12 files changed, 647 insertions, 50 deletions
diff --git a/src/libtncif/Android.mk b/src/libtncif/Android.mk
index ef406dd59..13ce6e11a 100644
--- a/src/libtncif/Android.mk
+++ b/src/libtncif/Android.mk
@@ -2,9 +2,13 @@ LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 
 # copy-n-paste from Makefile.am
-LOCAL_SRC_FILES := \
+libtncif_la_SOURCES := \
 tncif.h tncifimc.h tncifimv.h tncif_names.h tncif_names.c \
-tncif_pa_subtypes.h tncif_pa_subtypes.c
+tncif_identity.h tncif_identity.c \
+tncif_pa_subtypes.h tncif_pa_subtypes.c \
+tncif_policy.h tncif_policy.c
+
+LOCAL_SRC_FILES := $(filter %.c,$(libtncif_la_SOURCES))
 
 # build libtncif ---------------------------------------------------------------
 
diff --git a/src/libtncif/Makefile.am b/src/libtncif/Makefile.am
index cc262ffca..3c7cb9ff2 100644
--- a/src/libtncif/Makefile.am
+++ b/src/libtncif/Makefile.am
@@ -1,9 +1,12 @@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan
 
 noinst_LTLIBRARIES = libtncif.la
 
 libtncif_la_SOURCES = \
 tncif.h tncifimc.h tncifimv.h tncif_names.h tncif_names.c \
-tncif_pa_subtypes.h tncif_pa_subtypes.c
+tncif_identity.h tncif_identity.c \
+tncif_pa_subtypes.h tncif_pa_subtypes.c \
+tncif_policy.h tncif_policy.c
 
 EXTRA_DIST = Android.mk
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index 462b8bd3f..8c51dfd5c 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -16,6 +16,23 @@
 @SET_MAKE@
 
 VPATH = @srcdir@
+am__make_dryrun = \
+  { \
+    am__dry=no; \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
+          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+      *) \
+        for am__flg in $$MAKEFLAGS; do \
+          case $$am__flg in \
+            *=*|--*) ;; \
+            *n*) am__dry=yes; break;; \
+          esac; \
+        done;; \
+    esac; \
+    test $$am__dry = yes; \
+  }
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -45,52 +62,82 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/macros/with.m4 \
 	$(top_srcdir)/m4/macros/enable-disable.m4 \
 	$(top_srcdir)/m4/macros/add-plugin.m4 \
-	$(top_srcdir)/configure.in
+	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 LTLIBRARIES = $(noinst_LTLIBRARIES)
 libtncif_la_LIBADD =
-am_libtncif_la_OBJECTS = tncif_names.lo tncif_pa_subtypes.lo
+am_libtncif_la_OBJECTS = tncif_names.lo tncif_identity.lo \
+	tncif_pa_subtypes.lo tncif_policy.lo
 libtncif_la_OBJECTS = $(am_libtncif_la_OBJECTS)
-DEFAULT_INCLUDES = -I.@am__isrc@
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC    " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
 CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD  " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN   " $@;
 SOURCES = $(libtncif_la_SOURCES)
 DIST_SOURCES = $(libtncif_la_SOURCES)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
 ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 ALLOCA = @ALLOCA@
 AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BFDLIB = @BFDLIB@
 BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CHECK_CFLAGS = @CHECK_CFLAGS@
+CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
 DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
@@ -99,13 +146,16 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+GENHTML = @GENHTML@
 GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
 GREP = @GREP@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LEX = @LEX@
@@ -118,6 +168,7 @@ LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
 MYSQLCFLAG = @MYSQLCFLAG@
 MYSQLCONFIG = @MYSQLCONFIG@
@@ -145,11 +196,13 @@ RANLIB = @RANLIB@
 RTLIB = @RTLIB@
 RUBY = @RUBY@
 RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 SOCKLIB = @SOCKLIB@
 STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
 VERSION = @VERSION@
 YACC = @YACC@
 YFLAGS = @YFLAGS@
@@ -157,6 +210,7 @@ abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
 abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
@@ -165,8 +219,6 @@ am__quote = @am__quote@
 am__tar = @am__tar@
 am__untar = @am__untar@
 attest_plugins = @attest_plugins@
-axis2c_CFLAGS = @axis2c_CFLAGS@
-axis2c_LIBS = @axis2c_LIBS@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -175,14 +227,19 @@ build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
 c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
 clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
-default_pkcs11 = @default_pkcs11@
+dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
@@ -196,17 +253,17 @@ imcvdir = @imcvdir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
 ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
 ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
-libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
 libexecdir = @libexecdir@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
 maemo_CFLAGS = @maemo_CFLAGS@
 maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
@@ -216,16 +273,15 @@ mkdir_p = @mkdir_p@
 nm_CFLAGS = @nm_CFLAGS@
 nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
 openac_plugins = @openac_plugins@
-p_plugins = @p_plugins@
 pcsclite_CFLAGS = @pcsclite_CFLAGS@
 pcsclite_LIBS = @pcsclite_LIBS@
 pdfdir = @pdfdir@
 piddir = @piddir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
-pluto_plugins = @pluto_plugins@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
@@ -253,11 +309,15 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan
+
 noinst_LTLIBRARIES = libtncif.la
 libtncif_la_SOURCES = \
 tncif.h tncifimc.h tncifimv.h tncif_names.h tncif_names.c \
-tncif_pa_subtypes.h tncif_pa_subtypes.c
+tncif_identity.h tncif_identity.c \
+tncif_pa_subtypes.h tncif_pa_subtypes.c \
+tncif_policy.h tncif_policy.c
 
 EXTRA_DIST = Android.mk
 all: all-am
@@ -303,8 +363,8 @@ clean-noinstLTLIBRARIES:
 	  echo "rm -f \"$${dir}/so_locations\""; \
 	  rm -f "$${dir}/so_locations"; \
 	done
-libtncif.la: $(libtncif_la_OBJECTS) $(libtncif_la_DEPENDENCIES) 
-	$(LINK)  $(libtncif_la_OBJECTS) $(libtncif_la_LIBADD) $(LIBS)
+libtncif.la: $(libtncif_la_OBJECTS) $(libtncif_la_DEPENDENCIES) $(EXTRA_libtncif_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(LINK)  $(libtncif_la_OBJECTS) $(libtncif_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -312,29 +372,31 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tncif_identity.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tncif_names.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tncif_pa_subtypes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tncif_policy.Plo@am__quote@
 
 .c.o:
-@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
 
 .c.obj:
-@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
 
 .c.lo:
-@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
 mostlyclean-libtool:
 	-rm -f *.lo
@@ -438,10 +500,15 @@ install-am: all-am
 
 installcheck: installcheck-am
 install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
 mostlyclean-generic:
 
 clean-generic:
diff --git a/src/libtncif/tncif_identity.c b/src/libtncif/tncif_identity.c
new file mode 100644
index 000000000..7ee215c77
--- /dev/null
+++ b/src/libtncif/tncif_identity.c
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tncif_identity.h"
+
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <pen/pen.h>
+#include <utils/debug.h>
+
+typedef struct private_tncif_identity_t private_tncif_identity_t;
+
+/**
+ * TNC Identity List Attribute Format (TCG TNC IF-IMV 1.4 Draft)
+ *
+ *                      1                   2                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                        Identity Count                         |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |   RESERVED    |            Identity Type Vendor ID            |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                         Identity Type                         |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                     Identity Value Length                     |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                                                               |
+ *  ~                         Identity Value                        ~
+ *  |                                                               |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |   RESERVED    |            Subject Type Vendor ID             |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                         Subject Type                          |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |   RESERVED    |        Authentication Method Vendor ID        |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                     Authentication Method                     |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of a tncif_identity_t object.
+ *
+ */
+struct private_tncif_identity_t {
+
+	/**
+	 * Public tncif_identity_t interface.
+	 */
+	tncif_identity_t public;
+
+	/**
+	 * Identity Type
+	 */
+	pen_type_t identity_type;
+
+	/**
+	 * Identity Value
+	 */
+	chunk_t identity_value;
+
+	/**
+	 * Subject Type
+	 */
+	pen_type_t subject_type;
+
+	/**
+	 * Authentication Type
+	 */
+	pen_type_t auth_type;
+};
+
+METHOD(tncif_identity_t, get_identity_type, pen_type_t,
+	private_tncif_identity_t *this)
+{
+	return this->identity_type;
+}
+
+METHOD(tncif_identity_t, get_identity_value, chunk_t,
+	private_tncif_identity_t *this)
+{
+	return this->identity_value;
+}
+
+METHOD(tncif_identity_t, get_subject_type, pen_type_t,
+	private_tncif_identity_t *this)
+{
+	return this->subject_type;
+}
+
+METHOD(tncif_identity_t, get_auth_type, pen_type_t,
+	private_tncif_identity_t *this)
+{
+	return this->auth_type;
+}
+
+METHOD(tncif_identity_t, build, void,
+	private_tncif_identity_t *this, bio_writer_t *writer)
+{
+	writer->write_uint32(writer, this->identity_type.vendor_id);
+	writer->write_uint32(writer, this->identity_type.type);
+	writer->write_data32(writer, this->identity_value);
+	writer->write_uint32(writer, this->subject_type.vendor_id);
+	writer->write_uint32(writer, this->subject_type.type);
+	writer->write_uint32(writer, this->auth_type.vendor_id);
+	writer->write_uint32(writer, this->auth_type.type);
+}
+
+METHOD(tncif_identity_t, process, bool,
+	private_tncif_identity_t *this, bio_reader_t *reader)
+{
+	u_int8_t reserved;
+	u_int32_t vendor_id, type;
+	chunk_t identity_value;
+
+	if (reader->remaining(reader) < TNCIF_IDENTITY_MIN_SIZE)
+	{
+		return FALSE;
+	}
+	reader->read_uint8 (reader, &reserved);
+	reader->read_uint24(reader, &vendor_id);
+	reader->read_uint32(reader, &type);
+	this->identity_type = pen_type_create(vendor_id, type);
+
+	if (!reader->read_data32(reader, &identity_value) ||
+		 reader->remaining(reader) < 16)
+	{
+		return FALSE;
+	}
+	this->identity_value = chunk_clone(identity_value);
+
+	reader->read_uint8 (reader, &reserved);
+	reader->read_uint24(reader, &vendor_id);
+	reader->read_uint32(reader, &type);
+	this->subject_type = pen_type_create(vendor_id, type);		
+
+	reader->read_uint8 (reader, &reserved);
+	reader->read_uint24(reader, &vendor_id);
+	reader->read_uint32(reader, &type);
+	this->auth_type = pen_type_create(vendor_id, type);
+
+	return TRUE;
+}
+
+METHOD(tncif_identity_t, destroy, void,
+	private_tncif_identity_t *this)
+{
+	free(this->identity_value.ptr);
+	free(this);
+}
+
+
+/**
+ * See header
+ */
+tncif_identity_t *tncif_identity_create_empty(void)
+{
+	private_tncif_identity_t *this;
+
+	INIT(this,
+		.public = {
+			.get_identity_type = _get_identity_type,
+			.get_identity_value = _get_identity_value,
+			.get_subject_type = _get_subject_type,
+			.get_auth_type = _get_auth_type,
+			.build = _build,
+			.process = _process,
+			.destroy = _destroy,
+		},
+	);
+
+	return &this->public;
+}
+
+/**
+ * See header
+ */
+tncif_identity_t *tncif_identity_create(pen_type_t identity_type,
+										chunk_t identity_value,
+										pen_type_t subject_type,
+										pen_type_t auth_type)
+{
+	private_tncif_identity_t *this;
+
+	this = (private_tncif_identity_t*)tncif_identity_create_empty();
+	this->identity_type = identity_type;
+	this->identity_value = identity_value;
+	this->subject_type = subject_type;
+	this->auth_type = auth_type;
+
+	return &this->public;
+}
+
diff --git a/src/libtncif/tncif_identity.h b/src/libtncif/tncif_identity.h
new file mode 100644
index 000000000..ad872166f
--- /dev/null
+++ b/src/libtncif/tncif_identity.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup libtncif libtncif
+ *
+ * @addtogroup libtncif
+ * TNC interface definitions
+ *
+ * @defgroup tnc_identities tnc_identities
+ * @{ @ingroup libtncif
+ */
+
+#ifndef TNCIF_IDENTITY_H_
+#define TNCIF_IDENTITY_H_
+
+#include <library.h>
+
+#include <pen/pen.h>
+#include <bio/bio_reader.h>
+#include <bio/bio_writer.h>
+
+#define TNCIF_IDENTITY_MIN_SIZE			28
+
+typedef struct tncif_identity_t tncif_identity_t;
+
+/**
+ * Public interface of a TNC Identity object
+ */
+struct tncif_identity_t {
+
+	/**
+	 * Get the TNC Identity Type
+	 *
+	 * @return					TNC Identity Type
+	 */
+	pen_type_t (*get_identity_type)(tncif_identity_t *this);
+
+	/**
+	 * Get the TNC Identity Value
+	 *
+	 * @return					TNC Identity Value
+	 */
+	chunk_t (*get_identity_value)(tncif_identity_t *this);
+
+	/**
+	 * Get the TNC Subject Type
+	 *
+	 * @return					TNC Subject Type
+	 */
+	pen_type_t (*get_subject_type)(tncif_identity_t *this);
+
+	/**
+	 * Get the TNC Authentication Type
+	 *
+	 * @return					TNC Authentication Type
+	 */
+	pen_type_t (*get_auth_type)(tncif_identity_t *this);
+
+	/**
+	 * Build the IF-IMV TNC Identity attribute encoding
+	 *
+	 * @param writer			writer to write encoded data to
+	 */
+	void (*build)(tncif_identity_t *this, bio_writer_t *writer);
+
+	/**
+	 * Process the IF-IMV TNC Identity attribute encoding
+	 *
+	 * @param reader			reader to read encoded data from
+	 * @return					TRUE if successful
+	 */
+	bool (*process)(tncif_identity_t *this, bio_reader_t *reader);
+
+	/**
+	 * Destroys a tncif_identity_t object.
+	 */
+	void (*destroy)(tncif_identity_t *this);
+
+};
+
+/**
+ * Create an empty TNC Identity object
+ */
+tncif_identity_t* tncif_identity_create_empty(void);
+
+/**
+ * Create an TNC Identity object from its components
+ *
+ * @param identity_type			TNC Identity Type
+ * @param identity_value		TNC Identity Value (not cloned by constructor)
+ * @param subject_type			TNC Subject Type
+ * @param auth_type				TNC Authentication Type
+ */
+tncif_identity_t* tncif_identity_create(pen_type_t identity_type,
+										chunk_t identity_value,
+										pen_type_t subject_type,
+										pen_type_t auth_type);
+
+#endif /** TNCIF_IDENTITY_H_ @}*/
diff --git a/src/libtncif/tncif_names.c b/src/libtncif/tncif_names.c
index c108776ec..ac948c8ba 100644
--- a/src/libtncif/tncif_names.c
+++ b/src/libtncif/tncif_names.c
@@ -45,3 +45,20 @@ ENUM(TNC_IMV_Evaluation_Result_names,
 	"error",
 	"don't know"
 );
+
+ENUM(TNC_Subject_names,
+	TNC_SUBJECT_UNKNOWN,
+	TNC_SUBJECT_USER,
+	"unknown",
+	"machine",
+	"user"
+);
+
+ENUM(TNC_Authentication_names,
+	TNC_AUTH_UNKNOWN,
+	TNC_AUTH_SIM,
+	"unknown method",
+	"certificate",
+	"password",
+	"SIM card"
+);
diff --git a/src/libtncif/tncif_names.h b/src/libtncif/tncif_names.h
index 9b50a34e9..75458f960 100644
--- a/src/libtncif/tncif_names.h
+++ b/src/libtncif/tncif_names.h
@@ -30,5 +30,7 @@
 extern enum_name_t *TNC_Connection_State_names;
 extern enum_name_t *TNC_IMV_Action_Recommendation_names;
 extern enum_name_t *TNC_IMV_Evaluation_Result_names;
+extern enum_name_t *TNC_Subject_names;
+extern enum_name_t *TNC_Authentication_names;
 
 #endif /** TNCIF_NAME_H_ @}*/
diff --git a/src/libtncif/tncif_pa_subtypes.c b/src/libtncif/tncif_pa_subtypes.c
index d15a1c864..bf1e999b3 100644
--- a/src/libtncif/tncif_pa_subtypes.c
+++ b/src/libtncif/tncif_pa_subtypes.c
@@ -33,11 +33,13 @@ ENUM_NEXT(pa_subtype_ietf_names, PA_SUBTYPE_IETF_ANY, PA_SUBTYPE_IETF_ANY,
 );
 ENUM_END(pa_subtype_ietf_names, PA_SUBTYPE_IETF_ANY);
 
-ENUM_BEGIN(pa_subtype_tcg_names, PA_SUBTYPE_TCG_PTS, PA_SUBTYPE_TCG_PTS,
-	"PTS"
+ENUM_BEGIN(pa_subtype_tcg_names, PA_SUBTYPE_TCG_PTS, PA_SUBTYPE_TCG_SWID,
+	"PTS",
+	"SCAP",
+	"SWID"
 );
 ENUM_NEXT(pa_subtype_tcg_names, PA_SUBTYPE_TCG_ANY, PA_SUBTYPE_TCG_ANY,
-								PA_SUBTYPE_TCG_PTS,
+								PA_SUBTYPE_TCG_SWID,
 	"ANY"
 );
 ENUM_END(pa_subtype_tcg_names, PA_SUBTYPE_TCG_ANY);
@@ -61,12 +63,12 @@ ENUM_NEXT(pa_subtype_fhh_names, PA_SUBTYPE_FHH_ANY, PA_SUBTYPE_FHH_ANY,
 );
 ENUM_END(pa_subtype_fhh_names, PA_SUBTYPE_FHH_ANY);
 
-ENUM_BEGIN(pa_subtype_ita_names, PA_SUBTYPE_ITA_TEST, PA_SUBTYPE_ITA_SCANNER,
+ENUM_BEGIN(pa_subtype_ita_names, PA_SUBTYPE_ITA_TEST, PA_SUBTYPE_ITA_ECHO,
 	"Test",
-	"Scanner"
+	"Echo"
 );
 ENUM_NEXT(pa_subtype_ita_names, PA_SUBTYPE_ITA_ANY, PA_SUBTYPE_ITA_ANY,
-								PA_SUBTYPE_ITA_SCANNER,
+								PA_SUBTYPE_ITA_ECHO,
 	"ANY"
 );
 ENUM_END(pa_subtype_ita_names, PA_SUBTYPE_ITA_ANY);
diff --git a/src/libtncif/tncif_pa_subtypes.h b/src/libtncif/tncif_pa_subtypes.h
index 0be495bfc..0855d1df3 100644
--- a/src/libtncif/tncif_pa_subtypes.h
+++ b/src/libtncif/tncif_pa_subtypes.h
@@ -54,6 +54,8 @@ extern enum_name_t *pa_subtype_ietf_names;
  */
  enum pa_subtype_tcg_t {
 	PA_SUBTYPE_TCG_PTS =				0x01,
+	PA_SUBTYPE_TCG_SCAP =				0x02,
+	PA_SUBTYPE_TCG_SWID =				0x03,
 	PA_SUBTYPE_TCG_ANY =				0xff
 };
 
@@ -84,7 +86,7 @@ extern enum_name_t *pa_subtype_fhh_names;
  */
  enum pa_subtype_ita_t {
 	PA_SUBTYPE_ITA_TEST =				0x01,
-	PA_SUBTYPE_ITA_SCANNER =			0x02,
+	PA_SUBTYPE_ITA_ECHO =				0x02,
 	PA_SUBTYPE_ITA_ANY =				0xff
 };
 
diff --git a/src/libtncif/tncif_policy.c b/src/libtncif/tncif_policy.c
new file mode 100644
index 000000000..1fa88e344
--- /dev/null
+++ b/src/libtncif/tncif_policy.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tncif_policy.h"
+
+/**
+ * See header
+ */
+TNC_IMV_Evaluation_Result tncif_policy_update_evaluation(
+									TNC_IMV_Evaluation_Result eval,
+									TNC_IMV_Evaluation_Result eval_add)
+{
+	switch (eval)
+	{
+		case TNC_IMV_EVALUATION_RESULT_COMPLIANT:
+			switch (eval_add)
+			{
+				case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
+				case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
+				case TNC_IMV_EVALUATION_RESULT_ERROR:
+					eval = eval_add;
+					break;
+				default:
+					break;
+			}
+			break;
+		case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR:
+			switch (eval_add)
+			{
+				case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
+				case TNC_IMV_EVALUATION_RESULT_ERROR:
+					eval = eval_add;
+					break;
+				default:
+					break;
+			}
+			break;
+		case TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR:
+			switch (eval_add)
+			{
+				case TNC_IMV_EVALUATION_RESULT_ERROR:
+					eval = eval_add;
+					break;
+				default:
+					break;
+			}
+			break;
+		case TNC_IMV_EVALUATION_RESULT_DONT_KNOW:
+			eval = eval_add;
+			break;
+		default:
+			break;
+	}
+	return eval;
+}
+
+/**
+ * See header
+ */
+TNC_IMV_Action_Recommendation tncif_policy_update_recommendation(
+									TNC_IMV_Action_Recommendation rec,
+									TNC_IMV_Action_Recommendation rec_add)
+{
+	switch (rec)
+	{
+		case TNC_IMV_ACTION_RECOMMENDATION_ALLOW:
+			switch (rec_add)
+			{
+				case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
+				case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
+					rec = rec_add;
+					break;
+				default:
+					break;
+			}
+			break;
+		case TNC_IMV_ACTION_RECOMMENDATION_ISOLATE:
+			switch (rec_add)
+			{
+				case TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS:
+					rec = rec_add;
+					break;
+				default:
+					break;
+			}
+			break;
+		case TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION:
+			rec = rec_add;
+			break;
+		default:
+			break;
+	}
+	return rec;
+}
diff --git a/src/libtncif/tncif_policy.h b/src/libtncif/tncif_policy.h
new file mode 100644
index 000000000..d9f553b72
--- /dev/null
+++ b/src/libtncif/tncif_policy.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup libtncif libtncif
+ *
+ * @addtogroup libtncif
+ * TNC interface definitions
+ *
+ * @defgroup tnc_policy tnc_policy
+ * @{ @ingroup libtncif
+ */
+
+#ifndef TNCIF_POLICY_H_
+#define TNCIF_POLICY_H_
+
+#include "tncifimv.h"
+
+/**
+ * Create an empty TNC Identity object
+ *
+ * @param eval			Existing evaluation to be updated
+ * @param eval_add		Partial evaluation to be added
+ * @return				Updated evaluation
+ */
+TNC_IMV_Evaluation_Result tncif_policy_update_evaluation(
+									TNC_IMV_Evaluation_Result eval,
+									TNC_IMV_Evaluation_Result eval_add);
+
+/**
+ * Create an empty TNC Identity object
+ *
+ * @param rec			Existing recommendationto be updated
+ * @param rec_add		Partial recommendation to be added
+ * @return				Updated recommendation
+ */
+TNC_IMV_Action_Recommendation tncif_policy_update_recommendation(
+									TNC_IMV_Action_Recommendation rec,
+									TNC_IMV_Action_Recommendation rec_add);
+
+#endif /** TNCIF_POLICY_H_ @}*/
diff --git a/src/libtncif/tncifimv.h b/src/libtncif/tncifimv.h
index 3c9db0055..ecd4fd45b 100644
--- a/src/libtncif/tncifimv.h
+++ b/src/libtncif/tncifimv.h
@@ -209,6 +209,30 @@ typedef TNC_Result (*TNC_IMV_ProvideBindFunctionPointer)(
 #define TNC_ATTRIBUTEID_SOH ((TNC_AttributeID) 0x00559706)
 #define TNC_ATTRIBUTEID_SSOH ((TNC_AttributeID) 0x00559707)
 #define TNC_ATTRIBUTEID_PRIMARY_IMV_ID ((TNC_AttributeID) 0x00559710)
+#define TNC_ATTRIBUTEID_AR_IDENTITIES ((TNC_AttributeID) 0x00559712)
+
+/* TNC Identity Types */
+
+#define TNC_ID_UNKNOWN 0
+#define TNC_ID_IPV4_ADDR 1
+#define TNC_ID_IPV6_ADDR 2
+#define TNC_ID_FQDN 3
+#define TNC_ID_EMAIL_ADDR 4
+#define TNC_ID_USERNAME 5
+#define TNC_ID_X500_DN 6
+
+/* TNC Subject Types */
+
+#define TNC_SUBJECT_UNKNOWN 0
+#define TNC_SUBJECT_MACHINE 1
+#define TNC_SUBJECT_USER 2
+
+/* TNC Authentication Types */
+
+#define TNC_AUTH_UNKNOWN 0
+#define TNC_AUTH_X509_CERT 1
+#define TNC_AUTH_PASSWORD 2
+#define TNC_AUTH_SIM 3
 
 /* IMV Functions */