
+ *
+ * @param p unaligned address to read little endian value from
+ * @return host order value
+ */
+static inline u_int32_t uletoh32(void *p)
+{
+ u_int32_t ret;
- high_part = ntohl(high_part);
- low_part = ntohl(low_part);
+ memcpy(&ret, p, sizeof(ret));
+ ret = le32toh(ret);
+ return ret;
+}
- return (((u_int64_t)high_part) << 32) + low_part;
-#endif
+/**
+ * Write a 32-bit value in little-endian to an unaligned address.
+ *
+ * @param p host order 32-bit value
+ * @param v unaligned address to write little endian value to
+ */
+static inline void htoule32(void *p, u_int32_t v)
+{
+ v = htole32(v);
+ memcpy(p, &v, sizeof(v));
}
#endif /** BYTEORDER_H_ @} */