[Pkg-swan-devel] [strongswan] 01/01: Import upstream release 5.2.1
Romain Francoise
rfrancoise at moszumanska.debian.org
Tue Oct 21 19:50:00 UTC 2014
This is an automated email from the git hooks/post-receive script.
rfrancoise pushed a commit to branch upstream
in repository strongswan.
commit 2b8de74ff4c334c25e89988c4a401b24b5bcf03d
Author: Romain Francoise <rfrancoise at debian.org>
Date: Tue Oct 21 19:28:38 2014 +0200
Import upstream release 5.2.1
---
Android.common.mk | 2 +-
Makefile.in | 8 +
NEWS | 25 +
conf/Makefile.am | 8 +-
conf/Makefile.in | 16 +-
conf/options/charon-systemd.conf | 16 +
conf/options/charon-systemd.opt | 13 +
conf/options/charon.conf | 8 +-
conf/options/charon.opt | 8 +-
conf/options/starter.conf | 3 +
conf/options/starter.opt | 3 +
conf/plugins/eap-radius.conf | 6 +-
conf/plugins/eap-radius.opt | 6 +-
conf/plugins/ext-auth.conf | 11 +
conf/plugins/ext-auth.opt | 15 +
conf/plugins/kernel-netlink.conf | 10 +
conf/plugins/kernel-netlink.opt | 15 +
conf/plugins/stroke.conf | 3 +
conf/plugins/stroke.opt | 3 +
conf/strongswan.conf.5.main | 75 +-
config.h.in | 3 +
configure | 1038 ++++++++--
configure.ac | 96 +-
init/Makefile.am | 8 +-
init/Makefile.in | 15 +-
init/systemd-swanctl/Makefile.am | 11 +
init/systemd-swanctl/Makefile.in | 598 ++++++
init/systemd-swanctl/strongswan-swanctl.service.in | 9 +
init/systemd/Makefile.in | 8 +
init/systemd/strongswan.service.in | 2 +-
man/Makefile.am | 6 +-
man/Makefile.in | 17 +-
man/ipsec.conf.5.in | 5 +-
scripts/Makefile.in | 8 +
src/Makefile.am | 8 +-
src/Makefile.in | 28 +-
src/_copyright/Makefile.in | 8 +
src/_updown/Makefile.in | 8 +
src/_updown_espmark/Makefile.in | 8 +
src/aikgen/Makefile.in | 8 +
src/charon-cmd/Makefile.in | 8 +
src/charon-cmd/charon-cmd.c | 5 +-
src/charon-nm/Makefile.in | 8 +
src/charon-nm/nm/nm_backend.c | 2 +-
src/charon-svc/Makefile.in | 8 +
src/charon-systemd/Makefile.am | 19 +
src/charon-systemd/Makefile.in | 765 +++++++
src/charon-systemd/charon-systemd.c | 403 ++++
src/charon-tkm/Makefile.in | 8 +
src/charon-tkm/src/charon-tkm.c | 2 +-
src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 3 +-
src/charon-tkm/tests/tests.c | 2 +-
src/charon/Makefile.in | 8 +
src/charon/charon.c | 6 +-
src/checksum/Makefile.am | 5 -
src/checksum/Makefile.in | 43 +-
src/conftest/Makefile.in | 8 +
src/conftest/hooks/ike_auth_fill.c | 2 +-
src/conftest/hooks/reset_seq.c | 2 +-
src/dumm/Makefile.in | 8 +
src/include/Makefile.in | 8 +
src/ipsec/Makefile.in | 8 +
src/ipsec/_ipsec.8 | 14 +-
src/ipsec/_ipsec.8.in | 12 +-
src/ipsec/_ipsec.in | 51 +-
src/libcharon/Android.mk | 3 +-
src/libcharon/Makefile.am | 10 +-
src/libcharon/Makefile.in | 296 +--
src/libcharon/bus/bus.c | 37 +-
src/libcharon/bus/bus.h | 23 +-
src/libcharon/bus/listeners/listener.h | 18 +-
src/libcharon/config/child_cfg.c | 11 +
src/libcharon/config/proposal.c | 10 +-
src/libcharon/daemon.c | 2 +-
src/libcharon/encoding/message.c | 997 +++++++--
src/libcharon/encoding/message.h | 72 +-
src/libcharon/encoding/parser.c | 2 +-
.../encoding/payloads/encrypted_fragment_payload.h | 85 +
.../encoding/payloads/encrypted_payload.c | 1022 ++++++++++
.../encoding/payloads/encrypted_payload.h | 132 ++
.../encoding/payloads/encryption_payload.c | 634 ------
.../encoding/payloads/encryption_payload.h | 111 -
src/libcharon/encoding/payloads/ike_header.c | 16 +-
src/libcharon/encoding/payloads/notify_payload.c | 18 +-
src/libcharon/encoding/payloads/notify_payload.h | 4 +
src/libcharon/encoding/payloads/payload.c | 41 +-
src/libcharon/encoding/payloads/payload.h | 24 +-
src/libcharon/encoding/payloads/sa_payload.c | 17 +-
src/libcharon/network/receiver.c | 4 +-
src/libcharon/plugins/addrblock/Makefile.in | 8 +
src/libcharon/plugins/android_dns/Makefile.in | 8 +
src/libcharon/plugins/android_log/Makefile.in | 8 +
src/libcharon/plugins/certexpire/Makefile.in | 8 +
src/libcharon/plugins/coupling/Makefile.in | 8 +
src/libcharon/plugins/dhcp/Makefile.in | 8 +
src/libcharon/plugins/dnscert/Makefile.in | 8 +
src/libcharon/plugins/duplicheck/Makefile.in | 8 +
src/libcharon/plugins/eap_aka/Makefile.in | 8 +
src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 8 +
src/libcharon/plugins/eap_dynamic/Makefile.in | 8 +
src/libcharon/plugins/eap_gtc/Makefile.in | 8 +
src/libcharon/plugins/eap_identity/Makefile.in | 8 +
src/libcharon/plugins/eap_md5/Makefile.in | 8 +
src/libcharon/plugins/eap_mschapv2/Makefile.in | 8 +
src/libcharon/plugins/eap_peap/Makefile.in | 8 +
src/libcharon/plugins/eap_radius/Makefile.in | 8 +
src/libcharon/plugins/eap_radius/eap_radius.c | 50 +
.../plugins/eap_radius/eap_radius_accounting.c | 10 +
src/libcharon/plugins/eap_sim/Makefile.in | 8 +
src/libcharon/plugins/eap_sim_file/Makefile.in | 8 +
src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 8 +
.../plugins/eap_simaka_pseudonym/Makefile.in | 8 +
.../plugins/eap_simaka_reauth/Makefile.in | 8 +
src/libcharon/plugins/eap_simaka_sql/Makefile.in | 8 +
src/libcharon/plugins/eap_tls/Makefile.in | 8 +
src/libcharon/plugins/eap_tnc/Makefile.in | 8 +
src/libcharon/plugins/eap_ttls/Makefile.in | 8 +
src/libcharon/plugins/error_notify/Makefile.in | 8 +
src/libcharon/plugins/ext_auth/Makefile.am | 18 +
src/libcharon/plugins/ext_auth/Makefile.in | 774 +++++++
src/libcharon/plugins/ext_auth/ext_auth_listener.c | 203 ++
src/libcharon/plugins/ext_auth/ext_auth_listener.h | 59 +
src/libcharon/plugins/ext_auth/ext_auth_plugin.c | 156 ++
src/libcharon/plugins/ext_auth/ext_auth_plugin.h | 49 +
src/libcharon/plugins/farp/Makefile.in | 8 +
src/libcharon/plugins/ha/Makefile.in | 8 +
src/libcharon/plugins/ha/ha_dispatcher.c | 2 +
src/libcharon/plugins/ipseckey/Makefile.in | 8 +
src/libcharon/plugins/kernel_iph/Makefile.in | 8 +
src/libcharon/plugins/kernel_libipsec/Makefile.in | 8 +
src/libcharon/plugins/kernel_wfp/Makefile.in | 8 +
src/libcharon/plugins/led/Makefile.in | 8 +
src/libcharon/plugins/load_tester/Makefile.in | 8 +
src/libcharon/plugins/lookip/Makefile.in | 8 +
src/libcharon/plugins/maemo/Makefile.in | 8 +
src/libcharon/plugins/medcli/Makefile.in | 8 +
src/libcharon/plugins/medsrv/Makefile.in | 8 +
src/libcharon/plugins/osx_attr/Makefile.in | 8 +
src/libcharon/plugins/radattr/Makefile.in | 8 +
src/libcharon/plugins/smp/Makefile.in | 8 +
src/libcharon/plugins/socket_default/Makefile.in | 8 +
.../plugins/socket_default/socket_default_socket.c | 5 +-
src/libcharon/plugins/socket_dynamic/Makefile.in | 8 +
.../plugins/socket_dynamic/socket_dynamic_socket.c | 5 +-
src/libcharon/plugins/socket_win/Makefile.in | 8 +
.../plugins/socket_win/socket_win_socket.c | 5 +-
src/libcharon/plugins/sql/Makefile.in | 8 +
src/libcharon/plugins/stroke/Makefile.in | 8 +
src/libcharon/plugins/stroke/stroke_cred.c | 12 +-
src/libcharon/plugins/systime_fix/Makefile.in | 8 +
src/libcharon/plugins/tnc_ifmap/Makefile.in | 8 +
src/libcharon/plugins/tnc_pdp/Makefile.in | 8 +
src/libcharon/plugins/uci/Makefile.in | 8 +
src/libcharon/plugins/unit_tester/Makefile.in | 8 +
src/libcharon/plugins/unity/Makefile.in | 8 +
src/libcharon/plugins/unity/unity_narrow.c | 69 +-
src/libcharon/plugins/updown/Makefile.in | 8 +
src/libcharon/plugins/updown/updown_listener.c | 461 ++---
src/libcharon/plugins/vici/Makefile.am | 7 +
src/libcharon/plugins/vici/Makefile.in | 210 +-
src/libcharon/plugins/vici/README.md | 698 ++++++-
src/libcharon/plugins/vici/libvici.c | 5 +-
src/libcharon/plugins/vici/libvici.h | 4 +-
src/libcharon/plugins/vici/ruby/Makefile.am | 22 +
src/libcharon/plugins/vici/ruby/Makefile.in | 556 +++++
src/libcharon/plugins/vici/ruby/lib/vici.rb | 569 ++++++
src/libcharon/plugins/vici/ruby/vici.gemspec.in | 16 +
src/libcharon/plugins/vici/suites/test_message.c | 2 +-
src/libcharon/plugins/vici/vici_control.c | 12 +
src/libcharon/plugins/vici/vici_cred.c | 5 +-
src/libcharon/plugins/vici/vici_message.c | 4 +
src/libcharon/plugins/whitelist/Makefile.in | 8 +
src/libcharon/plugins/xauth_eap/Makefile.in | 8 +
src/libcharon/plugins/xauth_generic/Makefile.in | 8 +
src/libcharon/plugins/xauth_noauth/Makefile.in | 8 +
src/libcharon/plugins/xauth_pam/Makefile.in | 8 +
src/libcharon/processing/jobs/adopt_children_job.c | 40 +
src/libcharon/processing/jobs/adopt_children_job.h | 8 +
src/libcharon/processing/jobs/update_sa_job.c | 7 +-
src/libcharon/sa/ike_sa.c | 138 +-
src/libcharon/sa/ike_sa.h | 34 +-
src/libcharon/sa/ike_sa_manager.c | 48 +-
src/libcharon/sa/ikev1/phase1.c | 12 +
src/libcharon/sa/ikev1/task_manager_v1.c | 445 ++--
src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 32 +-
src/libcharon/sa/ikev1/tasks/informational.c | 6 +-
src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 39 +-
src/libcharon/sa/ikev1/tasks/main_mode.c | 31 +-
src/libcharon/sa/ikev1/tasks/quick_mode.c | 26 +-
src/libcharon/sa/ikev1/tasks/xauth.c | 23 +-
src/libcharon/sa/ikev1/tasks/xauth.h | 5 +
src/libcharon/sa/ikev2/task_manager_v2.c | 307 ++-
src/libcharon/sa/ikev2/tasks/ike_init.c | 23 +
src/libcharon/sa/ikev2/tasks/ike_mobike.c | 95 +-
src/libcharon/sa/ikev2/tasks/ike_mobike.h | 8 +-
src/libfast/Makefile.in | 8 +
src/libhydra/Makefile.am | 3 +-
src/libhydra/Makefile.in | 11 +-
src/libhydra/plugins/attr/Makefile.in | 8 +
src/libhydra/plugins/attr_sql/Makefile.in | 8 +
src/libhydra/plugins/kernel_netlink/Makefile.in | 8 +
.../plugins/kernel_netlink/kernel_netlink_ipsec.c | 86 +-
.../plugins/kernel_netlink/kernel_netlink_net.c | 90 +-
.../plugins/kernel_netlink/kernel_netlink_shared.c | 79 +-
.../plugins/kernel_netlink/kernel_netlink_shared.h | 10 +-
src/libhydra/plugins/kernel_pfkey/Makefile.in | 8 +
.../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 4 +-
src/libhydra/plugins/kernel_pfroute/Makefile.in | 8 +
.../plugins/kernel_pfroute/kernel_pfroute_net.c | 53 +-
src/libhydra/plugins/resolve/Makefile.in | 8 +
src/libimcv/Android.mk | 57 +-
src/libimcv/Makefile.am | 106 +-
src/libimcv/Makefile.in | 777 ++++++-
src/libimcv/ietf/ietf_attr.c | 29 +-
src/libimcv/ietf/ietf_attr.h | 8 +-
src/libimcv/ietf/ietf_attr_assess_result.c | 29 +-
src/libimcv/ietf/ietf_attr_assess_result.h | 8 +-
src/libimcv/ietf/ietf_attr_attr_request.c | 30 +-
src/libimcv/ietf/ietf_attr_attr_request.h | 10 +-
src/libimcv/ietf/ietf_attr_default_pwd_enabled.c | 26 +-
src/libimcv/ietf/ietf_attr_default_pwd_enabled.h | 6 +-
src/libimcv/ietf/ietf_attr_fwd_enabled.c | 26 +-
src/libimcv/ietf/ietf_attr_fwd_enabled.h | 8 +-
src/libimcv/ietf/ietf_attr_installed_packages.c | 138 +-
src/libimcv/ietf/ietf_attr_installed_packages.h | 18 +-
src/libimcv/ietf/ietf_attr_numeric_version.c | 29 +-
src/libimcv/ietf/ietf_attr_numeric_version.h | 8 +-
src/libimcv/ietf/ietf_attr_op_status.c | 24 +-
src/libimcv/ietf/ietf_attr_op_status.h | 8 +-
src/libimcv/ietf/ietf_attr_pa_tnc_error.c | 82 +-
src/libimcv/ietf/ietf_attr_pa_tnc_error.h | 28 +-
src/libimcv/ietf/ietf_attr_port_filter.c | 30 +-
src/libimcv/ietf/ietf_attr_port_filter.h | 8 +-
src/libimcv/ietf/ietf_attr_product_info.c | 30 +-
src/libimcv/ietf/ietf_attr_product_info.h | 8 +-
src/libimcv/ietf/ietf_attr_remediation_instr.c | 26 +-
src/libimcv/ietf/ietf_attr_remediation_instr.h | 8 +-
src/libimcv/ietf/ietf_attr_string_version.c | 26 +-
src/libimcv/ietf/ietf_attr_string_version.h | 8 +-
src/libimcv/imc/imc_agent.c | 28 +-
src/libimcv/imc/imc_agent.h | 12 +-
src/libimcv/imc/imc_msg.c | 239 ++-
src/libimcv/imc/imc_msg.h | 6 +-
src/libimcv/imc/imc_os_info.h | 2 +-
src/libimcv/imc/imc_state.h | 11 +-
src/libimcv/imcv.c | 45 +-
src/libimcv/imcv.h | 12 +
src/libimcv/imcv_tests.c | 45 +
src/libimcv/imcv_tests.h | 17 +
src/libimcv/imv/data.sql | 35 +
src/libimcv/imv/imv_agent.c | 26 +
src/libimcv/imv/imv_agent.h | 10 +
src/libimcv/imv/imv_msg.c | 238 ++-
src/libimcv/imv/imv_msg.h | 6 +-
src/libimcv/imv/imv_os_info.h | 2 +-
src/libimcv/imv/imv_state.h | 8 +
src/libimcv/ita/ita_attr.c | 19 +-
src/libimcv/ita/ita_attr.h | 8 +-
src/libimcv/ita/ita_attr_angel.c | 12 +-
src/libimcv/ita/ita_attr_angel.h | 5 +-
src/libimcv/ita/ita_attr_command.c | 30 +-
src/libimcv/ita/ita_attr_command.h | 7 +-
src/libimcv/ita/ita_attr_device_id.c | 27 +-
src/libimcv/ita/ita_attr_device_id.h | 7 +-
src/libimcv/ita/ita_attr_dummy.c | 34 +-
src/libimcv/ita/ita_attr_dummy.h | 9 +-
src/libimcv/ita/ita_attr_get_settings.c | 29 +-
src/libimcv/ita/ita_attr_get_settings.h | 8 +-
src/libimcv/ita/ita_attr_settings.c | 28 +-
src/libimcv/ita/ita_attr_settings.h | 5 +-
src/libimcv/os_info/os_info.h | 1 -
src/libimcv/pa_tnc/pa_tnc_attr.h | 13 +-
src/libimcv/pa_tnc/pa_tnc_attr_manager.c | 161 +-
src/libimcv/pa_tnc/pa_tnc_attr_manager.h | 26 +-
src/libimcv/pa_tnc/pa_tnc_msg.c | 221 +-
src/libimcv/pa_tnc/pa_tnc_msg.h | 6 +-
src/libimcv/plugins/imc_attestation/Makefile.am | 18 +
src/libimcv/plugins/imc_attestation/Makefile.in | 765 +++++++
.../plugins/imc_attestation/imc_attestation.c | 335 +++
.../imc_attestation/imc_attestation_process.c | 480 +++++
.../imc_attestation/imc_attestation_process.h | 0
.../imc_attestation/imc_attestation_state.c | 260 +++
.../imc_attestation/imc_attestation_state.h | 86 +
src/libimcv/plugins/imc_os/Makefile.in | 8 +
src/libimcv/plugins/imc_os/imc_os.c | 70 +-
src/libimcv/plugins/imc_os/imc_os_state.c | 16 +-
src/libimcv/plugins/imc_scanner/Makefile.in | 8 +
src/libimcv/plugins/imc_scanner/imc_scanner.c | 10 +-
.../plugins/imc_scanner/imc_scanner_state.c | 16 +-
src/libimcv/plugins/imc_swid/Makefile.am | 37 +
src/libimcv/plugins/imc_swid/Makefile.in | 826 ++++++++
src/libimcv/plugins/imc_swid/imc_swid.c | 424 ++++
src/libimcv/plugins/imc_swid/imc_swid_state.c | 203 ++
.../plugins/imc_swid/imc_swid_state.h | 0
...id.2004-03.org.strongswan_strongSwan.swidtag.in | 0
src/libimcv/plugins/imc_test/Makefile.in | 8 +
src/libimcv/plugins/imc_test/imc_test.c | 36 +-
src/libimcv/plugins/imc_test/imc_test_state.c | 16 +-
src/libimcv/plugins/imv_attestation/Makefile.am | 33 +
src/libimcv/plugins/imv_attestation/Makefile.in | 847 ++++++++
src/libimcv/plugins/imv_attestation/attest.c | 484 +++++
src/libimcv/plugins/imv_attestation/attest_db.c | 1995 ++++++++++++++++++
src/libimcv/plugins/imv_attestation/attest_db.h | 267 +++
.../plugins/imv_attestation/attest_usage.c | 0
.../plugins/imv_attestation/attest_usage.h | 0
.../plugins/imv_attestation/build-database.sh | 84 +
.../plugins/imv_attestation/imv_attestation.c | 0
.../imv_attestation/imv_attestation_agent.c | 931 +++++++++
.../imv_attestation/imv_attestation_agent.h | 0
.../imv_attestation/imv_attestation_build.c | 155 ++
.../imv_attestation/imv_attestation_build.h | 0
.../imv_attestation/imv_attestation_process.c | 567 ++++++
.../imv_attestation/imv_attestation_process.h | 0
.../imv_attestation/imv_attestation_state.c | 560 +++++
.../imv_attestation/imv_attestation_state.h | 192 ++
src/libimcv/plugins/imv_os/Makefile.in | 8 +
src/libimcv/plugins/imv_os/imv_os_agent.c | 65 +-
src/libimcv/plugins/imv_os/imv_os_state.c | 32 +-
src/libimcv/plugins/imv_os/imv_os_state.h | 12 +-
src/libimcv/plugins/imv_scanner/Makefile.in | 8 +
.../plugins/imv_scanner/imv_scanner_agent.c | 23 +-
.../plugins/imv_scanner/imv_scanner_state.c | 14 +
src/libimcv/plugins/imv_swid/Makefile.am | 21 +
src/libimcv/plugins/imv_swid/Makefile.in | 769 +++++++
.../plugins/imv_swid/imv_swid.c | 0
src/libimcv/plugins/imv_swid/imv_swid_agent.c | 726 +++++++
.../plugins/imv_swid/imv_swid_agent.h | 0
.../plugins/imv_swid/imv_swid_rest.c | 0
src/libimcv/plugins/imv_swid/imv_swid_rest.h | 63 +
src/libimcv/plugins/imv_swid/imv_swid_state.c | 402 ++++
src/libimcv/plugins/imv_swid/imv_swid_state.h | 136 ++
src/libimcv/plugins/imv_test/Makefile.in | 8 +
src/libimcv/plugins/imv_test/imv_test_agent.c | 30 +-
src/libimcv/plugins/imv_test/imv_test_state.c | 16 +-
.../pts/components/ita/ita_comp_func_name.c | 0
.../pts/components/ita/ita_comp_func_name.h | 0
src/libimcv/pts/components/ita/ita_comp_ima.c | 914 +++++++++
.../pts/components/ita/ita_comp_ima.h | 0
src/libimcv/pts/components/ita/ita_comp_tboot.c | 362 ++++
.../pts/components/ita/ita_comp_tboot.h | 0
.../pts/components/ita/ita_comp_tgrub.c | 0
.../pts/components/ita/ita_comp_tgrub.h | 0
.../pts/components/pts_comp_evidence.c | 0
.../pts/components/pts_comp_evidence.h | 0
src/libimcv/pts/components/pts_comp_func_name.c | 162 ++
.../pts/components/pts_comp_func_name.h | 0
.../pts/components/pts_component.h | 0
.../pts/components/pts_component_manager.c | 0
.../pts/components/pts_component_manager.h | 0
.../pts/components/tcg/tcg_comp_func_name.c | 0
.../pts/components/tcg/tcg_comp_func_name.h | 0
src/{libpts => libimcv}/pts/pts.c | 0
src/libimcv/pts/pts.h | 315 +++
src/{libpts => libimcv}/pts/pts_creds.c | 0
src/{libpts => libimcv}/pts/pts_creds.h | 0
src/{libpts => libimcv}/pts/pts_database.c | 0
src/{libpts => libimcv}/pts/pts_database.h | 0
src/{libpts => libimcv}/pts/pts_dh_group.c | 0
src/{libpts => libimcv}/pts/pts_dh_group.h | 0
src/{libpts => libimcv}/pts/pts_error.c | 0
src/{libpts => libimcv}/pts/pts_error.h | 0
src/{libpts => libimcv}/pts/pts_file_meas.c | 0
src/{libpts => libimcv}/pts/pts_file_meas.h | 0
src/{libpts => libimcv}/pts/pts_file_meta.c | 0
src/{libpts => libimcv}/pts/pts_file_meta.h | 0
src/{libpts => libimcv}/pts/pts_file_type.c | 0
src/{libpts => libimcv}/pts/pts_file_type.h | 0
src/{libpts => libimcv}/pts/pts_ima_bios_list.c | 0
src/{libpts => libimcv}/pts/pts_ima_bios_list.h | 0
src/{libpts => libimcv}/pts/pts_ima_event_list.c | 0
src/{libpts => libimcv}/pts/pts_ima_event_list.h | 0
src/{libpts => libimcv}/pts/pts_meas_algo.c | 0
src/{libpts => libimcv}/pts/pts_meas_algo.h | 0
src/{libpts => libimcv}/pts/pts_pcr.c | 0
src/{libpts => libimcv}/pts/pts_pcr.h | 0
src/{libpts => libimcv}/pts/pts_proto_caps.h | 0
.../pts/pts_req_func_comp_evid.h | 0
.../pts/pts_simple_evid_final.h | 0
src/libimcv/seg/seg_contract.c | 479 +++++
src/libimcv/seg/seg_contract.h | 180 ++
src/libimcv/seg/seg_contract_manager.c | 94 +
src/libimcv/seg/seg_contract_manager.h | 63 +
src/libimcv/seg/seg_env.c | 306 +++
src/libimcv/seg/seg_env.h | 119 ++
src/libimcv/suites/test_imcv_seg.c | 738 +++++++
src/{libpts => libimcv}/swid/swid_error.c | 0
src/libimcv/swid/swid_error.h | 58 +
src/libimcv/swid/swid_inventory.c | 454 +++++
src/libimcv/swid/swid_inventory.h | 84 +
src/libimcv/swid/swid_tag.c | 102 +
src/libimcv/swid/swid_tag.h | 70 +
src/libimcv/swid/swid_tag_id.c | 114 ++
src/libimcv/swid/swid_tag_id.h | 73 +
src/libimcv/tcg/pts/tcg_pts_attr_aik.c | 266 +++
src/libimcv/tcg/pts/tcg_pts_attr_aik.h | 67 +
src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c | 287 +++
src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h | 92 +
.../tcg/pts/tcg_pts_attr_dh_nonce_params_req.c | 258 +++
.../tcg/pts/tcg_pts_attr_dh_nonce_params_req.h | 75 +
.../tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c | 306 +++
.../tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h | 96 +
src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c | 356 ++++
src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h | 68 +
src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c | 225 +++
src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h | 56 +
src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c | 222 ++
src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h | 56 +
.../tcg/pts/tcg_pts_attr_get_tpm_version_info.c | 225 +++
.../tcg/pts/tcg_pts_attr_get_tpm_version_info.h | 57 +
src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c | 243 +++
src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h | 71 +
src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c | 244 +++
src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h | 70 +
src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c | 314 +++
src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h | 93 +
src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c | 296 +++
src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h | 84 +
.../tcg/pts/tcg_pts_attr_req_func_comp_evid.c | 389 ++++
.../tcg/pts/tcg_pts_attr_req_func_comp_evid.h | 83 +
.../tcg/pts/tcg_pts_attr_simple_comp_evid.c | 532 +++++
.../tcg/pts/tcg_pts_attr_simple_comp_evid.h | 67 +
.../tcg/pts/tcg_pts_attr_simple_evid_final.c | 405 ++++
.../tcg/pts/tcg_pts_attr_simple_evid_final.h | 96 +
.../tcg/pts/tcg_pts_attr_tpm_version_info.c | 248 +++
.../tcg/pts/tcg_pts_attr_tpm_version_info.h | 73 +
src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c | 372 ++++
src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h | 68 +
src/libimcv/tcg/seg/tcg_seg_attr_max_size.c | 254 +++
src/libimcv/tcg/seg/tcg_seg_attr_max_size.h | 73 +
src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c | 258 +++
src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h | 73 +
src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c | 257 +++
src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h | 76 +
src/libimcv/tcg/swid/tcg_swid_attr_req.c | 349 ++++
src/libimcv/tcg/swid/tcg_swid_attr_req.h | 106 +
src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c | 396 ++++
src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h | 109 +
src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c | 389 ++++
src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h | 108 +
src/libimcv/tcg/tcg_attr.c | 270 +++
src/libimcv/tcg/tcg_attr.h | 105 +
src/libipsec/Makefile.in | 8 +
src/libipsec/ip_packet.c | 298 ++-
src/libipsec/ip_packet.h | 35 +-
src/libpts/Android.mk | 78 -
src/libpts/Makefile.am | 94 -
src/libpts/Makefile.in | 1181 -----------
src/libpts/libpts.c | 96 -
src/libpts/libpts.h | 52 -
src/libpts/plugins/imc_attestation/Makefile.am | 20 -
src/libpts/plugins/imc_attestation/Makefile.in | 760 -------
.../plugins/imc_attestation/imc_attestation.c | 339 ----
.../imc_attestation/imc_attestation_process.c | 476 -----
.../imc_attestation/imc_attestation_state.c | 244 ---
.../imc_attestation/imc_attestation_state.h | 86 -
src/libpts/plugins/imc_swid/Makefile.am | 39 -
src/libpts/plugins/imc_swid/Makefile.in | 821 --------
src/libpts/plugins/imc_swid/imc_swid.c | 479 -----
src/libpts/plugins/imc_swid/imc_swid_state.c | 189 --
src/libpts/plugins/imv_attestation/Makefile.am | 36 -
src/libpts/plugins/imv_attestation/Makefile.in | 844 --------
src/libpts/plugins/imv_attestation/attest.c | 487 -----
src/libpts/plugins/imv_attestation/attest_db.c | 1994 ------------------
src/libpts/plugins/imv_attestation/attest_db.h | 267 ---
.../plugins/imv_attestation/build-database.sh | 84 -
.../imv_attestation/imv_attestation_agent.c | 909 ---------
.../imv_attestation/imv_attestation_build.c | 150 --
.../imv_attestation/imv_attestation_process.c | 563 ------
.../imv_attestation/imv_attestation_state.c | 546 -----
.../imv_attestation/imv_attestation_state.h | 191 --
src/libpts/plugins/imv_swid/Makefile.am | 23 -
src/libpts/plugins/imv_swid/Makefile.in | 762 -------
src/libpts/plugins/imv_swid/imv_swid_agent.c | 717 -------
src/libpts/plugins/imv_swid/imv_swid_rest.h | 63 -
src/libpts/plugins/imv_swid/imv_swid_state.c | 388 ----
src/libpts/plugins/imv_swid/imv_swid_state.h | 137 --
src/libpts/pts/components/ita/ita_comp_ima.c | 914 ---------
src/libpts/pts/components/ita/ita_comp_tboot.c | 361 ----
src/libpts/pts/components/pts_comp_func_name.c | 159 --
src/libpts/pts/pts.h | 315 ---
src/libpts/swid/swid_error.h | 58 -
src/libpts/swid/swid_inventory.c | 458 -----
src/libpts/swid/swid_inventory.h | 81 -
src/libpts/swid/swid_tag.c | 102 -
src/libpts/swid/swid_tag.h | 70 -
src/libpts/swid/swid_tag_id.c | 114 --
src/libpts/swid/swid_tag_id.h | 73 -
src/libpts/tcg/pts/tcg_pts_attr_aik.c | 245 ---
src/libpts/tcg/pts/tcg_pts_attr_aik.h | 65 -
src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c | 265 ---
src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h | 89 -
.../tcg/pts/tcg_pts_attr_dh_nonce_params_req.c | 236 ---
.../tcg/pts/tcg_pts_attr_dh_nonce_params_req.h | 72 -
.../tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c | 284 ---
.../tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h | 93 -
src/libpts/tcg/pts/tcg_pts_attr_file_meas.c | 295 ---
src/libpts/tcg/pts/tcg_pts_attr_file_meas.h | 65 -
src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c | 203 --
src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h | 53 -
src/libpts/tcg/pts/tcg_pts_attr_get_aik.c | 200 --
src/libpts/tcg/pts/tcg_pts_attr_get_aik.h | 53 -
.../tcg/pts/tcg_pts_attr_get_tpm_version_info.c | 203 --
.../tcg/pts/tcg_pts_attr_get_tpm_version_info.h | 54 -
src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c | 221 --
src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h | 68 -
src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c | 221 --
src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h | 67 -
src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c | 292 ---
src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h | 90 -
src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c | 275 ---
src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h | 81 -
.../tcg/pts/tcg_pts_attr_req_func_comp_evid.c | 367 ----
.../tcg/pts/tcg_pts_attr_req_func_comp_evid.h | 80 -
src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c | 511 -----
src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h | 64 -
.../tcg/pts/tcg_pts_attr_simple_evid_final.c | 383 ----
.../tcg/pts/tcg_pts_attr_simple_evid_final.h | 93 -
src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c | 226 ---
src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h | 70 -
src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c | 350 ----
src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h | 65 -
src/libpts/tcg/swid/tcg_swid_attr_req.c | 328 ---
src/libpts/tcg/swid/tcg_swid_attr_req.h | 105 -
src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c | 331 ---
src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h | 95 -
src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c | 319 ---
src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h | 94 -
src/libpts/tcg/tcg_attr.c | 239 ---
src/libpts/tcg/tcg_attr.h | 96 -
src/libpttls/Makefile.in | 8 +
src/libradius/Makefile.in | 8 +
src/libsimaka/Makefile.in | 8 +
src/libstrongswan/Android.mk | 2 +-
src/libstrongswan/Makefile.am | 4 +-
src/libstrongswan/Makefile.in | 36 +-
src/libstrongswan/asn1/asn1.c | 35 +-
src/libstrongswan/collections/array.c | 8 +-
src/libstrongswan/collections/array.h | 5 +
src/libstrongswan/credentials/auth_cfg.c | 2 +-
src/libstrongswan/credentials/credential_manager.c | 2 +-
src/libstrongswan/crypto/diffie_hellman.c | 36 +-
src/libstrongswan/crypto/diffie_hellman.h | 8 +
src/libstrongswan/library.c | 16 +-
src/libstrongswan/library.h | 5 +
src/libstrongswan/networking/packet.h | 5 +
.../networking/streams/stream_service.c | 88 +-
src/libstrongswan/plugins/acert/Makefile.in | 8 +
src/libstrongswan/plugins/aes/Makefile.in | 8 +
src/libstrongswan/plugins/af_alg/Makefile.in | 8 +
src/libstrongswan/plugins/agent/Makefile.in | 8 +
src/libstrongswan/plugins/blowfish/Makefile.in | 8 +
src/libstrongswan/plugins/ccm/Makefile.in | 8 +
src/libstrongswan/plugins/cmac/Makefile.in | 8 +
src/libstrongswan/plugins/constraints/Makefile.in | 8 +
src/libstrongswan/plugins/ctr/Makefile.in | 8 +
src/libstrongswan/plugins/curl/Makefile.in | 8 +
src/libstrongswan/plugins/curl/curl_fetcher.c | 7 +-
src/libstrongswan/plugins/curl/curl_plugin.c | 127 +-
src/libstrongswan/plugins/des/Makefile.in | 8 +
src/libstrongswan/plugins/dnskey/Makefile.in | 8 +
src/libstrongswan/plugins/fips_prf/Makefile.in | 8 +
src/libstrongswan/plugins/gcm/Makefile.in | 8 +
src/libstrongswan/plugins/gcrypt/Makefile.in | 8 +
src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 2 +
src/libstrongswan/plugins/gmp/Makefile.in | 8 +
src/libstrongswan/plugins/hmac/Makefile.in | 8 +
src/libstrongswan/plugins/keychain/Makefile.in | 8 +
src/libstrongswan/plugins/ldap/Makefile.in | 8 +
src/libstrongswan/plugins/md4/Makefile.in | 8 +
src/libstrongswan/plugins/md5/Makefile.in | 8 +
src/libstrongswan/plugins/mysql/Makefile.in | 8 +
src/libstrongswan/plugins/nonce/Makefile.in | 8 +
src/libstrongswan/plugins/ntru/Makefile.in | 8 +
src/libstrongswan/plugins/openssl/Makefile.in | 8 +
.../plugins/openssl/openssl_ec_private_key.c | 12 +-
.../plugins/openssl/openssl_ec_public_key.c | 12 +-
src/libstrongswan/plugins/openssl/openssl_plugin.c | 2 +
src/libstrongswan/plugins/padlock/Makefile.in | 8 +
src/libstrongswan/plugins/pem/Makefile.in | 8 +
src/libstrongswan/plugins/pgp/Makefile.in | 8 +
src/libstrongswan/plugins/pkcs1/Makefile.in | 8 +
src/libstrongswan/plugins/pkcs11/Makefile.in | 8 +
src/libstrongswan/plugins/pkcs12/Makefile.in | 8 +
src/libstrongswan/plugins/pkcs7/Makefile.in | 8 +
src/libstrongswan/plugins/pkcs8/Makefile.in | 8 +
src/libstrongswan/plugins/plugin_loader.c | 31 +-
src/libstrongswan/plugins/plugin_loader.h | 8 +-
src/libstrongswan/plugins/pubkey/Makefile.in | 8 +
src/libstrongswan/plugins/random/Makefile.in | 8 +
src/libstrongswan/plugins/rc2/Makefile.in | 8 +
src/libstrongswan/plugins/rdrand/Makefile.in | 8 +
src/libstrongswan/plugins/revocation/Makefile.in | 8 +
src/libstrongswan/plugins/sha1/Makefile.in | 8 +
src/libstrongswan/plugins/sha2/Makefile.in | 8 +
src/libstrongswan/plugins/soup/Makefile.in | 8 +
src/libstrongswan/plugins/sqlite/Makefile.in | 8 +
src/libstrongswan/plugins/sshkey/Makefile.in | 8 +
src/libstrongswan/plugins/test_vectors/Makefile.in | 8 +
src/libstrongswan/plugins/unbound/Makefile.in | 8 +
src/libstrongswan/plugins/winhttp/Makefile.in | 8 +
src/libstrongswan/plugins/x509/Makefile.in | 8 +
src/libstrongswan/plugins/xcbc/Makefile.in | 8 +
src/libstrongswan/processing/watcher.c | 32 +-
src/libstrongswan/processing/watcher.h | 20 +
src/libstrongswan/settings/settings.c | 2 +-
src/libstrongswan/settings/settings_parser.c | 4 +-
src/libstrongswan/settings/settings_parser.y | 4 +-
src/libstrongswan/tests/Makefile.am | 1 +
src/libstrongswan/tests/Makefile.in | 27 +
src/libstrongswan/tests/suites/test_chunk.c | 49 +
src/libstrongswan/tests/suites/test_process.c | 227 +++
src/libstrongswan/tests/suites/test_threading.c | 6 +-
src/libstrongswan/tests/test_runner.c | 45 +-
src/libstrongswan/tests/test_runner.h | 1 +
src/libstrongswan/tests/tests.h | 1 +
src/libstrongswan/threading/mutex.c | 21 +-
src/libstrongswan/threading/thread.h | 28 +
src/libstrongswan/utils/backtrace.c | 1 +
src/libstrongswan/utils/chunk.c | 31 +
src/libstrongswan/utils/chunk.h | 25 +
src/libstrongswan/utils/leak_detective.c | 2 +
src/libstrongswan/utils/process.c | 592 ++++++
src/libstrongswan/utils/process.h | 97 +
src/libstrongswan/utils/utils.h | 17 +-
src/libtls/Makefile.in | 8 +
src/libtls/tests/Makefile.in | 8 +
src/libtls/tls_aead.c | 1 +
src/libtls/tls_aead_expl.c | 9 +-
src/libtls/tls_aead_impl.c | 8 +
src/libtnccs/Makefile.in | 8 +
src/libtnccs/plugins/tnc_imc/Makefile.in | 8 +
src/libtnccs/plugins/tnc_imv/Makefile.in | 8 +
src/libtnccs/plugins/tnc_tnccs/Makefile.in | 8 +
src/libtnccs/plugins/tnccs_11/Makefile.in | 8 +
src/libtnccs/plugins/tnccs_20/Makefile.in | 8 +
src/libtnccs/plugins/tnccs_dynamic/Makefile.in | 8 +
src/libtncif/Makefile.in | 8 +
src/manager/Makefile.in | 8 +
src/medsrv/Makefile.in | 8 +
src/pki/Makefile.in | 8 +
src/pki/man/Makefile.in | 8 +
src/pool/Makefile.in | 8 +
src/pt-tls-client/Makefile.in | 8 +
src/pt-tls-client/pt-tls-client.c | 2 +-
src/scepclient/Makefile.in | 8 +
src/starter/Makefile.in | 8 +
src/starter/confread.c | 10 +-
src/starter/invokecharon.c | 9 +
src/starter/starter.c | 14 +-
src/starter/tests/Makefile.in | 8 +
src/stroke/Makefile.in | 8 +
src/swanctl/Makefile.am | 12 +-
src/swanctl/Makefile.in | 35 +-
src/swanctl/command.c | 5 +-
src/swanctl/command.h | 2 +-
src/swanctl/commands/initiate.c | 6 +-
src/swanctl/commands/install.c | 3 +-
src/swanctl/commands/list_certs.c | 7 +-
src/swanctl/commands/list_conns.c | 7 +-
src/swanctl/commands/list_pols.c | 7 +-
src/swanctl/commands/list_pools.c | 3 +-
src/swanctl/commands/list_sas.c | 8 +-
src/swanctl/commands/load_all.c | 103 +
src/swanctl/commands/load_conns.c | 81 +-
src/swanctl/commands/load_conns.h | 26 +
src/swanctl/commands/load_creds.c | 71 +-
src/swanctl/commands/load_creds.h | 28 +
src/swanctl/commands/load_pools.c | 83 +-
src/swanctl/commands/load_pools.h | 26 +
src/swanctl/commands/log.c | 4 +-
src/swanctl/commands/reload_settings.c | 88 +
src/swanctl/commands/stats.c | 4 +-
src/swanctl/commands/terminate.c | 6 +-
src/swanctl/commands/version.c | 4 +-
src/swanctl/swanctl.8.in | 9 +
src/swanctl/swanctl.conf | 4 +-
src/swanctl/swanctl.conf.5.main | 21 +-
src/swanctl/swanctl.opt | 15 +-
testing/Makefile.in | 8 +
testing/config/kernel/config-3.16 | 2097 +++++++++++++++++++
testing/config/kernel/config-3.17 | 2135 ++++++++++++++++++++
testing/config/kvm/alice.xml | 4 +-
testing/config/kvm/bob.xml | 4 +-
testing/config/kvm/carol.xml | 4 +-
testing/config/kvm/dave.xml | 4 +-
testing/config/kvm/moon.xml | 4 +-
testing/config/kvm/sun.xml | 4 +-
testing/config/kvm/venus.xml | 4 +-
testing/config/kvm/winnetou.xml | 4 +-
.../hosts/alice/etc/ipsec.d/certs/aliceCert.pem | 34 +-
.../hosts/alice/etc/ipsec.d/private/aliceKey.pem | 50 +-
testing/hosts/alice/etc/swanctl/rsa/aliceKey.pem | 50 +-
testing/hosts/alice/etc/swanctl/x509/aliceCert.pem | 34 +-
testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem | 34 +-
testing/hosts/bob/etc/ipsec.d/private/bobKey.pem | 50 +-
testing/hosts/bob/etc/swanctl/rsa/bobKey.pem | 50 +-
testing/hosts/bob/etc/swanctl/x509/bobCert.pem | 34 +-
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 34 +-
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 52 +-
testing/hosts/carol/etc/swanctl/rsa/carolKey.pem | 50 +-
testing/hosts/carol/etc/swanctl/x509/carolCert.pem | 34 +-
testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 +-
testing/hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +-
testing/hosts/dave/etc/swanctl/rsa/daveKey.pem | 50 +-
testing/hosts/dave/etc/swanctl/x509/daveCert.pem | 34 +-
testing/hosts/default/etc/inittab | 71 +
testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem | 34 +-
testing/hosts/moon/etc/ipsec.d/private/moonKey.pem | 50 +-
testing/hosts/moon/etc/swanctl/rsa/moonKey.pem | 50 +-
testing/hosts/moon/etc/swanctl/x509/moonCert.pem | 34 +-
testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem | 34 +-
testing/hosts/sun/etc/ipsec.d/private/sunKey.pem | 50 +-
testing/hosts/sun/etc/swanctl/rsa/sunKey.pem | 50 +-
testing/hosts/sun/etc/swanctl/x509/sunCert.pem | 34 +-
.../hosts/venus/etc/ipsec.d/certs/venusCert.pem | 30 +-
.../hosts/venus/etc/ipsec.d/private/venusKey.pem | 50 +-
testing/hosts/venus/etc/swanctl/rsa/venusKey.pem | 50 +-
testing/hosts/venus/etc/swanctl/x509/venusCert.pem | 30 +-
testing/hosts/winnetou/etc/bind/db.strongswan.org | 124 +-
.../certs/07de9420646e493941432a451e7c14fd28fb9307 | Bin 0 -> 1058 bytes
.../certs/0e35060aed55a85aa8520815c166588fc35bcd93 | Bin 965 -> 0 bytes
.../certs/160769ece9ead9c1c4d89c34aa004c3b66402081 | Bin 1062 -> 0 bytes
.../certs/16bf9080ac60d035d7a75ca7f634ed4427f00c0f | Bin 0 -> 1076 bytes
.../certs/174b20a63b8469706e6695e185ac8cc90bb9e69f | Bin 0 -> 965 bytes
.../certs/1b260aa901f29db73635f568c34e27d1f1cb23ab | Bin 959 -> 0 bytes
.../certs/24d9077c072f5a22ad0c6f65f9f20ebda2afa491 | Bin 0 -> 965 bytes
.../certs/394ceefaef48af8394d9a0e63d74cc56a4117a23 | Bin 1062 -> 0 bytes
.../certs/3b389ed7670f8698f37e8a90b4f99389d3c8e3c0 | Bin 0 -> 1060 bytes
.../certs/430651fd670098ad72f02c4cc34a017f9931c88b | Bin 1049 -> 0 bytes
.../certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c | Bin 1060 -> 0 bytes
.../certs/45b967b2f9b4a8855235b2d01249cd1e079348aa | Bin 1062 -> 0 bytes
.../certs/47a2450a79a68462c105747751a6526aa8a20277 | Bin 1043 -> 0 bytes
.../certs/4f4b98c28a1d286274f529e75000cfbb02ce4c64 | Bin 1039 -> 0 bytes
.../certs/53b5bf163ae90d54271288852c2ab062fb9e74e3 | Bin 1061 -> 0 bytes
.../certs/53c790f4502ef25e04d6924ac63e65ec224495db | Bin 0 -> 1061 bytes
.../certs/548acbf0651d74df8175e709d52e24d9fcf1a1e5 | Bin 0 -> 1062 bytes
.../certs/55b8d682bccbba72d48faa4e31b885c589d94e35 | Bin 0 -> 1060 bytes
.../certs/57b8d46c89658ec3a53e7aec7fd99aa42636d8a8 | Bin 0 -> 1062 bytes
.../certs/5bd93cb213b4b31885da0a0efc2a79f4a7070708 | Bin 0 -> 1080 bytes
.../certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4 | Bin 1059 -> 0 bytes
.../certs/65b352233dc5cf96ecd69271587e47eea59446f1 | Bin 0 -> 1070 bytes
.../certs/679aaf150f9eef2897cf419485667387a8b8579a | Bin 0 -> 1059 bytes
.../certs/694f095095ab926875841456736263fe40696930 | Bin 0 -> 1062 bytes
.../certs/7c6a448fb938e5c19ab75631f0d0cbb92b25f2a9 | Bin 1049 -> 0 bytes
.../certs/7db109750703f47b822eb10cf205159f90fe3634 | Bin 1119 -> 0 bytes
.../certs/878cbc01427f1c1f5335b68604256705e85bfcd1 | Bin 0 -> 1043 bytes
.../certs/8c16a693aa59f4f4ed7eec7fd8a4ba7799e3c531 | Bin 0 -> 1119 bytes
.../certs/8dcd0fcfbfdcfce2480a4f18b20007517df2091f | Bin 965 -> 0 bytes
.../certs/8e9be7e9f0de2874707245ee200bfb971a646ba9 | Bin 1059 -> 0 bytes
.../certs/9319a45e2618f95fa64c539edb6bb6ef5e19a27e | Bin 0 -> 1062 bytes
.../certs/982d8252943f432acfacb002a0e576442402ba50 | Bin 0 -> 959 bytes
.../certs/9ff39ec266e309f2b53748a4fe0cfd3923955ff4 | Bin 1095 -> 0 bytes
.../certs/a91bb369a86604673f42f25b3fc94422eb73afd5 | Bin 1041 -> 0 bytes
.../certs/af19b02dcdc28a4e86d1657b656f0cac63b5474b | Bin 1059 -> 0 bytes
.../certs/b15a2fbbd5613781df896d28f82e4b0893011530 | Bin 1070 -> 0 bytes
.../certs/bb027269812f2cb0c1ba534c0016b7f33bdca83f | Bin 1041 -> 0 bytes
.../certs/c45be2b38883548967f4f959fd5ec0822f65237b | Bin 1058 -> 0 bytes
.../certs/cb516460e6f70eb2601effee6b7b6c7884c23fdb | Bin 0 -> 1095 bytes
.../certs/cedd2d5985ee0efde7acb2f788ed1a4237197d01 | Bin 1062 -> 0 bytes
.../certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83 | Bin 1043 -> 0 bytes
.../certs/de106e5254cbafddb683117f90174910f43b5ae3 | Bin 1062 -> 0 bytes
.../certs/de216601f06d10a41171392fdfc9127f0bb9d5b0 | Bin 1062 -> 0 bytes
.../certs/e07015ca76fba1039b247ce96c214bb038539cc8 | Bin 1058 -> 0 bytes
.../certs/e079576c2006eb01569cb79c6e39dbb488050a86 | Bin 0 -> 1092 bytes
.../certs/e08213ec6a79e05c86a6f8a378eb4d5086352a7b | Bin 1059 -> 0 bytes
.../certs/e1fc65a76e366f513effaba487ac6cf2c144b7a7 | Bin 0 -> 1059 bytes
.../certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf | Bin 1076 -> 0 bytes
.../certs/f2595dbd1ee26d9df0e8c5beae47875c68b97b4c | Bin 1062 -> 0 bytes
testing/hosts/winnetou/etc/openssl/index.txt | 22 +-
testing/hosts/winnetou/etc/openssl/index.txt.old | 22 +-
testing/hosts/winnetou/etc/openssl/newcerts/2A.pem | 25 +
testing/hosts/winnetou/etc/openssl/newcerts/2B.pem | 25 +
testing/hosts/winnetou/etc/openssl/newcerts/2D.pem | 25 +
testing/hosts/winnetou/etc/openssl/newcerts/2E.pem | 25 +
testing/hosts/winnetou/etc/openssl/newcerts/2F.pem | 25 +
testing/hosts/winnetou/etc/openssl/newcerts/30.pem | 25 +
testing/hosts/winnetou/etc/openssl/newcerts/31.pem | 25 +
testing/hosts/winnetou/etc/openssl/serial | 2 +-
testing/hosts/winnetou/etc/openssl/serial.old | 2 +-
testing/scripts/build-baseimage | 4 +-
testing/scripts/build-guestimages | 1 +
testing/scripts/build-rootimage | 1 +
testing/scripts/build-strongswan | 66 +
testing/scripts/function.sh | 12 +
testing/scripts/recipes/005_anet.mk | 10 +-
testing/scripts/recipes/006_tkm-rpc.mk | 10 +-
testing/scripts/recipes/007_x509-ada.mk | 12 +-
testing/scripts/recipes/008_xfrm-ada.mk | 10 +-
testing/scripts/recipes/009_xfrm-proxy.mk | 10 +-
testing/scripts/recipes/010_tkm.mk | 10 +-
testing/scripts/recipes/013_strongswan.mk | 20 +-
testing/start-testing | 1 +
.../af-alg/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../ha/both-active/hosts/alice/etc/strongswan.conf | 2 +-
.../ha/both-active/hosts/carol/etc/strongswan.conf | 2 +-
.../ha/both-active/hosts/dave/etc/strongswan.conf | 2 +-
.../ha/both-active/hosts/moon/etc/strongswan.conf | 2 +-
.../ike/rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../ike/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../ike/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../rw_v1-net_v2/hosts/carol/etc/strongswan.conf | 2 +-
.../rw_v1-net_v2/hosts/moon/etc/strongswan.conf | 2 +-
.../ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf | 2 +-
.../alg-3des-md5/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-3des-md5/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha256/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha256/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev1/compress/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev1/compress/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../config-payload/hosts/carol/etc/strongswan.conf | 2 +-
.../config-payload/hosts/dave/etc/strongswan.conf | 2 +-
.../config-payload/hosts/moon/etc/strongswan.conf | 2 +-
.../double-nat-net/hosts/alice/etc/strongswan.conf | 2 +-
.../double-nat-net/hosts/bob/etc/strongswan.conf | 2 +-
.../double-nat/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev1/double-nat/hosts/bob/etc/strongswan.conf | 2 +-
.../dpd-clear/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev1/dpd-clear/hosts/moon/etc/strongswan.conf | 2 +-
.../dpd-restart/hosts/carol/etc/strongswan.conf | 2 +-
.../dpd-restart/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/certs/carolCert.pem | 34 +-
.../hosts/dave/etc/ipsec.d/private/carolKey.pem | 52 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/certs/carolCert.pem | 34 +-
.../hosts/dave/etc/ipsec.d/private/carolKey.pem | 52 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-ah/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-ah/hosts/sun/etc/strongswan.conf | 2 +-
.../host2host-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev1/ip-pool/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev1/ip-pool/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev1/ip-pool/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../multi-level-ca/hosts/carol/etc/strongswan.conf | 2 +-
.../multi-level-ca/hosts/dave/etc/strongswan.conf | 2 +-
.../multi-level-ca/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev1/nat-rw/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev1/nat-rw/hosts/sun/etc/strongswan.conf | 2 +-
.../ikev1/nat-rw/hosts/venus/etc/strongswan.conf | 2 +-
.../nat-virtual-ip/hosts/moon/etc/strongswan.conf | 2 +-
.../nat-virtual-ip/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-ah/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev1/net2net-ah/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../tests/ikev1/net2net-fragmentation/evaltest.dat | 4 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-cert-unity/hosts/carol/etc/strongswan.conf | 4 +-
.../rw-cert-unity/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev1/rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev1/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev1/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/carol/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/dave/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../acert-cached/hosts/carol/etc/strongswan.conf | 2 +-
.../acert-cached/hosts/dave/etc/strongswan.conf | 2 +-
.../etc/ipsec.d/acerts/carol-sales-finance.pem | 18 +-
.../moon/etc/ipsec.d/acerts/dave-marketing.pem | 18 +-
.../moon/etc/ipsec.d/acerts/dave-sales-expired.pem | 18 +-
.../acert-cached/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/ikev2/acert-cached/reissue.txt | 23 +
.../etc/ipsec.d/acerts/carol-finance-expired.pem | 18 +-
.../hosts/carol/etc/ipsec.d/acerts/carol-sales.pem | 18 +-
.../acert-fallback/hosts/carol/etc/strongswan.conf | 2 +-
.../acert-fallback/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/ikev2/acert-fallback/reissue.txt | 15 +
.../hosts/carol/etc/ipsec.d/acerts/carol-sales.pem | 18 +-
.../acert-inline/hosts/carol/etc/strongswan.conf | 2 +-
.../dave/etc/ipsec.d/acerts/dave-expired-aa.pem | 18 +-
.../dave/etc/ipsec.d/acerts/dave-marketing.pem | 18 +-
.../acert-inline/hosts/dave/etc/strongswan.conf | 2 +-
.../acert-inline/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/ikev2/acert-inline/reissue.txt | 23 +
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../alg-3des-md5/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-3des-md5/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-aes-ccm/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-ccm/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-aes-ctr/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-ctr/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-aes-gcm/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-gcm/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-aes-xcbc/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-xcbc/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha256-96/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha256-96/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha256/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha256/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/moon/etc/strongswan.conf | 2 +-
.../any-interface/hosts/alice/etc/strongswan.conf | 2 +-
.../any-interface/hosts/bob/etc/strongswan.conf | 2 +-
.../any-interface/hosts/moon/etc/strongswan.conf | 2 +-
.../any-interface/hosts/sun/etc/strongswan.conf | 2 +-
.../compress-nat/hosts/alice/etc/strongswan.conf | 2 +-
.../compress-nat/hosts/bob/etc/strongswan.conf | 2 +-
.../compress-nat/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/compress/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/compress/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../config-payload/hosts/carol/etc/strongswan.conf | 2 +-
.../config-payload/hosts/dave/etc/strongswan.conf | 2 +-
.../config-payload/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../crl-from-cache/hosts/carol/etc/strongswan.conf | 2 +-
.../crl-from-cache/hosts/moon/etc/strongswan.conf | 2 +-
.../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 34 +-
.../carol/etc/ipsec.d/private/carolRevokedKey.pem | 50 +-
.../crl-revoked/hosts/carol/etc/strongswan.conf | 2 +-
.../crl-revoked/hosts/moon/etc/strongswan.conf | 2 +-
.../crl-to-cache/hosts/carol/etc/strongswan.conf | 2 +-
.../crl-to-cache/hosts/moon/etc/strongswan.conf | 2 +-
.../default-keys/hosts/carol/etc/strongswan.conf | 2 +-
.../default-keys/hosts/moon/etc/strongswan.conf | 2 +-
.../dhcp-dynamic/hosts/carol/etc/strongswan.conf | 2 +-
.../dhcp-dynamic/hosts/dave/etc/strongswan.conf | 2 +-
.../dhcp-dynamic/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../dhcp-static-mac/hosts/dave/etc/strongswan.conf | 2 +-
.../dhcp-static-mac/hosts/moon/etc/strongswan.conf | 2 +-
.../double-nat-net/hosts/alice/etc/strongswan.conf | 2 +-
.../double-nat-net/hosts/bob/etc/strongswan.conf | 2 +-
.../double-nat/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/double-nat/hosts/bob/etc/strongswan.conf | 2 +-
.../dpd-clear/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/dpd-clear/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/dpd-hold/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/dpd-hold/hosts/moon/etc/strongswan.conf | 2 +-
.../dpd-restart/hosts/carol/etc/strongswan.conf | 2 +-
.../dpd-restart/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/certs/carolCert.pem | 34 +-
.../hosts/dave/etc/ipsec.d/private/carolKey.pem | 52 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-md5-128/hosts/moon/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/farp/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/farp/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev2/farp/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../force-udp-encaps/hosts/sun/etc/strongswan.conf | 2 +-
.../host2host-ah/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-ah/hosts/sun/etc/strongswan.conf | 2 +-
.../host2host-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/moon/etc/strongswan.conf | 2 +-
.../ip-pool-wish/hosts/carol/etc/strongswan.conf | 2 +-
.../ip-pool-wish/hosts/dave/etc/strongswan.conf | 2 +-
.../ip-pool-wish/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/ip-pool/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/ip-pool/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev2/ip-pool/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../ip-two-pools-db/hosts/dave/etc/strongswan.conf | 2 +-
.../ip-two-pools-db/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/venus/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../ip-two-pools/hosts/alice/etc/strongswan.conf | 2 +-
.../ip-two-pools/hosts/carol/etc/strongswan.conf | 2 +-
.../ip-two-pools/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/lookip/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/lookip/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev2/lookip/hosts/moon/etc/strongswan.conf | 2 +-
.../mobike-nat/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/mobike-nat/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../ikev2/mobike/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/mobike/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../multi-level-ca/hosts/carol/etc/strongswan.conf | 2 +-
.../multi-level-ca/hosts/dave/etc/strongswan.conf | 2 +-
.../multi-level-ca/hosts/moon/etc/strongswan.conf | 2 +-
.../nat-rw-mark/hosts/alice/etc/strongswan.conf | 2 +-
.../nat-rw-mark/hosts/sun/etc/strongswan.conf | 2 +-
.../nat-rw-mark/hosts/venus/etc/strongswan.conf | 2 +-
.../ikev2/nat-rw/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/nat-rw/hosts/sun/etc/strongswan.conf | 2 +-
.../ikev2/nat-rw/hosts/venus/etc/strongswan.conf | 2 +-
.../nat-virtual-ip/hosts/moon/etc/strongswan.conf | 2 +-
.../nat-virtual-ip/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-ah/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/net2net-ah/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/certs/moonPub.der | Bin 294 -> 294 bytes
.../hosts/sun/etc/ipsec.d/certs/sunPub.der | Bin 294 -> 294 bytes
.../net2net-esn/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-esn/hosts/sun/etc/strongswan.conf | 2 +-
.../ikev2/net2net-fragmentation/description.txt | 9 +
.../tests/ikev2/net2net-fragmentation/evaltest.dat | 15 +
.../hosts/moon/etc/ipsec.conf | 22 +
.../hosts/moon/etc/strongswan.conf | 0
.../net2net-fragmentation/hosts/sun/etc/ipsec.conf | 22 +
.../hosts/sun}/etc/strongswan.conf | 0
.../tests/ikev2/net2net-fragmentation/posttest.dat | 5 +
.../tests/ikev2/net2net-fragmentation/pretest.dat | 6 +
.../tests/ikev2/net2net-fragmentation/test.conf | 21 +
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/private/moonCert.p12 | Bin 3766 -> 3661 bytes
.../net2net-pkcs12/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/ipsec.d/private/sunCert.p12 | Bin 3764 -> 3661 bytes
.../net2net-pkcs12/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-psk-dscp/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-rfc3779/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-rfc3779/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-route/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-route/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-start/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-start/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../ocsp-local-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 34 +-
.../carol/etc/ipsec.d/private/carolRevokedKey.pem | 50 +-
.../ocsp-revoked/hosts/carol/etc/strongswan.conf | 2 +-
.../ocsp-revoked/hosts/moon/etc/strongswan.conf | 2 +-
.../ocsp-root-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../ocsp-root-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-route/hosts/moon/etc/strongswan.conf | 2 +-
.../reauth-early/hosts/carol/etc/strongswan.conf | 2 +-
.../reauth-early/hosts/moon/etc/strongswan.conf | 2 +-
.../reauth-late/hosts/carol/etc/strongswan.conf | 2 +-
.../reauth-late/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev2/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/certs/moonPub.der | Bin 294 -> 294 bytes
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-eap-dynamic/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-dynamic/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-eap-dynamic/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-peap-md5/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-eap-peap-md5/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-tls-only/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../rw-hash-and-url/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-hash-and-url/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-mark-in-out/hosts/alice/etc/strongswan.conf | 2 +-
.../rw-mark-in-out/hosts/sun/etc/strongswan.conf | 2 +-
.../rw-mark-in-out/hosts/venus/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 54 +-
.../ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 56 +-
.../ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/private/moonKey.pem | 52 +-
.../ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-whitelist/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-whitelist/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-whitelist/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/ikev2/rw-whitelist/pretest.dat | 4 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/venus/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../two-certs/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/two-certs/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/carol/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/dave/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/moon/etc/strongswan.conf | 2 +-
.../wildcards/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/wildcards/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev2/wildcards/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-ikev1/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-ikev1/hosts/sun/etc/strongswan.conf | 2 +-
.../host2host-ikev2/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-ikev2/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-ikev1/hosts/moon/etc/strongswan.conf | 4 +-
.../net2net-ikev1/hosts/sun/etc/strongswan.conf | 4 +-
.../ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf | 1 +
.../net2net-ikev2/hosts/moon/etc/strongswan.conf | 5 +-
.../ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf | 1 +
.../net2net-ikev2/hosts/sun/etc/strongswan.conf | 5 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../transport-ikev1/hosts/moon/etc/strongswan.conf | 2 +-
.../transport-ikev1/hosts/sun/etc/strongswan.conf | 2 +-
.../transport-ikev2/hosts/moon/etc/strongswan.conf | 2 +-
.../transport-ikev2/hosts/sun/etc/strongswan.conf | 2 +-
.../host2host-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-3des/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-3des/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../rw-suite-b/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-suite-b/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-suite-b/hosts/moon/etc/strongswan.conf | 4 +-
.../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/moon/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/carol/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/dave/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-aes-gcm/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-gcm/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-aes-gcm/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/carol/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/dave/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/moon/etc/strongswan.conf | 2 +-
.../ecdsa-pkcs8/hosts/carol/etc/strongswan.conf | 2 +-
.../ecdsa-pkcs8/hosts/dave/etc/strongswan.conf | 2 +-
.../ecdsa-pkcs8/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/private/moonCert.p12 | Bin 3766 -> 3661 bytes
.../net2net-pkcs12/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/ipsec.d/private/sunCert.p12 | Bin 3764 -> 3661 bytes
.../net2net-pkcs12/hosts/sun/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/carol/etc/strongswan.conf | 3 +-
.../rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-tls-only/hosts/moon/etc/strongswan.conf | 3 +-
.../rw-suite-b-128/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-suite-b-128/hosts/dave/etc/strongswan.conf | 4 +-
.../rw-suite-b-128/hosts/moon/etc/strongswan.conf | 4 +-
.../rw-suite-b-192/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-suite-b-192/hosts/dave/etc/strongswan.conf | 4 +-
.../rw-suite-b-192/hosts/moon/etc/strongswan.conf | 4 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/venus/etc/strongswan.conf | 2 +-
.../medsrv-psk/hosts/alice/etc/strongswan.conf | 2 +-
.../medsrv-psk/hosts/bob/etc/strongswan.conf | 2 +-
.../medsrv-psk/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-xcbc/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-xcbc/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/moon/etc/strongswan.conf | 2 +-
.../pfkey/compress/hosts/carol/etc/strongswan.conf | 2 +-
.../pfkey/compress/hosts/moon/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../pfkey/nat-rw/hosts/alice/etc/strongswan.conf | 2 +-
.../pfkey/nat-rw/hosts/sun/etc/strongswan.conf | 2 +-
.../pfkey/nat-rw/hosts/venus/etc/strongswan.conf | 2 +-
.../net2net-route/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-route/hosts/sun/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-route/hosts/moon/etc/strongswan.conf | 2 +-
.../pfkey/rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../pfkey/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../pfkey/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/venus/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/data.sql | 8 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/data.sql | 8 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/data.sql | 8 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/data.sql | 8 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/carol/etc/ipsec.d/data.sql | 8 +-
.../sql/ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +-
.../sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql | 8 +-
.../sql/ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +-
.../sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../sql/ip-pool-db/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/data.sql | 8 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/data.sql | 8 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/data.sql | 8 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/data.sql | 8 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/data.sql | 2 +-
.../multi-level-ca/hosts/carol/etc/strongswan.conf | 2 +-
.../multi-level-ca/hosts/dave/etc/ipsec.d/data.sql | 2 +-
.../multi-level-ca/hosts/dave/etc/strongswan.conf | 2 +-
.../multi-level-ca/hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../multi-level-ca/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/sun/etc/ipsec.d/data.sql | 8 +-
.../sql/net2net-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/data.sql | 6 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/ipsec.d/data.sql | 6 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/data.sql | 6 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/ipsec.d/data.sql | 6 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql | 8 +-
.../sql/rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql | 8 +-
.../sql/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../sql/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/data.sql | 2 +-
.../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../hosts/carol/etc/ipsec.d/data.sql | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/data.sql | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/ipsec.d/data.sql | 8 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-rsa-keyid/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-rsa-keyid/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-rsa-keyid/hosts/moon/etc/strongswan.conf | 2 +-
.../sql/rw-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../sql/rw-rsa/hosts/dave/etc/strongswan.conf | 2 +-
.../sql/rw-rsa/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/ipsec.d/data.sql | 8 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/ipsec.d/data.sql | 8 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/venus/etc/ipsec.d/data.sql | 8 +-
.../hosts/venus/etc/strongswan.conf | 2 +-
testing/tests/swanctl/ip-pool/pretest.dat | 3 +-
.../swanctl/net2net-cert-ipv6/description.txt | 6 +
.../tests/swanctl/net2net-cert-ipv6/evaltest.dat | 5 +
.../hosts/moon/etc/strongswan.conf | 15 +
.../hosts/moon/etc/swanctl/swanctl.conf | 35 +
.../hosts/sun/etc/strongswan.conf | 15 +
.../hosts/sun/etc/swanctl/swanctl.conf | 35 +
.../tests/swanctl/net2net-cert-ipv6/posttest.dat | 11 +
.../tests/swanctl/net2net-cert-ipv6/pretest.dat | 16 +
testing/tests/swanctl/net2net-cert-ipv6/test.conf | 21 +
testing/tests/swanctl/net2net-cert/pretest.dat | 3 +-
testing/tests/swanctl/net2net-route/pretest.dat | 5 +-
testing/tests/swanctl/net2net-start/pretest.dat | 5 +-
testing/tests/swanctl/rw-cert/pretest.dat | 3 +-
testing/tests/swanctl/rw-psk-fqdn/pretest.dat | 3 +-
testing/tests/swanctl/rw-psk-ipv4/pretest.dat | 3 +-
.../hosts/moon/etc/tkm/moonKey.der | Bin 1191 -> 1191 bytes
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/tkm/moonKey.der | Bin 1191 -> 1191 bytes
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/tkm/moonKey.der | Bin 1191 -> 1191 bytes
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../multiple-clients/hosts/sun/etc/tkm/sunKey.der | Bin 1192 -> 1191 bytes
.../hosts/moon/etc/tkm/moonKey.der | Bin 1191 -> 1191 bytes
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/tkm/moonKey.der | Bin 1191 -> 1191 bytes
.../hosts/sun/etc/strongswan.conf | 2 +-
.../tnccs-11-fhh/hosts/carol/etc/strongswan.conf | 2 +-
.../tnccs-11-fhh/hosts/dave/etc/strongswan.conf | 2 +-
.../tnccs-11-fhh/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/pts/data1.sql | 8 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-11-radius-pts/pretest.dat | 1 +
.../hosts/carol/etc/strongswan.conf | 2 +-
.../tnccs-11-radius/hosts/dave/etc/strongswan.conf | 2 +-
.../tnccs-11-radius/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../tnc/tnccs-11/hosts/carol/etc/strongswan.conf | 2 +-
.../tnc/tnccs-11/hosts/dave/etc/strongswan.conf | 2 +-
.../tnc/tnccs-11/hosts/moon/etc/strongswan.conf | 2 +-
.../tnccs-20-block/hosts/carol/etc/strongswan.conf | 2 +-
.../tnccs-20-block/hosts/dave/etc/strongswan.conf | 2 +-
.../tnccs-20-block/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../tnccs-20-fhh/hosts/carol/etc/strongswan.conf | 2 +-
.../tnccs-20-fhh/hosts/dave/etc/strongswan.conf | 2 +-
.../tnccs-20-fhh/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-os-pts/evaltest.dat | 4 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../tnccs-20-os-pts/hosts/dave/etc/strongswan.conf | 2 +-
.../tnccs-20-os-pts/hosts/moon/etc/pts/data1.sql | 8 +-
.../tnccs-20-os-pts/hosts/moon/etc/strongswan.conf | 3 +-
testing/tests/tnc/tnccs-20-os-pts/pretest.dat | 1 +
testing/tests/tnc/tnccs-20-os/evaltest.dat | 4 +-
.../tnccs-20-os/hosts/carol/etc/strongswan.conf | 2 +-
.../tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf | 2 +-
.../tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql | 14 +-
.../tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-os/pretest.dat | 1 +
testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat | 8 +-
.../tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql | 14 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 6 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat | 1 +
testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat | 8 +-
.../hosts/alice/etc/pts/data1.sql | 14 +-
.../hosts/alice/etc/strongswan.conf | 4 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat | 1 +
testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat | 4 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/pts/data1.sql | 8 +-
.../hosts/moon/etc/strongswan.conf | 3 +-
testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat | 1 +
testing/tests/tnc/tnccs-20-pts/evaltest.dat | 4 +-
.../tnccs-20-pts/hosts/carol/etc/strongswan.conf | 2 +-
.../tnccs-20-pts/hosts/dave/etc/strongswan.conf | 2 +-
.../tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql | 8 +-
.../tnccs-20-pts/hosts/moon/etc/strongswan.conf | 3 +-
testing/tests/tnc/tnccs-20-pts/pretest.dat | 1 +
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../tnccs-20-tls/hosts/carol/etc/strongswan.conf | 2 +-
.../tnccs-20-tls/hosts/dave/etc/strongswan.conf | 2 +-
.../tnccs-20-tls/hosts/moon/etc/strongswan.conf | 2 +-
.../tnc/tnccs-20/hosts/carol/etc/strongswan.conf | 2 +-
.../tnc/tnccs-20/hosts/dave/etc/strongswan.conf | 2 +-
.../tnc/tnccs-20/hosts/moon/etc/strongswan.conf | 2 +-
.../tnccs-dynamic/hosts/carol/etc/strongswan.conf | 2 +-
.../tnccs-dynamic/hosts/dave/etc/strongswan.conf | 2 +-
.../tnccs-dynamic/hosts/moon/etc/strongswan.conf | 2 +-
1582 files changed, 49303 insertions(+), 28638 deletions(-)
diff --git a/Android.common.mk b/Android.common.mk
index 490f810..c650cb8 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
)
# strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.2.0"
+strongswan_VERSION := "5.2.1"
diff --git a/Makefile.in b/Makefile.in
index e8c0ff5..8effaa3 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -263,6 +263,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -323,6 +324,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -388,6 +390,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -435,6 +439,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/NEWS b/NEWS
index cebeeba..f1a4b21 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,28 @@
+strongswan-5.2.1
+----------------
+
+- The new charon-systemd IKE daemon implements an IKE daemon tailored for use
+ with systemd. It avoids the dependency on ipsec starter and uses swanctl
+ as configuration backend, building a simple and lightweight solution. It
+ supports native systemd journal logging.
+
+- Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
+ fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
+
+- Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
+ All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
+ and IETF/Installed Packages attributes can be processed incrementally on a
+ per segment basis.
+
+- The new ext-auth plugin calls an external script to implement custom IKE_SA
+ authorization logic, courtesy of Vyronas Tsingaras.
+
+- For the vici plugin a ruby gem has been added to allow ruby applications
+ to control or monitor the IKE daemon. The vici documentation has been updated
+ to include a description of the available operations and some simple examples
+ using both the libvici C interface and the ruby gem.
+
+
strongswan-5.2.0
----------------
diff --git a/conf/Makefile.am b/conf/Makefile.am
index 373be16..e507739 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -12,6 +12,7 @@ options = \
options/attest.opt \
options/charon.opt \
options/charon-logging.opt \
+ options/charon-systemd.opt \
options/imcv.opt \
options/manager.opt \
options/medsrv.opt \
@@ -44,6 +45,7 @@ plugins = \
plugins/eap-tnc.opt \
plugins/eap-ttls.opt \
plugins/error-notify.opt \
+ plugins/ext-auth.opt \
plugins/gcrypt.opt \
plugins/ha.opt \
plugins/imc-attestation.opt \
@@ -152,9 +154,9 @@ maintainer-clean-local:
rm -f $(confsnippets) default.conf plugins/*.conf plugins/*.tmp
install-data-local: $(plugins_install_src)
- test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)"
- test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)"
- test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)"
+ test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)" || true
+ test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)" || true
+ test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)" || true
test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true
for f in $(options_install_src); do \
name=`basename $$f`; \
diff --git a/conf/Makefile.in b/conf/Makefile.in
index a0ad980..d5bb3ff 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -186,6 +186,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -246,6 +247,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -311,6 +313,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -358,6 +362,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -381,6 +389,7 @@ options = \
options/attest.opt \
options/charon.opt \
options/charon-logging.opt \
+ options/charon-systemd.opt \
options/imcv.opt \
options/manager.opt \
options/medsrv.opt \
@@ -413,6 +422,7 @@ plugins = \
plugins/eap-tnc.opt \
plugins/eap-ttls.opt \
plugins/error-notify.opt \
+ plugins/ext-auth.opt \
plugins/gcrypt.opt \
plugins/ha.opt \
plugins/imc-attestation.opt \
@@ -839,9 +849,9 @@ maintainer-clean-local:
rm -f $(confsnippets) default.conf plugins/*.conf plugins/*.tmp
install-data-local: $(plugins_install_src)
- test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)"
- test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)"
- test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)"
+ test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)" || true
+ test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)" || true
+ test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)" || true
test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true
for f in $(options_install_src); do \
name=`basename $$f`; \
diff --git a/conf/options/charon-systemd.conf b/conf/options/charon-systemd.conf
new file mode 100644
index 0000000..630488a
--- /dev/null
+++ b/conf/options/charon-systemd.conf
@@ -0,0 +1,16 @@
+charon-systemd {
+
+ # Section to configure native systemd journal logger, very similar to the
+ # syslog logger as described in LOGGER CONFIGURATION in strongswan.conf(5).
+ journal {
+
+ # Loglevel for a specific subsystem.
+ # <subsystem> = <default>
+
+ # Default loglevel.
+ # default = 1
+
+ }
+
+}
+
diff --git a/conf/options/charon-systemd.opt b/conf/options/charon-systemd.opt
new file mode 100644
index 0000000..3482f44
--- /dev/null
+++ b/conf/options/charon-systemd.opt
@@ -0,0 +1,13 @@
+charon-systemd.journal {}
+ Section to configure native systemd journal logger, very similar to the
+ syslog logger as described in LOGGER CONFIGURATION in
+ **strongswan.conf**(5).
+
+charon-systemd.journal.default = 1
+ Default loglevel.
+
+ Specifies the default loglevel to be used for subsystems for which no
+ specific loglevel is defined.
+
+charon-systemd.journal.<subsystem> = <default>
+ Loglevel for a specific subsystem.
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index ec3a39a..0bec9bb 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -40,9 +40,11 @@ charon {
# Free objects during authentication (might conflict with plugins).
# flush_auth_cfg = no
- # Maximum size (in bytes) of a sent fragment when using the proprietary
- # IKEv1 fragmentation extension.
- # fragment_size = 512
+ # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
+ # when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for
+ # address family specific default values). If specified this limit is
+ # used for both IPv4 and IPv6.
+ # fragment_size = 0
# Name of the group the daemon changes to after startup.
# group =
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 1eb1b88..678aa37 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -85,9 +85,11 @@ charon.flush_auth_cfg = no
this might conflict with plugins that later need access to e.g. the used
certificates.
-charon.fragment_size = 512
- Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
- fragmentation extension.
+charon.fragment_size = 0
+ Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
+ when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for
+ address family specific default values). If specified this limit is used
+ for both IPv4 and IPv6.
charon.group
Name of the group the daemon changes to after startup.
diff --git a/conf/options/starter.conf b/conf/options/starter.conf
index 8465f7e..447397b 100644
--- a/conf/options/starter.conf
+++ b/conf/options/starter.conf
@@ -1,5 +1,8 @@
starter {
+ # Location of the ipsec.conf file
+ # config_file = ${sysconfdir}/ipsec.conf
+
# Plugins to load in starter.
# load =
diff --git a/conf/options/starter.opt b/conf/options/starter.opt
index 4e6574d..54689e9 100644
--- a/conf/options/starter.opt
+++ b/conf/options/starter.opt
@@ -1,3 +1,6 @@
+starter.config_file = ${sysconfdir}/ipsec.conf
+ Location of the ipsec.conf file
+
starter.load =
Plugins to load in starter.
diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index 64db674..b98b195 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -7,11 +7,15 @@ eap-radius {
# updates.
# accounting_close_on_timeout = yes
+ # Interval for interim RADIUS accounting updates, if not specified by the
+ # RADIUS server in the Access-Accept message.
+ # accounting_interval = 0
+
# If enabled, accounting is disabled unless an IKE_SA has at least one
# virtual IP.
# accounting_requires_vip = no
- # Use class attributes in RADIUS-Accept messages as group membership
+ # Use class attributes in Access-Accept messages as group membership
# information.
# class_group = no
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index 0df6a0d..2a6786d 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -5,12 +5,16 @@ charon.plugins.eap-radius.accounting_close_on_timeout = yes
Close the IKE_SA if there is a timeout during interim RADIUS accounting
updates.
+charon.plugins.eap-radius.accounting_interval = 0
+ Interval for interim RADIUS accounting updates, if not specified by the
+ RADIUS server in the Access-Accept message.
+
charon.plugins.eap-radius.accounting_requires_vip = no
If enabled, accounting is disabled unless an IKE_SA has at least one
virtual IP.
charon.plugins.eap-radius.class_group = no
- Use class attributes in RADIUS-Accept messages as group membership
+ Use class attributes in Access-Accept messages as group membership
information.
Use the _class_ attribute sent in the RADIUS-Accept message as group
diff --git a/conf/plugins/ext-auth.conf b/conf/plugins/ext-auth.conf
new file mode 100644
index 0000000..f5aa45f
--- /dev/null
+++ b/conf/plugins/ext-auth.conf
@@ -0,0 +1,11 @@
+ext-auth {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Shell script to invoke for peer authorization.
+ # script =
+
+}
+
diff --git a/conf/plugins/ext-auth.opt b/conf/plugins/ext-auth.opt
new file mode 100644
index 0000000..bf127b9
--- /dev/null
+++ b/conf/plugins/ext-auth.opt
@@ -0,0 +1,15 @@
+charon.plugins.ext-auth.script =
+ Shell script to invoke for peer authorization.
+
+ Command to pass to the system shell for peer authorization. Authorization
+ is considered successful if the command executes normally with an exit code
+ of zero. For all other exit codes IKE_SA authorization is rejected.
+
+ The following environment variables get passed to the script:
+ _IKE_UNIQUE_ID_: The IKE_SA numerical unique identifier.
+ _IKE_NAME_: The peer configuration connection name.
+ _IKE_LOCAL_HOST_: Local IKE IP address.
+ _IKE_REMOTE_HOST_: Remote IKE IP address.
+ _IKE_LOCAL_ID_: Local IKE identity.
+ _IKE_REMOTE_ID_: Remote IKE identity.
+ _IKE_REMOTE_EAP_ID_: Remote EAP or XAuth identity, if used.
diff --git a/conf/plugins/kernel-netlink.conf b/conf/plugins/kernel-netlink.conf
index 6707469..f05f486 100644
--- a/conf/plugins/kernel-netlink.conf
+++ b/conf/plugins/kernel-netlink.conf
@@ -8,10 +8,20 @@ kernel-netlink {
# priority of this plugin.
load = yes
+ # MSS to set on installed routes, 0 to disable.
+ # mss = 0
+
+ # MTU to set on installed routes, 0 to disable.
+ # mtu = 0
+
# Whether to trigger roam events when interfaces, addresses or routes
# change.
# roam_events = yes
+ # Whether to set protocol and ports in the selector installed on transport
+ # mode IPsec SAs in the kernel.
+ # set_proto_port_transport_sa = no
+
# Lifetime of XFRM acquire state in kernel.
# xfrm_acq_expires = 165
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt
index a8e421b..7d44581 100644
--- a/conf/plugins/kernel-netlink.opt
+++ b/conf/plugins/kernel-netlink.opt
@@ -7,9 +7,24 @@ charon.plugins.kernel-netlink.fwmark =
inverts the meaning (i.e. the rule only applies to packets that don't match
the mark).
+charon.plugins.kernel-netlink.mss = 0
+ MSS to set on installed routes, 0 to disable.
+
+charon.plugins.kernel-netlink.mtu = 0
+ MTU to set on installed routes, 0 to disable.
+
charon.plugins.kernel-netlink.roam_events = yes
Whether to trigger roam events when interfaces, addresses or routes change.
+charon.plugins.kernel-netlink.set_proto_port_transport_sa = no
+ Whether to set protocol and ports in the selector installed on transport
+ mode IPsec SAs in the kernel.
+
+ Whether to set protocol and ports in the selector installed on transport
+ mode IPsec SAs in the kernel. While doing so enforces policies for inbound
+ traffic, it also prevents the use of a single IPsec SA by more than one
+ traffic selector.
+
charon.plugins.kernel-netlink.xfrm_acq_expires = 165
Lifetime of XFRM acquire state in kernel.
diff --git a/conf/plugins/stroke.conf b/conf/plugins/stroke.conf
index 6dd0630..3d8ee0a 100644
--- a/conf/plugins/stroke.conf
+++ b/conf/plugins/stroke.conf
@@ -14,6 +14,9 @@ stroke {
# If enabled log level changes via stroke socket are not allowed.
# prevent_loglevel_changes = no
+ # Location of the ipsec.secrets file
+ # secrets_file = ${sysconfdir}/ipsec.secrets
+
# Socket provided by the stroke plugin.
# socket = unix://${piddir}/charon.ctl
diff --git a/conf/plugins/stroke.opt b/conf/plugins/stroke.opt
index 2cfc2c6..4b49b1f 100644
--- a/conf/plugins/stroke.opt
+++ b/conf/plugins/stroke.opt
@@ -8,6 +8,9 @@ charon.plugins.stroke.max_concurrent = 4
charon.plugins.stroke.prevent_loglevel_changes = no
If enabled log level changes via stroke socket are not allowed.
+charon.plugins.stroke.secrets_file = ${sysconfdir}/ipsec.secrets
+ Location of the ipsec.secrets file
+
charon.plugins.stroke.socket = unix://${piddir}/charon.ctl
Socket provided by the stroke plugin.
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index d93c208..28f6b12 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -165,9 +165,11 @@ are released to free memory once an IKE_SA is established. Enabling this might
conflict with plugins that later need access to e.g. the used certificates.
.TP
-.BR charon.fragment_size " [512]"
-Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
-fragmentation extension.
+.BR charon.fragment_size " [0]"
+Maximum size (complete IP datagram size in bytes) of a sent IKE fragment when
+using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for address
+family specific default values). If specified this limit is used for both
+IPv4 and IPv6.
.TP
.BR charon.group " []"
@@ -511,6 +513,11 @@ Send RADIUS accounting information to RADIUS servers.
Close the IKE_SA if there is a timeout during interim RADIUS accounting updates.
.TP
+.BR charon.plugins.eap-radius.accounting_interval " [0]"
+Interval for interim RADIUS accounting updates, if not specified by the RADIUS
+server in the Access\-Accept message.
+
+.TP
.BR charon.plugins.eap-radius.accounting_requires_vip " [no]"
If enabled, accounting is disabled unless an IKE_SA has at least one virtual IP.
@@ -732,6 +739,29 @@ Request peer authentication based on a client certificate.
Socket provided by the error\-notify plugin.
.TP
+.BR charon.plugins.ext-auth.script " []"
+Command to pass to the system shell for peer authorization. Authorization is
+considered successful if the command executes normally with an exit code of
+zero. For all other exit codes IKE_SA authorization is rejected.
+
+The following environment variables get passed to the script:
+.RI "" "IKE_UNIQUE_ID" ":"
+The IKE_SA numerical unique identifier.
+.RI "" "IKE_NAME" ":"
+The peer configuration
+connection name.
+.RI "" "IKE_LOCAL_HOST" ":"
+Local IKE IP address.
+.RI "" "IKE_REMOTE_HOST" ":"
+Remote IKE IP address.
+.RI "" "IKE_LOCAL_ID" ":"
+Local IKE identity.
+.RI "" "IKE_REMOTE_ID" ":"
+Remote IKE identity.
+.RI "" "IKE_REMOTE_EAP_ID" ":"
+Remote EAP or XAuth identity, if used.
+
+.TP
.BR charon.plugins.gcrypt.quick_random " [no]"
Use faster random numbers in gcrypt; for testing only, produces weak keys!
@@ -782,10 +812,24 @@ table. The format is [!]mark[/mask], where the optional exclamation mark inverts
the meaning (i.e. the rule only applies to packets that don't match the mark).
.TP
+.BR charon.plugins.kernel-netlink.mss " [0]"
+MSS to set on installed routes, 0 to disable.
+
+.TP
+.BR charon.plugins.kernel-netlink.mtu " [0]"
+MTU to set on installed routes, 0 to disable.
+
+.TP
.BR charon.plugins.kernel-netlink.roam_events " [yes]"
Whether to trigger roam events when interfaces, addresses or routes change.
.TP
+.BR charon.plugins.kernel-netlink.set_proto_port_transport_sa " [no]"
+Whether to set protocol and ports in the selector installed on transport mode
+IPsec SAs in the kernel. While doing so enforces policies for inbound traffic,
+it also prevents the use of a single IPsec SA by more than one traffic selector.
+
+.TP
.BR charon.plugins.kernel-netlink.xfrm_acq_expires " [165]"
Lifetime of XFRM acquire state in kernel. The value gets written to
/proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM
@@ -1123,6 +1167,10 @@ Maximum number of stroke messages handled concurrently.
If enabled log level changes via stroke socket are not allowed.
.TP
+.BR charon.plugins.stroke.secrets_file " [${sysconfdir}/ipsec.secrets]"
+Location of the ipsec.secrets file
+
+.TP
.BR charon.plugins.stroke.socket " [unix://${piddir}/charon.ctl]"
Socket provided by the stroke plugin.
@@ -1483,6 +1531,23 @@ Name of the user the daemon changes to after startup.
Discard certificates with unsupported or unknown critical extensions.
.TP
+.B charon-systemd.journal
+.br
+Section to configure native systemd journal logger, very similar to the syslog
+logger as described in LOGGER CONFIGURATION in
+.RB "" "strongswan.conf" "(5)."
+
+
+.TP
+.BR charon-systemd.journal.<subsystem> " [<default>]"
+Loglevel for a specific subsystem.
+
+.TP
+.BR charon-systemd.journal.default " [1]"
+Specifies the default loglevel to be used for subsystems for which no specific
+loglevel is defined.
+
+.TP
.BR libimcv.debug_level " [1]"
Debug level for a stand\-alone
.RI "" "libimcv" ""
@@ -1741,6 +1806,10 @@ Plugins to load in ipsec pool tool.
Plugins to load in ipsec scepclient tool.
.TP
+.BR starter.config_file " [${sysconfdir}/ipsec.conf]"
+Location of the ipsec.conf file
+
+.TP
.BR starter.load " []"
Plugins to load in starter.
diff --git a/config.h.in b/config.h.in
index 1899b70..ad095d0 100644
--- a/config.h.in
+++ b/config.h.in
@@ -190,6 +190,9 @@
/* have netlink RTA_TABLE defined */
#undef HAVE_RTA_TABLE
+/* have PF_ROUTE RTM_IFANNOUNCE defined */
+#undef HAVE_RTM_IFANNOUNCE
+
/* Define to 1 if you have the `sem_timedwait' function. */
#undef HAVE_SEM_TIMEDWAIT
diff --git a/configure b/configure
index a2004a8..ee7d4cb 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.2.0.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.2.1.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='strongSwan'
PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.2.0'
-PACKAGE_STRING='strongSwan 5.2.0'
+PACKAGE_VERSION='5.2.1'
+PACKAGE_STRING='strongSwan 5.2.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -633,6 +633,12 @@ am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
strongswan_options
+USE_RUBY_GEMS_FALSE
+USE_RUBY_GEMS_TRUE
+USE_LEGACY_SYSTEMD_FALSE
+USE_LEGACY_SYSTEMD_TRUE
+USE_SYSTEMD_FALSE
+USE_SYSTEMD_TRUE
USE_SVC_FALSE
USE_SVC_TRUE
USE_SWANCTL_FALSE
@@ -653,8 +659,6 @@ MONOLITHIC_FALSE
MONOLITHIC_TRUE
USE_TROUSERS_FALSE
USE_TROUSERS_TRUE
-USE_PTS_FALSE
-USE_PTS_TRUE
USE_IMCV_FALSE
USE_IMCV_TRUE
USE_RADIUS_FALSE
@@ -843,6 +847,8 @@ USE_ERROR_NOTIFY_FALSE
USE_ERROR_NOTIFY_TRUE
USE_LOOKIP_FALSE
USE_LOOKIP_TRUE
+USE_EXT_AUTH_FALSE
+USE_EXT_AUTH_TRUE
USE_WHITELIST_FALSE
USE_WHITELIST_TRUE
USE_KERNEL_IPH_FALSE
@@ -999,6 +1005,8 @@ attest_plugins
pool_plugins
starter_plugins
charon_plugins
+RUBYGEMDIR
+GEM
COVERAGE_LDFLAGS
COVERAGE_CFLAGS
GENHTML
@@ -1025,6 +1033,12 @@ RUBYINCLUDE
RUBY
gtk_LIBS
gtk_CFLAGS
+json_LIBS
+json_CFLAGS
+systemd_journal_LIBS
+systemd_journal_CFLAGS
+systemd_daemon_LIBS
+systemd_daemon_CFLAGS
xml_LIBS
xml_CFLAGS
soup_LIBS
@@ -1109,8 +1123,6 @@ charon_udp_port
ipsecgroup
ipsecuser
systemdsystemunitdir
-HAVE_SYSTEMD_FALSE
-HAVE_SYSTEMD_TRUE
fips_mode
ipsec_script
routing_table_prio
@@ -1225,6 +1237,7 @@ with_capabilities
with_mpz_powm_sec
with_dev_headers
with_printf_hooks
+with_rubygemdir
with_systemdsystemunitdir
with_user
with_group
@@ -1295,6 +1308,7 @@ enable_eap_peap
enable_eap_tnc
enable_eap_dynamic
enable_eap_radius
+enable_ext_auth
enable_ipseckey
enable_keychain
enable_pkcs11
@@ -1372,6 +1386,7 @@ enable_pki
enable_scepclient
enable_scripts
enable_svc
+enable_systemd
enable_swanctl
enable_tkm
enable_bfd_backtraces
@@ -1382,6 +1397,7 @@ enable_integrity_test
enable_load_warning
enable_mediation
enable_unwind_backtraces
+enable_ruby_gems
enable_coverage
enable_leak_detective
enable_lock_profiler
@@ -1417,6 +1433,12 @@ soup_CFLAGS
soup_LIBS
xml_CFLAGS
xml_LIBS
+systemd_daemon_CFLAGS
+systemd_daemon_LIBS
+systemd_journal_CFLAGS
+systemd_journal_LIBS
+json_CFLAGS
+json_LIBS
gtk_CFLAGS
gtk_LIBS
maemo_CFLAGS
@@ -1965,7 +1987,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures strongSwan 5.2.0 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.2.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -2035,7 +2057,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of strongSwan 5.2.0:";;
+ short | recursive ) echo "Configuration of strongSwan 5.2.1:";;
esac
cat <<\_ACEOF
@@ -2125,6 +2147,8 @@ Optional Features:
--enable-eap-tnc enable EAP TNC trusted network connect module.
--enable-eap-dynamic enable dynamic EAP proxy module.
--enable-eap-radius enable RADIUS proxy authentication module.
+ --enable-ext-auth enable plugin calling an external authorization
+ script.
--enable-ipseckey enable IPSECKEY authentication plugin.
--enable-keychain enables OS X Keychain Services credential set.
--enable-pkcs11 enables the PKCS11 token support plugin.
@@ -2224,6 +2248,7 @@ Optional Features:
--disable-scripts disable additional utilities (found in directory
scripts).
--enable-svc enable charon Windows service.
+ --enable-systemd enable systemd specific IKE daemon charon-systemd.
--enable-swanctl enable swanctl configuration and control tool.
--enable-tkm enable Trusted Key Manager support.
--enable-bfd-backtraces use binutils libbfd to resolve backtraces for memory
@@ -2241,6 +2266,7 @@ Optional Features:
--enable-unwind-backtraces
use libunwind to create backtraces for memory leaks
and segfaults.
+ --enable-ruby-gems enable installation of provided ruby gems.
--enable-coverage enable lcov coverage report generation.
--enable-leak-detective enable malloc hooks to find memory leaks.
--enable-lock-profiler enable lock/mutex profiling code.
@@ -2315,6 +2341,8 @@ Optional Packages:
--with-printf-hooks=arg force the use of a specific printf hook
implementation (auto, builtin, glibc, vstr).
(default: auto).
+ --with-rubygemdir=arg path to install ruby gems to (default: "gem
+ environment gemdir").
--with-systemdsystemunitdir=arg
directory for systemd service files (default:
$systemdsystemunitdir_default).
@@ -2362,6 +2390,16 @@ Some influential environment variables:
soup_LIBS linker flags for soup, overriding pkg-config
xml_CFLAGS C compiler flags for xml, overriding pkg-config
xml_LIBS linker flags for xml, overriding pkg-config
+ systemd_daemon_CFLAGS
+ C compiler flags for systemd_daemon, overriding pkg-config
+ systemd_daemon_LIBS
+ linker flags for systemd_daemon, overriding pkg-config
+ systemd_journal_CFLAGS
+ C compiler flags for systemd_journal, overriding pkg-config
+ systemd_journal_LIBS
+ linker flags for systemd_journal, overriding pkg-config
+ json_CFLAGS C compiler flags for json, overriding pkg-config
+ json_LIBS linker flags for json, overriding pkg-config
gtk_CFLAGS C compiler flags for gtk, overriding pkg-config
gtk_LIBS linker flags for gtk, overriding pkg-config
maemo_CFLAGS
@@ -2440,7 +2478,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-strongSwan configure 5.2.0
+strongSwan configure 5.2.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2962,7 +3000,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by strongSwan $as_me 5.2.0, which was
+It was created by strongSwan $as_me 5.2.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3825,7 +3863,7 @@ fi
# Define the identity of the package.
PACKAGE='strongswan'
- VERSION='5.2.0'
+ VERSION='5.2.1'
cat >>confdefs.h <<_ACEOF
@@ -4547,6 +4585,16 @@ fi
+# Check whether --with-rubygemdir was given.
+if test "${with_rubygemdir+set}" = set; then :
+ withval=$with_rubygemdir; rubygemdir="$withval"
+else
+ rubygemdir="gem environment gemdir"
+
+fi
+
+
+
if test -n "$PKG_CONFIG"; then
systemdsystemunitdir_default=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)
fi
@@ -4560,14 +4608,6 @@ else
fi
- if test -n "$systemdsystemunitdir" -a "x$systemdsystemunitdir" != xno; then
- HAVE_SYSTEMD_TRUE=
- HAVE_SYSTEMD_FALSE='#'
-else
- HAVE_SYSTEMD_TRUE='#'
- HAVE_SYSTEMD_FALSE=
-fi
-
@@ -5710,6 +5750,22 @@ fi
disabled_by_default=${disabled_by_default}" eap_radius"
+# Check whether --enable-ext-auth was given.
+if test "${enable_ext_auth+set}" = set; then :
+ enableval=$enable_ext_auth; ext_auth_given=true
+ if test x$enableval = xyes; then
+ ext_auth=true
+ else
+ ext_auth=false
+ fi
+else
+ ext_auth=false
+ ext_auth_given=false
+
+fi
+
+ disabled_by_default=${disabled_by_default}" ext_auth"
+
# Check whether --enable-ipseckey was given.
if test "${enable_ipseckey+set}" = set; then :
enableval=$enable_ipseckey; ipseckey_given=true
@@ -6948,6 +7004,22 @@ fi
disabled_by_default=${disabled_by_default}" svc"
+# Check whether --enable-systemd was given.
+if test "${enable_systemd+set}" = set; then :
+ enableval=$enable_systemd; systemd_given=true
+ if test x$enableval = xyes; then
+ systemd=true
+ else
+ systemd=false
+ fi
+else
+ systemd=false
+ systemd_given=false
+
+fi
+
+ disabled_by_default=${disabled_by_default}" systemd"
+
# Check whether --enable-swanctl was given.
if test "${enable_swanctl+set}" = set; then :
enableval=$enable_swanctl; swanctl_given=true
@@ -7109,6 +7181,22 @@ fi
disabled_by_default=${disabled_by_default}" unwind_backtraces"
+# Check whether --enable-ruby-gems was given.
+if test "${enable_ruby_gems+set}" = set; then :
+ enableval=$enable_ruby_gems; ruby_gems_given=true
+ if test x$enableval = xyes; then
+ ruby_gems=true
+ else
+ ruby_gems=false
+ fi
+else
+ ruby_gems=false
+ ruby_gems_given=false
+
+fi
+
+ disabled_by_default=${disabled_by_default}" ruby_gems"
+
# compile options
# Check whether --enable-coverage was given.
if test "${enable_coverage+set}" = set; then :
@@ -16952,10 +17040,6 @@ if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$i
imcv=true;
fi
-if test x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue; then
- pts=true;
-fi
-
if test x$fips_prf = xtrue; then
if test x$openssl = xfalse; then
sha1=true;
@@ -17977,7 +18061,7 @@ else
fi
-for ac_header in sys/sockio.h glob.h net/if_tun.h linux/fib_rules.h
+for ac_header in sys/sockio.h glob.h net/if_tun.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@@ -18003,16 +18087,17 @@ fi
done
-for ac_header in netinet/ip6.h
+for ac_header in netinet/ip6.h linux/fib_rules.h
do :
- ac_fn_c_check_header_compile "$LINENO" "netinet/ip6.h" "ac_cv_header_netinet_ip6_h" "
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
#include <sys/types.h>
#include <netinet/in.h>
"
-if test "x$ac_cv_header_netinet_ip6_h" = xyes; then :
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
-#define HAVE_NETINET_IP6_H 1
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
@@ -18117,6 +18202,34 @@ $as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RTM_IFANNOUNCE" >&5
+$as_echo_n "checking for RTM_IFANNOUNCE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/socket.h>
+ #include <net/if.h>
+ #include <net/route.h>
+int
+main ()
+{
+return RTM_IFANNOUNCE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; };
+
+$as_echo "#define HAVE_RTM_IFANNOUNCE /**/" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPSEC_MODE_BEET" >&5
$as_echo_n "checking for IPSEC_MODE_BEET... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -19047,119 +19160,125 @@ fi
fi
-if test x$tss = xtrousers; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltspi" >&5
-$as_echo_n "checking for main in -ltspi... " >&6; }
-if ${ac_cv_lib_tspi_main+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ltspi $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
+if test x$systemd = xtrue; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for systemd system unit directory" >&5
+$as_echo_n "checking for systemd system unit directory... " >&6; }
+ if test -n "$systemdsystemunitdir" -a "x$systemdsystemunitdir" != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $systemdsystemunitdir" >&5
+$as_echo "$systemdsystemunitdir" >&6; }
+ else
+ as_fn_error $? "not found (try --with-systemdsystemunitdir)" "$LINENO" 5
+ fi
-int
-main ()
-{
-return main ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_tspi_main=yes
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for systemd_daemon" >&5
+$as_echo_n "checking for systemd_daemon... " >&6; }
+
+if test -n "$systemd_daemon_CFLAGS"; then
+ pkg_cv_systemd_daemon_CFLAGS="$systemd_daemon_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_systemd_daemon_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-daemon" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
else
- ac_cv_lib_tspi_main=no
+ pkg_failed=yes
fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+ else
+ pkg_failed=untried
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tspi_main" >&5
-$as_echo "$ac_cv_lib_tspi_main" >&6; }
-if test "x$ac_cv_lib_tspi_main" = xyes; then :
- LIBS="$LIBS"
+if test -n "$systemd_daemon_LIBS"; then
+ pkg_cv_systemd_daemon_LIBS="$systemd_daemon_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_systemd_daemon_LIBS=`$PKG_CONFIG --libs "libsystemd-daemon" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
else
- as_fn_error $? "TrouSerS library libtspi not found" "$LINENO" 5
+ pkg_failed=yes
fi
-
- ac_fn_c_check_header_mongrel "$LINENO" "trousers/tss.h" "ac_cv_header_trousers_tss_h" "$ac_includes_default"
-if test "x$ac_cv_header_trousers_tss_h" = xyes; then :
-
-else
- as_fn_error $? "TrouSerS header trousers/tss.h not found!" "$LINENO" 5
+ else
+ pkg_failed=untried
fi
-$as_echo "#define TSS_TROUSERS /**/" >>confdefs.h
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
fi
+ if test $_pkg_short_errors_supported = yes; then
+ systemd_daemon_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1`
+ else
+ systemd_daemon_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$systemd_daemon_PKG_ERRORS" >&5
-if test x$imv_swid = xtrue; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ljson" >&5
-$as_echo_n "checking for main in -ljson... " >&6; }
-if ${ac_cv_lib_json_main+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ljson $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
+ as_fn_error $? "Package requirements (libsystemd-daemon) were not met:
+$systemd_daemon_PKG_ERRORS
-int
-main ()
-{
-return main ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_json_main=yes
-else
- ac_cv_lib_json_main=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_json_main" >&5
-$as_echo "$ac_cv_lib_json_main" >&6; }
-if test "x$ac_cv_lib_json_main" = xyes; then :
- LIBS="$LIBS"
-else
- as_fn_error $? "JSON library libjson not found" "$LINENO" 5
-fi
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables systemd_daemon_CFLAGS
+and systemd_daemon_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
- ac_fn_c_check_header_mongrel "$LINENO" "json/json.h" "ac_cv_header_json_json_h" "$ac_includes_default"
-if test "x$ac_cv_header_json_json_h" = xyes; then :
+Alternatively, you may set the environment variables systemd_daemon_CFLAGS
+and systemd_daemon_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
else
- as_fn_error $? "JSON header json/json.h not found!" "$LINENO" 5
+ systemd_daemon_CFLAGS=$pkg_cv_systemd_daemon_CFLAGS
+ systemd_daemon_LIBS=$pkg_cv_systemd_daemon_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
fi
-fi
-if test x$dumm = xtrue; then
pkg_failed=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk" >&5
-$as_echo_n "checking for gtk... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for systemd_journal" >&5
+$as_echo_n "checking for systemd_journal... " >&6; }
-if test -n "$gtk_CFLAGS"; then
- pkg_cv_gtk_CFLAGS="$gtk_CFLAGS"
+if test -n "$systemd_journal_CFLAGS"; then
+ pkg_cv_systemd_journal_CFLAGS="$systemd_journal_CFLAGS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5
- ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-journal\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libsystemd-journal") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
- pkg_cv_gtk_CFLAGS=`$PKG_CONFIG --cflags "gtk+-2.0 vte" 2>/dev/null`
+ pkg_cv_systemd_journal_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-journal" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
@@ -19167,16 +19286,16 @@ fi
else
pkg_failed=untried
fi
-if test -n "$gtk_LIBS"; then
- pkg_cv_gtk_LIBS="$gtk_LIBS"
+if test -n "$systemd_journal_LIBS"; then
+ pkg_cv_systemd_journal_LIBS="$systemd_journal_LIBS"
elif test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5
- ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-journal\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libsystemd-journal") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
- pkg_cv_gtk_LIBS=`$PKG_CONFIG --libs "gtk+-2.0 vte" 2>/dev/null`
+ pkg_cv_systemd_journal_LIBS=`$PKG_CONFIG --libs "libsystemd-journal" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes
else
pkg_failed=yes
@@ -19197,22 +19316,22 @@ else
_pkg_short_errors_supported=no
fi
if test $_pkg_short_errors_supported = yes; then
- gtk_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gtk+-2.0 vte" 2>&1`
+ systemd_journal_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-journal" 2>&1`
else
- gtk_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gtk+-2.0 vte" 2>&1`
+ systemd_journal_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-journal" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
- echo "$gtk_PKG_ERRORS" >&5
+ echo "$systemd_journal_PKG_ERRORS" >&5
- as_fn_error $? "Package requirements (gtk+-2.0 vte) were not met:
+ as_fn_error $? "Package requirements (libsystemd-journal) were not met:
-$gtk_PKG_ERRORS
+$systemd_journal_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
-Alternatively, you may set the environment variables gtk_CFLAGS
-and gtk_LIBS to avoid the need to call pkg-config.
+Alternatively, you may set the environment variables systemd_journal_CFLAGS
+and systemd_journal_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details." "$LINENO" 5
elif test $pkg_failed = untried; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
@@ -19223,56 +19342,458 @@ as_fn_error $? "The pkg-config script could not be found or is too old. Make su
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
-Alternatively, you may set the environment variables gtk_CFLAGS
-and gtk_LIBS to avoid the need to call pkg-config.
+Alternatively, you may set the environment variables systemd_journal_CFLAGS
+and systemd_journal_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
To get pkg-config, see <http://pkg-config.freedesktop.org/>.
See \`config.log' for more details" "$LINENO" 5; }
else
- gtk_CFLAGS=$pkg_cv_gtk_CFLAGS
- gtk_LIBS=$pkg_cv_gtk_LIBS
+ systemd_journal_CFLAGS=$pkg_cv_systemd_journal_CFLAGS
+ systemd_journal_LIBS=$pkg_cv_systemd_journal_LIBS
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
fi
- for ac_prog in ruby
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_RUBY+:} false; then :
+fi
+
+if test x$tss = xtrousers; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltspi" >&5
+$as_echo_n "checking for main in -ltspi... " >&6; }
+if ${ac_cv_lib_tspi_main+:} false; then :
$as_echo_n "(cached) " >&6
else
- if test -n "$RUBY"; then
- ac_cv_prog_RUBY="$RUBY" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_RUBY="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ltspi $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_tspi_main=yes
+else
+ ac_cv_lib_tspi_main=no
fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
fi
-RUBY=$ac_cv_prog_RUBY
-if test -n "$RUBY"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-$as_echo "$RUBY" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tspi_main" >&5
+$as_echo "$ac_cv_lib_tspi_main" >&6; }
+if test "x$ac_cv_lib_tspi_main" = xyes; then :
+ LIBS="$LIBS"
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ as_fn_error $? "TrouSerS library libtspi not found" "$LINENO" 5
+fi
+
+ ac_fn_c_check_header_mongrel "$LINENO" "trousers/tss.h" "ac_cv_header_trousers_tss_h" "$ac_includes_default"
+if test "x$ac_cv_header_trousers_tss_h" = xyes; then :
+
+else
+ as_fn_error $? "TrouSerS header trousers/tss.h not found!" "$LINENO" 5
+fi
+
+
+
+$as_echo "#define TSS_TROUSERS /**/" >>confdefs.h
+
+fi
+
+if test x$imv_swid = xtrue; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for json" >&5
+$as_echo_n "checking for json... " >&6; }
+
+if test -n "$json_CFLAGS"; then
+ pkg_cv_json_CFLAGS="$json_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json-c\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "json-c") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_json_CFLAGS=`$PKG_CONFIG --cflags "json-c" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$json_LIBS"; then
+ pkg_cv_json_LIBS="$json_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json-c\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "json-c") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_json_LIBS=`$PKG_CONFIG --libs "json-c" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ json_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "json-c" 2>&1`
+ else
+ json_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "json-c" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$json_PKG_ERRORS" >&5
+
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for json" >&5
+$as_echo_n "checking for json... " >&6; }
+
+if test -n "$json_CFLAGS"; then
+ pkg_cv_json_CFLAGS="$json_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "json") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_json_CFLAGS=`$PKG_CONFIG --cflags "json" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$json_LIBS"; then
+ pkg_cv_json_LIBS="$json_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "json") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_json_LIBS=`$PKG_CONFIG --libs "json" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ json_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "json" 2>&1`
+ else
+ json_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "json" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$json_PKG_ERRORS" >&5
+
+ as_fn_error $? "Package requirements (json) were not met:
+
+$json_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables json_CFLAGS
+and json_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables json_CFLAGS
+and json_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ json_CFLAGS=$pkg_cv_json_CFLAGS
+ json_LIBS=$pkg_cv_json_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+fi
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for json" >&5
+$as_echo_n "checking for json... " >&6; }
+
+if test -n "$json_CFLAGS"; then
+ pkg_cv_json_CFLAGS="$json_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "json") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_json_CFLAGS=`$PKG_CONFIG --cflags "json" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$json_LIBS"; then
+ pkg_cv_json_LIBS="$json_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "json") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_json_LIBS=`$PKG_CONFIG --libs "json" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ json_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "json" 2>&1`
+ else
+ json_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "json" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$json_PKG_ERRORS" >&5
+
+ as_fn_error $? "Package requirements (json) were not met:
+
+$json_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables json_CFLAGS
+and json_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables json_CFLAGS
+and json_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ json_CFLAGS=$pkg_cv_json_CFLAGS
+ json_LIBS=$pkg_cv_json_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+fi
+else
+ json_CFLAGS=$pkg_cv_json_CFLAGS
+ json_LIBS=$pkg_cv_json_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+fi
+
+
+fi
+
+if test x$dumm = xtrue; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk" >&5
+$as_echo_n "checking for gtk... " >&6; }
+
+if test -n "$gtk_CFLAGS"; then
+ pkg_cv_gtk_CFLAGS="$gtk_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_gtk_CFLAGS=`$PKG_CONFIG --cflags "gtk+-2.0 vte" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$gtk_LIBS"; then
+ pkg_cv_gtk_LIBS="$gtk_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_gtk_LIBS=`$PKG_CONFIG --libs "gtk+-2.0 vte" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ gtk_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gtk+-2.0 vte" 2>&1`
+ else
+ gtk_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gtk+-2.0 vte" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$gtk_PKG_ERRORS" >&5
+
+ as_fn_error $? "Package requirements (gtk+-2.0 vte) were not met:
+
+$gtk_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables gtk_CFLAGS
+and gtk_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables gtk_CFLAGS
+and gtk_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ gtk_CFLAGS=$pkg_cv_gtk_CFLAGS
+ gtk_LIBS=$pkg_cv_gtk_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+fi
+
+
+ for ac_prog in ruby
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RUBY+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RUBY"; then
+ ac_cv_prog_RUBY="$RUBY" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_RUBY="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RUBY=$ac_cv_prog_RUBY
+if test -n "$RUBY"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
+$as_echo "$RUBY" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
@@ -20753,6 +21274,58 @@ $as_echo "$as_me: coverage enabled, adding \"-g -O0\" to CFLAGS" >&6;}
CFLAGS="${CFLAGS} -g -O0"
fi
+if test x$ruby_gems = xtrue; then
+ # Extract the first word of "gem", so it can be a program name with args.
+set dummy gem; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_GEM+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GEM in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GEM="$GEM" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/bin:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_GEM="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GEM=$ac_cv_path_GEM
+if test -n "$GEM"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GEM" >&5
+$as_echo "$GEM" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test x$GEM = x; then
+ as_fn_error $? "RubyGems package manager not found" "$LINENO" 5
+ fi
+ if test "x$rubygemdir" = "xgem environment gemdir"; then
+ rubygemdir=$($GEM environment gemdir)
+ fi
+ RUBYGEMDIR="$rubygemdir"
+
+fi
+
# ===============================================
# collect plugin list for strongSwan components
# ===============================================
@@ -20792,35 +21365,6 @@ if test x$test_vectors = xtrue; then
fi
-if test x$curl = xtrue; then
- s_plugins=${s_plugins}" curl"
- charon_plugins=${charon_plugins}" curl"
- scepclient_plugins=${scepclient_plugins}" curl"
- pki_plugins=${pki_plugins}" curl"
- scripts_plugins=${scripts_plugins}" curl"
- nm_plugins=${nm_plugins}" curl"
- cmd_plugins=${cmd_plugins}" curl"
-
- fi
-
-if test x$winhttp = xtrue; then
- s_plugins=${s_plugins}" winhttp"
- charon_plugins=${charon_plugins}" winhttp"
- pki_plugins=${pki_plugins}" winhttp"
- scripts_plugins=${scripts_plugins}" winhttp"
-
- fi
-
-if test x$soup = xtrue; then
- s_plugins=${s_plugins}" soup"
- charon_plugins=${charon_plugins}" soup"
- pki_plugins=${pki_plugins}" soup"
- scripts_plugins=${scripts_plugins}" soup"
- nm_plugins=${nm_plugins}" soup"
- cmd_plugins=${cmd_plugins}" soup"
-
- fi
-
if test x$unbound = xtrue; then
s_plugins=${s_plugins}" unbound"
charon_plugins=${charon_plugins}" unbound"
@@ -21292,6 +21836,35 @@ if test x$ntru = xtrue; then
fi
+if test x$curl = xtrue; then
+ s_plugins=${s_plugins}" curl"
+ charon_plugins=${charon_plugins}" curl"
+ scepclient_plugins=${scepclient_plugins}" curl"
+ pki_plugins=${pki_plugins}" curl"
+ scripts_plugins=${scripts_plugins}" curl"
+ nm_plugins=${nm_plugins}" curl"
+ cmd_plugins=${cmd_plugins}" curl"
+
+ fi
+
+if test x$winhttp = xtrue; then
+ s_plugins=${s_plugins}" winhttp"
+ charon_plugins=${charon_plugins}" winhttp"
+ pki_plugins=${pki_plugins}" winhttp"
+ scripts_plugins=${scripts_plugins}" winhttp"
+
+ fi
+
+if test x$soup = xtrue; then
+ s_plugins=${s_plugins}" soup"
+ charon_plugins=${charon_plugins}" soup"
+ pki_plugins=${pki_plugins}" soup"
+ scripts_plugins=${scripts_plugins}" soup"
+ nm_plugins=${nm_plugins}" soup"
+ cmd_plugins=${cmd_plugins}" soup"
+
+ fi
+
if test x$attr = xtrue; then
h_plugins=${h_plugins}" attr"
charon_plugins=${charon_plugins}" attr"
@@ -21664,6 +22237,12 @@ if test x$whitelist = xtrue; then
fi
+if test x$ext_auth = xtrue; then
+ c_plugins=${c_plugins}" ext-auth"
+ charon_plugins=${charon_plugins}" ext-auth"
+
+ fi
+
if test x$lookip = xtrue; then
c_plugins=${c_plugins}" lookip"
charon_plugins=${charon_plugins}" lookip"
@@ -22330,6 +22909,14 @@ else
USE_WHITELIST_FALSE=
fi
+ if test x$ext_auth = xtrue; then
+ USE_EXT_AUTH_TRUE=
+ USE_EXT_AUTH_FALSE='#'
+else
+ USE_EXT_AUTH_TRUE='#'
+ USE_EXT_AUTH_FALSE=
+fi
+
if test x$lookip = xtrue; then
USE_LOOKIP_TRUE=
USE_LOOKIP_FALSE='#'
@@ -22960,7 +23547,7 @@ else
USE_CONFTEST_FALSE=
fi
- if test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue; then
+ if test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue; then
USE_LIBSTRONGSWAN_TRUE=
USE_LIBSTRONGSWAN_FALSE='#'
else
@@ -22968,7 +23555,7 @@ else
USE_LIBSTRONGSWAN_FALSE=
fi
- if test x$charon = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue; then
+ if test x$charon = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue; then
USE_LIBHYDRA_TRUE=
USE_LIBHYDRA_FALSE='#'
else
@@ -22976,7 +23563,7 @@ else
USE_LIBHYDRA_FALSE=
fi
- if test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue; then
+ if test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue; then
USE_LIBCHARON_TRUE=
USE_LIBCHARON_FALSE='#'
else
@@ -23088,14 +23675,6 @@ else
USE_IMCV_FALSE=
fi
- if test x$pts = xtrue; then
- USE_PTS_TRUE=
- USE_PTS_FALSE='#'
-else
- USE_PTS_TRUE='#'
- USE_PTS_FALSE=
-fi
-
if test x$tss = xtrousers -o x$aikgen = xtrue; then
USE_TROUSERS_TRUE=
USE_TROUSERS_FALSE='#'
@@ -23176,6 +23755,30 @@ else
USE_SVC_FALSE=
fi
+ if test x$systemd = xtrue; then
+ USE_SYSTEMD_TRUE=
+ USE_SYSTEMD_FALSE='#'
+else
+ USE_SYSTEMD_TRUE='#'
+ USE_SYSTEMD_FALSE=
+fi
+
+ if test -n "$systemdsystemunitdir" -a "x$systemdsystemunitdir" != xno; then
+ USE_LEGACY_SYSTEMD_TRUE=
+ USE_LEGACY_SYSTEMD_FALSE='#'
+else
+ USE_LEGACY_SYSTEMD_TRUE='#'
+ USE_LEGACY_SYSTEMD_FALSE=
+fi
+
+ if test x$ruby_gems = xtrue; then
+ USE_RUBY_GEMS_TRUE=
+ USE_RUBY_GEMS_FALSE='#'
+else
+ USE_RUBY_GEMS_TRUE='#'
+ USE_RUBY_GEMS_FALSE=
+fi
+
# ========================
# set global definitions
@@ -23259,7 +23862,7 @@ fi
# build Makefiles
# =================
-ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/li [...]
+ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswa [...]
# =================
@@ -23394,10 +23997,6 @@ else
am__EXEEXT_FALSE=
fi
-if test -z "${HAVE_SYSTEMD_TRUE}" && test -z "${HAVE_SYSTEMD_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_SYSTEMD\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
as_fn_error $? "conditional \"AMDEP\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -23699,6 +24298,10 @@ if test -z "${USE_WHITELIST_TRUE}" && test -z "${USE_WHITELIST_FALSE}"; then
as_fn_error $? "conditional \"USE_WHITELIST\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_EXT_AUTH_TRUE}" && test -z "${USE_EXT_AUTH_FALSE}"; then
+ as_fn_error $? "conditional \"USE_EXT_AUTH\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_LOOKIP_TRUE}" && test -z "${USE_LOOKIP_FALSE}"; then
as_fn_error $? "conditional \"USE_LOOKIP\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -24075,10 +24678,6 @@ if test -z "${USE_IMCV_TRUE}" && test -z "${USE_IMCV_FALSE}"; then
as_fn_error $? "conditional \"USE_IMCV\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
-if test -z "${USE_PTS_TRUE}" && test -z "${USE_PTS_FALSE}"; then
- as_fn_error $? "conditional \"USE_PTS\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
if test -z "${USE_TROUSERS_TRUE}" && test -z "${USE_TROUSERS_FALSE}"; then
as_fn_error $? "conditional \"USE_TROUSERS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -24119,6 +24718,18 @@ if test -z "${USE_SVC_TRUE}" && test -z "${USE_SVC_FALSE}"; then
as_fn_error $? "conditional \"USE_SVC\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then
+ as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_LEGACY_SYSTEMD_TRUE}" && test -z "${USE_LEGACY_SYSTEMD_FALSE}"; then
+ as_fn_error $? "conditional \"USE_LEGACY_SYSTEMD\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_RUBY_GEMS_TRUE}" && test -z "${USE_RUBY_GEMS_FALSE}"; then
+ as_fn_error $? "conditional \"USE_RUBY_GEMS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
: "${CONFIG_STATUS=./config.status}"
ac_write_fail=0
@@ -24516,7 +25127,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by strongSwan $as_me 5.2.0, which was
+This file was extended by strongSwan $as_me 5.2.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -24582,7 +25193,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-strongSwan config.status 5.2.0
+strongSwan config.status 5.2.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -24996,6 +25607,7 @@ do
"man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
"init/Makefile") CONFIG_FILES="$CONFIG_FILES init/Makefile" ;;
"init/systemd/Makefile") CONFIG_FILES="$CONFIG_FILES init/systemd/Makefile" ;;
+ "init/systemd-swanctl/Makefile") CONFIG_FILES="$CONFIG_FILES init/systemd-swanctl/Makefile" ;;
"src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
"src/include/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/Makefile" ;;
"src/libstrongswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/Makefile" ;;
@@ -25069,11 +25681,6 @@ do
"src/libtnccs/plugins/tnccs_20/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtnccs/plugins/tnccs_20/Makefile" ;;
"src/libtnccs/plugins/tnccs_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtnccs/plugins/tnccs_dynamic/Makefile" ;;
"src/libpttls/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpttls/Makefile" ;;
- "src/libpts/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpts/Makefile" ;;
- "src/libpts/plugins/imc_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpts/plugins/imc_attestation/Makefile" ;;
- "src/libpts/plugins/imv_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpts/plugins/imv_attestation/Makefile" ;;
- "src/libpts/plugins/imc_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpts/plugins/imc_swid/Makefile" ;;
- "src/libpts/plugins/imv_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpts/plugins/imv_swid/Makefile" ;;
"src/libimcv/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/Makefile" ;;
"src/libimcv/plugins/imc_test/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_test/Makefile" ;;
"src/libimcv/plugins/imv_test/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_test/Makefile" ;;
@@ -25081,11 +25688,16 @@ do
"src/libimcv/plugins/imv_scanner/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_scanner/Makefile" ;;
"src/libimcv/plugins/imc_os/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_os/Makefile" ;;
"src/libimcv/plugins/imv_os/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_os/Makefile" ;;
+ "src/libimcv/plugins/imc_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_attestation/Makefile" ;;
+ "src/libimcv/plugins/imv_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_attestation/Makefile" ;;
+ "src/libimcv/plugins/imc_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_swid/Makefile" ;;
+ "src/libimcv/plugins/imv_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_swid/Makefile" ;;
"src/charon/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/Makefile" ;;
"src/charon-nm/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon-nm/Makefile" ;;
"src/charon-tkm/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon-tkm/Makefile" ;;
"src/charon-cmd/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon-cmd/Makefile" ;;
"src/charon-svc/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon-svc/Makefile" ;;
+ "src/charon-systemd/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon-systemd/Makefile" ;;
"src/libcharon/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/Makefile" ;;
"src/libcharon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka/Makefile" ;;
"src/libcharon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp2/Makefile" ;;
@@ -25129,6 +25741,7 @@ do
"src/libcharon/plugins/kernel_wfp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_wfp/Makefile" ;;
"src/libcharon/plugins/kernel_iph/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_iph/Makefile" ;;
"src/libcharon/plugins/whitelist/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/whitelist/Makefile" ;;
+ "src/libcharon/plugins/ext_auth/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/ext_auth/Makefile" ;;
"src/libcharon/plugins/lookip/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/lookip/Makefile" ;;
"src/libcharon/plugins/error_notify/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/error_notify/Makefile" ;;
"src/libcharon/plugins/certexpire/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/certexpire/Makefile" ;;
@@ -25143,6 +25756,7 @@ do
"src/libcharon/plugins/maemo/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/maemo/Makefile" ;;
"src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;;
"src/libcharon/plugins/vici/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/vici/Makefile" ;;
+ "src/libcharon/plugins/vici/ruby/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/vici/ruby/Makefile" ;;
"src/libcharon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/updown/Makefile" ;;
"src/libcharon/plugins/dhcp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/dhcp/Makefile" ;;
"src/libcharon/plugins/unit_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/unit_tester/Makefile" ;;
diff --git a/configure.ac b/configure.ac
index 8f4d763..7a3c328 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
#
# Copyright (C) 2007-2014 Tobias Brunner
-# Copyright (C) 2006-2013 Andreas Steffen
-# Copyright (C) 2006-2013 Martin Willi
+# Copyright (C) 2006-2014 Andreas Steffen
+# Copyright (C) 2006-2014 Martin Willi
# Hochschule fuer Technik Rapperswil
#
# This program is free software; you can redistribute it and/or modify it
@@ -19,7 +19,7 @@
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.2.0])
+AC_INIT([strongSwan],[5.2.1])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
@@ -68,12 +68,12 @@ ARG_WITH_SET([capabilities], [no], [set capability dropping library. Cur
ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
ARG_WITH_SET([dev-headers], [no], [install strongSwan development headers to directory.])
ARG_WITH_SET([printf-hooks], [auto], [force the use of a specific printf hook implementation (auto, builtin, glibc, vstr).])
+ARG_WITH_SET([rubygemdir], ["gem environment gemdir"], [path to install ruby gems to])
if test -n "$PKG_CONFIG"; then
systemdsystemunitdir_default=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)
fi
ARG_WITH_SET([systemdsystemunitdir], [$systemdsystemunitdir_default], [directory for systemd service files])
-AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$systemdsystemunitdir" -a "x$systemdsystemunitdir" != xno])
AC_SUBST(systemdsystemunitdir)
AC_ARG_WITH(
@@ -190,6 +190,7 @@ ARG_ENABL_SET([eap-peap], [enable EAP PEAP authentication module.])
ARG_ENABL_SET([eap-tnc], [enable EAP TNC trusted network connect module.])
ARG_ENABL_SET([eap-dynamic], [enable dynamic EAP proxy module.])
ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authentication module.])
+ARG_ENABL_SET([ext-auth], [enable plugin calling an external authorization script.])
ARG_ENABL_SET([ipseckey], [enable IPSECKEY authentication plugin.])
ARG_ENABL_SET([keychain], [enables OS X Keychain Services credential set.])
ARG_ENABL_SET([pkcs11], [enables the PKCS11 token support plugin.])
@@ -273,6 +274,7 @@ ARG_DISBL_SET([pki], [disable pki certificate utility.])
ARG_DISBL_SET([scepclient], [disable SCEP client tool.])
ARG_DISBL_SET([scripts], [disable additional utilities (found in directory scripts).])
ARG_ENABL_SET([svc], [enable charon Windows service.])
+ARG_ENABL_SET([systemd], [enable systemd specific IKE daemon charon-systemd.])
ARG_ENABL_SET([swanctl], [enable swanctl configuration and control tool.])
ARG_ENABL_SET([tkm], [enable Trusted Key Manager support.])
# optional features
@@ -284,6 +286,7 @@ ARG_ENABL_SET([integrity-test], [enable integrity testing of libstrongswan and p
ARG_DISBL_SET([load-warning], [disable the charon plugin load option warning in starter.])
ARG_ENABL_SET([mediation], [enable IKEv2 Mediation Extension.])
ARG_ENABL_SET([unwind-backtraces],[use libunwind to create backtraces for memory leaks and segfaults.])
+ARG_ENABL_SET([ruby-gems], [enable installation of provided ruby gems.])
# compile options
ARG_ENABL_SET([coverage], [enable lcov coverage report generation.])
ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.])
@@ -397,10 +400,6 @@ if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$i
imcv=true;
fi
-if test x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue; then
- pts=true;
-fi
-
if test x$fips_prf = xtrue; then
if test x$openssl = xfalse; then
sha1=true;
@@ -575,9 +574,9 @@ AC_CHECK_FUNC([syslog], [
])
AM_CONDITIONAL(USE_SYSLOG, [test "x$syslog" = xtrue])
-AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h linux/fib_rules.h)
+AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h)
AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h)
-AC_CHECK_HEADERS(netinet/ip6.h, [], [],
+AC_CHECK_HEADERS([netinet/ip6.h linux/fib_rules.h], [], [],
[
#include <sys/types.h>
#include <netinet/in.h>
@@ -630,6 +629,18 @@ AC_COMPILE_IFELSE(
[AC_MSG_RESULT([no])]
)
+AC_MSG_CHECKING([for RTM_IFANNOUNCE])
+AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <sys/socket.h>
+ #include <net/if.h>
+ #include <net/route.h>]],
+ [[return RTM_IFANNOUNCE;]])],
+ [AC_MSG_RESULT([yes]);
+ AC_DEFINE([HAVE_RTM_IFANNOUNCE], [], [have PF_ROUTE RTM_IFANNOUNCE defined])],
+ [AC_MSG_RESULT([no])]
+)
+
AC_MSG_CHECKING([for IPSEC_MODE_BEET])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
@@ -869,6 +880,23 @@ if test x$xml = xtrue; then
AC_SUBST(xml_LIBS)
fi
+if test x$systemd = xtrue; then
+ AC_MSG_CHECKING([for systemd system unit directory])
+ if test -n "$systemdsystemunitdir" -a "x$systemdsystemunitdir" != xno; then
+ AC_MSG_RESULT([$systemdsystemunitdir])
+ else
+ AC_MSG_ERROR([not found (try --with-systemdsystemunitdir)])
+ fi
+
+ PKG_CHECK_MODULES(systemd_daemon, [libsystemd-daemon])
+ AC_SUBST(systemd_daemon_CFLAGS)
+ AC_SUBST(systemd_daemon_LIBS)
+
+ PKG_CHECK_MODULES(systemd_journal, [libsystemd-journal])
+ AC_SUBST(systemd_journal_CFLAGS)
+ AC_SUBST(systemd_journal_LIBS)
+fi
+
if test x$tss = xtrousers; then
AC_CHECK_LIB([tspi],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([TrouSerS library libtspi not found])],[])
AC_CHECK_HEADER([trousers/tss.h],,[AC_MSG_ERROR([TrouSerS header trousers/tss.h not found!])])
@@ -876,8 +904,10 @@ if test x$tss = xtrousers; then
fi
if test x$imv_swid = xtrue; then
- AC_CHECK_LIB([json],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([JSON library libjson not found])],[])
- AC_CHECK_HEADER([json/json.h],,[AC_MSG_ERROR([JSON header json/json.h not found!])])
+ PKG_CHECK_MODULES(json, [json-c], [],
+ [PKG_CHECK_MODULES(json, [json])])
+ AC_SUBST(json_CFLAGS)
+ AC_SUBST(json_LIBS)
fi
if test x$dumm = xtrue; then
@@ -1136,6 +1166,17 @@ if test x$coverage = xtrue; then
CFLAGS="${CFLAGS} -g -O0"
fi
+if test x$ruby_gems = xtrue; then
+ AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
+ if test x$GEM = x; then
+ AC_MSG_ERROR(RubyGems package manager not found)
+ fi
+ if test "x$rubygemdir" = "xgem environment gemdir"; then
+ rubygemdir=$($GEM environment gemdir)
+ fi
+ AC_SUBST(RUBYGEMDIR, "$rubygemdir")
+fi
+
# ===============================================
# collect plugin list for strongSwan components
# ===============================================
@@ -1164,9 +1205,6 @@ s_plugins=
t_plugins=
ADD_PLUGIN([test-vectors], [s charon scepclient pki])
-ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([winhttp], [s charon pki scripts])
-ADD_PLUGIN([soup], [s charon pki scripts nm cmd])
ADD_PLUGIN([unbound], [s charon scripts])
ADD_PLUGIN([ldap], [s charon scepclient scripts nm cmd])
ADD_PLUGIN([mysql], [s charon pool manager medsrv attest])
@@ -1213,6 +1251,9 @@ ADD_PLUGIN([ctr], [s charon scripts nm cmd])
ADD_PLUGIN([ccm], [s charon scripts nm cmd])
ADD_PLUGIN([gcm], [s charon scripts nm cmd])
ADD_PLUGIN([ntru], [s charon scripts nm cmd])
+ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd])
+ADD_PLUGIN([winhttp], [s charon pki scripts])
+ADD_PLUGIN([soup], [s charon pki scripts nm cmd])
ADD_PLUGIN([attr], [h charon])
ADD_PLUGIN([attr-sql], [h charon])
ADD_PLUGIN([load-tester], [c charon])
@@ -1270,6 +1311,7 @@ ADD_PLUGIN([android-dns], [c charon])
ADD_PLUGIN([android-log], [c charon])
ADD_PLUGIN([ha], [c charon])
ADD_PLUGIN([whitelist], [c charon])
+ADD_PLUGIN([ext-auth], [c charon])
ADD_PLUGIN([lookip], [c charon])
ADD_PLUGIN([error-notify], [c charon])
ADD_PLUGIN([certexpire], [c charon])
@@ -1381,6 +1423,7 @@ AM_CONDITIONAL(USE_KERNEL_LIBIPSEC, test x$kernel_libipsec = xtrue)
AM_CONDITIONAL(USE_KERNEL_WFP, test x$kernel_wfp = xtrue)
AM_CONDITIONAL(USE_KERNEL_IPH, test x$kernel_iph = xtrue)
AM_CONDITIONAL(USE_WHITELIST, test x$whitelist = xtrue)
+AM_CONDITIONAL(USE_EXT_AUTH, test x$ext_auth = xtrue)
AM_CONDITIONAL(USE_LOOKIP, test x$lookip = xtrue)
AM_CONDITIONAL(USE_ERROR_NOTIFY, test x$error_notify = xtrue)
AM_CONDITIONAL(USE_CERTEXPIRE, test x$certexpire = xtrue)
@@ -1465,9 +1508,9 @@ AM_CONDITIONAL(USE_PKI, test x$pki = xtrue)
AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue)
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
-AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue)
-AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue)
-AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue)
+AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
+AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
+AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue)
AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
@@ -1481,7 +1524,6 @@ AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue)
AM_CONDITIONAL(USE_TLS, test x$tls = xtrue)
AM_CONDITIONAL(USE_RADIUS, test x$radius = xtrue)
AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue)
-AM_CONDITIONAL(USE_PTS, test x$pts = xtrue)
AM_CONDITIONAL(USE_TROUSERS, test x$tss = xtrousers -o x$aikgen = xtrue)
AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
AM_CONDITIONAL(USE_SILENT_RULES, test x$enable_silent_rules = xyes)
@@ -1492,6 +1534,9 @@ AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue)
AM_CONDITIONAL(USE_AIKGEN, test x$aikgen = xtrue)
AM_CONDITIONAL(USE_SWANCTL, test x$swanctl = xtrue)
AM_CONDITIONAL(USE_SVC, test x$svc = xtrue)
+AM_CONDITIONAL(USE_SYSTEMD, test x$systemd = xtrue)
+AM_CONDITIONAL(USE_LEGACY_SYSTEMD, test -n "$systemdsystemunitdir" -a "x$systemdsystemunitdir" != xno)
+AM_CONDITIONAL(USE_RUBY_GEMS, test x$ruby_gems = xtrue)
# ========================
# set global definitions
@@ -1545,6 +1590,7 @@ AC_CONFIG_FILES([
man/Makefile
init/Makefile
init/systemd/Makefile
+ init/systemd-swanctl/Makefile
src/Makefile
src/include/Makefile
src/libstrongswan/Makefile
@@ -1618,11 +1664,6 @@ AC_CONFIG_FILES([
src/libtnccs/plugins/tnccs_20/Makefile
src/libtnccs/plugins/tnccs_dynamic/Makefile
src/libpttls/Makefile
- src/libpts/Makefile
- src/libpts/plugins/imc_attestation/Makefile
- src/libpts/plugins/imv_attestation/Makefile
- src/libpts/plugins/imc_swid/Makefile
- src/libpts/plugins/imv_swid/Makefile
src/libimcv/Makefile
src/libimcv/plugins/imc_test/Makefile
src/libimcv/plugins/imv_test/Makefile
@@ -1630,11 +1671,16 @@ AC_CONFIG_FILES([
src/libimcv/plugins/imv_scanner/Makefile
src/libimcv/plugins/imc_os/Makefile
src/libimcv/plugins/imv_os/Makefile
+ src/libimcv/plugins/imc_attestation/Makefile
+ src/libimcv/plugins/imv_attestation/Makefile
+ src/libimcv/plugins/imc_swid/Makefile
+ src/libimcv/plugins/imv_swid/Makefile
src/charon/Makefile
src/charon-nm/Makefile
src/charon-tkm/Makefile
src/charon-cmd/Makefile
src/charon-svc/Makefile
+ src/charon-systemd/Makefile
src/libcharon/Makefile
src/libcharon/plugins/eap_aka/Makefile
src/libcharon/plugins/eap_aka_3gpp2/Makefile
@@ -1678,6 +1724,7 @@ AC_CONFIG_FILES([
src/libcharon/plugins/kernel_wfp/Makefile
src/libcharon/plugins/kernel_iph/Makefile
src/libcharon/plugins/whitelist/Makefile
+ src/libcharon/plugins/ext_auth/Makefile
src/libcharon/plugins/lookip/Makefile
src/libcharon/plugins/error_notify/Makefile
src/libcharon/plugins/certexpire/Makefile
@@ -1692,6 +1739,7 @@ AC_CONFIG_FILES([
src/libcharon/plugins/maemo/Makefile
src/libcharon/plugins/stroke/Makefile
src/libcharon/plugins/vici/Makefile
+ src/libcharon/plugins/vici/ruby/Makefile
src/libcharon/plugins/updown/Makefile
src/libcharon/plugins/dhcp/Makefile
src/libcharon/plugins/unit_tester/Makefile
diff --git a/init/Makefile.am b/init/Makefile.am
index 69439a1..a72706c 100644
--- a/init/Makefile.am
+++ b/init/Makefile.am
@@ -1,6 +1,12 @@
SUBDIRS =
-if HAVE_SYSTEMD
+if USE_LEGACY_SYSTEMD
SUBDIRS += systemd
endif
+
+if USE_SYSTEMD
+if USE_SWANCTL
+ SUBDIRS += systemd-swanctl
+endif
+endif
diff --git a/init/Makefile.in b/init/Makefile.in
index b48d335..3da1e65 100644
--- a/init/Makefile.in
+++ b/init/Makefile.in
@@ -77,7 +77,8 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
- at HAVE_SYSTEMD_TRUE@am__append_1 = systemd
+ at USE_LEGACY_SYSTEMD_TRUE@am__append_1 = systemd
+ at USE_SWANCTL_TRUE@@USE_SYSTEMD_TRUE at am__append_2 = systemd-swanctl
subdir = init
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -151,7 +152,7 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = systemd
+DIST_SUBDIRS = systemd systemd-swanctl
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -209,6 +210,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -269,6 +271,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -334,6 +337,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -381,6 +386,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -390,7 +399,7 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-SUBDIRS = $(am__append_1)
+SUBDIRS = $(am__append_1) $(am__append_2)
all: all-recursive
.SUFFIXES:
diff --git a/init/systemd-swanctl/Makefile.am b/init/systemd-swanctl/Makefile.am
new file mode 100644
index 0000000..eee30ac
--- /dev/null
+++ b/init/systemd-swanctl/Makefile.am
@@ -0,0 +1,11 @@
+
+EXTRA_DIST = strongswan-swanctl.service.in
+CLEANFILES = strongswan-swanctl.service
+
+systemdsystemunit_DATA = strongswan-swanctl.service
+
+strongswan-swanctl.service : strongswan-swanctl.service.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:@SBINDIR@:$(sbindir):" \
+ $(srcdir)/$@.in > $@
diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in
new file mode 100644
index 0000000..14089c4
--- /dev/null
+++ b/init/systemd-swanctl/Makefile.in
@@ -0,0 +1,598 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = init/systemd-swanctl
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(systemdsystemunitdir)"
+DATA = $(systemdsystemunit_DATA)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+EXTRA_DIST = strongswan-swanctl.service.in
+CLEANFILES = strongswan-swanctl.service
+systemdsystemunit_DATA = strongswan-swanctl.service
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu init/systemd-swanctl/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu init/systemd-swanctl/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-systemdsystemunitDATA: $(systemdsystemunit_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(systemdsystemunit_DATA)'; test -n "$(systemdsystemunitdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(systemdsystemunitdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(systemdsystemunitdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(systemdsystemunitdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(systemdsystemunitdir)" || exit $$?; \
+ done
+
+uninstall-systemdsystemunitDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(systemdsystemunit_DATA)'; test -n "$(systemdsystemunitdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(systemdsystemunitdir)'; $(am__uninstall_files_from_dir)
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(systemdsystemunitdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-systemdsystemunitDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-systemdsystemunitDATA
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ cscopelist-am ctags-am distclean distclean-generic \
+ distclean-libtool distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip install-systemdsystemunitDATA installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
+ uninstall-am uninstall-systemdsystemunitDATA
+
+
+strongswan-swanctl.service : strongswan-swanctl.service.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:@SBINDIR@:$(sbindir):" \
+ $(srcdir)/$@.in > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/init/systemd-swanctl/strongswan-swanctl.service.in b/init/systemd-swanctl/strongswan-swanctl.service.in
new file mode 100644
index 0000000..818d352
--- /dev/null
+++ b/init/systemd-swanctl/strongswan-swanctl.service.in
@@ -0,0 +1,9 @@
+[Unit]
+Description=strongSwan IPsec IKEv1/IKEv2 daemon using swanctl
+After=network.target
+
+[Service]
+Type=notify
+ExecStart=@SBINDIR@/charon-systemd
+ExecStartPost=@SBINDIR@/swanctl --load-all --noprompt
+ExecReload=@SBINDIR@/swanctl --reload
diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in
index 27a767c..a8c7af6 100644
--- a/init/systemd/Makefile.in
+++ b/init/systemd/Makefile.in
@@ -178,6 +178,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -238,6 +239,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -303,6 +305,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -350,6 +354,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/init/systemd/strongswan.service.in b/init/systemd/strongswan.service.in
index dee892e..608078b 100644
--- a/init/systemd/strongswan.service.in
+++ b/init/systemd/strongswan.service.in
@@ -1,5 +1,5 @@
[Unit]
-Description=strongSwan IPsec
+Description=strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
After=syslog.target
[Service]
diff --git a/man/Makefile.am b/man/Makefile.am
index fbc78b9..5f9a938 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -1,5 +1,9 @@
-man_MANS = \
+man_MANS =
+
+if USE_FILE_CONFIG
+ man_MANS += \
ipsec.conf.5 \
ipsec.secrets.5
+endif
CLEANFILES = $(man_MANS)
diff --git a/man/Makefile.in b/man/Makefile.in
index bd3141d..08aee19 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -77,6 +77,10 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
+ at USE_FILE_CONFIG_TRUE@am__append_1 = \
+ at USE_FILE_CONFIG_TRUE@ ipsec.conf.5 \
+ at USE_FILE_CONFIG_TRUE@ ipsec.secrets.5
+
subdir = man
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(srcdir)/ipsec.conf.5.in $(srcdir)/ipsec.secrets.5.in
@@ -180,6 +184,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -240,6 +245,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -305,6 +311,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -352,6 +360,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -361,10 +373,7 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
-man_MANS = \
- ipsec.conf.5 \
- ipsec.secrets.5
-
+man_MANS = $(am__append_1)
CLEANFILES = $(man_MANS)
all: all-am
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 0f8564a..fe37dff 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -795,8 +795,9 @@ or
prefix in front of 0x or 0s, the public key is expected to be in either
the RFC 3110 (not the full RR, only RSA key part) or RFC 4253 public key format,
respectively.
-Also accepted is the path to a file containing the public key in PEM or DER
-encoding.
+Also accepted is the path to a file containing the public key in PEM, DER or SSH
+encoding. Both absolute paths or paths relative to \fI/etc/ipsec.d/certs\fP
+are accepted.
.TP
.BR leftsendcert " = never | no | " ifasked " | always | yes"
Accepted values are
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index 7343465..811dc29 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -285,6 +285,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -345,6 +346,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -410,6 +412,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -457,6 +461,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/Makefile.am b/src/Makefile.am
index 95c68d0..38363d4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -40,10 +40,6 @@ if USE_IMCV
SUBDIRS += libimcv
endif
-if USE_PTS
- SUBDIRS += libpts
-endif
-
if USE_LIBCHARON
SUBDIRS += libcharon
endif
@@ -60,6 +56,10 @@ if USE_CHARON
SUBDIRS += charon
endif
+if USE_SYSTEMD
+ SUBDIRS += charon-systemd
+endif
+
if USE_NM
SUBDIRS += charon-nm
endif
diff --git a/src/Makefile.in b/src/Makefile.in
index 141ca3e..2dd0460 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -87,11 +87,11 @@ host_triplet = @host@
@USE_LIBTNCCS_TRUE at am__append_8 = libtnccs
@USE_LIBPTTLS_TRUE at am__append_9 = libpttls
@USE_IMCV_TRUE at am__append_10 = libimcv
- at USE_PTS_TRUE@am__append_11 = libpts
- at USE_LIBCHARON_TRUE@am__append_12 = libcharon
- at USE_FILE_CONFIG_TRUE@am__append_13 = starter
- at USE_IPSEC_SCRIPT_TRUE@am__append_14 = ipsec _copyright
- at USE_CHARON_TRUE@am__append_15 = charon
+ at USE_LIBCHARON_TRUE@am__append_11 = libcharon
+ at USE_FILE_CONFIG_TRUE@am__append_12 = starter
+ at USE_IPSEC_SCRIPT_TRUE@am__append_13 = ipsec _copyright
+ at USE_CHARON_TRUE@am__append_14 = charon
+ at USE_SYSTEMD_TRUE@am__append_15 = charon-systemd
@USE_NM_TRUE at am__append_16 = charon-nm
@USE_STROKE_TRUE at am__append_17 = stroke
@USE_UPDOWN_TRUE at am__append_18 = _updown _updown_espmark
@@ -185,11 +185,11 @@ am__define_uniq_tagged_files = \
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = . include libstrongswan libhydra libipsec libsimaka \
- libtls libradius libtncif libtnccs libpttls libimcv libpts \
- libcharon starter ipsec _copyright charon charon-nm stroke \
- _updown _updown_espmark scepclient pki swanctl conftest dumm \
- libfast manager medsrv pool charon-tkm charon-cmd charon-svc \
- pt-tls-client checksum aikgen
+ libtls libradius libtncif libtnccs libpttls libimcv libcharon \
+ starter ipsec _copyright charon charon-systemd charon-nm \
+ stroke _updown _updown_espmark scepclient pki swanctl conftest \
+ dumm libfast manager medsrv pool charon-tkm charon-cmd \
+ charon-svc pt-tls-client checksum aikgen
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -247,6 +247,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -307,6 +308,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -372,6 +374,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -419,6 +423,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 8591e6a..a17bbcc 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -201,6 +201,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -261,6 +262,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -326,6 +328,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -373,6 +377,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index ec23208..a215a25 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in
index 49cdc90..51a0d9a 100644
--- a/src/_updown_espmark/Makefile.in
+++ b/src/_updown_espmark/Makefile.in
@@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in
index 77d825f..2bd5be6 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikgen/Makefile.in
@@ -204,6 +204,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -264,6 +265,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -329,6 +331,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -376,6 +380,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index c74c5b6..9f67eec 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
index b41cf46..6f2b6f1 100644
--- a/src/charon-cmd/charon-cmd.c
+++ b/src/charon-cmd/charon-cmd.c
@@ -126,15 +126,12 @@ static int run()
{
DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading "
"configuration");
-#ifdef STRONGSWAN_CONF
- if (lib->settings->load_files(lib->settings, STRONGSWAN_CONF,
- FALSE))
+ if (lib->settings->load_files(lib->settings, lib->conf, FALSE))
{
charon->load_loggers(charon, levels, TRUE);
lib->plugins->reload(lib->plugins, NULL);
}
else
-#endif
{
DBG1(DBG_DMN, "reloading config failed, keeping old");
}
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 5fad214..69cbfe0 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -209,6 +209,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -269,6 +270,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -334,6 +336,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -381,6 +385,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c
index ebebde2..613c2f6 100644
--- a/src/charon-nm/nm/nm_backend.c
+++ b/src/charon-nm/nm/nm_backend.c
@@ -174,5 +174,5 @@ void nm_backend_register()
PLUGIN_SDEPEND(CERT_DECODE, CERT_X509),
};
lib->plugins->add_static_features(lib->plugins, "nm-backend", features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
}
diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in
index 3948362..3783ac9 100644
--- a/src/charon-svc/Makefile.in
+++ b/src/charon-svc/Makefile.in
@@ -203,6 +203,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -263,6 +264,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -328,6 +330,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -375,6 +379,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-systemd/Makefile.am b/src/charon-systemd/Makefile.am
new file mode 100644
index 0000000..1b9ac15
--- /dev/null
+++ b/src/charon-systemd/Makefile.am
@@ -0,0 +1,19 @@
+sbin_PROGRAMS = charon-systemd
+
+charon_systemd_SOURCES = \
+charon-systemd.c
+
+charon-systemd.o : $(top_builddir)/config.status
+
+charon_systemd_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon \
+ $(systemd_daemon_CFLAGS) $(systemd_journal_CFLAGS) \
+ -DPLUGINS=\""${charon_plugins}\""
+
+charon_systemd_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB)
diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in
new file mode 100644
index 0000000..790c8ef
--- /dev/null
+++ b/src/charon-systemd/Makefile.in
@@ -0,0 +1,765 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = charon-systemd$(EXEEXT)
+subdir = src/charon-systemd
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_charon_systemd_OBJECTS = charon_systemd-charon-systemd.$(OBJEXT)
+charon_systemd_OBJECTS = $(am_charon_systemd_OBJECTS)
+am__DEPENDENCIES_1 =
+charon_systemd_DEPENDENCIES = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_ at AM_V@)
+am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(charon_systemd_SOURCES)
+DIST_SOURCES = $(charon_systemd_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+charon_systemd_SOURCES = \
+charon-systemd.c
+
+charon_systemd_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon \
+ $(systemd_daemon_CFLAGS) $(systemd_journal_CFLAGS) \
+ -DPLUGINS=\""${charon_plugins}\""
+
+charon_systemd_LDADD = \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libhydra/libhydra.la \
+ $(top_builddir)/src/libcharon/libcharon.la \
+ $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-systemd/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/charon-systemd/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+charon-systemd$(EXEEXT): $(charon_systemd_OBJECTS) $(charon_systemd_DEPENDENCIES) $(EXTRA_charon_systemd_DEPENDENCIES)
+ @rm -f charon-systemd$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(charon_systemd_OBJECTS) $(charon_systemd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/charon_systemd-charon-systemd.Po at am__quote@
+
+.c.o:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+ at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+charon_systemd-charon-systemd.o: charon-systemd.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT charon_systemd-charon-systemd.o -MD -MP -MF $(DEPDIR)/charon_systemd-charon-systemd.Tpo -c -o charon_systemd-charon-systemd.o `test -f 'charon-systemd.c' || echo '$(srcdir)/'`charon-systemd.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/charon_systemd-charon-systemd.Tpo $(DEPDIR)/charon_systemd-charon-systemd.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='charon-systemd.c' object='charon_systemd-charon-systemd.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o charon_systemd-charon-systemd.o `test -f 'charon-systemd.c' || echo '$(srcdir)/'`charon-systemd.c
+
+charon_systemd-charon-systemd.obj: charon-systemd.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT charon_systemd-charon-systemd.obj -MD -MP -MF $(DEPDIR)/charon_systemd-charon-systemd.Tpo -c -o charon_systemd-charon-systemd.obj `if test -f 'charon-systemd.c'; then $(CYGPATH_W) 'charon-systemd.c'; else $(CYGPATH_W) '$(srcdir)/charon-systemd.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/charon_systemd-charon-systemd.Tpo $(DEPDIR)/charon_systemd-charon-systemd.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='charon-systemd.c' object='charon_systemd-charon-systemd.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(charon_systemd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o charon_systemd-charon-systemd.obj `if test -f 'charon-systemd.c'; then $(CYGPATH_W) 'charon-systemd.c'; else $(CYGPATH_W) '$(srcdir)/charon-systemd.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-sbinPROGRAMS install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am uninstall-sbinPROGRAMS
+
+
+charon-systemd.o : $(top_builddir)/config.status
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
new file mode 100644
index 0000000..4a2136f
--- /dev/null
+++ b/src/charon-systemd/charon-systemd.c
@@ -0,0 +1,403 @@
+/*
+ * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2005-2014 Martin Willi
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <signal.h>
+#include <stdio.h>
+#include <pthread.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <unistd.h>
+#include <errno.h>
+
+/* won't make sense from our logging hook */
+#define SD_JOURNAL_SUPPRESS_LOCATION
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-journal.h>
+
+#include <hydra.h>
+#include <daemon.h>
+
+#include <library.h>
+#include <utils/backtrace.h>
+#include <threading/thread.h>
+#include <threading/rwlock.h>
+
+/**
+ * hook in library for debugging messages
+ */
+extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
+
+/**
+ * Logging hook for library logs, using stderr output
+ */
+static void dbg_stderr(debug_t group, level_t level, char *fmt, ...)
+{
+ va_list args;
+
+ if (level <= 1)
+ {
+ va_start(args, fmt);
+ fprintf(stderr, "00[%N] ", debug_names, group);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\n");
+ va_end(args);
+ }
+}
+
+typedef struct journal_logger_t journal_logger_t;
+
+/**
+ * Logger implementation using systemd-journal
+ */
+struct journal_logger_t {
+
+ /**
+ * Implements logger_t
+ */
+ logger_t logger;
+
+ /**
+ * Configured loglevels
+ */
+ level_t levels[DBG_MAX];
+
+ /**
+ * Lock for levels
+ */
+ rwlock_t *lock;
+};
+
+METHOD(logger_t, vlog, void,
+ journal_logger_t *this, debug_t group, level_t level, int thread,
+ ike_sa_t *ike_sa, const char *fmt, va_list args)
+{
+ char buf[4096], *msg = buf;
+ ssize_t len;
+ va_list copy;
+
+ va_copy(copy, args);
+ len = vsnprintf(msg, sizeof(buf), fmt, copy);
+ va_end(copy);
+
+ if (len >= sizeof(buf))
+ {
+ len++;
+ msg = malloc(len);
+ va_copy(copy, args);
+ len = vsnprintf(msg, len, fmt, copy);
+ va_end(copy);
+ }
+ if (len > 0)
+ {
+ char unique[64] = "", name[256] = "";
+ int priority;
+
+ if (ike_sa)
+ {
+ snprintf(unique, sizeof(unique), "IKE_SA_UNIQUE_ID=%u",
+ ike_sa->get_unique_id(ike_sa));
+ if (ike_sa->get_peer_cfg(ike_sa))
+ {
+ snprintf(name, sizeof(name), "IKE_SA_NAME=%s",
+ ike_sa->get_name(ike_sa));
+ }
+ }
+ switch (level)
+ {
+ case LEVEL_AUDIT:
+ priority = LOG_NOTICE;
+ break;
+ case LEVEL_CTRL:
+ priority = LOG_INFO;
+ break;
+ default:
+ priority = LOG_DEBUG;
+ break;
+ }
+ sd_journal_send(
+ "MESSAGE=%s", msg,
+ "MESSAGE_ID=57d2708c-d607-43bd-8c39-66bf%.8x",
+ chunk_hash_static(chunk_from_str((char*)fmt)),
+ "PRIORITY=%d", priority,
+ "GROUP=%N", debug_names, group,
+ "LEVEL=%d", level,
+ "THREAD=%d", thread,
+ unique[0] ? unique : NULL,
+ name[0] ? name : NULL,
+ NULL);
+ }
+ if (msg != buf)
+ {
+ free(msg);
+ }
+}
+
+METHOD(logger_t, get_level, level_t,
+ journal_logger_t *this, debug_t group)
+{
+ level_t level;
+
+ this->lock->read_lock(this->lock);
+ level = this->levels[group];
+ this->lock->unlock(this->lock);
+
+ return level;
+}
+
+/**
+ * Reload journal logger configuration
+ */
+CALLBACK(journal_reload, bool,
+ journal_logger_t **journal)
+{
+ journal_logger_t *this = *journal;
+ debug_t group;
+ level_t def;
+
+ def = lib->settings->get_int(lib->settings, "%s.journal.default", 1, lib->ns);
+
+ this->lock->write_lock(this->lock);
+ for (group = 0; group < DBG_MAX; group++)
+ {
+ this->levels[group] =
+ lib->settings->get_int(lib->settings,
+ "%s.journal.%N", def, lib->ns, debug_lower_names, group);
+ }
+ this->lock->unlock(this->lock);
+
+ charon->bus->add_logger(charon->bus, &this->logger);
+
+ return TRUE;
+}
+
+/**
+ * Initialize/deinitialize journal logger
+ */
+static bool journal_register(void *plugin, plugin_feature_t *feature,
+ bool reg, journal_logger_t **logger)
+{
+ journal_logger_t *this;
+
+ if (reg)
+ {
+ INIT(this,
+ .logger = {
+ .vlog = _vlog,
+ .get_level = _get_level,
+ },
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ journal_reload(&this);
+
+ *logger = this;
+ return TRUE;
+ }
+ else
+ {
+ this = *logger;
+
+ charon->bus->remove_logger(charon->bus, &this->logger);
+
+ this->lock->destroy(this->lock);
+ free(this);
+
+ return TRUE;
+ }
+}
+
+/**
+ * Run the daemon and handle unix signals
+ */
+static int run()
+{
+ sigset_t set;
+
+ sigemptyset(&set);
+ sigaddset(&set, SIGTERM);
+ sigprocmask(SIG_BLOCK, &set, NULL);
+
+ sd_notify(0, "READY=1\n");
+
+ while (TRUE)
+ {
+ int sig, error;
+
+ error = sigwait(&set, &sig);
+ if (error)
+ {
+ DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(error));
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ switch (sig)
+ {
+ case SIGTERM:
+ {
+ DBG1(DBG_DMN, "SIGTERM received, shutting down");
+ charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
+ return 0;
+ }
+ default:
+ {
+ DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
+ break;
+ }
+ }
+ }
+}
+
+/**
+ * lookup UID and GID
+ */
+static bool lookup_uid_gid()
+{
+#ifdef IPSEC_USER
+ if (!lib->caps->resolve_uid(lib->caps, IPSEC_USER))
+ {
+ return FALSE;
+ }
+#endif /* IPSEC_USER */
+#ifdef IPSEC_GROUP
+ if (!lib->caps->resolve_gid(lib->caps, IPSEC_GROUP))
+ {
+ return FALSE;
+ }
+#endif /* IPSEC_GROUP */
+ return TRUE;
+}
+
+/**
+ * Handle SIGSEGV/SIGILL signals raised by threads
+ */
+static void segv_handler(int signal)
+{
+ backtrace_t *backtrace;
+
+ DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
+ backtrace = backtrace_create(2);
+ backtrace->log(backtrace, NULL, TRUE);
+ backtrace->log(backtrace, stderr, TRUE);
+ backtrace->destroy(backtrace);
+
+ DBG1(DBG_DMN, "killing ourself, received critical signal");
+ abort();
+}
+
+/**
+ * The journal logger instance
+ */
+static journal_logger_t *journal;
+
+/**
+ * Journal static features
+ */
+static plugin_feature_t features[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)journal_register, &journal),
+ PLUGIN_PROVIDE(CUSTOM, "systemd-journal"),
+};
+
+/**
+ * Main function, starts the daemon.
+ */
+int main(int argc, char *argv[])
+{
+ struct sigaction action;
+ struct utsname utsname;
+
+ dbg = dbg_stderr;
+
+ if (uname(&utsname) != 0)
+ {
+ memset(&utsname, 0, sizeof(utsname));
+ }
+
+ sd_notifyf(0, "STATUS=Starting charon-systemd, strongSwan %s, %s %s, %s",
+ VERSION, utsname.sysname, utsname.release, utsname.machine);
+
+ atexit(library_deinit);
+ if (!library_init(NULL, "charon-systemd"))
+ {
+ sd_notifyf(0, "STATUS=libstrongswan initialization failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ if (lib->integrity &&
+ !lib->integrity->check_file(lib->integrity, "charon-systemd", argv[0]))
+ {
+ sd_notifyf(0, "STATUS=integrity check of charon-systemd failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ atexit(libhydra_deinit);
+ if (!libhydra_init())
+ {
+ sd_notifyf(0, "STATUS=libhydra initialization failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ atexit(libcharon_deinit);
+ if (!libcharon_init())
+ {
+ sd_notifyf(0, "STATUS=libcharon initialization failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ if (!lookup_uid_gid())
+ {
+ sd_notifyf(0, "STATUS=unknown uid/gid");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ charon->load_loggers(charon, NULL, FALSE);
+
+ lib->plugins->add_static_features(lib->plugins, lib->ns, features,
+ countof(features), TRUE, journal_reload, &journal);
+
+ if (!charon->initialize(charon, PLUGINS))
+ {
+ sd_notifyf(0, "STATUS=charon initialization failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+ lib->plugins->status(lib->plugins, LEVEL_CTRL);
+
+ if (!lib->caps->drop(lib->caps))
+ {
+ sd_notifyf(0, "STATUS=dropping capabilities failed");
+ return SS_RC_INITIALIZATION_FAILED;
+ }
+
+ /* add handler for SEGV and ILL,
+ * INT, TERM and HUP are handled by sigwait() in run() */
+ action.sa_handler = segv_handler;
+ action.sa_flags = 0;
+ sigemptyset(&action.sa_mask);
+ sigaddset(&action.sa_mask, SIGINT);
+ sigaddset(&action.sa_mask, SIGTERM);
+ sigaddset(&action.sa_mask, SIGHUP);
+ sigaction(SIGSEGV, &action, NULL);
+ sigaction(SIGILL, &action, NULL);
+ sigaction(SIGBUS, &action, NULL);
+ action.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &action, NULL);
+
+ pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
+
+ charon->start(charon);
+
+ sd_notifyf(0, "STATUS=charon-systemd running, strongSwan %s, %s %s, %s",
+ VERSION, utsname.sysname, utsname.release, utsname.machine);
+
+ return run();
+}
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index ca4cdbf..fe6606b 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -148,6 +148,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -208,6 +209,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -273,6 +275,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -320,6 +324,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 9a22f9a..a6770fc 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -296,7 +296,7 @@ int main(int argc, char *argv[])
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
};
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
if (!register_dh_mapping())
{
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
index a34d0b1..67db5e6 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
@@ -159,7 +159,8 @@ int register_dh_mapping()
}
enumerator->destroy(enumerator);
- lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE);
+ lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f),
+ TRUE, NULL, NULL);
if (count > 0)
{
diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c
index 18754c7..80894a1 100644
--- a/src/charon-tkm/tests/tests.c
+++ b/src/charon-tkm/tests/tests.c
@@ -64,7 +64,7 @@ static bool test_runner_init(bool init)
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
};
lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1,
lib->ns, MODP_3072_BIT);
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 0e8a49e..f4dcf4f 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -205,6 +205,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -265,6 +266,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -330,6 +332,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -377,6 +381,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 8afac3f..081e494 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -124,15 +124,12 @@ static void run()
{
DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading "
"configuration");
-#ifdef STRONGSWAN_CONF
- if (lib->settings->load_files(lib->settings, STRONGSWAN_CONF,
- FALSE))
+ if (lib->settings->load_files(lib->settings, lib->conf, FALSE))
{
charon->load_loggers(charon, levels, !use_syslog);
lib->plugins->reload(lib->plugins, NULL);
}
else
-#endif
{
DBG1(DBG_DMN, "reloading config failed, keeping old");
}
@@ -468,4 +465,3 @@ deinit:
library_deinit();
return status;
}
-
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index 821c517..b358699 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -81,11 +81,6 @@ if USE_IMCV
libs += $(DESTDIR)$(ipseclibdir)/libimcv.so
endif
-if USE_PTS
- deps += $(top_builddir)/src/libpts/libpts.la
- libs += $(DESTDIR)$(ipseclibdir)/libpts.so
-endif
-
if USE_CHARON
deps += $(top_builddir)/src/libcharon/libcharon.la
libs += $(DESTDIR)$(ipseclibdir)/libcharon.so
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index 697899e..86e7ca6 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -98,18 +98,16 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT)
@USE_SIMAKA_TRUE at am__append_17 = $(DESTDIR)$(ipseclibdir)/libsimaka.so
@USE_IMCV_TRUE at am__append_18 = $(top_builddir)/src/libimcv/libimcv.la
@USE_IMCV_TRUE at am__append_19 = $(DESTDIR)$(ipseclibdir)/libimcv.so
- at USE_PTS_TRUE@am__append_20 = $(top_builddir)/src/libpts/libpts.la
- at USE_PTS_TRUE@am__append_21 = $(DESTDIR)$(ipseclibdir)/libpts.so
- at USE_CHARON_TRUE@am__append_22 = $(top_builddir)/src/libcharon/libcharon.la
- at USE_CHARON_TRUE@am__append_23 = $(DESTDIR)$(ipseclibdir)/libcharon.so
- at USE_CHARON_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/charon
- at MONOLITHIC_FALSE@@USE_CHARON_TRUE at am__append_25 = -DC_PLUGINS=\""${c_plugins}\""
- at USE_CMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-cmd
- at USE_SCEPCLIENT_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/scepclient
- at USE_PKI_TRUE@am__append_28 = $(DESTDIR)$(bindir)/pki
- at USE_SWANCTL_TRUE@am__append_29 = $(DESTDIR)$(sbindir)/swanctl
- at USE_ATTR_SQL_TRUE@am__append_30 = $(DESTDIR)$(ipsecdir)/pool
- at USE_IMV_ATTESTATION_TRUE@am__append_31 = $(DESTDIR)$(ipsecdir)/attest
+ at USE_CHARON_TRUE@am__append_20 = $(top_builddir)/src/libcharon/libcharon.la
+ at USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipseclibdir)/libcharon.so
+ at USE_CHARON_TRUE@am__append_22 = $(DESTDIR)$(ipsecdir)/charon
+ at MONOLITHIC_FALSE@@USE_CHARON_TRUE at am__append_23 = -DC_PLUGINS=\""${c_plugins}\""
+ at USE_CMD_TRUE@am__append_24 = $(DESTDIR)$(sbindir)/charon-cmd
+ at USE_SCEPCLIENT_TRUE@am__append_25 = $(DESTDIR)$(ipsecdir)/scepclient
+ at USE_PKI_TRUE@am__append_26 = $(DESTDIR)$(bindir)/pki
+ at USE_SWANCTL_TRUE@am__append_27 = $(DESTDIR)$(sbindir)/swanctl
+ at USE_ATTR_SQL_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/pool
+ at USE_IMV_ATTESTATION_TRUE@am__append_29 = $(DESTDIR)$(ipsecdir)/attest
subdir = src/checksum
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -274,6 +272,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -334,6 +333,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -399,6 +399,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -446,6 +448,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -473,7 +479,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon \
-DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \
- $(am__append_4) $(am__append_15) $(am__append_25)
+ $(am__append_4) $(am__append_15) $(am__append_23)
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
@@ -484,15 +490,14 @@ AM_CFLAGS = \
deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__append_2) $(am__append_5) $(am__append_7) \
$(am__append_9) $(am__append_11) $(am__append_13) \
- $(am__append_16) $(am__append_18) $(am__append_20) \
- $(am__append_22)
+ $(am__append_16) $(am__append_18) $(am__append_20)
libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \
$(am__append_6) $(am__append_8) $(am__append_10) \
$(am__append_12) $(am__append_14) $(am__append_17) \
- $(am__append_19) $(am__append_21) $(am__append_23)
-exes = $(am__append_24) $(am__append_26) $(am__append_27) \
- $(am__append_28) $(am__append_29) $(am__append_30) \
- $(am__append_31)
+ $(am__append_19) $(am__append_21)
+exes = $(am__append_22) $(am__append_24) $(am__append_25) \
+ $(am__append_26) $(am__append_27) $(am__append_28) \
+ $(am__append_29)
all: all-am
.SUFFIXES:
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index edd07b8..e3c2e43 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -219,6 +219,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -279,6 +280,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -344,6 +346,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -391,6 +395,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c
index 5cdd5be..e3eabe2 100644
--- a/src/conftest/hooks/ike_auth_fill.c
+++ b/src/conftest/hooks/ike_auth_fill.c
@@ -19,7 +19,7 @@
#include <netinet/udp.h>
#include <encoding/payloads/cert_payload.h>
-#include <encoding/payloads/encryption_payload.h>
+#include <encoding/payloads/encrypted_payload.h>
typedef struct private_ike_auth_fill_t private_ike_auth_fill_t;
diff --git a/src/conftest/hooks/reset_seq.c b/src/conftest/hooks/reset_seq.c
index a77b10e..717bcdb 100644
--- a/src/conftest/hooks/reset_seq.c
+++ b/src/conftest/hooks/reset_seq.c
@@ -108,7 +108,7 @@ static job_requeue_t reset_cb(struct reset_cb_data_t *data)
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_REPLACE;
hdr->nlmsg_seq = 201;
hdr->nlmsg_pid = getpid();
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index fd4a5db..56ac344 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -240,6 +240,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -300,6 +301,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -365,6 +367,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -412,6 +416,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index ed755cb..042c46c 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -148,6 +148,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -208,6 +209,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -273,6 +275,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -320,6 +324,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index baa4532..526c7c4 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -182,6 +182,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -242,6 +243,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -307,6 +309,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -354,6 +358,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 3dcb03a..9ba9bd8 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.2.0" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.2.1" "strongSwan"
.
.SH NAME
.
@@ -96,6 +96,11 @@ terminates IKE SA instance \fIn\fP of connection \fIname\fP.
terminates all IKE SA instances of connection \fIname\fP.
.
.TP
+.BI "down-srcip <" start "> [<" end ">]"
+terminates all IKE SA instances with clients having virtual IPs in the range
+.IR start - end .
+.
+.TP
.BI "route " name
tells the IKE daemon to insert an IPsec policy in the kernel
for connection \fIname\fP. The first payload packet matching the IPsec policy
@@ -118,6 +123,11 @@ returns detailed status information either on connection
.SS LIST COMMANDS
.
.TP
+.BI "leases [<" poolname "> [<" address ">]]"
+returns the status of all or the selected IP address pool (or even a single
+virtual IP address).
+.
+.TP
.B "listalgs"
returns a list supported cryptographic algorithms usable for IKE, and their
corresponding plugin.
@@ -242,7 +252,7 @@ resets global or connection specific counters.
purges all cached certificates.
.
.TP
-.B "purgecrl"
+.B "purgecrls"
purges all cached CRLs.
.
.TP
diff --git a/src/ipsec/_ipsec.8.in b/src/ipsec/_ipsec.8.in
index 250cf80..210d74e 100644
--- a/src/ipsec/_ipsec.8.in
+++ b/src/ipsec/_ipsec.8.in
@@ -96,6 +96,11 @@ terminates IKE SA instance \fIn\fP of connection \fIname\fP.
terminates all IKE SA instances of connection \fIname\fP.
.
.TP
+.BI "down-srcip <" start "> [<" end ">]"
+terminates all IKE SA instances with clients having virtual IPs in the range
+.IR start - end .
+.
+.TP
.BI "route " name
tells the IKE daemon to insert an IPsec policy in the kernel
for connection \fIname\fP. The first payload packet matching the IPsec policy
@@ -118,6 +123,11 @@ returns detailed status information either on connection
.SS LIST COMMANDS
.
.TP
+.BI "leases [<" poolname "> [<" address ">]]"
+returns the status of all or the selected IP address pool (or even a single
+virtual IP address).
+.
+.TP
.B "listalgs"
returns a list supported cryptographic algorithms usable for IKE, and their
corresponding plugin.
@@ -242,7 +252,7 @@ resets global or connection specific counters.
purges all cached certificates.
.
.TP
-.B "purgecrl"
+.B "purgecrls"
purges all cached CRLs.
.
.TP
diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
index e6725d0..0798830 100644
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
@@ -15,7 +15,7 @@
# for more details.
# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
+PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"}
export PATH
# set daemon name
@@ -46,37 +46,36 @@ IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity o
case "$1" in
'')
- echo "Usage: $IPSEC_SCRIPT command argument ..."
- echo "Use --help for list of commands, or see $IPSEC_SCRIPT(8) manual "
- echo "page or the $IPSEC_NAME documentation for names of the common "
- echo "ones."
- echo "See <http://www.strongswan.org> for more general info."
+ echo "$IPSEC_SCRIPT command [arguments]"
+ echo
+ echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page."
+ echo "See <http://www.strongswan.org> for more general information."
exit 0
;;
--help)
- echo "Usage: $IPSEC_SCRIPT command argument ..."
- echo "where command is one of:"
- echo " start|restart arguments..."
+ echo "$IPSEC_SCRIPT command [arguments]"
+ echo
+ echo "Commands:"
+ echo " start|restart [arguments]"
echo " update|reload|stop"
echo " up|down|route|unroute <connectionname>"
+ echo " down-srcip <start> [<end>]"
echo " status|statusall [<connectionname>]"
echo " listalgs|listpubkeys|listcerts [--utc]"
echo " listcacerts|listaacerts|listocspcerts [--utc]"
echo " listacerts|listgroups|listcainfos [--utc]"
- echo " listcrls|listocsp|listcards|listplugins|listall [--utc]"
+ echo " listcrls|listocsp|listplugins|listall [--utc]"
echo " listcounters|resetcounters [name]"
echo " leases [<poolname> [<address>]]"
- echo " rereadsecrets|rereadgroups"
- echo " rereadcacerts|rereadaacerts|rereadocspcerts"
- echo " rereadacerts|rereadcrls|rereadall"
- echo " purgeocsp|purgecrls|purgecerts|purgeike"
- echo " scepclient"
- echo " secrets"
- echo " starter"
+ echo " rereadsecrets|rereadcacerts|rereadaacerts"
+ echo " rereadocspcerts|rereadacerts|rereadcrls|rereadall"
+ echo " purgecerts|purgecrls|purgeike|purgeocsp"
+ echo " scepclient|pki"
+ echo " starter|stroke"
echo " version"
- echo " stroke"
echo
- echo "Some of these functions have their own manual pages, e.g. scepclient(8)."
+ echo "Refer to the $IPSEC_SCRIPT(8) man page for details."
+ echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)."
exit 0
;;
--versioncode)
@@ -129,16 +128,6 @@ down-srcip)
fi
exit "$rc"
;;
-listcards|rereadgroups)
- op="$1"
- shift
- if [ -e $IPSEC_CHARON_PID ]
- then
- exit 3
- else
- exit 7
- fi
- ;;
leases)
op="$1"
rc=7
@@ -340,12 +329,8 @@ path="$IPSEC_DIR/$cmd"
if [ ! -x "$path" ]
then
- path="$IPSEC_DIR/$cmd"
- if [ ! -x "$path" ]
- then
echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
exit 2
- fi
fi
exec $path "$@"
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
index a28b459..4212ee8 100644
--- a/src/libcharon/Android.mk
+++ b/src/libcharon/Android.mk
@@ -25,7 +25,8 @@ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
encoding/payloads/encodings.c encoding/payloads/encodings.h \
-encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/encrypted_payload.c encoding/payloads/encrypted_payload.h \
+encoding/payloads/encrypted_fragment_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index e81c424..e98f5e1 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -23,7 +23,8 @@ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
encoding/payloads/encodings.c encoding/payloads/encodings.h \
-encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/encrypted_payload.c encoding/payloads/encrypted_payload.h \
+encoding/payloads/encrypted_fragment_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
@@ -258,6 +259,13 @@ if MONOLITHIC
endif
endif
+if USE_EXT_AUTH
+ SUBDIRS += plugins/ext_auth
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/ext_auth/libstrongswan-ext-auth.la
+endif
+endif
+
if USE_EAP_IDENTITY
SUBDIRS += plugins/eap_identity
if MONOLITHIC
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 002da51..4d89794 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -162,106 +162,108 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_IPSECKEY_TRUE at am__append_27 = plugins/ipseckey/libstrongswan-ipseckey.la
@USE_UPDOWN_TRUE at am__append_28 = plugins/updown
@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE at am__append_29 = plugins/updown/libstrongswan-updown.la
- at USE_EAP_IDENTITY_TRUE@am__append_30 = plugins/eap_identity
- at MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE at am__append_31 = plugins/eap_identity/libstrongswan-eap-identity.la
- at USE_EAP_SIM_TRUE@am__append_32 = plugins/eap_sim
- at MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE at am__append_33 = plugins/eap_sim/libstrongswan-eap-sim.la
- at USE_EAP_SIM_FILE_TRUE@am__append_34 = plugins/eap_sim_file
- at MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE at am__append_35 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la
- at USE_EAP_SIM_PCSC_TRUE@am__append_36 = plugins/eap_sim_pcsc
- at MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE at am__append_37 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la
- at USE_EAP_SIMAKA_SQL_TRUE@am__append_38 = plugins/eap_simaka_sql
- at MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE at am__append_39 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la
- at USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_40 = plugins/eap_simaka_pseudonym
- at MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE at am__append_41 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
- at USE_EAP_SIMAKA_REAUTH_TRUE@am__append_42 = plugins/eap_simaka_reauth
- at MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE at am__append_43 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
- at USE_EAP_AKA_TRUE@am__append_44 = plugins/eap_aka
- at MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE at am__append_45 = plugins/eap_aka/libstrongswan-eap-aka.la
- at USE_EAP_AKA_3GPP2_TRUE@am__append_46 = plugins/eap_aka_3gpp2
- at MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE at am__append_47 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
- at MONOLITHIC_TRUE@@USE_SIMAKA_TRUE at am__append_48 = $(top_builddir)/src/libsimaka/libsimaka.la
- at USE_EAP_MD5_TRUE@am__append_49 = plugins/eap_md5
- at MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE at am__append_50 = plugins/eap_md5/libstrongswan-eap-md5.la
- at USE_EAP_GTC_TRUE@am__append_51 = plugins/eap_gtc
- at MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE at am__append_52 = plugins/eap_gtc/libstrongswan-eap-gtc.la
- at USE_EAP_MSCHAPV2_TRUE@am__append_53 = plugins/eap_mschapv2
- at MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE at am__append_54 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
- at USE_EAP_DYNAMIC_TRUE@am__append_55 = plugins/eap_dynamic
- at MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE at am__append_56 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la
- at USE_EAP_RADIUS_TRUE@am__append_57 = plugins/eap_radius
- at MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE at am__append_58 = plugins/eap_radius/libstrongswan-eap-radius.la
- at USE_EAP_TLS_TRUE@am__append_59 = plugins/eap_tls
- at MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE at am__append_60 = plugins/eap_tls/libstrongswan-eap-tls.la
- at USE_EAP_TTLS_TRUE@am__append_61 = plugins/eap_ttls
- at MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE at am__append_62 = plugins/eap_ttls/libstrongswan-eap-ttls.la
- at USE_EAP_PEAP_TRUE@am__append_63 = plugins/eap_peap
- at MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE at am__append_64 = plugins/eap_peap/libstrongswan-eap-peap.la
- at USE_EAP_TNC_TRUE@am__append_65 = plugins/eap_tnc
- at MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE at am__append_66 = plugins/eap_tnc/libstrongswan-eap-tnc.la
- at MONOLITHIC_TRUE@@USE_TLS_TRUE at am__append_67 = $(top_builddir)/src/libtls/libtls.la
- at MONOLITHIC_TRUE@@USE_RADIUS_TRUE at am__append_68 = $(top_builddir)/src/libradius/libradius.la
- at USE_TNC_IFMAP_TRUE@am__append_69 = plugins/tnc_ifmap
- at MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE at am__append_70 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la
- at USE_TNC_PDP_TRUE@am__append_71 = plugins/tnc_pdp
- at MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE at am__append_72 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la
- at MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE at am__append_73 = $(top_builddir)/src/libtnccs/libtnccs.la
- at USE_MEDSRV_TRUE@am__append_74 = plugins/medsrv
- at MONOLITHIC_TRUE@@USE_MEDSRV_TRUE at am__append_75 = plugins/medsrv/libstrongswan-medsrv.la
- at USE_MEDCLI_TRUE@am__append_76 = plugins/medcli
- at MONOLITHIC_TRUE@@USE_MEDCLI_TRUE at am__append_77 = plugins/medcli/libstrongswan-medcli.la
- at USE_DHCP_TRUE@am__append_78 = plugins/dhcp
- at MONOLITHIC_TRUE@@USE_DHCP_TRUE at am__append_79 = plugins/dhcp/libstrongswan-dhcp.la
- at USE_OSX_ATTR_TRUE@am__append_80 = plugins/osx_attr
- at MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE at am__append_81 = plugins/osx_attr/libstrongswan-osx-attr.la
- at USE_ANDROID_DNS_TRUE@am__append_82 = plugins/android_dns
- at MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE at am__append_83 = plugins/android_dns/libstrongswan-android-dns.la
- at USE_ANDROID_LOG_TRUE@am__append_84 = plugins/android_log
- at MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE at am__append_85 = plugins/android_log/libstrongswan-android-log.la
- at USE_MAEMO_TRUE@am__append_86 = plugins/maemo
- at MONOLITHIC_TRUE@@USE_MAEMO_TRUE at am__append_87 = plugins/maemo/libstrongswan-maemo.la
- at USE_HA_TRUE@am__append_88 = plugins/ha
- at MONOLITHIC_TRUE@@USE_HA_TRUE at am__append_89 = plugins/ha/libstrongswan-ha.la
- at USE_KERNEL_LIBIPSEC_TRUE@am__append_90 = plugins/kernel_libipsec
- at MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE at am__append_91 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
- at USE_KERNEL_WFP_TRUE@am__append_92 = plugins/kernel_wfp
- at MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE at am__append_93 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
- at USE_KERNEL_IPH_TRUE@am__append_94 = plugins/kernel_iph
- at MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE at am__append_95 = plugins/kernel_iph/libstrongswan-kernel-iph.la
- at USE_WHITELIST_TRUE@am__append_96 = plugins/whitelist
- at MONOLITHIC_TRUE@@USE_WHITELIST_TRUE at am__append_97 = plugins/whitelist/libstrongswan-whitelist.la
- at USE_LOOKIP_TRUE@am__append_98 = plugins/lookip
- at MONOLITHIC_TRUE@@USE_LOOKIP_TRUE at am__append_99 = plugins/lookip/libstrongswan-lookip.la
- at USE_ERROR_NOTIFY_TRUE@am__append_100 = plugins/error_notify
- at MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE at am__append_101 = plugins/error_notify/libstrongswan-error-notify.la
- at USE_CERTEXPIRE_TRUE@am__append_102 = plugins/certexpire
- at MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE at am__append_103 = plugins/certexpire/libstrongswan-certexpire.la
- at USE_SYSTIME_FIX_TRUE@am__append_104 = plugins/systime_fix
- at MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE at am__append_105 = plugins/systime_fix/libstrongswan-systime-fix.la
- at USE_LED_TRUE@am__append_106 = plugins/led
- at MONOLITHIC_TRUE@@USE_LED_TRUE at am__append_107 = plugins/led/libstrongswan-led.la
- at USE_DUPLICHECK_TRUE@am__append_108 = plugins/duplicheck
- at MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE at am__append_109 = plugins/duplicheck/libstrongswan-duplicheck.la
- at USE_COUPLING_TRUE@am__append_110 = plugins/coupling
- at MONOLITHIC_TRUE@@USE_COUPLING_TRUE at am__append_111 = plugins/coupling/libstrongswan-coupling.la
- at USE_RADATTR_TRUE@am__append_112 = plugins/radattr
- at MONOLITHIC_TRUE@@USE_RADATTR_TRUE at am__append_113 = plugins/radattr/libstrongswan-radattr.la
- at USE_UCI_TRUE@am__append_114 = plugins/uci
- at MONOLITHIC_TRUE@@USE_UCI_TRUE at am__append_115 = plugins/uci/libstrongswan-uci.la
- at USE_ADDRBLOCK_TRUE@am__append_116 = plugins/addrblock
- at MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE at am__append_117 = plugins/addrblock/libstrongswan-addrblock.la
- at USE_UNITY_TRUE@am__append_118 = plugins/unity
- at MONOLITHIC_TRUE@@USE_UNITY_TRUE at am__append_119 = plugins/unity/libstrongswan-unity.la
- at USE_UNIT_TESTS_TRUE@am__append_120 = plugins/unit_tester
- at MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE at am__append_121 = plugins/unit_tester/libstrongswan-unit-tester.la
- at USE_XAUTH_GENERIC_TRUE@am__append_122 = plugins/xauth_generic
- at MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE at am__append_123 = plugins/xauth_generic/libstrongswan-xauth-generic.la
- at USE_XAUTH_EAP_TRUE@am__append_124 = plugins/xauth_eap
- at MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE at am__append_125 = plugins/xauth_eap/libstrongswan-xauth-eap.la
- at USE_XAUTH_PAM_TRUE@am__append_126 = plugins/xauth_pam
- at MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE at am__append_127 = plugins/xauth_pam/libstrongswan-xauth-pam.la
- at USE_XAUTH_NOAUTH_TRUE@am__append_128 = plugins/xauth_noauth
- at MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE at am__append_129 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
+ at USE_EXT_AUTH_TRUE@am__append_30 = plugins/ext_auth
+ at MONOLITHIC_TRUE@@USE_EXT_AUTH_TRUE at am__append_31 = plugins/ext_auth/libstrongswan-ext-auth.la
+ at USE_EAP_IDENTITY_TRUE@am__append_32 = plugins/eap_identity
+ at MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE at am__append_33 = plugins/eap_identity/libstrongswan-eap-identity.la
+ at USE_EAP_SIM_TRUE@am__append_34 = plugins/eap_sim
+ at MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE at am__append_35 = plugins/eap_sim/libstrongswan-eap-sim.la
+ at USE_EAP_SIM_FILE_TRUE@am__append_36 = plugins/eap_sim_file
+ at MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE at am__append_37 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la
+ at USE_EAP_SIM_PCSC_TRUE@am__append_38 = plugins/eap_sim_pcsc
+ at MONOLITHIC_TRUE@@USE_EAP_SIM_PCSC_TRUE at am__append_39 = plugins/eap_sim_pcsc/libstrongswan-eap-sim-pcsc.la
+ at USE_EAP_SIMAKA_SQL_TRUE@am__append_40 = plugins/eap_simaka_sql
+ at MONOLITHIC_TRUE@@USE_EAP_SIMAKA_SQL_TRUE at am__append_41 = plugins/eap_simaka_sql/libstrongswan-eap-simaka-sql.la
+ at USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_42 = plugins/eap_simaka_pseudonym
+ at MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE at am__append_43 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
+ at USE_EAP_SIMAKA_REAUTH_TRUE@am__append_44 = plugins/eap_simaka_reauth
+ at MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE at am__append_45 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
+ at USE_EAP_AKA_TRUE@am__append_46 = plugins/eap_aka
+ at MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE at am__append_47 = plugins/eap_aka/libstrongswan-eap-aka.la
+ at USE_EAP_AKA_3GPP2_TRUE@am__append_48 = plugins/eap_aka_3gpp2
+ at MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE at am__append_49 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
+ at MONOLITHIC_TRUE@@USE_SIMAKA_TRUE at am__append_50 = $(top_builddir)/src/libsimaka/libsimaka.la
+ at USE_EAP_MD5_TRUE@am__append_51 = plugins/eap_md5
+ at MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE at am__append_52 = plugins/eap_md5/libstrongswan-eap-md5.la
+ at USE_EAP_GTC_TRUE@am__append_53 = plugins/eap_gtc
+ at MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE at am__append_54 = plugins/eap_gtc/libstrongswan-eap-gtc.la
+ at USE_EAP_MSCHAPV2_TRUE@am__append_55 = plugins/eap_mschapv2
+ at MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE at am__append_56 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
+ at USE_EAP_DYNAMIC_TRUE@am__append_57 = plugins/eap_dynamic
+ at MONOLITHIC_TRUE@@USE_EAP_DYNAMIC_TRUE at am__append_58 = plugins/eap_dynamic/libstrongswan-eap-dynamic.la
+ at USE_EAP_RADIUS_TRUE@am__append_59 = plugins/eap_radius
+ at MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE at am__append_60 = plugins/eap_radius/libstrongswan-eap-radius.la
+ at USE_EAP_TLS_TRUE@am__append_61 = plugins/eap_tls
+ at MONOLITHIC_TRUE@@USE_EAP_TLS_TRUE at am__append_62 = plugins/eap_tls/libstrongswan-eap-tls.la
+ at USE_EAP_TTLS_TRUE@am__append_63 = plugins/eap_ttls
+ at MONOLITHIC_TRUE@@USE_EAP_TTLS_TRUE at am__append_64 = plugins/eap_ttls/libstrongswan-eap-ttls.la
+ at USE_EAP_PEAP_TRUE@am__append_65 = plugins/eap_peap
+ at MONOLITHIC_TRUE@@USE_EAP_PEAP_TRUE at am__append_66 = plugins/eap_peap/libstrongswan-eap-peap.la
+ at USE_EAP_TNC_TRUE@am__append_67 = plugins/eap_tnc
+ at MONOLITHIC_TRUE@@USE_EAP_TNC_TRUE at am__append_68 = plugins/eap_tnc/libstrongswan-eap-tnc.la
+ at MONOLITHIC_TRUE@@USE_TLS_TRUE at am__append_69 = $(top_builddir)/src/libtls/libtls.la
+ at MONOLITHIC_TRUE@@USE_RADIUS_TRUE at am__append_70 = $(top_builddir)/src/libradius/libradius.la
+ at USE_TNC_IFMAP_TRUE@am__append_71 = plugins/tnc_ifmap
+ at MONOLITHIC_TRUE@@USE_TNC_IFMAP_TRUE at am__append_72 = plugins/tnc_ifmap/libstrongswan-tnc-ifmap.la
+ at USE_TNC_PDP_TRUE@am__append_73 = plugins/tnc_pdp
+ at MONOLITHIC_TRUE@@USE_TNC_PDP_TRUE at am__append_74 = plugins/tnc_pdp/libstrongswan-tnc-pdp.la
+ at MONOLITHIC_TRUE@@USE_LIBTNCCS_TRUE at am__append_75 = $(top_builddir)/src/libtnccs/libtnccs.la
+ at USE_MEDSRV_TRUE@am__append_76 = plugins/medsrv
+ at MONOLITHIC_TRUE@@USE_MEDSRV_TRUE at am__append_77 = plugins/medsrv/libstrongswan-medsrv.la
+ at USE_MEDCLI_TRUE@am__append_78 = plugins/medcli
+ at MONOLITHIC_TRUE@@USE_MEDCLI_TRUE at am__append_79 = plugins/medcli/libstrongswan-medcli.la
+ at USE_DHCP_TRUE@am__append_80 = plugins/dhcp
+ at MONOLITHIC_TRUE@@USE_DHCP_TRUE at am__append_81 = plugins/dhcp/libstrongswan-dhcp.la
+ at USE_OSX_ATTR_TRUE@am__append_82 = plugins/osx_attr
+ at MONOLITHIC_TRUE@@USE_OSX_ATTR_TRUE at am__append_83 = plugins/osx_attr/libstrongswan-osx-attr.la
+ at USE_ANDROID_DNS_TRUE@am__append_84 = plugins/android_dns
+ at MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE at am__append_85 = plugins/android_dns/libstrongswan-android-dns.la
+ at USE_ANDROID_LOG_TRUE@am__append_86 = plugins/android_log
+ at MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE at am__append_87 = plugins/android_log/libstrongswan-android-log.la
+ at USE_MAEMO_TRUE@am__append_88 = plugins/maemo
+ at MONOLITHIC_TRUE@@USE_MAEMO_TRUE at am__append_89 = plugins/maemo/libstrongswan-maemo.la
+ at USE_HA_TRUE@am__append_90 = plugins/ha
+ at MONOLITHIC_TRUE@@USE_HA_TRUE at am__append_91 = plugins/ha/libstrongswan-ha.la
+ at USE_KERNEL_LIBIPSEC_TRUE@am__append_92 = plugins/kernel_libipsec
+ at MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE at am__append_93 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
+ at USE_KERNEL_WFP_TRUE@am__append_94 = plugins/kernel_wfp
+ at MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE at am__append_95 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
+ at USE_KERNEL_IPH_TRUE@am__append_96 = plugins/kernel_iph
+ at MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE at am__append_97 = plugins/kernel_iph/libstrongswan-kernel-iph.la
+ at USE_WHITELIST_TRUE@am__append_98 = plugins/whitelist
+ at MONOLITHIC_TRUE@@USE_WHITELIST_TRUE at am__append_99 = plugins/whitelist/libstrongswan-whitelist.la
+ at USE_LOOKIP_TRUE@am__append_100 = plugins/lookip
+ at MONOLITHIC_TRUE@@USE_LOOKIP_TRUE at am__append_101 = plugins/lookip/libstrongswan-lookip.la
+ at USE_ERROR_NOTIFY_TRUE@am__append_102 = plugins/error_notify
+ at MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE at am__append_103 = plugins/error_notify/libstrongswan-error-notify.la
+ at USE_CERTEXPIRE_TRUE@am__append_104 = plugins/certexpire
+ at MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE at am__append_105 = plugins/certexpire/libstrongswan-certexpire.la
+ at USE_SYSTIME_FIX_TRUE@am__append_106 = plugins/systime_fix
+ at MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE at am__append_107 = plugins/systime_fix/libstrongswan-systime-fix.la
+ at USE_LED_TRUE@am__append_108 = plugins/led
+ at MONOLITHIC_TRUE@@USE_LED_TRUE at am__append_109 = plugins/led/libstrongswan-led.la
+ at USE_DUPLICHECK_TRUE@am__append_110 = plugins/duplicheck
+ at MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE at am__append_111 = plugins/duplicheck/libstrongswan-duplicheck.la
+ at USE_COUPLING_TRUE@am__append_112 = plugins/coupling
+ at MONOLITHIC_TRUE@@USE_COUPLING_TRUE at am__append_113 = plugins/coupling/libstrongswan-coupling.la
+ at USE_RADATTR_TRUE@am__append_114 = plugins/radattr
+ at MONOLITHIC_TRUE@@USE_RADATTR_TRUE at am__append_115 = plugins/radattr/libstrongswan-radattr.la
+ at USE_UCI_TRUE@am__append_116 = plugins/uci
+ at MONOLITHIC_TRUE@@USE_UCI_TRUE at am__append_117 = plugins/uci/libstrongswan-uci.la
+ at USE_ADDRBLOCK_TRUE@am__append_118 = plugins/addrblock
+ at MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE at am__append_119 = plugins/addrblock/libstrongswan-addrblock.la
+ at USE_UNITY_TRUE@am__append_120 = plugins/unity
+ at MONOLITHIC_TRUE@@USE_UNITY_TRUE at am__append_121 = plugins/unity/libstrongswan-unity.la
+ at USE_UNIT_TESTS_TRUE@am__append_122 = plugins/unit_tester
+ at MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE at am__append_123 = plugins/unit_tester/libstrongswan-unit-tester.la
+ at USE_XAUTH_GENERIC_TRUE@am__append_124 = plugins/xauth_generic
+ at MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE at am__append_125 = plugins/xauth_generic/libstrongswan-xauth-generic.la
+ at USE_XAUTH_EAP_TRUE@am__append_126 = plugins/xauth_eap
+ at MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE at am__append_127 = plugins/xauth_eap/libstrongswan-xauth-eap.la
+ at USE_XAUTH_PAM_TRUE@am__append_128 = plugins/xauth_pam
+ at MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE at am__append_129 = plugins/xauth_pam/libstrongswan-xauth-pam.la
+ at USE_XAUTH_NOAUTH_TRUE@am__append_130 = plugins/xauth_noauth
+ at MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE at am__append_131 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
subdir = src/libcharon
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -323,12 +325,12 @@ libcharon_la_DEPENDENCIES = \
$(am__append_29) $(am__append_31) $(am__append_33) \
$(am__append_35) $(am__append_37) $(am__append_39) \
$(am__append_41) $(am__append_43) $(am__append_45) \
- $(am__append_47) $(am__append_48) $(am__append_50) \
+ $(am__append_47) $(am__append_49) $(am__append_50) \
$(am__append_52) $(am__append_54) $(am__append_56) \
$(am__append_58) $(am__append_60) $(am__append_62) \
- $(am__append_64) $(am__append_66) $(am__append_67) \
- $(am__append_68) $(am__append_70) $(am__append_72) \
- $(am__append_73) $(am__append_75) $(am__append_77) \
+ $(am__append_64) $(am__append_66) $(am__append_68) \
+ $(am__append_69) $(am__append_70) $(am__append_72) \
+ $(am__append_74) $(am__append_75) $(am__append_77) \
$(am__append_79) $(am__append_81) $(am__append_83) \
$(am__append_85) $(am__append_87) $(am__append_89) \
$(am__append_91) $(am__append_93) $(am__append_95) \
@@ -337,7 +339,7 @@ libcharon_la_DEPENDENCIES = \
$(am__append_109) $(am__append_111) $(am__append_113) \
$(am__append_115) $(am__append_117) $(am__append_119) \
$(am__append_121) $(am__append_123) $(am__append_125) \
- $(am__append_127) $(am__append_129)
+ $(am__append_127) $(am__append_129) $(am__append_131)
am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \
bus/listeners/listener.h bus/listeners/logger.h \
bus/listeners/file_logger.c bus/listeners/file_logger.h \
@@ -362,8 +364,9 @@ am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \
encoding/payloads/eap_payload.c \
encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
encoding/payloads/encodings.h \
- encoding/payloads/encryption_payload.c \
- encoding/payloads/encryption_payload.h \
+ encoding/payloads/encrypted_payload.c \
+ encoding/payloads/encrypted_payload.h \
+ encoding/payloads/encrypted_fragment_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
@@ -553,7 +556,7 @@ am_libcharon_la_OBJECTS = bus/bus.lo bus/listeners/file_logger.lo \
encoding/payloads/delete_payload.lo \
encoding/payloads/eap_payload.lo \
encoding/payloads/encodings.lo \
- encoding/payloads/encryption_payload.lo \
+ encoding/payloads/encrypted_payload.lo \
encoding/payloads/id_payload.lo \
encoding/payloads/ike_header.lo \
encoding/payloads/ke_payload.lo \
@@ -676,22 +679,23 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \
plugins/socket_dynamic plugins/socket_win plugins/farp \
plugins/stroke plugins/vici plugins/smp plugins/sql \
plugins/dnscert plugins/ipseckey plugins/updown \
- plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \
- plugins/eap_sim_pcsc plugins/eap_simaka_sql \
- plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \
- plugins/eap_aka plugins/eap_aka_3gpp2 plugins/eap_md5 \
- plugins/eap_gtc plugins/eap_mschapv2 plugins/eap_dynamic \
- plugins/eap_radius plugins/eap_tls plugins/eap_ttls \
- plugins/eap_peap plugins/eap_tnc plugins/tnc_ifmap \
- plugins/tnc_pdp plugins/medsrv plugins/medcli plugins/dhcp \
- plugins/osx_attr plugins/android_dns plugins/android_log \
- plugins/maemo plugins/ha plugins/kernel_libipsec \
- plugins/kernel_wfp plugins/kernel_iph plugins/whitelist \
- plugins/lookip plugins/error_notify plugins/certexpire \
- plugins/systime_fix plugins/led plugins/duplicheck \
- plugins/coupling plugins/radattr plugins/uci plugins/addrblock \
- plugins/unity plugins/unit_tester plugins/xauth_generic \
- plugins/xauth_eap plugins/xauth_pam plugins/xauth_noauth
+ plugins/ext_auth plugins/eap_identity plugins/eap_sim \
+ plugins/eap_sim_file plugins/eap_sim_pcsc \
+ plugins/eap_simaka_sql plugins/eap_simaka_pseudonym \
+ plugins/eap_simaka_reauth plugins/eap_aka \
+ plugins/eap_aka_3gpp2 plugins/eap_md5 plugins/eap_gtc \
+ plugins/eap_mschapv2 plugins/eap_dynamic plugins/eap_radius \
+ plugins/eap_tls plugins/eap_ttls plugins/eap_peap \
+ plugins/eap_tnc plugins/tnc_ifmap plugins/tnc_pdp \
+ plugins/medsrv plugins/medcli plugins/dhcp plugins/osx_attr \
+ plugins/android_dns plugins/android_log plugins/maemo \
+ plugins/ha plugins/kernel_libipsec plugins/kernel_wfp \
+ plugins/kernel_iph plugins/whitelist plugins/lookip \
+ plugins/error_notify plugins/certexpire plugins/systime_fix \
+ plugins/led plugins/duplicheck plugins/coupling \
+ plugins/radattr plugins/uci plugins/addrblock plugins/unity \
+ plugins/unit_tester plugins/xauth_generic plugins/xauth_eap \
+ plugins/xauth_pam plugins/xauth_noauth
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -749,6 +753,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -809,6 +814,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -874,6 +880,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -921,6 +929,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -954,8 +966,9 @@ libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \
encoding/payloads/eap_payload.c \
encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
encoding/payloads/encodings.h \
- encoding/payloads/encryption_payload.c \
- encoding/payloads/encryption_payload.h \
+ encoding/payloads/encrypted_payload.c \
+ encoding/payloads/encrypted_payload.h \
+ encoding/payloads/encrypted_fragment_payload.h \
encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
@@ -1043,12 +1056,12 @@ libcharon_la_LIBADD = \
$(am__append_27) $(am__append_29) $(am__append_31) \
$(am__append_33) $(am__append_35) $(am__append_37) \
$(am__append_39) $(am__append_41) $(am__append_43) \
- $(am__append_45) $(am__append_47) $(am__append_48) \
+ $(am__append_45) $(am__append_47) $(am__append_49) \
$(am__append_50) $(am__append_52) $(am__append_54) \
$(am__append_56) $(am__append_58) $(am__append_60) \
$(am__append_62) $(am__append_64) $(am__append_66) \
- $(am__append_67) $(am__append_68) $(am__append_70) \
- $(am__append_72) $(am__append_73) $(am__append_75) \
+ $(am__append_68) $(am__append_69) $(am__append_70) \
+ $(am__append_72) $(am__append_74) $(am__append_75) \
$(am__append_77) $(am__append_79) $(am__append_81) \
$(am__append_83) $(am__append_85) $(am__append_87) \
$(am__append_89) $(am__append_91) $(am__append_93) \
@@ -1057,7 +1070,8 @@ libcharon_la_LIBADD = \
$(am__append_107) $(am__append_109) $(am__append_111) \
$(am__append_113) $(am__append_115) $(am__append_117) \
$(am__append_119) $(am__append_121) $(am__append_123) \
- $(am__append_125) $(am__append_127) $(am__append_129)
+ $(am__append_125) $(am__append_127) $(am__append_129) \
+ $(am__append_131)
EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE at SUBDIRS = . $(am__append_6) $(am__append_8) \
@MONOLITHIC_FALSE@ $(am__append_10) $(am__append_12) \
@@ -1069,13 +1083,13 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@ $(am__append_34) $(am__append_36) \
@MONOLITHIC_FALSE@ $(am__append_38) $(am__append_40) \
@MONOLITHIC_FALSE@ $(am__append_42) $(am__append_44) \
- at MONOLITHIC_FALSE@ $(am__append_46) $(am__append_49) \
+ at MONOLITHIC_FALSE@ $(am__append_46) $(am__append_48) \
@MONOLITHIC_FALSE@ $(am__append_51) $(am__append_53) \
@MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \
@MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \
@MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \
- at MONOLITHIC_FALSE@ $(am__append_69) $(am__append_71) \
- at MONOLITHIC_FALSE@ $(am__append_74) $(am__append_76) \
+ at MONOLITHIC_FALSE@ $(am__append_67) $(am__append_71) \
+ at MONOLITHIC_FALSE@ $(am__append_73) $(am__append_76) \
@MONOLITHIC_FALSE@ $(am__append_78) $(am__append_80) \
@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_84) \
@MONOLITHIC_FALSE@ $(am__append_86) $(am__append_88) \
@@ -1088,7 +1102,8 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \
@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \
@MONOLITHIC_FALSE@ $(am__append_122) $(am__append_124) \
- at MONOLITHIC_FALSE@ $(am__append_126) $(am__append_128)
+ at MONOLITHIC_FALSE@ $(am__append_126) $(am__append_128) \
+ at MONOLITHIC_FALSE@ $(am__append_130)
# build optional plugins
########################
@@ -1102,13 +1117,13 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_TRUE@ $(am__append_34) $(am__append_36) \
@MONOLITHIC_TRUE@ $(am__append_38) $(am__append_40) \
@MONOLITHIC_TRUE@ $(am__append_42) $(am__append_44) \
- at MONOLITHIC_TRUE@ $(am__append_46) $(am__append_49) \
+ at MONOLITHIC_TRUE@ $(am__append_46) $(am__append_48) \
@MONOLITHIC_TRUE@ $(am__append_51) $(am__append_53) \
@MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \
@MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \
@MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \
- at MONOLITHIC_TRUE@ $(am__append_69) $(am__append_71) \
- at MONOLITHIC_TRUE@ $(am__append_74) $(am__append_76) \
+ at MONOLITHIC_TRUE@ $(am__append_67) $(am__append_71) \
+ at MONOLITHIC_TRUE@ $(am__append_73) $(am__append_76) \
@MONOLITHIC_TRUE@ $(am__append_78) $(am__append_80) \
@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_84) \
@MONOLITHIC_TRUE@ $(am__append_86) $(am__append_88) \
@@ -1121,7 +1136,8 @@ EXTRA_DIST = Android.mk
@MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \
@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \
@MONOLITHIC_TRUE@ $(am__append_122) $(am__append_124) \
- at MONOLITHIC_TRUE@ $(am__append_126) $(am__append_128)
+ at MONOLITHIC_TRUE@ $(am__append_126) $(am__append_128) \
+ at MONOLITHIC_TRUE@ $(am__append_130)
all: all-recursive
.SUFFIXES:
@@ -1267,7 +1283,7 @@ encoding/payloads/eap_payload.lo: encoding/payloads/$(am__dirstamp) \
encoding/payloads/$(DEPDIR)/$(am__dirstamp)
encoding/payloads/encodings.lo: encoding/payloads/$(am__dirstamp) \
encoding/payloads/$(DEPDIR)/$(am__dirstamp)
-encoding/payloads/encryption_payload.lo: \
+encoding/payloads/encrypted_payload.lo: \
encoding/payloads/$(am__dirstamp) \
encoding/payloads/$(DEPDIR)/$(am__dirstamp)
encoding/payloads/id_payload.lo: encoding/payloads/$(am__dirstamp) \
@@ -1619,7 +1635,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at encoding/payloads/$(DEPDIR)/delete_payload.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at encoding/payloads/$(DEPDIR)/eap_payload.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at encoding/payloads/$(DEPDIR)/encodings.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at encoding/payloads/$(DEPDIR)/encryption_payload.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at encoding/payloads/$(DEPDIR)/encrypted_payload.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at encoding/payloads/$(DEPDIR)/endpoint_notify.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at encoding/payloads/$(DEPDIR)/fragment_payload.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at encoding/payloads/$(DEPDIR)/hash_payload.Plo at am__quote@
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index d1c138c..cb59f97 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -755,7 +755,7 @@ METHOD(bus_t, ike_rekey, void,
this->mutex->unlock(this->mutex);
}
-METHOD(bus_t, ike_reestablish, void,
+METHOD(bus_t, ike_reestablish_pre, void,
private_bus_t *this, ike_sa_t *old, ike_sa_t *new)
{
enumerator_t *enumerator;
@@ -766,12 +766,40 @@ METHOD(bus_t, ike_reestablish, void,
enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry))
{
- if (entry->calling || !entry->listener->ike_reestablish)
+ if (entry->calling || !entry->listener->ike_reestablish_pre)
{
continue;
}
entry->calling++;
- keep = entry->listener->ike_reestablish(entry->listener, old, new);
+ keep = entry->listener->ike_reestablish_pre(entry->listener, old, new);
+ entry->calling--;
+ if (!keep)
+ {
+ unregister_listener(this, entry, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(bus_t, ike_reestablish_post, void,
+ private_bus_t *this, ike_sa_t *old, ike_sa_t *new, bool initiated)
+{
+ enumerator_t *enumerator;
+ entry_t *entry;
+ bool keep;
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->calling || !entry->listener->ike_reestablish_post)
+ {
+ continue;
+ }
+ entry->calling++;
+ keep = entry->listener->ike_reestablish_post(entry->listener, old, new,
+ initiated);
entry->calling--;
if (!keep)
{
@@ -978,7 +1006,8 @@ bus_t *bus_create()
.child_keys = _child_keys,
.ike_updown = _ike_updown,
.ike_rekey = _ike_rekey,
- .ike_reestablish = _ike_reestablish,
+ .ike_reestablish_pre = _ike_reestablish_pre,
+ .ike_reestablish_post = _ike_reestablish_post,
.child_updown = _child_updown,
.child_rekey = _child_rekey,
.authorize = _authorize,
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 1d708c5..e1d221c 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -101,9 +101,11 @@ enum alert_t {
/** received IKE message with invalid body, argument is message_t*,
* followed by a status_t result returned by message_t.parse_body(). */
ALERT_PARSE_ERROR_BODY,
- /** sending a retransmit for a message, argument is packet_t */
+ /** sending a retransmit for a message, argument is packet_t, if the message
+ * got fragmented only the first fragment is passed */
ALERT_RETRANSMIT_SEND,
- /** sending retransmits timed out, argument is packet_t, if available */
+ /** sending retransmits timed out, argument is packet_t, if available and if
+ * the message got fragmented only the first fragment is passed */
ALERT_RETRANSMIT_SEND_TIMEOUT,
/** received a retransmit for a message, argument is message_t */
ALERT_RETRANSMIT_RECEIVE,
@@ -380,12 +382,23 @@ struct bus_t {
void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
/**
- * IKE_SA reestablishing hook.
+ * IKE_SA reestablishing hook (before resolving hosts).
*
* @param old reestablished and obsolete IKE_SA
* @param new new IKE_SA replacing old
*/
- void (*ike_reestablish)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
+ void (*ike_reestablish_pre)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
+
+ /**
+ * IKE_SA reestablishing hook (after configuring and initiating the new
+ * IKE_SA).
+ *
+ * @param old reestablished and obsolete IKE_SA
+ * @param new new IKE_SA replacing old
+ * @param initiated TRUE if initiated successfully, FALSE otherwise
+ */
+ void (*ike_reestablish_post)(bus_t *this, ike_sa_t *old, ike_sa_t *new,
+ bool initiated);
/**
* CHILD_SA up/down hook.
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index abcc765..0910cb3 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2011-2014 Tobias Brunner
* Copyright (C) 2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -129,14 +130,29 @@ struct listener_t {
/**
* Hook called when an initiator reestablishes an IKE_SA.
*
+ * This is invoked right after creating the new IKE_SA and setting the
+ * peer_cfg (and the old hosts), but before resolving the hosts anew.
+ * It is not invoked on the responder.
+ *
+ * @param old IKE_SA getting reestablished (is destroyed)
+ * @param new new IKE_SA replacing old (gets established)
+ * @return TRUE to stay registered, FALSE to unregister
+ */
+ bool (*ike_reestablish_pre)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
+
+ /**
+ * Hook called when an initiator reestablishes an IKE_SA.
+ *
* This is invoked right before the new IKE_SA is checked in after
* initiating it. It is not invoked on the responder.
*
* @param old IKE_SA getting reestablished (is destroyed)
* @param new new IKE_SA replacing old (gets established)
+ * @param initiated TRUE if initiation was successful, FALSE otherwise
* @return TRUE to stay registered, FALSE to unregister
*/
- bool (*ike_reestablish)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
+ bool (*ike_reestablish_post)(listener_t *this, ike_sa_t *old,
+ ike_sa_t *new, bool initiated);
/**
* Hook called when a CHILD_SA gets up or down.
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 7e4a143..ed7c0d4 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -163,6 +163,11 @@ METHOD(child_cfg_t, add_proposal, void,
}
}
+static bool match_proposal(proposal_t *item, proposal_t *proposal)
+{
+ return item->equals(item, proposal);
+}
+
METHOD(child_cfg_t, get_proposals, linked_list_t*,
private_child_cfg_t *this, bool strip_dh)
{
@@ -178,6 +183,12 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*,
{
current->strip_dh(current, MODP_NONE);
}
+ if (proposals->find_first(proposals, (linked_list_match_t)match_proposal,
+ NULL, current) == SUCCESS)
+ {
+ current->destroy(current);
+ continue;
+ }
proposals->insert_last(proposals, current);
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 4d881cd..50d3c6f 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -337,7 +337,7 @@ static bool algo_list_equals(private_proposal_t *this, proposal_t *other,
break;
}
}
- if (e2->enumerate(e2, &alg2, ks2))
+ if (e2->enumerate(e2, &alg2, &ks2))
{
/* other has more algs */
equals = FALSE;
@@ -594,7 +594,7 @@ METHOD(proposal_t, destroy, void,
}
/*
- * Describtion in header-file
+ * Described in header
*/
proposal_t *proposal_create(protocol_id_t protocol, u_int number)
{
@@ -787,7 +787,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
}
/*
- * Describtion in header-file
+ * Described in header
*/
proposal_t *proposal_create_default(protocol_id_t protocol)
{
@@ -826,7 +826,7 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
}
/*
- * Describtion in header-file
+ * Described in header
*/
proposal_t *proposal_create_default_aead(protocol_id_t protocol)
{
@@ -853,7 +853,7 @@ proposal_t *proposal_create_default_aead(protocol_id_t protocol)
}
/*
- * Describtion in header-file
+ * Described in header
*/
proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs)
{
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index a89995a..3ae7c4e 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -593,7 +593,7 @@ METHOD(daemon_t, initialize, bool,
PLUGIN_DEPENDS(CUSTOM, "socket"),
};
lib->plugins->add_static_features(lib->plugins, lib->ns, features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
/* load plugins, further infrastructure may need it */
if (!lib->plugins->load(lib->plugins, plugins))
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 0f5f40a..cb6c97f 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2013 Tobias Brunner
+ * Copyright (C) 2006-2014 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2006 Daniel Roethlisberger
@@ -23,6 +23,8 @@
#include "message.h"
#include <library.h>
+#include <bio/bio_writer.h>
+#include <collections/array.h>
#include <daemon.h>
#include <sa/ikev1/keymat_v1.h>
#include <encoding/generator.h>
@@ -30,9 +32,11 @@
#include <encoding/payloads/encodings.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/hash_payload.h>
-#include <encoding/payloads/encryption_payload.h>
+#include <encoding/payloads/encrypted_payload.h>
+#include <encoding/payloads/encrypted_fragment_payload.h>
#include <encoding/payloads/unknown_payload.h>
#include <encoding/payloads/cp_payload.h>
+#include <encoding/payloads/fragment_payload.h>
/**
* Max number of notify payloads per IKEv2 message
@@ -802,6 +806,30 @@ static message_rule_t message_rules[] = {
#endif /* USE_IKEV1 */
};
+/**
+ * Data for fragment reassembly.
+ */
+typedef struct {
+
+ /**
+ * For IKEv1 the number of the last fragment (in case we receive them out
+ * of order), since the first one starts with 1 this defines the number of
+ * fragments we expect.
+ * For IKEv2 we store the total number of fragment we received last.
+ */
+ u_int16_t last;
+
+ /**
+ * Length of all currently received fragments.
+ */
+ size_t len;
+
+ /**
+ * Maximum length of a fragmented packet.
+ */
+ size_t max_packet;
+
+} fragment_data_t;
typedef struct private_message_t private_message_t;
@@ -876,6 +904,12 @@ struct private_message_t {
packet_t *packet;
/**
+ * Array of generated fragments (if any), as packet_t*.
+ * If defragmenting (i.e. frag != NULL) this contains fragment_t*
+ */
+ array_t *fragments;
+
+ /**
* Linked List where payload data are stored in.
*/
linked_list_t *payloads;
@@ -889,9 +923,46 @@ struct private_message_t {
* The message rule for this message instance
*/
message_rule_t *rule;
+
+ /**
+ * Data used to reassemble a fragmented message
+ */
+ fragment_data_t *frag;
};
/**
+ * Maximum number of fragments we will handle
+ */
+#define MAX_FRAGMENTS 255
+
+/**
+ * A single fragment within a fragmented message
+ */
+typedef struct {
+
+ /** fragment number */
+ u_int8_t num;
+
+ /** fragment data */
+ chunk_t data;
+
+} fragment_t;
+
+static void fragment_destroy(fragment_t *this)
+{
+ chunk_free(&this->data);
+ free(this);
+}
+
+static void reset_defrag(private_message_t *this)
+{
+ array_destroy_function(this->fragments, (void*)fragment_destroy, NULL);
+ this->fragments = NULL;
+ this->frag->last = 0;
+ this->frag->len = 0;
+}
+
+/**
* Get the message rule that applies to this message
*/
static message_rule_t* get_message_rule(private_message_t *this)
@@ -1049,6 +1120,12 @@ METHOD(message_t, is_encoded, bool,
return this->packet->get_data(this->packet).ptr != NULL;
}
+METHOD(message_t, is_fragmented, bool,
+ private_message_t *this)
+{
+ return array_count(this->fragments) > 0;
+}
+
METHOD(message_t, add_payload, void,
private_message_t *this, payload_t *payload)
{
@@ -1330,6 +1407,12 @@ static char* get_string(private_message_t *this, char *buf, int len)
return buf;
}
+METHOD(message_t, disable_sort, void,
+ private_message_t *this)
+{
+ this->sort_disabled = TRUE;
+}
+
/**
* reorder payloads depending on reordering rules
*/
@@ -1339,6 +1422,8 @@ static void order_payloads(private_message_t *this)
payload_t *payload;
int i;
+ DBG2(DBG_ENC, "order payloads in message");
+
/* move to temp list */
list = linked_list_create();
while (this->payloads->remove_last(this->payloads,
@@ -1392,29 +1477,42 @@ static void order_payloads(private_message_t *this)
}
/**
- * Wrap payloads in an encryption payload
+ * Wrap payloads in an encrypted payload
*/
-static encryption_payload_t* wrap_payloads(private_message_t *this)
+static encrypted_payload_t* wrap_payloads(private_message_t *this)
{
- encryption_payload_t *encryption;
+ encrypted_payload_t *encrypted = NULL;
linked_list_t *payloads;
payload_t *current;
- /* copy all payloads in a temporary list */
+ /* move all payloads to a temporary list */
payloads = linked_list_create();
while (this->payloads->remove_first(this->payloads,
(void**)¤t) == SUCCESS)
{
- payloads->insert_last(payloads, current);
+ if (current->get_type(current) == PLV2_FRAGMENT)
+ { /* treat encrypted fragment payload as encrypted payload */
+ encrypted = (encrypted_payload_t*)current;
+ }
+ else
+ {
+ payloads->insert_last(payloads, current);
+ }
+ }
+ if (encrypted)
+ { /* simply adopt all the unencrypted payloads */
+ this->payloads->destroy(this->payloads);
+ this->payloads = payloads;
+ return encrypted;
}
if (this->is_encrypted)
{
- encryption = encryption_payload_create(PLV1_ENCRYPTED);
+ encrypted = encrypted_payload_create(PLV1_ENCRYPTED);
}
else
{
- encryption = encryption_payload_create(PLV2_ENCRYPTED);
+ encrypted = encrypted_payload_create(PLV2_ENCRYPTED);
}
while (payloads->remove_first(payloads, (void**)¤t) == SUCCESS)
{
@@ -1432,7 +1530,7 @@ static encryption_payload_t* wrap_payloads(private_message_t *this)
{ /* encryption is forced for IKEv1 */
DBG2(DBG_ENC, "insert payload %N into encrypted payload",
payload_type_names, type);
- encryption->add_payload(encryption, current);
+ encrypted->add_payload(encrypted, current);
}
else
{
@@ -1443,31 +1541,71 @@ static encryption_payload_t* wrap_payloads(private_message_t *this)
}
payloads->destroy(payloads);
- return encryption;
+ return encrypted;
}
-METHOD(message_t, disable_sort, void,
- private_message_t *this)
+/**
+ * Creates the IKE header for this message
+ */
+static ike_header_t *create_header(private_message_t *this)
{
- this->sort_disabled = TRUE;
+ ike_header_t *ike_header;
+ bool *reserved;
+ int i;
+
+ ike_header = ike_header_create_version(this->major_version,
+ this->minor_version);
+ ike_header->set_exchange_type(ike_header, this->exchange_type);
+ ike_header->set_message_id(ike_header, this->message_id);
+ if (this->major_version == IKEV2_MAJOR_VERSION)
+ {
+ ike_header->set_response_flag(ike_header, !this->is_request);
+ ike_header->set_version_flag(ike_header, this->version_flag);
+ ike_header->set_initiator_flag(ike_header,
+ this->ike_sa_id->is_initiator(this->ike_sa_id));
+ }
+ else
+ {
+ ike_header->set_encryption_flag(ike_header, this->is_encrypted);
+ }
+ ike_header->set_initiator_spi(ike_header,
+ this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
+ ike_header->set_responder_spi(ike_header,
+ this->ike_sa_id->get_responder_spi(this->ike_sa_id));
+
+ for (i = 0; i < countof(this->reserved); i++)
+ {
+ reserved = payload_get_field(&ike_header->payload_interface,
+ RESERVED_BIT, i);
+ if (reserved)
+ {
+ *reserved = this->reserved[i];
+ }
+ }
+ return ike_header;
}
-METHOD(message_t, generate, status_t,
- private_message_t *this, keymat_t *keymat, packet_t **packet)
+/**
+ * Generates the message, if needed, wraps the payloads in an encrypted payload.
+ *
+ * The generator and the possible enrypted payload are returned. The latter
+ * is not yet encrypted (but the transform is set). It is also not added to
+ * the payload list (so unless there are unencrypted payloads that list will
+ * be empty afterwards).
+ */
+static status_t generate_message(private_message_t *this, keymat_t *keymat,
+ generator_t **out_generator, encrypted_payload_t **encrypted)
{
keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
generator_t *generator;
- ike_header_t *ike_header;
- payload_t *payload, *next;
- encryption_payload_t *encryption = NULL;
payload_type_t next_type;
enumerator_t *enumerator;
aead_t *aead = NULL;
- chunk_t chunk, hash = chunk_empty;
+ chunk_t hash = chunk_empty;
char str[BUF_LEN];
- u_int32_t *lenpos;
- bool encrypted = FALSE, *reserved;
- int i;
+ ike_header_t *ike_header;
+ payload_t *payload, *next;
+ bool encrypting = FALSE;
if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
{
@@ -1493,6 +1631,7 @@ METHOD(message_t, generate, status_t,
{
order_payloads(this);
}
+
if (keymat && keymat->get_version(keymat) == IKEV1)
{
/* get a hash for this message, if any is required */
@@ -1505,16 +1644,17 @@ METHOD(message_t, generate, status_t,
this->payloads->insert_first(this->payloads, hash_payload);
if (this->exchange_type == INFORMATIONAL_V1)
{
- this->is_encrypted = encrypted = TRUE;
+ this->is_encrypted = encrypting = TRUE;
}
chunk_free(&hash);
}
}
+
if (this->major_version == IKEV2_MAJOR_VERSION)
{
- encrypted = this->rule->encrypted;
+ encrypting = this->rule->encrypted;
}
- else if (!encrypted)
+ else if (!encrypting)
{
/* If at least one payload requires encryption, encrypt the message.
* If no key material is available, the flag will be reset below. */
@@ -1526,7 +1666,7 @@ METHOD(message_t, generate, status_t,
rule = get_payload_rule(this, payload->get_type(payload));
if (rule && rule->encrypted)
{
- this->is_encrypted = encrypted = TRUE;
+ this->is_encrypted = encrypting = TRUE;
break;
}
}
@@ -1539,9 +1679,10 @@ METHOD(message_t, generate, status_t,
{
aead = keymat->get_aead(keymat, FALSE);
}
- if (aead && encrypted)
+ if (aead && encrypting)
{
- encryption = wrap_payloads(this);
+ *encrypted = wrap_payloads(this);
+ (*encrypted)->set_transform(*encrypted, aead);
}
else
{
@@ -1549,39 +1690,9 @@ METHOD(message_t, generate, status_t,
this->is_encrypted = FALSE;
}
- ike_header = ike_header_create_version(this->major_version,
- this->minor_version);
- ike_header->set_exchange_type(ike_header, this->exchange_type);
- ike_header->set_message_id(ike_header, this->message_id);
- if (this->major_version == IKEV2_MAJOR_VERSION)
- {
- ike_header->set_response_flag(ike_header, !this->is_request);
- ike_header->set_version_flag(ike_header, this->version_flag);
- ike_header->set_initiator_flag(ike_header,
- this->ike_sa_id->is_initiator(this->ike_sa_id));
- }
- else
- {
- ike_header->set_encryption_flag(ike_header, this->is_encrypted);
- }
- ike_header->set_initiator_spi(ike_header,
- this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
- ike_header->set_responder_spi(ike_header,
- this->ike_sa_id->get_responder_spi(this->ike_sa_id));
-
- for (i = 0; i < countof(this->reserved); i++)
- {
- reserved = payload_get_field(&ike_header->payload_interface,
- RESERVED_BIT, i);
- if (reserved)
- {
- *reserved = this->reserved[i];
- }
- }
-
- generator = generator_create();
-
/* generate all payloads with proper next type */
+ *out_generator = generator = generator_create();
+ ike_header = create_header(this);
payload = (payload_t*)ike_header;
enumerator = create_payload_enumerator(this);
while (enumerator->enumerate(enumerator, &next))
@@ -1591,53 +1702,71 @@ METHOD(message_t, generate, status_t,
payload = next;
}
enumerator->destroy(enumerator);
+
+ next_type = PL_NONE;
if (this->is_encrypted)
{ /* for encrypted IKEv1 messages */
- next_type = encryption->payload_interface.get_next_type(
- (payload_t*)encryption);
+ next_type = (*encrypted)->payload_interface.get_next_type(
+ (payload_t*)*encrypted);
}
- else
- {
- next_type = encryption ? PLV2_ENCRYPTED : PL_NONE;
+ else if (*encrypted)
+ { /* use proper IKEv2 encrypted (fragment) payload type */
+ next_type = (*encrypted)->payload_interface.get_type(
+ (payload_t*)*encrypted);
}
payload->set_next_type(payload, next_type);
generator->generate_payload(generator, payload);
ike_header->destroy(ike_header);
+ return SUCCESS;
+}
- if (encryption)
- { /* set_transform() has to be called before get_length() */
- encryption->set_transform(encryption, aead);
+/**
+ * Encrypts and adds the encrypted payload (if any) to the payload list and
+ * finalizes the message generation. Destroys the given generator.
+ */
+static status_t finalize_message(private_message_t *this, keymat_t *keymat,
+ generator_t *generator, encrypted_payload_t *encrypted)
+{
+ keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
+ chunk_t chunk;
+ u_int32_t *lenpos;
+
+ if (encrypted)
+ {
if (this->is_encrypted)
{ /* for IKEv1 instead of associated data we provide the IV */
if (!keymat_v1->get_iv(keymat_v1, this->message_id, &chunk))
{
generator->destroy(generator);
+ encrypted->destroy(encrypted);
return FAILED;
}
}
else
- { /* build associated data (without header of encryption payload) */
+ { /* build associated data (without header of encrypted payload) */
chunk = generator->get_chunk(generator, &lenpos);
- /* fill in length, including encryption payload */
- htoun32(lenpos, chunk.len + encryption->get_length(encryption));
+ /* fill in length, including encrypted payload */
+ htoun32(lenpos, chunk.len + encrypted->get_length(encrypted));
}
- this->payloads->insert_last(this->payloads, encryption);
- if (encryption->encrypt(encryption, this->message_id, chunk) != SUCCESS)
+ this->payloads->insert_last(this->payloads, encrypted);
+ if (encrypted->encrypt(encrypted, this->message_id, chunk) != SUCCESS)
{
generator->destroy(generator);
return INVALID_STATE;
}
- generator->generate_payload(generator, &encryption->payload_interface);
+ generator->generate_payload(generator, &encrypted->payload_interface);
}
chunk = generator->get_chunk(generator, &lenpos);
htoun32(lenpos, chunk.len);
this->packet->set_data(this->packet, chunk_clone(chunk));
- if (this->is_encrypted)
+ if (this->is_encrypted && this->exchange_type != INFORMATIONAL_V1)
{
/* update the IV for the next IKEv1 message */
chunk_t last_block;
+ aead_t *aead;
size_t bs;
+ aead = keymat->get_aead(keymat, FALSE);
bs = aead->get_block_size(aead);
last_block = chunk_create(chunk.ptr + chunk.len - bs, bs);
if (!keymat_v1->update_iv(keymat_v1, this->message_id, last_block) ||
@@ -1648,30 +1777,301 @@ METHOD(message_t, generate, status_t,
}
}
generator->destroy(generator);
- *packet = this->packet->clone(this->packet);
return SUCCESS;
}
-METHOD(message_t, get_packet, packet_t*,
- private_message_t *this)
+METHOD(message_t, generate, status_t,
+ private_message_t *this, keymat_t *keymat, packet_t **packet)
{
- if (this->packet == NULL)
+ generator_t *generator = NULL;
+ encrypted_payload_t *encrypted = NULL;
+ status_t status;
+
+ status = generate_message(this, keymat, &generator, &encrypted);
+ if (status != SUCCESS)
{
- return NULL;
+ DESTROY_IF(generator);
+ return status;
+ }
+ status = finalize_message(this, keymat, generator, encrypted);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ if (packet)
+ {
+ *packet = this->packet->clone(this->packet);
+ }
+ return SUCCESS;
+}
+
+/**
+ * Creates a (basic) clone of the given message
+ */
+static message_t *clone_message(private_message_t *this)
+{
+ message_t *message;
+ host_t *src, *dst;
+
+ src = this->packet->get_source(this->packet);
+ dst = this->packet->get_destination(this->packet);
+
+ message = message_create(this->major_version, this->minor_version);
+ message->set_ike_sa_id(message, this->ike_sa_id);
+ message->set_message_id(message, this->message_id);
+ message->set_request(message, this->is_request);
+ message->set_source(message, src->clone(src));
+ message->set_destination(message, dst->clone(dst));
+ message->set_exchange_type(message, this->exchange_type);
+ memcpy(((private_message_t*)message)->reserved, this->reserved,
+ sizeof(this->reserved));
+ return message;
+}
+
+/**
+ * Create a single fragment with the given data
+ */
+static message_t *create_fragment(private_message_t *this, payload_type_t next,
+ u_int16_t num, u_int16_t count, chunk_t data)
+{
+ enumerator_t *enumerator;
+ payload_t *fragment, *payload;
+ message_t *message;
+ peer_cfg_t *peer_cfg;
+ ike_sa_t *ike_sa;
+
+ message = clone_message(this);
+ if (this->major_version == IKEV1_MAJOR_VERSION)
+ {
+ /* other implementations seem to just use 0 as message ID, so here we go */
+ message->set_message_id(message, 0);
+ /* always use the initial message type for fragments, even for quick mode
+ * or transaction messages. */
+ ike_sa = charon->bus->get_sa(charon->bus);
+ if (ike_sa && (peer_cfg = ike_sa->get_peer_cfg(ike_sa)) &&
+ peer_cfg->use_aggressive(peer_cfg))
+ {
+ message->set_exchange_type(message, AGGRESSIVE);
+ }
+ else
+ {
+ message->set_exchange_type(message, ID_PROT);
+ }
+ fragment = (payload_t*)fragment_payload_create_from_data(
+ num, num == count, data);
+ }
+ else
+ {
+ fragment = (payload_t*)encrypted_fragment_payload_create_from_data(
+ num, count, data);
+ if (num == 1)
+ {
+ /* only in the first fragment is this set to the type of the first
+ * payload in the encrypted payload */
+ fragment->set_next_type(fragment, next);
+ /* move unencrypted payloads to the first fragment */
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ if (payload->get_type(payload) != PLV2_ENCRYPTED)
+ {
+ this->payloads->remove_at(this->payloads, enumerator);
+ message->add_payload(message, payload);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ }
+ message->add_payload(message, (payload_t*)fragment);
+ return message;
+}
+
+/**
+ * Destroy all fragments
+ */
+static void clear_fragments(private_message_t *this)
+{
+ array_destroy_offset(this->fragments, offsetof(packet_t, destroy));
+ this->fragments = NULL;
+}
+
+/**
+ * Reduce the fragment length but ensure it stays > 0
+ */
+#define REDUCE_FRAG_LEN(fl, amount) ({ \
+ fl = max(1, (ssize_t)fl - (amount)); \
+})
+
+METHOD(message_t, fragment, status_t,
+ private_message_t *this, keymat_t *keymat, size_t frag_len,
+ enumerator_t **fragments)
+{
+ encrypted_payload_t *encrypted = NULL;
+ generator_t *generator = NULL;
+ message_t *fragment;
+ packet_t *packet;
+ payload_type_t next = PL_NONE;
+ u_int16_t num, count;
+ host_t *src, *dst;
+ chunk_t data;
+ status_t status;
+ u_int32_t *lenpos;
+ size_t len;
+
+ src = this->packet->get_source(this->packet);
+ dst = this->packet->get_destination(this->packet);
+ if (!frag_len)
+ {
+ frag_len = (src->get_family(src) == AF_INET) ? 576 : 1280;
+ }
+ /* frag_len is the complete IP datagram length, account for overhead (we
+ * assume no IP options/extension headers are used) */
+ REDUCE_FRAG_LEN(frag_len, (src->get_family(src) == AF_INET) ? 20 : 40);
+ /* 8 (UDP header) */
+ REDUCE_FRAG_LEN(frag_len, 8);
+ if (dst->get_port(dst) != IKEV2_UDP_PORT &&
+ src->get_port(src) != IKEV2_UDP_PORT)
+ { /* reduce length due to non-ESP marker */
+ REDUCE_FRAG_LEN(frag_len, 4);
+ }
+
+ if (is_encoded(this))
+ {
+ if (this->major_version == IKEV2_MAJOR_VERSION)
+ {
+ encrypted = (encrypted_payload_t*)get_payload(this, PLV2_ENCRYPTED);
+ }
+ data = this->packet->get_data(this->packet);
+ len = data.len;
+ }
+ else
+ {
+ status = generate_message(this, keymat, &generator, &encrypted);
+ if (status != SUCCESS)
+ {
+ DESTROY_IF(generator);
+ return status;
+ }
+ data = generator->get_chunk(generator, &lenpos);
+ len = data.len + (encrypted ? encrypted->get_length(encrypted) : 0);
+ }
+
+ /* check if we actually need to fragment the message and if we have an
+ * encrypted payload for IKEv2 */
+ if (len <= frag_len ||
+ (this->major_version == IKEV2_MAJOR_VERSION && !encrypted))
+ {
+ if (generator)
+ {
+ status = finalize_message(this, keymat, generator, encrypted);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ }
+ *fragments = enumerator_create_single(this->packet, NULL);
+ return SUCCESS;
+ }
+
+ /* frag_len denoted the maximum IKE message size so far, later on it will
+ * denote the maximum content size of a fragment payload, therefore,
+ * account for IKE header */
+ REDUCE_FRAG_LEN(frag_len, 28);
+
+ if (this->major_version == IKEV1_MAJOR_VERSION)
+ {
+ if (generator)
+ {
+ status = finalize_message(this, keymat, generator, encrypted);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ data = this->packet->get_data(this->packet);
+ generator = NULL;
+ }
+ /* overhead for the fragmentation payload header */
+ REDUCE_FRAG_LEN(frag_len, 8);
}
+ else
+ {
+ aead_t *aead;
+
+ if (generator)
+ {
+ generator->destroy(generator);
+ generator = generator_create();
+ }
+ else
+ { /* do not log again if it was generated previously */
+ generator = generator_create_no_dbg();
+ }
+ next = encrypted->payload_interface.get_next_type((payload_t*)encrypted);
+ encrypted->generate_payloads(encrypted, generator);
+ data = generator->get_chunk(generator, &lenpos);
+ if (!is_encoded(this))
+ {
+ encrypted->destroy(encrypted);
+ }
+ aead = keymat->get_aead(keymat, FALSE);
+ /* overhead for the encrypted fragment payload */
+ REDUCE_FRAG_LEN(frag_len, aead->get_iv_size(aead));
+ REDUCE_FRAG_LEN(frag_len, aead->get_icv_size(aead));
+ /* header */
+ REDUCE_FRAG_LEN(frag_len, 8);
+ /* padding and padding length */
+ frag_len = round_down(frag_len, aead->get_block_size(aead));
+ REDUCE_FRAG_LEN(frag_len, 1);
+ /* TODO-FRAG: if there are unencrypted payloads, should we account for
+ * their length in the first fragment? we still would have to add
+ * an encrypted fragment payload (albeit empty), even so we couldn't
+ * prevent IP fragmentation in every case */
+ }
+
+ count = data.len / frag_len + (data.len % frag_len ? 1 : 0);
+ this->fragments = array_create(0, count);
+ DBG1(DBG_ENC, "splitting IKE message with length of %zu bytes into "
+ "%hu fragments", len, count);
+ for (num = 1; num <= count; num++)
+ {
+ len = min(data.len, frag_len);
+ fragment = create_fragment(this, next, num, count,
+ chunk_create(data.ptr, len));
+ status = fragment->generate(fragment, keymat, &packet);
+ fragment->destroy(fragment);
+ if (status != SUCCESS)
+ {
+ DBG1(DBG_ENC, "failed to generate IKE fragment");
+ clear_fragments(this);
+ DESTROY_IF(generator);
+ return FAILED;
+ }
+ array_insert(this->fragments, ARRAY_TAIL, packet);
+ data = chunk_skip(data, len);
+ }
+ *fragments = array_create_enumerator(this->fragments);
+ DESTROY_IF(generator);
+ return SUCCESS;
+}
+
+METHOD(message_t, get_packet, packet_t*,
+ private_message_t *this)
+{
return this->packet->clone(this->packet);
}
METHOD(message_t, get_packet_data, chunk_t,
private_message_t *this)
{
- if (this->packet == NULL)
- {
- return chunk_empty;
- }
return this->packet->get_data(this->packet);
}
+METHOD(message_t, get_fragments, enumerator_t*,
+ private_message_t *this)
+{
+ return array_create_enumerator(this->fragments);
+}
+
METHOD(message_t, parse_header, status_t,
private_message_t *this)
{
@@ -1682,6 +2082,10 @@ METHOD(message_t, parse_header, status_t,
DBG2(DBG_ENC, "parsing header of message");
+ if (!this->parser)
+ { /* reassembled IKEv2 message, header is inherited from fragments */
+ return SUCCESS;
+ }
this->parser->reset_context(this->parser);
status = this->parser->parse_payload(this->parser, PL_HEADER,
(payload_t**)&ike_header);
@@ -1723,7 +2127,7 @@ METHOD(message_t, parse_header, status_t,
this->first_payload = ike_header->payload_interface.get_next_type(
&ike_header->payload_interface);
if (this->first_payload == PLV1_FRAGMENT && this->is_encrypted)
- { /* racoon sets the encryted bit when sending a fragment, but these
+ { /* racoon sets the encrypted bit when sending a fragment, but these
* messages are really not encrypted */
this->is_encrypted = FALSE;
}
@@ -1780,9 +2184,9 @@ static status_t parse_payloads(private_message_t *this)
status_t status;
if (this->is_encrypted)
- { /* wrap the whole encrypted IKEv1 message in a special encryption
+ { /* wrap the whole encrypted IKEv1 message in a special encrypted
* payload which is then handled just like a regular payload */
- encryption_payload_t *encryption;
+ encrypted_payload_t *encryption;
status = this->parser->parse_payload(this->parser, PLV1_ENCRYPTED,
(payload_t**)&encryption);
@@ -1824,9 +2228,9 @@ static status_t parse_payloads(private_message_t *this)
payload_type_names, type);
this->payloads->insert_last(this->payloads, payload);
- /* an encrypted payload is the last one, so STOP here. decryption is
- * done later */
- if (type == PLV2_ENCRYPTED)
+ /* an encrypted (fragment) payload MUST be the last one, so STOP here.
+ * decryption is done later */
+ if (type == PLV2_ENCRYPTED || type == PLV2_FRAGMENT)
{
DBG2(DBG_ENC, "%N payload found, stop parsing",
payload_type_names, type);
@@ -1841,7 +2245,7 @@ static status_t parse_payloads(private_message_t *this)
* Decrypt an encrypted payload and extract all contained payloads.
*/
static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat,
- payload_t *previous, encryption_payload_t *encryption)
+ payload_t *previous, encrypted_payload_t *encryption)
{
payload_t *encrypted;
payload_type_t type;
@@ -1861,43 +2265,52 @@ static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat,
DBG1(DBG_ENC, "found encrypted payload, but no transform set");
return INVALID_ARG;
}
- bs = aead->get_block_size(aead);
- encryption->set_transform(encryption, aead);
- chunk = this->packet->get_data(this->packet);
- if (chunk.len < encryption->get_length(encryption) ||
- chunk.len < bs)
+ if (!this->parser)
{
- DBG1(DBG_ENC, "invalid payload length");
- return VERIFY_ERROR;
+ /* reassembled IKEv2 messages are already decrypted, we still call
+ * decrypt() to parse the contained payloads */
+ status = encryption->decrypt(encryption, chunk_empty);
}
- if (keymat->get_version(keymat) == IKEV1)
- { /* instead of associated data we provide the IV, we also update
- * the IV with the last encrypted block */
- keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
- chunk_t iv;
-
- if (keymat_v1->get_iv(keymat_v1, this->message_id, &iv))
+ else
+ {
+ bs = aead->get_block_size(aead);
+ encryption->set_transform(encryption, aead);
+ chunk = this->packet->get_data(this->packet);
+ if (chunk.len < encryption->get_length(encryption) ||
+ chunk.len < bs)
{
- status = encryption->decrypt(encryption, iv);
- if (status == SUCCESS)
+ DBG1(DBG_ENC, "invalid payload length");
+ return VERIFY_ERROR;
+ }
+ if (keymat->get_version(keymat) == IKEV1)
+ { /* instead of associated data we provide the IV, we also update
+ * the IV with the last encrypted block */
+ keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
+ chunk_t iv;
+
+ if (keymat_v1->get_iv(keymat_v1, this->message_id, &iv))
{
- if (!keymat_v1->update_iv(keymat_v1, this->message_id,
- chunk_create(chunk.ptr + chunk.len - bs, bs)))
+ status = encryption->decrypt(encryption, iv);
+ if (status == SUCCESS)
{
- status = FAILED;
+ if (!keymat_v1->update_iv(keymat_v1, this->message_id,
+ chunk_create(chunk.ptr + chunk.len - bs, bs)))
+ {
+ status = FAILED;
+ }
}
}
+ else
+ {
+ status = FAILED;
+ }
}
else
{
- status = FAILED;
+ chunk.len -= encryption->get_length(encryption);
+ status = encryption->decrypt(encryption, chunk);
}
}
- else
- {
- chunk.len -= encryption->get_length(encryption);
- status = encryption->decrypt(encryption, chunk);
- }
if (status != SUCCESS)
{
return status;
@@ -1923,6 +2336,41 @@ static status_t decrypt_and_extract(private_message_t *this, keymat_t *keymat,
}
/**
+ * Decrypt an encrypted fragment payload.
+ */
+static status_t decrypt_fragment(private_message_t *this, keymat_t *keymat,
+ encrypted_fragment_payload_t *fragment)
+{
+ encrypted_payload_t *encrypted = (encrypted_payload_t*)fragment;
+ chunk_t chunk;
+ aead_t *aead;
+ size_t bs;
+
+ if (!keymat)
+ {
+ DBG1(DBG_ENC, "found encrypted fragment payload, but no keymat");
+ return INVALID_ARG;
+ }
+ aead = keymat->get_aead(keymat, TRUE);
+ if (!aead)
+ {
+ DBG1(DBG_ENC, "found encrypted fragment payload, but no transform set");
+ return INVALID_ARG;
+ }
+ bs = aead->get_block_size(aead);
+ encrypted->set_transform(encrypted, aead);
+ chunk = this->packet->get_data(this->packet);
+ if (chunk.len < encrypted->get_length(encrypted) ||
+ chunk.len < bs)
+ {
+ DBG1(DBG_ENC, "invalid payload length");
+ return VERIFY_ERROR;
+ }
+ chunk.len -= encrypted->get_length(encrypted);
+ return encrypted->decrypt(encrypted, chunk);
+}
+
+/**
* Do we accept unencrypted ID/HASH payloads in Main Mode, as seen from
* some SonicWall boxes?
*/
@@ -1941,7 +2389,7 @@ static bool accept_unencrypted_mm(private_message_t *this, payload_type_t type)
}
/**
- * Decrypt payload from the encryption payload
+ * Decrypt payload from the encrypted payload
*/
static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
{
@@ -1950,7 +2398,7 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
payload_rule_t *rule;
payload_type_t type;
status_t status = SUCCESS;
- bool was_encrypted = FALSE;
+ char *was_encrypted = NULL;
enumerator = this->payloads->create_enumerator(this->payloads);
while (enumerator->enumerate(enumerator, &payload))
@@ -1959,20 +2407,24 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
- if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED)
+ if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED ||
+ type == PLV2_FRAGMENT)
{
- encryption_payload_t *encryption;
-
if (was_encrypted)
{
- DBG1(DBG_ENC, "encrypted payload can't contain other payloads "
- "of type %N", payload_type_names, type);
+ DBG1(DBG_ENC, "%s can't contain other payloads of type %N",
+ was_encrypted, payload_type_names, type);
status = VERIFY_ERROR;
break;
}
+ }
+
+ if (type == PLV2_ENCRYPTED || type == PLV1_ENCRYPTED)
+ {
+ encrypted_payload_t *encryption;
DBG2(DBG_ENC, "found an encrypted payload");
- encryption = (encryption_payload_t*)payload;
+ encryption = (encrypted_payload_t*)payload;
this->payloads->remove_at(this->payloads, enumerator);
if (enumerator->enumerate(enumerator, NULL))
@@ -1988,7 +2440,27 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
{
break;
}
- was_encrypted = TRUE;
+ was_encrypted = "encrypted payload";
+ }
+ else if (type == PLV2_FRAGMENT)
+ {
+ encrypted_fragment_payload_t *fragment;
+
+ DBG2(DBG_ENC, "found an encrypted fragment payload");
+ fragment = (encrypted_fragment_payload_t*)payload;
+
+ if (enumerator->enumerate(enumerator, NULL))
+ {
+ DBG1(DBG_ENC, "encrypted fragment payload is not last payload");
+ status = VERIFY_ERROR;
+ break;
+ }
+ status = decrypt_fragment(this, keymat, fragment);
+ if (status != SUCCESS)
+ {
+ break;
+ }
+ was_encrypted = "encrypted fragment payload";
}
if (payload_is_known(type) && !was_encrypted &&
@@ -2085,10 +2557,15 @@ METHOD(message_t, parse_body, status_t,
return NOT_SUPPORTED;
}
- status = parse_payloads(this);
- if (status != SUCCESS)
- { /* error is already logged */
- return status;
+ /* reassembled IKEv2 messages are already parsed (except for the payloads
+ * contained in the encrypted payload, which are handled below) */
+ if (this->parser)
+ {
+ status = parse_payloads(this);
+ if (status != SUCCESS)
+ { /* error is already logged */
+ return status;
+ }
}
status = decrypt_payloads(this, keymat);
@@ -2142,7 +2619,7 @@ METHOD(message_t, parse_body, status_t,
}
chunk_free(&hash);
}
- if (this->is_encrypted)
+ if (this->is_encrypted && this->exchange_type != INFORMATIONAL_V1)
{ /* message verified, confirm IV */
if (!keymat_v1->confirm_iv(keymat_v1, this->message_id))
{
@@ -2153,13 +2630,234 @@ METHOD(message_t, parse_body, status_t,
return SUCCESS;
}
+/**
+ * Store the fragment data for the fragment with the given fragment number.
+ */
+static status_t add_fragment(private_message_t *this, u_int16_t num,
+ chunk_t data)
+{
+ fragment_t *fragment;
+ int i, insert_at = -1;
+
+ for (i = 0; i < array_count(this->fragments); i++)
+ {
+ array_get(this->fragments, i, &fragment);
+ if (fragment->num == num)
+ {
+ /* ignore a duplicate fragment */
+ DBG1(DBG_ENC, "received duplicate fragment #%hu", num);
+ return NEED_MORE;
+ }
+ if (fragment->num > num)
+ {
+ insert_at = i;
+ break;
+ }
+ }
+ this->frag->len += data.len;
+ if (this->frag->len > this->frag->max_packet)
+ {
+ DBG1(DBG_ENC, "fragmented IKE message is too large");
+ reset_defrag(this);
+ return FAILED;
+ }
+ INIT(fragment,
+ .num = num,
+ .data = chunk_clone(data),
+ );
+ array_insert(this->fragments, insert_at, fragment);
+ return SUCCESS;
+}
+
+/**
+ * Merge the cached fragment data and resets the defragmentation state.
+ * Also updates the IP addresses to those of the last received fragment.
+ */
+static chunk_t merge_fragments(private_message_t *this, message_t *last)
+{
+ fragment_t *fragment;
+ bio_writer_t *writer;
+ host_t *src, *dst;
+ chunk_t data;
+ int i;
+
+ writer = bio_writer_create(this->frag->len);
+ for (i = 0; i < array_count(this->fragments); i++)
+ {
+ array_get(this->fragments, i, &fragment);
+ writer->write_data(writer, fragment->data);
+ }
+ data = writer->extract_buf(writer);
+ writer->destroy(writer);
+
+ /* set addresses to those of the last fragment we received */
+ src = last->get_source(last);
+ dst = last->get_destination(last);
+ this->packet->set_source(this->packet, src->clone(src));
+ this->packet->set_destination(this->packet, dst->clone(dst));
+
+ reset_defrag(this);
+ free(this->frag);
+ this->frag = NULL;
+ return data;
+}
+
+METHOD(message_t, add_fragment_v1, status_t,
+ private_message_t *this, message_t *message)
+{
+ fragment_payload_t *payload;
+ chunk_t data;
+ u_int8_t num;
+ status_t status;
+
+ if (!this->frag)
+ {
+ return INVALID_STATE;
+ }
+ payload = (fragment_payload_t*)message->get_payload(message, PLV1_FRAGMENT);
+ if (!payload)
+ {
+ return INVALID_ARG;
+ }
+ if (!this->fragments || this->message_id != payload->get_id(payload))
+ {
+ reset_defrag(this);
+ this->message_id = payload->get_id(payload);
+ /* we don't know the total number of fragments, assume something */
+ this->fragments = array_create(0, 4);
+ }
+
+ num = payload->get_number(payload);
+ data = payload->get_data(payload);
+ if (!this->frag->last && payload->is_last(payload))
+ {
+ this->frag->last = num;
+ }
+ status = add_fragment(this, num, data);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+
+ if (array_count(this->fragments) != this->frag->last)
+ {
+ /* there are some fragments missing */
+ DBG1(DBG_ENC, "received fragment #%hhu, waiting for complete IKE "
+ "message", num);
+ return NEED_MORE;
+ }
+
+ DBG1(DBG_ENC, "received fragment #%hhu, reassembling fragmented IKE "
+ "message", num);
+
+ data = merge_fragments(this, message);
+ this->packet->set_data(this->packet, data);
+ this->parser = parser_create(data);
+
+ if (parse_header(this) != SUCCESS)
+ {
+ DBG1(DBG_IKE, "failed to parse header of reassembled IKE message");
+ return FAILED;
+ }
+ return SUCCESS;
+}
+
+METHOD(message_t, add_fragment_v2, status_t,
+ private_message_t *this, message_t *message)
+{
+ encrypted_fragment_payload_t *encrypted_fragment;
+ encrypted_payload_t *encrypted;
+ payload_t *payload;
+ enumerator_t *enumerator;
+ chunk_t data;
+ u_int16_t total, num;
+ status_t status;
+
+ if (!this->frag)
+ {
+ return INVALID_STATE;
+ }
+ payload = message->get_payload(message, PLV2_FRAGMENT);
+ if (!payload || this->message_id != message->get_message_id(message))
+ {
+ return INVALID_ARG;
+ }
+ encrypted_fragment = (encrypted_fragment_payload_t*)payload;
+ total = encrypted_fragment->get_total_fragments(encrypted_fragment);
+ if (total > MAX_FRAGMENTS)
+ {
+ DBG1(DBG_IKE, "maximum fragment count exceeded");
+ reset_defrag(this);
+ return FAILED;
+ }
+ if (!this->fragments || total > this->frag->last)
+ {
+ reset_defrag(this);
+ this->frag->last = total;
+ this->fragments = array_create(0, total);
+ }
+ num = encrypted_fragment->get_fragment_number(encrypted_fragment);
+ data = encrypted_fragment->get_content(encrypted_fragment);
+ status = add_fragment(this, num, data);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+
+ if (num == 1)
+ {
+ /* the first fragment denotes the payload type of the first payload in
+ * the original encrypted payload, cache that */
+ this->first_payload = payload->get_next_type(payload);
+ /* move all unencrypted payloads contained in the first fragment */
+ enumerator = message->create_payload_enumerator(message);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ if (payload->get_type(payload) != PLV2_FRAGMENT)
+ {
+ message->remove_payload_at(message, enumerator);
+ this->payloads->insert_last(this->payloads, payload);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+
+ if (array_count(this->fragments) != total)
+ {
+ /* there are some fragments missing */
+ DBG1(DBG_ENC, "received fragment #%hu of %hu, waiting for complete IKE "
+ "message", num, total);
+ return NEED_MORE;
+ }
+
+ DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembling fragmented IKE "
+ "message", num, total);
+
+ data = merge_fragments(this, message);
+ encrypted = encrypted_payload_create_from_plain(this->first_payload, data);
+ this->payloads->insert_last(this->payloads, encrypted);
+ /* update next payload type (could be an unencrypted payload) */
+ this->payloads->get_first(this->payloads, (void**)&payload);
+ this->first_payload = payload->get_type(payload);
+ return SUCCESS;
+}
+
METHOD(message_t, destroy, void,
private_message_t *this)
{
DESTROY_IF(this->ike_sa_id);
+ DESTROY_IF(this->parser);
this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
this->packet->destroy(this->packet);
- this->parser->destroy(this->parser);
+ if (this->frag)
+ {
+ reset_defrag(this);
+ free(this->frag);
+ }
+ else
+ {
+ array_destroy_offset(this->fragments, offsetof(packet_t, destroy));
+ }
free(this);
}
@@ -2195,6 +2893,9 @@ message_t *message_create_from_packet(packet_t *packet)
.disable_sort = _disable_sort,
.generate = _generate,
.is_encoded = _is_encoded,
+ .is_fragmented = _is_fragmented,
+ .fragment = _fragment,
+ .add_fragment = _add_fragment_v2,
.set_source = _set_source,
.get_source = _get_source,
.set_destination = _set_destination,
@@ -2207,6 +2908,7 @@ message_t *message_create_from_packet(packet_t *packet)
.parse_body = _parse_body,
.get_packet = _get_packet,
.get_packet_data = _get_packet_data,
+ .get_fragments = _get_fragments,
.destroy = _destroy,
},
.exchange_type = EXCHANGE_TYPE_UNDEFINED,
@@ -2232,3 +2934,34 @@ message_t *message_create(int major, int minor)
return this;
}
+
+/*
+ * Described in header.
+ */
+message_t *message_create_defrag(message_t *fragment)
+{
+ private_message_t *this;
+
+ if (!fragment->get_payload(fragment, PLV1_FRAGMENT) &&
+ !fragment->get_payload(fragment, PLV2_FRAGMENT))
+ {
+ return NULL;
+ }
+ this = (private_message_t*)clone_message((private_message_t*)fragment);
+ /* we don't need a parser for IKEv2, the one for IKEv1 is created after
+ * reassembling the original message */
+ this->parser->destroy(this->parser);
+ this->parser = NULL;
+ if (fragment->get_major_version(fragment) == IKEV1_MAJOR_VERSION)
+ {
+ /* we store the fragment ID in the message ID field, which should be
+ * zero for fragments, but make sure */
+ this->message_id = 0;
+ this->public.add_fragment = _add_fragment_v1;
+ }
+ INIT(this->frag,
+ .max_packet = lib->settings->get_int(lib->settings,
+ "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
+ );
+ return &this->public;
+}
diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h
index 7631a7c..a03aa8e 100644
--- a/src/libcharon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2011 Tobias Brunner
+ * Copyright (C) 2006-2014 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
@@ -39,7 +39,7 @@ typedef struct message_t message_t;
*
* The message handles parsing and generation of payloads
* via parser_t/generator_t. Encryption is done transparently
- * via the encryption_payload_t. A set of rules for messages
+ * via the encrypted_payload_t. A set of rules for messages
* and payloads does check parsed messages.
*/
struct message_t {
@@ -265,6 +265,53 @@ struct message_t {
bool (*is_encoded)(message_t *this);
/**
+ * Generates the message split into fragments of the given size (total IP
+ * datagram length).
+ *
+ * @param keymat keymat to encrypt/sign message(s)
+ * @param frag_len fragment length (maximum total IP datagram length), 0
+ * for default value depending on address family
+ * @param fragments receives an enumerator with generated packet_t*,
+ * which are owned by the enumerator
+ * @return
+ * - SUCCESS if message could be fragmented
+ * - FAILED if fragmentation failed
+ * - and the possible return values of generate()
+ */
+ status_t (*fragment)(message_t *this, keymat_t *keymat, size_t frag_len,
+ enumerator_t **fragments);
+
+ /**
+ * Check if the message has been encoded and fragmented using fragment(),
+ * and whether there actually resulted fragments (if not is_encoded() will
+ * be TRUE).
+ *
+ * The packets of individual fragments can be retrieved with
+ * get_fragments().
+ *
+ * @return TRUE if message has been encoded and fragmented
+ */
+ bool (*is_fragmented)(message_t *this);
+
+ /**
+ * Add a fragment to the message if it was created with
+ * message_create_defrag().
+ *
+ * Once the message is completed it should be processed like any other
+ * inbound message.
+ *
+ * @param fragment fragment to add
+ * @return
+ * - SUCCESS if message was reassembled
+ * - NEED_MORE if not all fragments have yet been received
+ * - FAILED if reassembling failed
+ * - INVALID_ARG if fragment is invalid for some reason
+ * - INVALID_STATE if message was not created using
+ * message_create_defrag()
+ */
+ status_t (*add_fragment)(message_t *this, message_t *fragment);
+
+ /**
* Gets the source host informations.
*
* @warning Returned host_t object is not getting cloned,
@@ -337,11 +384,11 @@ struct message_t {
notify_payload_t* (*get_notify)(message_t *this, notify_type_t type);
/**
- * Returns a clone of the internal stored packet_t object.
+ * Returns a clone of the internally stored packet_t object.
*
* @return packet_t object as clone of internal one
*/
- packet_t * (*get_packet) (message_t *this);
+ packet_t *(*get_packet) (message_t *this);
/**
* Returns a chunk pointing to internal packet_t data.
@@ -351,6 +398,13 @@ struct message_t {
chunk_t (*get_packet_data) (message_t *this);
/**
+ * Returns internally stored packet_t* objects for each fragment.
+ *
+ * @return enumerator internal packet_t* objects
+ */
+ enumerator_t *(*get_fragments)(message_t *this);
+
+ /**
* Destroys a message and all including objects.
*/
void (*destroy) (message_t *this);
@@ -380,4 +434,14 @@ message_t *message_create_from_packet(packet_t *packet);
*/
message_t *message_create(int major, int minor);
+/**
+ * Creates a message_t object that is used to reassemble fragmented messages.
+ *
+ * Use add_fragment() to add fragments.
+ *
+ * @param fragment initial fragment (is not added)
+ * @return message_t object, NULL if fragment is not actually one
+ */
+message_t *message_create_defrag(message_t *fragment);
+
#endif /** MESSAGE_H_ @}*/
diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c
index c33e30d..d6240fd 100644
--- a/src/libcharon/encoding/parser.c
+++ b/src/libcharon/encoding/parser.c
@@ -32,7 +32,7 @@
#include <encoding/payloads/nonce_payload.h>
#include <encoding/payloads/id_payload.h>
#include <encoding/payloads/notify_payload.h>
-#include <encoding/payloads/encryption_payload.h>
+#include <encoding/payloads/encrypted_payload.h>
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/cert_payload.h>
#include <encoding/payloads/certreq_payload.h>
diff --git a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
new file mode 100644
index 0000000..1c2cc37
--- /dev/null
+++ b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup encrypted_fragment_payload encrypted_fragment_payload
+ * @{ @ingroup payloads
+ */
+
+#ifndef ENCRYPTED_FRAGMENT_PAYLOAD_H_
+#define ENCRYPTED_FRAGMENT_PAYLOAD_H_
+
+typedef struct encrypted_fragment_payload_t encrypted_fragment_payload_t;
+
+#include <encoding/payloads/encrypted_payload.h>
+
+/**
+ * The Encrypted Fragment Payload as described in RFC 7383
+ *
+ * The implementation is located in encrypted_payload.c as it is very similar.
+ */
+struct encrypted_fragment_payload_t {
+
+ /**
+ * Implements payload_t interface.
+ */
+ encrypted_payload_t encrypted;
+
+ /**
+ * Get the fragment number.
+ *
+ * @return fragment number
+ */
+ u_int16_t (*get_fragment_number)(encrypted_fragment_payload_t *this);
+
+ /**
+ * Get the total number of fragments.
+ *
+ * @return total number of fragments
+ */
+ u_int16_t (*get_total_fragments)(encrypted_fragment_payload_t *this);
+
+ /**
+ * Get the (decrypted) content of this payload.
+ *
+ * @return internal payload data
+ */
+ chunk_t (*get_content)(encrypted_fragment_payload_t *this);
+
+ /**
+ * Destroys an encrypted_fragment_payload_t object.
+ */
+ void (*destroy)(encrypted_fragment_payload_t *this);
+};
+
+/**
+ * Creates an empty encrypted_fragment_payload_t object.
+ *
+ * @return encrypted_fragment_payload_t object
+ */
+encrypted_fragment_payload_t *encrypted_fragment_payload_create();
+
+/**
+ * Creates an encrypted fragment payload from the given data.
+ *
+ * @param num fragment number (first one should be 1)
+ * @param total total number of fragments
+ * @param data fragment data (gets cloned)
+ * @return encrypted_fragment_payload_t object
+ */
+encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data(
+ u_int16_t num, u_int16_t total, chunk_t data);
+
+#endif /** ENCRYPTED_FRAGMENT_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
new file mode 100644
index 0000000..5c574c3
--- /dev/null
+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
@@ -0,0 +1,1022 @@
+/*
+ * Copyright (C) 2011-2014 Tobias Brunner
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#include "encrypted_payload.h"
+#include "encrypted_fragment_payload.h"
+
+#include <daemon.h>
+#include <encoding/payloads/encodings.h>
+#include <collections/linked_list.h>
+#include <encoding/parser.h>
+
+typedef struct private_encrypted_payload_t private_encrypted_payload_t;
+typedef struct private_encrypted_fragment_payload_t private_encrypted_fragment_payload_t;
+
+struct private_encrypted_payload_t {
+
+ /**
+ * Public encrypted_payload_t interface.
+ */
+ encrypted_payload_t public;
+
+ /**
+ * There is no next payload for an encrypted payload,
+ * since encrypted payload MUST be the last one.
+ * next_payload means here the first payload of the
+ * contained, encrypted payload.
+ */
+ u_int8_t next_payload;
+
+ /**
+ * Flags, including reserved bits
+ */
+ u_int8_t flags;
+
+ /**
+ * Length of this payload
+ */
+ u_int16_t payload_length;
+
+ /**
+ * Chunk containing the IV, plain, padding and ICV.
+ */
+ chunk_t encrypted;
+
+ /**
+ * AEAD transform to use
+ */
+ aead_t *aead;
+
+ /**
+ * Contained payloads
+ */
+ linked_list_t *payloads;
+
+ /**
+ * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED
+ */
+ payload_type_t type;
+};
+
+struct private_encrypted_fragment_payload_t {
+
+ /**
+ * Public interface.
+ */
+ encrypted_fragment_payload_t public;
+
+ /**
+ * The first fragment contains the type of the first payload contained in
+ * the original encrypted payload, for all other fragments it MUST be set
+ * to zero.
+ */
+ u_int8_t next_payload;
+
+ /**
+ * Flags, including reserved bits
+ */
+ u_int8_t flags;
+
+ /**
+ * Length of this payload
+ */
+ u_int16_t payload_length;
+
+ /**
+ * Chunk containing the IV, plain, padding and ICV.
+ */
+ chunk_t encrypted;
+
+ /**
+ * Fragment number
+ */
+ u_int16_t fragment_number;
+
+ /**
+ * Total fragments
+ */
+ u_int16_t total_fragments;
+
+ /**
+ * AEAD transform to use
+ */
+ aead_t *aead;
+
+ /**
+ * Chunk containing the plain packet data.
+ */
+ chunk_t plain;
+};
+
+/**
+ * Encoding rules to parse or generate a IKEv2-Encrypted Payload.
+ *
+ * The defined offsets are the positions in a object of type
+ * private_encrypted_payload_t.
+ */
+static encoding_rule_t encodings_v2[] = {
+ /* 1 Byte next payload type, stored in the field next_payload */
+ { U_INT_8, offsetof(private_encrypted_payload_t, next_payload) },
+ /* Critical and 7 reserved bits, all stored for reconstruction */
+ { U_INT_8, offsetof(private_encrypted_payload_t, flags) },
+ /* Length of the whole encrypted payload*/
+ { PAYLOAD_LENGTH, offsetof(private_encrypted_payload_t, payload_length) },
+ /* encrypted data, stored in a chunk. contains iv, data, padding */
+ { CHUNK_DATA, offsetof(private_encrypted_payload_t, encrypted) },
+};
+
+/*
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Next Payload !C! RESERVED ! Payload Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Initialization Vector !
+ ! (length is block size for encryption algorithm) !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Encrypted IKE Payloads !
+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! ! Padding (0-255 octets) !
+ +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
+ ! ! Pad Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ~ Integrity Checksum Data ~
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+/**
+ * Encoding rules to parse or generate a complete encrypted IKEv1 message.
+ *
+ * The defined offsets are the positions in a object of type
+ * private_encrypted_payload_t.
+ */
+static encoding_rule_t encodings_v1[] = {
+ /* encrypted data, stored in a chunk */
+ { ENCRYPTED_DATA, offsetof(private_encrypted_payload_t, encrypted) },
+};
+
+/*
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Encrypted IKE Payloads !
+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! ! Padding (0-255 octets) !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+/**
+ * Encoding rules to parse or generate an IKEv2-Encrypted Fragment Payload.
+ *
+ * The defined offsets are the positions in a object of type
+ * private_encrypted_payload_t.
+ */
+static encoding_rule_t encodings_fragment[] = {
+ /* 1 Byte next payload type, stored in the field next_payload */
+ { U_INT_8, offsetof(private_encrypted_fragment_payload_t, next_payload) },
+ /* Critical and 7 reserved bits, all stored for reconstruction */
+ { U_INT_8, offsetof(private_encrypted_fragment_payload_t, flags) },
+ /* Length of the whole encryption payload*/
+ { PAYLOAD_LENGTH, offsetof(private_encrypted_fragment_payload_t, payload_length) },
+ /* Fragment number */
+ { U_INT_16, offsetof(private_encrypted_fragment_payload_t, fragment_number) },
+ /* Total number of fragments */
+ { U_INT_16, offsetof(private_encrypted_fragment_payload_t, total_fragments) },
+ /* encrypted data, stored in a chunk. contains iv, data, padding */
+ { CHUNK_DATA, offsetof(private_encrypted_fragment_payload_t, encrypted) },
+};
+
+/*
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Next Payload !C! RESERVED ! Payload Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Fragment Number | Total Fragments !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Initialization Vector !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! Encrypted IKE Payloads !
+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ! ! Padding (0-255 octets) !
+ +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
+ ! ! Pad Length !
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ~ Integrity Checksum Data ~
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+METHOD(payload_t, verify, status_t,
+ private_encrypted_payload_t *this)
+{
+ return SUCCESS;
+}
+
+METHOD(payload_t, get_encoding_rules, int,
+ private_encrypted_payload_t *this, encoding_rule_t **rules)
+{
+ if (this->type == PLV2_ENCRYPTED)
+ {
+ *rules = encodings_v2;
+ return countof(encodings_v2);
+ }
+ *rules = encodings_v1;
+ return countof(encodings_v1);
+}
+
+METHOD(payload_t, get_header_length, int,
+ private_encrypted_payload_t *this)
+{
+ if (this->type == PLV2_ENCRYPTED)
+ {
+ return 4;
+ }
+ return 0;
+}
+
+METHOD(payload_t, get_type, payload_type_t,
+ private_encrypted_payload_t *this)
+{
+ return this->type;
+}
+
+METHOD(payload_t, get_next_type, payload_type_t,
+ private_encrypted_payload_t *this)
+{
+ return this->next_payload;
+}
+
+METHOD(payload_t, set_next_type, void,
+ private_encrypted_payload_t *this, payload_type_t type)
+{
+ /* the next payload is set during add, still allow this for IKEv1 */
+ this->next_payload = type;
+}
+
+/**
+ * Get length of encryption/integrity overhead for the given plaintext length
+ */
+static size_t compute_overhead(aead_t *aead, size_t len)
+{
+ size_t bs, overhead;
+
+ /* padding */
+ bs = aead->get_block_size(aead);
+ overhead = bs - (len % bs);
+ /* add iv */
+ overhead += aead->get_iv_size(aead);
+ /* add icv */
+ overhead += aead->get_icv_size(aead);
+ return overhead;
+}
+
+/**
+ * Compute the length of the whole payload
+ */
+static void compute_length(private_encrypted_payload_t *this)
+{
+ enumerator_t *enumerator;
+ payload_t *payload;
+ size_t length = 0;
+
+ if (this->encrypted.len)
+ {
+ length = this->encrypted.len;
+ }
+ else
+ {
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ length += payload->get_length(payload);
+ }
+ enumerator->destroy(enumerator);
+
+ if (this->aead)
+ {
+ length += compute_overhead(this->aead, length);
+ }
+ }
+ length += get_header_length(this);
+ this->payload_length = length;
+}
+
+METHOD2(payload_t, encrypted_payload_t, get_length, size_t,
+ private_encrypted_payload_t *this)
+{
+ compute_length(this);
+ return this->payload_length;
+}
+
+METHOD(encrypted_payload_t, add_payload, void,
+ private_encrypted_payload_t *this, payload_t *payload)
+{
+ payload_t *last_payload;
+
+ if (this->payloads->get_count(this->payloads) > 0)
+ {
+ this->payloads->get_last(this->payloads, (void **)&last_payload);
+ last_payload->set_next_type(last_payload, payload->get_type(payload));
+ }
+ else
+ {
+ this->next_payload = payload->get_type(payload);
+ }
+ payload->set_next_type(payload, PL_NONE);
+ this->payloads->insert_last(this->payloads, payload);
+ compute_length(this);
+}
+
+METHOD(encrypted_payload_t, remove_payload, payload_t *,
+ private_encrypted_payload_t *this)
+{
+ payload_t *payload;
+
+ if (this->payloads->remove_first(this->payloads,
+ (void**)&payload) == SUCCESS)
+ {
+ return payload;
+ }
+ return NULL;
+}
+
+/**
+ * Generate payload before encryption
+ */
+static chunk_t generate(private_encrypted_payload_t *this,
+ generator_t *generator)
+{
+ payload_t *current, *next;
+ enumerator_t *enumerator;
+ u_int32_t *lenpos;
+ chunk_t chunk = chunk_empty;
+
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ if (enumerator->enumerate(enumerator, ¤t))
+ {
+ this->next_payload = current->get_type(current);
+
+ while (enumerator->enumerate(enumerator, &next))
+ {
+ current->set_next_type(current, next->get_type(next));
+ generator->generate_payload(generator, current);
+ current = next;
+ }
+ current->set_next_type(current, PL_NONE);
+ generator->generate_payload(generator, current);
+
+ chunk = generator->get_chunk(generator, &lenpos);
+ DBG2(DBG_ENC, "generated content in encrypted payload");
+ }
+ enumerator->destroy(enumerator);
+ return chunk;
+}
+
+METHOD(encrypted_payload_t, generate_payloads, void,
+ private_encrypted_payload_t *this, generator_t *generator)
+{
+ generate(this, generator);
+}
+
+/**
+ * Append the encrypted payload header to the associated data
+ */
+static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc)
+{
+ struct {
+ u_int8_t next_payload;
+ u_int8_t flags;
+ u_int16_t length;
+ } __attribute__((packed)) header = {
+ .next_payload = this->next_payload,
+ .flags = this->flags,
+ .length = htons(get_length(this)),
+ };
+ return chunk_cat("cc", assoc, chunk_from_thing(header));
+}
+
+/**
+ * Encrypts the data in plain and returns it in an allocated chunk.
+ */
+static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid,
+ chunk_t plain, chunk_t assoc, chunk_t *encrypted)
+{
+ chunk_t iv, padding, icv, crypt;
+ iv_gen_t *iv_gen;
+ rng_t *rng;
+ size_t bs;
+
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (!rng)
+ {
+ DBG1(DBG_ENC, "encrypting %s failed, no RNG found", label);
+ return NOT_SUPPORTED;
+ }
+
+ iv_gen = aead->get_iv_gen(aead);
+ if (!iv_gen)
+ {
+ DBG1(DBG_ENC, "encrypting %s failed, no IV generator", label);
+ return NOT_SUPPORTED;
+ }
+
+ bs = aead->get_block_size(aead);
+ /* we need at least one byte padding to store the padding length */
+ padding.len = bs - (plain.len % bs);
+ iv.len = aead->get_iv_size(aead);
+ icv.len = aead->get_icv_size(aead);
+
+ /* prepare data to authenticate-encrypt:
+ * | IV | plain | padding | ICV |
+ * \____crypt______/ ^
+ * | /
+ * v /
+ * assoc -> + ------->/
+ */
+ *encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len);
+ iv.ptr = encrypted->ptr;
+ memcpy(iv.ptr + iv.len, plain.ptr, plain.len);
+ plain.ptr = iv.ptr + iv.len;
+ padding.ptr = plain.ptr + plain.len;
+ icv.ptr = padding.ptr + padding.len;
+ crypt = chunk_create(plain.ptr, plain.len + padding.len);
+
+ if (!iv_gen->get_iv(iv_gen, mid, iv.len, iv.ptr) ||
+ !rng->get_bytes(rng, padding.len - 1, padding.ptr))
+ {
+ DBG1(DBG_ENC, "encrypting %s failed, no IV or padding", label);
+ rng->destroy(rng);
+
+ return FAILED;
+ }
+ padding.ptr[padding.len - 1] = padding.len - 1;
+ rng->destroy(rng);
+
+ DBG3(DBG_ENC, "%s encryption:", label);
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "plain %B", &plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+ DBG3(DBG_ENC, "assoc %B", &assoc);
+
+ if (!aead->encrypt(aead, crypt, assoc, iv, NULL))
+ {
+ return FAILED;
+ }
+ DBG3(DBG_ENC, "encrypted %B", &crypt);
+ DBG3(DBG_ENC, "ICV %B", &icv);
+ return SUCCESS;
+}
+
+METHOD(encrypted_payload_t, encrypt, status_t,
+ private_encrypted_payload_t *this, u_int64_t mid, chunk_t assoc)
+{
+ generator_t *generator;
+ chunk_t plain;
+ status_t status;
+
+ if (this->aead == NULL)
+ {
+ DBG1(DBG_ENC, "encrypting encrypted payload failed, transform missing");
+ return INVALID_STATE;
+ }
+
+ free(this->encrypted.ptr);
+ generator = generator_create();
+ plain = generate(this, generator);
+ assoc = append_header(this, assoc);
+ status = encrypt_content("encrypted payload", this->aead, mid, plain, assoc,
+ &this->encrypted);
+ generator->destroy(generator);
+ free(assoc.ptr);
+ return status;
+}
+
+METHOD(encrypted_payload_t, encrypt_v1, status_t,
+ private_encrypted_payload_t *this, u_int64_t mid, chunk_t iv)
+{
+ generator_t *generator;
+ chunk_t plain, padding;
+ size_t bs;
+
+ if (this->aead == NULL)
+ {
+ DBG1(DBG_ENC, "encryption failed, transform missing");
+ return INVALID_STATE;
+ }
+
+ generator = generator_create();
+ plain = generate(this, generator);
+ bs = this->aead->get_block_size(this->aead);
+ padding.len = bs - (plain.len % bs);
+
+ /* prepare data to encrypt:
+ * | plain | padding | */
+ free(this->encrypted.ptr);
+ this->encrypted = chunk_alloc(plain.len + padding.len);
+ memcpy(this->encrypted.ptr, plain.ptr, plain.len);
+ plain.ptr = this->encrypted.ptr;
+ padding.ptr = plain.ptr + plain.len;
+ memset(padding.ptr, 0, padding.len);
+ generator->destroy(generator);
+
+ DBG3(DBG_ENC, "encrypting payloads:");
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "plain %B", &plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+
+ if (!this->aead->encrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
+ {
+ return FAILED;
+ }
+
+ DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
+
+ return SUCCESS;
+}
+
+/**
+ * Parse the payloads after decryption.
+ */
+static status_t parse(private_encrypted_payload_t *this, chunk_t plain)
+{
+ parser_t *parser;
+ payload_type_t type;
+
+ parser = parser_create(plain);
+ type = this->next_payload;
+ while (type != PL_NONE)
+ {
+ payload_t *payload;
+
+ if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len)
+ {
+ DBG1(DBG_ENC, "invalid %N payload length, decryption failed?",
+ payload_type_names, type);
+ parser->destroy(parser);
+ return PARSE_ERROR;
+ }
+ if (parser->parse_payload(parser, type, &payload) != SUCCESS)
+ {
+ parser->destroy(parser);
+ return PARSE_ERROR;
+ }
+ if (payload->verify(payload) != SUCCESS)
+ {
+ DBG1(DBG_ENC, "%N verification failed",
+ payload_type_names, payload->get_type(payload));
+ payload->destroy(payload);
+ parser->destroy(parser);
+ return VERIFY_ERROR;
+ }
+ type = payload->get_next_type(payload);
+ this->payloads->insert_last(this->payloads, payload);
+ }
+ parser->destroy(parser);
+ DBG2(DBG_ENC, "parsed content of encrypted payload");
+ return SUCCESS;
+}
+
+/**
+ * Decrypts the given data in-place and returns a chunk pointing to the
+ * resulting plaintext.
+ */
+static status_t decrypt_content(char *label, aead_t *aead, chunk_t encrypted,
+ chunk_t assoc, chunk_t *plain)
+{
+ chunk_t iv, padding, icv, crypt;
+ size_t bs;
+
+ /* prepare data to authenticate-decrypt:
+ * | IV | plain | padding | ICV |
+ * \____crypt______/ ^
+ * | /
+ * v /
+ * assoc -> + ------->/
+ */
+ bs = aead->get_block_size(aead);
+ iv.len = aead->get_iv_size(aead);
+ iv.ptr = encrypted.ptr;
+ icv.len = aead->get_icv_size(aead);
+ icv.ptr = encrypted.ptr + encrypted.len - icv.len;
+ crypt.ptr = iv.ptr + iv.len;
+ crypt.len = encrypted.len - iv.len;
+
+ if (iv.len + icv.len > encrypted.len ||
+ (crypt.len - icv.len) % bs)
+ {
+ DBG1(DBG_ENC, "decrypting %s payload failed, invalid length", label);
+ return FAILED;
+ }
+
+ DBG3(DBG_ENC, "%s decryption:", label);
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "encrypted %B", &crypt);
+ DBG3(DBG_ENC, "ICV %B", &icv);
+ DBG3(DBG_ENC, "assoc %B", &assoc);
+
+ if (!aead->decrypt(aead, crypt, assoc, iv, NULL))
+ {
+ DBG1(DBG_ENC, "verifying %s integrity failed", label);
+ return FAILED;
+ }
+
+ *plain = chunk_create(crypt.ptr, crypt.len - icv.len);
+ padding.len = plain->ptr[plain->len - 1] + 1;
+ if (padding.len > plain->len)
+ {
+ DBG1(DBG_ENC, "decrypting %s failed, padding invalid %B", label,
+ &crypt);
+ return PARSE_ERROR;
+ }
+ plain->len -= padding.len;
+ padding.ptr = plain->ptr + plain->len;
+
+ DBG3(DBG_ENC, "plain %B", plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+ return SUCCESS;
+}
+
+METHOD(encrypted_payload_t, decrypt, status_t,
+ private_encrypted_payload_t *this, chunk_t assoc)
+{
+ chunk_t plain;
+ status_t status;
+
+ if (this->aead == NULL)
+ {
+ DBG1(DBG_ENC, "decrypting encrypted payload failed, transform missing");
+ return INVALID_STATE;
+ }
+
+ assoc = append_header(this, assoc);
+ status = decrypt_content("encrypted payload", this->aead, this->encrypted,
+ assoc, &plain);
+ free(assoc.ptr);
+
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ return parse(this, plain);
+}
+
+METHOD(encrypted_payload_t, decrypt_plain, status_t,
+ private_encrypted_payload_t *this, chunk_t assoc)
+{
+ if (!this->encrypted.ptr)
+ {
+ return FAILED;
+ }
+ return parse(this, this->encrypted);
+}
+
+METHOD(encrypted_payload_t, decrypt_v1, status_t,
+ private_encrypted_payload_t *this, chunk_t iv)
+{
+ if (this->aead == NULL)
+ {
+ DBG1(DBG_ENC, "decryption failed, transform missing");
+ return INVALID_STATE;
+ }
+
+ /* data must be a multiple of block size */
+ if (iv.len != this->aead->get_block_size(this->aead) ||
+ this->encrypted.len < iv.len || this->encrypted.len % iv.len)
+ {
+ DBG1(DBG_ENC, "decryption failed, invalid length");
+ return FAILED;
+ }
+
+ DBG3(DBG_ENC, "decrypting payloads:");
+ DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
+
+ if (!this->aead->decrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
+ {
+ return FAILED;
+ }
+
+ DBG3(DBG_ENC, "plain %B", &this->encrypted);
+
+ return parse(this, this->encrypted);
+}
+
+METHOD(encrypted_payload_t, set_transform, void,
+ private_encrypted_payload_t *this, aead_t* aead)
+{
+ this->aead = aead;
+}
+
+METHOD2(payload_t, encrypted_payload_t, destroy, void,
+ private_encrypted_payload_t *this)
+{
+ this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
+ free(this->encrypted.ptr);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+encrypted_payload_t *encrypted_payload_create(payload_type_t type)
+{
+ private_encrypted_payload_t *this;
+
+ INIT(this,
+ .public = {
+ .payload_interface = {
+ .verify = _verify,
+ .get_encoding_rules = _get_encoding_rules,
+ .get_header_length = _get_header_length,
+ .get_length = _get_length,
+ .get_next_type = _get_next_type,
+ .set_next_type = _set_next_type,
+ .get_type = _get_type,
+ .destroy = _destroy,
+ },
+ .get_length = _get_length,
+ .add_payload = _add_payload,
+ .remove_payload = _remove_payload,
+ .generate_payloads = _generate_payloads,
+ .set_transform = _set_transform,
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .destroy = _destroy,
+ },
+ .next_payload = PL_NONE,
+ .payloads = linked_list_create(),
+ .type = type,
+ );
+ this->payload_length = get_header_length(this);
+
+ if (type == PLV1_ENCRYPTED)
+ {
+ this->public.encrypt = _encrypt_v1;
+ this->public.decrypt = _decrypt_v1;
+ }
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next,
+ chunk_t plain)
+{
+ private_encrypted_payload_t *this;
+
+ this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED);
+ this->public.decrypt = _decrypt_plain;
+ this->next_payload = next;
+ this->encrypted = plain;
+ compute_length(this);
+
+ return &this->public;
+}
+
+METHOD(payload_t, frag_verify, status_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ if (!this->fragment_number || !this->total_fragments ||
+ this->fragment_number > this->total_fragments)
+ {
+ DBG1(DBG_ENC, "invalid fragment number (%u) or total fragments (%u)",
+ this->fragment_number, this->total_fragments);
+ return FAILED;
+ }
+ if (this->fragment_number > 1 && this->next_payload != 0)
+ {
+ DBG1(DBG_ENC, "invalid next payload (%u) for fragment %u, ignored",
+ this->next_payload, this->fragment_number);
+ this->next_payload = 0;
+ }
+ return SUCCESS;
+}
+
+METHOD(payload_t, frag_get_encoding_rules, int,
+ private_encrypted_fragment_payload_t *this, encoding_rule_t **rules)
+{
+ *rules = encodings_fragment;
+ return countof(encodings_fragment);
+}
+
+METHOD(payload_t, frag_get_header_length, int,
+ private_encrypted_fragment_payload_t *this)
+{
+ return 8;
+}
+
+METHOD(payload_t, frag_get_type, payload_type_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return PLV2_FRAGMENT;
+}
+
+METHOD(payload_t, frag_get_next_type, payload_type_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->next_payload;
+}
+
+METHOD(payload_t, frag_set_next_type, void,
+ private_encrypted_fragment_payload_t *this, payload_type_t type)
+{
+ if (this->fragment_number == 1 && this->next_payload == PL_NONE)
+ {
+ this->next_payload = type;
+ }
+}
+
+METHOD2(payload_t, encrypted_payload_t, frag_get_length, size_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ if (this->encrypted.len)
+ {
+ this->payload_length = this->encrypted.len;
+ }
+ else
+ {
+ this->payload_length = this->plain.len;
+
+ if (this->aead)
+ {
+ this->payload_length += compute_overhead(this->aead,
+ this->payload_length);
+ }
+ }
+ this->payload_length += frag_get_header_length(this);
+ return this->payload_length;
+}
+
+METHOD(encrypted_fragment_payload_t, get_fragment_number, u_int16_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->fragment_number;
+}
+
+METHOD(encrypted_fragment_payload_t, get_total_fragments, u_int16_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->total_fragments;
+}
+
+METHOD(encrypted_fragment_payload_t, frag_get_content, chunk_t,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->plain;
+}
+
+METHOD(encrypted_payload_t, frag_add_payload, void,
+ private_encrypted_fragment_payload_t *this, payload_t* payload)
+{
+ payload->destroy(payload);
+}
+
+METHOD(encrypted_payload_t, frag_set_transform, void,
+ private_encrypted_fragment_payload_t *this, aead_t* aead)
+{
+ this->aead = aead;
+}
+
+/**
+ * Append the encrypted fragment payload header to the associated data
+ */
+static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this,
+ chunk_t assoc)
+{
+ struct {
+ u_int8_t next_payload;
+ u_int8_t flags;
+ u_int16_t length;
+ u_int16_t fragment_number;
+ u_int16_t total_fragments;
+ } __attribute__((packed)) header = {
+ .next_payload = this->next_payload,
+ .flags = this->flags,
+ .length = htons(frag_get_length(this)),
+ .fragment_number = htons(this->fragment_number),
+ .total_fragments = htons(this->total_fragments),
+ };
+ return chunk_cat("cc", assoc, chunk_from_thing(header));
+}
+
+METHOD(encrypted_payload_t, frag_encrypt, status_t,
+ private_encrypted_fragment_payload_t *this, u_int64_t mid, chunk_t assoc)
+{
+ status_t status;
+
+ if (!this->aead)
+ {
+ DBG1(DBG_ENC, "encrypting encrypted fragment payload failed, "
+ "transform missing");
+ return INVALID_STATE;
+ }
+ free(this->encrypted.ptr);
+ assoc = append_header_frag(this, assoc);
+ status = encrypt_content("encrypted fragment payload", this->aead, mid,
+ this->plain, assoc, &this->encrypted);
+ free(assoc.ptr);
+ return status;
+}
+
+METHOD(encrypted_payload_t, frag_decrypt, status_t,
+ private_encrypted_fragment_payload_t *this, chunk_t assoc)
+{
+ status_t status;
+
+ if (!this->aead)
+ {
+ DBG1(DBG_ENC, "decrypting encrypted fragment payload failed, "
+ "transform missing");
+ return INVALID_STATE;
+ }
+ free(this->plain.ptr);
+ assoc = append_header_frag(this, assoc);
+ status = decrypt_content("encrypted fragment payload", this->aead,
+ this->encrypted, assoc, &this->plain);
+ this->plain = chunk_clone(this->plain);
+ free(assoc.ptr);
+ return status;
+}
+
+METHOD2(payload_t, encrypted_payload_t, frag_destroy, void,
+ private_encrypted_fragment_payload_t *this)
+{
+ free(this->encrypted.ptr);
+ free(this->plain.ptr);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+encrypted_fragment_payload_t *encrypted_fragment_payload_create()
+{
+ private_encrypted_fragment_payload_t *this;
+
+ INIT(this,
+ .public = {
+ .encrypted = {
+ .payload_interface = {
+ .verify = _frag_verify,
+ .get_encoding_rules = _frag_get_encoding_rules,
+ .get_header_length = _frag_get_header_length,
+ .get_length = _frag_get_length,
+ .get_next_type = _frag_get_next_type,
+ .set_next_type = _frag_set_next_type,
+ .get_type = _frag_get_type,
+ .destroy = _frag_destroy,
+ },
+ .get_length = _frag_get_length,
+ .add_payload = _frag_add_payload,
+ .remove_payload = (void*)return_null,
+ .generate_payloads = nop,
+ .set_transform = _frag_set_transform,
+ .encrypt = _frag_encrypt,
+ .decrypt = _frag_decrypt,
+ .destroy = _frag_destroy,
+ },
+ .get_fragment_number = _get_fragment_number,
+ .get_total_fragments = _get_total_fragments,
+ .get_content = _frag_get_content,
+ },
+ .next_payload = PL_NONE,
+ );
+ this->payload_length = frag_get_header_length(this);
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data(
+ u_int16_t num, u_int16_t total, chunk_t plain)
+{
+ private_encrypted_fragment_payload_t *this;
+
+ this = (private_encrypted_fragment_payload_t*)encrypted_fragment_payload_create();
+ this->fragment_number = num;
+ this->total_fragments = total;
+ this->plain = chunk_clone(plain);
+
+ return &this->public;
+}
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h
new file mode 100644
index 0000000..be59e3c
--- /dev/null
+++ b/src/libcharon/encoding/payloads/encrypted_payload.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup encrypted_payload encrypted_payload
+ * @{ @ingroup payloads
+ */
+
+#ifndef ENCRYPTED_PAYLOAD_H_
+#define ENCRYPTED_PAYLOAD_H_
+
+typedef struct encrypted_payload_t encrypted_payload_t;
+
+#include <library.h>
+#include <crypto/aead.h>
+#include <encoding/payloads/payload.h>
+#include <encoding/generator.h>
+
+/**
+ * The encrypted payload as described in RFC section 3.14.
+ */
+struct encrypted_payload_t {
+
+ /**
+ * Implements payload_t interface.
+ */
+ payload_t payload_interface;
+
+ /**
+ * Get the payload length.
+ *
+ * @return (expected) payload length
+ */
+ size_t (*get_length)(encrypted_payload_t *this);
+
+ /**
+ * Adds a payload to this encryption payload.
+ *
+ * @param payload payload_t object to add
+ */
+ void (*add_payload) (encrypted_payload_t *this, payload_t *payload);
+
+ /**
+ * Remove the first payload in the list
+ *
+ * @param payload removed payload
+ * @return payload, NULL if none left
+ */
+ payload_t* (*remove_payload)(encrypted_payload_t *this);
+
+ /**
+ * Uses the given generator to generate the contained payloads.
+ *
+ * @param generator generator used to generate the contained payloads
+ */
+ void (*generate_payloads)(encrypted_payload_t *this,
+ generator_t *generator);
+
+ /**
+ * Set the AEAD transform to use.
+ *
+ * @param aead aead transform to use
+ */
+ void (*set_transform) (encrypted_payload_t *this, aead_t *aead);
+
+ /**
+ * Generate, encrypt and sign contained payloads.
+ *
+ * @param mid message ID
+ * @param assoc associated data
+ * @return
+ * - SUCCESS if encryption successful
+ * - FAILED if encryption failed
+ * - INVALID_STATE if aead not supplied, but needed
+ */
+ status_t (*encrypt) (encrypted_payload_t *this, u_int64_t mid,
+ chunk_t assoc);
+
+ /**
+ * Decrypt, verify and parse contained payloads.
+ *
+ * @param assoc associated data
+ * @return
+ * - SUCCESS if parsing successful
+ * - PARSE_ERROR if sub-payload parsing failed
+ * - VERIFY_ERROR if sub-payload verification failed
+ * - FAILED if integrity check failed
+ * - INVALID_STATE if aead not supplied, but needed
+ */
+ status_t (*decrypt) (encrypted_payload_t *this, chunk_t assoc);
+
+ /**
+ * Destroys an encrypted_payload_t object.
+ */
+ void (*destroy) (encrypted_payload_t *this);
+};
+
+/**
+ * Creates an empty encrypted_payload_t object.
+ *
+ * @param type PLV2_ENCRYPTED or PLV1_ENCRYPTED
+ * @return encrypted_payload_t object
+ */
+encrypted_payload_t *encrypted_payload_create(payload_type_t type);
+
+/**
+ * Creates an encrypted payload with the given plain text data and next payload
+ * type.
+ *
+ * @param next next payload type
+ * @param plain plaintext data (gets adopted)
+ * @return encrypted_payload_t object
+ */
+encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next,
+ chunk_t plain);
+
+#endif /** ENCRYPTED_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
deleted file mode 100644
index 5784562..0000000
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ /dev/null
@@ -1,634 +0,0 @@
-/*
- * Copyright (C) 2005-2010 Martin Willi
- * Copyright (C) 2010 revosec AG
- * Copyright (C) 2011 Tobias Brunner
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <stddef.h>
-#include <string.h>
-
-#include "encryption_payload.h"
-
-#include <daemon.h>
-#include <encoding/payloads/encodings.h>
-#include <collections/linked_list.h>
-#include <encoding/generator.h>
-#include <encoding/parser.h>
-
-typedef struct private_encryption_payload_t private_encryption_payload_t;
-
-/**
- * Private data of an encryption_payload_t' Object.
- *
- */
-struct private_encryption_payload_t {
-
- /**
- * Public encryption_payload_t interface.
- */
- encryption_payload_t public;
-
- /**
- * There is no next payload for an encryption payload,
- * since encryption payload MUST be the last one.
- * next_payload means here the first payload of the
- * contained, encrypted payload.
- */
- u_int8_t next_payload;
-
- /**
- * Flags, including reserved bits
- */
- u_int8_t flags;
-
- /**
- * Length of this payload
- */
- u_int16_t payload_length;
-
- /**
- * Chunk containing the IV, plain, padding and ICV.
- */
- chunk_t encrypted;
-
- /**
- * AEAD transform to use
- */
- aead_t *aead;
-
- /**
- * Contained payloads
- */
- linked_list_t *payloads;
-
- /**
- * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED
- */
- payload_type_t type;
-};
-
-/**
- * Encoding rules to parse or generate a IKEv2-Encryption Payload.
- *
- * The defined offsets are the positions in a object of type
- * private_encryption_payload_t.
- */
-static encoding_rule_t encodings_v2[] = {
- /* 1 Byte next payload type, stored in the field next_payload */
- { U_INT_8, offsetof(private_encryption_payload_t, next_payload) },
- /* Critical and 7 reserved bits, all stored for reconstruction */
- { U_INT_8, offsetof(private_encryption_payload_t, flags) },
- /* Length of the whole encryption payload*/
- { PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) },
- /* encrypted data, stored in a chunk. contains iv, data, padding */
- { CHUNK_DATA, offsetof(private_encryption_payload_t, encrypted) },
-};
-
-/*
- 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Next Payload !C! RESERVED ! Payload Length !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Initialization Vector !
- ! (length is block size for encryption algorithm) !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Encrypted IKE Payloads !
- + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! ! Padding (0-255 octets) !
- +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
- ! ! Pad Length !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ~ Integrity Checksum Data ~
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-*/
-
-/**
- * Encoding rules to parse or generate a complete encrypted IKEv1 message.
- *
- * The defined offsets are the positions in a object of type
- * private_encryption_payload_t.
- */
-static encoding_rule_t encodings_v1[] = {
- /* encrypted data, stored in a chunk */
- { ENCRYPTED_DATA, offsetof(private_encryption_payload_t, encrypted) },
-};
-
-/*
- 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Encrypted IKE Payloads !
- + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! ! Padding (0-255 octets) !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-*/
-
-METHOD(payload_t, verify, status_t,
- private_encryption_payload_t *this)
-{
- return SUCCESS;
-}
-
-METHOD(payload_t, get_encoding_rules, int,
- private_encryption_payload_t *this, encoding_rule_t **rules)
-{
- if (this->type == PLV2_ENCRYPTED)
- {
- *rules = encodings_v2;
- return countof(encodings_v2);
- }
- *rules = encodings_v1;
- return countof(encodings_v1);
-}
-
-METHOD(payload_t, get_header_length, int,
- private_encryption_payload_t *this)
-{
- if (this->type == PLV2_ENCRYPTED)
- {
- return 4;
- }
- return 0;
-}
-
-METHOD(payload_t, get_type, payload_type_t,
- private_encryption_payload_t *this)
-{
- return this->type;
-}
-
-METHOD(payload_t, get_next_type, payload_type_t,
- private_encryption_payload_t *this)
-{
- return this->next_payload;
-}
-
-METHOD(payload_t, set_next_type, void,
- private_encryption_payload_t *this, payload_type_t type)
-{
- /* the next payload is set during add, still allow this for IKEv1 */
- this->next_payload = type;
-}
-
-/**
- * Compute the length of the whole payload
- */
-static void compute_length(private_encryption_payload_t *this)
-{
- enumerator_t *enumerator;
- payload_t *payload;
- size_t bs, length = 0;
-
- if (this->encrypted.len)
- {
- length = this->encrypted.len;
- }
- else
- {
- enumerator = this->payloads->create_enumerator(this->payloads);
- while (enumerator->enumerate(enumerator, &payload))
- {
- length += payload->get_length(payload);
- }
- enumerator->destroy(enumerator);
-
- if (this->aead)
- {
- /* append padding */
- bs = this->aead->get_block_size(this->aead);
- length += bs - (length % bs);
- /* add iv */
- length += this->aead->get_iv_size(this->aead);
- /* add icv */
- length += this->aead->get_icv_size(this->aead);
- }
- }
- length += get_header_length(this);
- this->payload_length = length;
-}
-
-METHOD2(payload_t, encryption_payload_t, get_length, size_t,
- private_encryption_payload_t *this)
-{
- compute_length(this);
- return this->payload_length;
-}
-
-METHOD(encryption_payload_t, add_payload, void,
- private_encryption_payload_t *this, payload_t *payload)
-{
- payload_t *last_payload;
-
- if (this->payloads->get_count(this->payloads) > 0)
- {
- this->payloads->get_last(this->payloads, (void **)&last_payload);
- last_payload->set_next_type(last_payload, payload->get_type(payload));
- }
- else
- {
- this->next_payload = payload->get_type(payload);
- }
- payload->set_next_type(payload, PL_NONE);
- this->payloads->insert_last(this->payloads, payload);
- compute_length(this);
-}
-
-METHOD(encryption_payload_t, remove_payload, payload_t *,
- private_encryption_payload_t *this)
-{
- payload_t *payload;
-
- if (this->payloads->remove_first(this->payloads,
- (void**)&payload) == SUCCESS)
- {
- return payload;
- }
- return NULL;
-}
-
-/**
- * Generate payload before encryption
- */
-static chunk_t generate(private_encryption_payload_t *this,
- generator_t *generator)
-{
- payload_t *current, *next;
- enumerator_t *enumerator;
- u_int32_t *lenpos;
- chunk_t chunk = chunk_empty;
-
- enumerator = this->payloads->create_enumerator(this->payloads);
- if (enumerator->enumerate(enumerator, ¤t))
- {
- this->next_payload = current->get_type(current);
-
- while (enumerator->enumerate(enumerator, &next))
- {
- current->set_next_type(current, next->get_type(next));
- generator->generate_payload(generator, current);
- current = next;
- }
- current->set_next_type(current, PL_NONE);
- generator->generate_payload(generator, current);
-
- chunk = generator->get_chunk(generator, &lenpos);
- DBG2(DBG_ENC, "generated content in encryption payload");
- }
- enumerator->destroy(enumerator);
- return chunk;
-}
-
-/**
- * Append the encryption payload header to the associated data
- */
-static chunk_t append_header(private_encryption_payload_t *this, chunk_t assoc)
-{
- struct {
- u_int8_t next_payload;
- u_int8_t flags;
- u_int16_t length;
- } __attribute__((packed)) header = {
- .next_payload = this->next_payload,
- .flags = this->flags,
- .length = htons(get_length(this)),
- };
- return chunk_cat("cc", assoc, chunk_from_thing(header));
-}
-
-METHOD(encryption_payload_t, encrypt, status_t,
- private_encryption_payload_t *this, u_int64_t mid, chunk_t assoc)
-{
- chunk_t iv, plain, padding, icv, crypt;
- generator_t *generator;
- iv_gen_t *iv_gen;
- rng_t *rng;
- size_t bs;
-
- if (this->aead == NULL)
- {
- DBG1(DBG_ENC, "encrypting encryption payload failed, transform missing");
- return INVALID_STATE;
- }
-
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (!rng)
- {
- DBG1(DBG_ENC, "encrypting encryption payload failed, no RNG found");
- return NOT_SUPPORTED;
- }
-
- iv_gen = this->aead->get_iv_gen(this->aead);
- if (!iv_gen)
- {
- DBG1(DBG_ENC, "encrypting encryption payload failed, no IV generator");
- return NOT_SUPPORTED;
- }
-
- assoc = append_header(this, assoc);
-
- generator = generator_create();
- plain = generate(this, generator);
- bs = this->aead->get_block_size(this->aead);
- /* we need at least one byte padding to store the padding length */
- padding.len = bs - (plain.len % bs);
- iv.len = this->aead->get_iv_size(this->aead);
- icv.len = this->aead->get_icv_size(this->aead);
-
- /* prepare data to authenticate-encrypt:
- * | IV | plain | padding | ICV |
- * \____crypt______/ ^
- * | /
- * v /
- * assoc -> + ------->/
- */
- free(this->encrypted.ptr);
- this->encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len);
- iv.ptr = this->encrypted.ptr;
- memcpy(iv.ptr + iv.len, plain.ptr, plain.len);
- plain.ptr = iv.ptr + iv.len;
- padding.ptr = plain.ptr + plain.len;
- icv.ptr = padding.ptr + padding.len;
- crypt = chunk_create(plain.ptr, plain.len + padding.len);
- generator->destroy(generator);
-
- if (!iv_gen->get_iv(iv_gen, mid, iv.len, iv.ptr) ||
- !rng->get_bytes(rng, padding.len - 1, padding.ptr))
- {
- DBG1(DBG_ENC, "encrypting encryption payload failed, no IV or padding");
- rng->destroy(rng);
- free(assoc.ptr);
- return FAILED;
- }
- padding.ptr[padding.len - 1] = padding.len - 1;
- rng->destroy(rng);
-
- DBG3(DBG_ENC, "encryption payload encryption:");
- DBG3(DBG_ENC, "IV %B", &iv);
- DBG3(DBG_ENC, "plain %B", &plain);
- DBG3(DBG_ENC, "padding %B", &padding);
- DBG3(DBG_ENC, "assoc %B", &assoc);
-
- if (!this->aead->encrypt(this->aead, crypt, assoc, iv, NULL))
- {
- free(assoc.ptr);
- return FAILED;
- }
-
- DBG3(DBG_ENC, "encrypted %B", &crypt);
- DBG3(DBG_ENC, "ICV %B", &icv);
-
- free(assoc.ptr);
-
- return SUCCESS;
-}
-
-METHOD(encryption_payload_t, encrypt_v1, status_t,
- private_encryption_payload_t *this, u_int64_t mid, chunk_t iv)
-{
- generator_t *generator;
- chunk_t plain, padding;
- size_t bs;
-
- if (this->aead == NULL)
- {
- DBG1(DBG_ENC, "encryption failed, transform missing");
- return INVALID_STATE;
- }
-
- generator = generator_create();
- plain = generate(this, generator);
- bs = this->aead->get_block_size(this->aead);
- padding.len = bs - (plain.len % bs);
-
- /* prepare data to encrypt:
- * | plain | padding | */
- free(this->encrypted.ptr);
- this->encrypted = chunk_alloc(plain.len + padding.len);
- memcpy(this->encrypted.ptr, plain.ptr, plain.len);
- plain.ptr = this->encrypted.ptr;
- padding.ptr = plain.ptr + plain.len;
- memset(padding.ptr, 0, padding.len);
- generator->destroy(generator);
-
- DBG3(DBG_ENC, "encrypting payloads:");
- DBG3(DBG_ENC, "plain %B", &plain);
- DBG3(DBG_ENC, "padding %B", &padding);
-
- if (!this->aead->encrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
- {
- return FAILED;
- }
-
- DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
-
- return SUCCESS;
-}
-
-/**
- * Parse the payloads after decryption.
- */
-static status_t parse(private_encryption_payload_t *this, chunk_t plain)
-{
- parser_t *parser;
- payload_type_t type;
-
- parser = parser_create(plain);
- type = this->next_payload;
- while (type != PL_NONE)
- {
- payload_t *payload;
-
- if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len)
- {
- DBG1(DBG_ENC, "invalid %N payload length, decryption failed?",
- payload_type_names, type);
- parser->destroy(parser);
- return PARSE_ERROR;
- }
- if (parser->parse_payload(parser, type, &payload) != SUCCESS)
- {
- parser->destroy(parser);
- return PARSE_ERROR;
- }
- if (payload->verify(payload) != SUCCESS)
- {
- DBG1(DBG_ENC, "%N verification failed",
- payload_type_names, payload->get_type(payload));
- payload->destroy(payload);
- parser->destroy(parser);
- return VERIFY_ERROR;
- }
- type = payload->get_next_type(payload);
- this->payloads->insert_last(this->payloads, payload);
- }
- parser->destroy(parser);
- DBG2(DBG_ENC, "parsed content of encryption payload");
- return SUCCESS;
-}
-
-METHOD(encryption_payload_t, decrypt, status_t,
- private_encryption_payload_t *this, chunk_t assoc)
-{
- chunk_t iv, plain, padding, icv, crypt;
- size_t bs;
-
- if (this->aead == NULL)
- {
- DBG1(DBG_ENC, "decrypting encryption payload failed, transform missing");
- return INVALID_STATE;
- }
-
- /* prepare data to authenticate-decrypt:
- * | IV | plain | padding | ICV |
- * \____crypt______/ ^
- * | /
- * v /
- * assoc -> + ------->/
- */
-
- bs = this->aead->get_block_size(this->aead);
- iv.len = this->aead->get_iv_size(this->aead);
- iv.ptr = this->encrypted.ptr;
- icv.len = this->aead->get_icv_size(this->aead);
- icv.ptr = this->encrypted.ptr + this->encrypted.len - icv.len;
- crypt.ptr = iv.ptr + iv.len;
- crypt.len = this->encrypted.len - iv.len;
-
- if (iv.len + icv.len > this->encrypted.len ||
- (crypt.len - icv.len) % bs)
- {
- DBG1(DBG_ENC, "decrypting encryption payload failed, invalid length");
- return FAILED;
- }
-
- assoc = append_header(this, assoc);
-
- DBG3(DBG_ENC, "encryption payload decryption:");
- DBG3(DBG_ENC, "IV %B", &iv);
- DBG3(DBG_ENC, "encrypted %B", &crypt);
- DBG3(DBG_ENC, "ICV %B", &icv);
- DBG3(DBG_ENC, "assoc %B", &assoc);
-
- if (!this->aead->decrypt(this->aead, crypt, assoc, iv, NULL))
- {
- DBG1(DBG_ENC, "verifying encryption payload integrity failed");
- free(assoc.ptr);
- return FAILED;
- }
- free(assoc.ptr);
-
- plain = chunk_create(crypt.ptr, crypt.len - icv.len);
- padding.len = plain.ptr[plain.len - 1] + 1;
- if (padding.len > plain.len)
- {
- DBG1(DBG_ENC, "decrypting encryption payload failed, "
- "padding invalid %B", &crypt);
- return PARSE_ERROR;
- }
- plain.len -= padding.len;
- padding.ptr = plain.ptr + plain.len;
-
- DBG3(DBG_ENC, "plain %B", &plain);
- DBG3(DBG_ENC, "padding %B", &padding);
-
- return parse(this, plain);
-}
-
-METHOD(encryption_payload_t, decrypt_v1, status_t,
- private_encryption_payload_t *this, chunk_t iv)
-{
- if (this->aead == NULL)
- {
- DBG1(DBG_ENC, "decryption failed, transform missing");
- return INVALID_STATE;
- }
-
- /* data must be a multiple of block size */
- if (iv.len != this->aead->get_block_size(this->aead) ||
- this->encrypted.len < iv.len || this->encrypted.len % iv.len)
- {
- DBG1(DBG_ENC, "decryption failed, invalid length");
- return FAILED;
- }
-
- DBG3(DBG_ENC, "decrypting payloads:");
- DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
-
- if (!this->aead->decrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
- {
- return FAILED;
- }
-
- DBG3(DBG_ENC, "plain %B", &this->encrypted);
-
- return parse(this, this->encrypted);
-}
-
-METHOD(encryption_payload_t, set_transform, void,
- private_encryption_payload_t *this, aead_t* aead)
-{
- this->aead = aead;
-}
-
-METHOD2(payload_t, encryption_payload_t, destroy, void,
- private_encryption_payload_t *this)
-{
- this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
- free(this->encrypted.ptr);
- free(this);
-}
-
-/*
- * Described in header
- */
-encryption_payload_t *encryption_payload_create(payload_type_t type)
-{
- private_encryption_payload_t *this;
-
- INIT(this,
- .public = {
- .payload_interface = {
- .verify = _verify,
- .get_encoding_rules = _get_encoding_rules,
- .get_header_length = _get_header_length,
- .get_length = _get_length,
- .get_next_type = _get_next_type,
- .set_next_type = _set_next_type,
- .get_type = _get_type,
- .destroy = _destroy,
- },
- .get_length = _get_length,
- .add_payload = _add_payload,
- .remove_payload = _remove_payload,
- .set_transform = _set_transform,
- .encrypt = _encrypt,
- .decrypt = _decrypt,
- .destroy = _destroy,
- },
- .next_payload = PL_NONE,
- .payloads = linked_list_create(),
- .type = type,
- );
- this->payload_length = get_header_length(this);
-
- if (type == PLV1_ENCRYPTED)
- {
- this->public.encrypt = _encrypt_v1;
- this->public.decrypt = _decrypt_v1;
- }
-
- return &this->public;
-}
diff --git a/src/libcharon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encryption_payload.h
deleted file mode 100644
index ee44c2d..0000000
--- a/src/libcharon/encoding/payloads/encryption_payload.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright (C) 2005-2010 Martin Willi
- * Copyright (C) 2010 revosec AG
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup encryption_payload encryption_payload
- * @{ @ingroup payloads
- */
-
-#ifndef ENCRYPTION_PAYLOAD_H_
-#define ENCRYPTION_PAYLOAD_H_
-
-typedef struct encryption_payload_t encryption_payload_t;
-
-#include <library.h>
-#include <crypto/aead.h>
-#include <encoding/payloads/payload.h>
-
-/**
- * The encryption payload as described in RFC section 3.14.
- */
-struct encryption_payload_t {
-
- /**
- * Implements payload_t interface.
- */
- payload_t payload_interface;
-
- /**
- * Get the payload length.
- *
- * @return (expected) payload length
- */
- size_t (*get_length)(encryption_payload_t *this);
-
- /**
- * Adds a payload to this encryption payload.
- *
- * @param payload payload_t object to add
- */
- void (*add_payload) (encryption_payload_t *this, payload_t *payload);
-
- /**
- * Remove the first payload in the list
- *
- * @param payload removed payload
- * @return payload, NULL if none left
- */
- payload_t* (*remove_payload)(encryption_payload_t *this);
-
- /**
- * Set the AEAD transform to use.
- *
- * @param aead aead transform to use
- */
- void (*set_transform) (encryption_payload_t *this, aead_t *aead);
-
- /**
- * Generate, encrypt and sign contained payloads.
- *
- * @param mid message ID
- * @param assoc associated data
- * @return
- * - SUCCESS if encryption successful
- * - FAILED if encryption failed
- * - INVALID_STATE if aead not supplied, but needed
- */
- status_t (*encrypt) (encryption_payload_t *this, u_int64_t mid,
- chunk_t assoc);
-
- /**
- * Decrypt, verify and parse contained payloads.
- *
- * @param assoc associated data
- * @return
- * - SUCCESS if parsing successful
- * - PARSE_ERROR if sub-payload parsing failed
- * - VERIFY_ERROR if sub-payload verification failed
- * - FAILED if integrity check failed
- * - INVALID_STATE if aead not supplied, but needed
- */
- status_t (*decrypt) (encryption_payload_t *this, chunk_t assoc);
-
- /**
- * Destroys an encryption_payload_t object.
- */
- void (*destroy) (encryption_payload_t *this);
-};
-
-/**
- * Creates an empty encryption_payload_t object.
- *
- * @param type PLV2_ENCRYPTED or PLV1_ENCRYPTED
- * @return encryption_payload_t object
- */
-encryption_payload_t *encryption_payload_create(payload_type_t type);
-
-#endif /** ENCRYPTION_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 7015667..c96738a 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -210,8 +210,9 @@ METHOD(payload_t, verify, status_t,
case TRANSACTION:
case QUICK_MODE:
case NEW_GROUP_MODE:
- if (this->maj_version != IKEV1_MAJOR_VERSION)
+ if (this->maj_version == IKEV2_MAJOR_VERSION)
{
+ /* IKEv1 exchange type in IKEv2? */
return FAILED;
}
break;
@@ -223,14 +224,20 @@ METHOD(payload_t, verify, status_t,
#ifdef ME
case ME_CONNECT:
#endif /* ME */
- if (this->maj_version != IKEV2_MAJOR_VERSION)
+ if (this->maj_version == IKEV1_MAJOR_VERSION)
{
+ /* IKEv2 exchange type in IKEv1? */
return FAILED;
}
break;
default:
- /* unsupported exchange type */
- return FAILED;
+ if (this->maj_version == IKEV1_MAJOR_VERSION ||
+ this->maj_version == IKEV2_MAJOR_VERSION)
+ {
+ /* unsupported exchange type for known version */
+ return FAILED;
+ }
+ break;
}
if (this->initiator_spi == 0)
{
@@ -501,4 +508,3 @@ ike_header_t *ike_header_create_version(int major, int minor)
}
return this;
}
-
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index dd92e42..94723dd 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_
"ME_CONNECT_FAILED");
ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_NOTIFY_STATUS");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT, FRAGMENTATION_SUPPORTED, MS_NOTIFY_STATUS,
"INITIAL_CONTACT",
"SET_WINDOW_SIZE",
"ADDITIONAL_TS_POSSIBLE",
@@ -110,8 +110,10 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
"PSK_PERSIST",
"PSK_CONFIRM",
"ERX_SUPPORTED",
- "IFOM_CAPABILITY");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY,
+ "IFOM_CAPABILITY",
+ "SENDER_REQUEST_ID",
+ "FRAGMENTATION_SUPPORTED");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, FRAGMENTATION_SUPPORTED,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD_R_U_THERE",
@@ -128,7 +130,7 @@ ENUM_NEXT(notify_type_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE,
"ME_CONNECTKEY",
"ME_CONNECTAUTH",
"ME_RESPONSE",
- "RADIUS_ATTRIBUTE",);
+ "RADIUS_ATTRIBUTE");
ENUM_END(notify_type_names, RADIUS_ATTRIBUTE);
@@ -172,7 +174,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S
"ME_CONN_FAIL");
ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_STATUS");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, FRAGMENTATION_SUPPORTED, MS_NOTIFY_STATUS,
"INIT_CONTACT",
"SET_WINSIZE",
"ADD_TS_POSS",
@@ -217,8 +219,10 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_S
"PSK_PST",
"PSK_CFM",
"ERX_SUP",
- "IFOM_CAP");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY,
+ "IFOM_CAP",
+ "SENDER_REQ_ID",
+ "FRAG_SUP");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, FRAGMENTATION_SUPPORTED,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD",
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 3c56f06..25521c2 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -147,6 +147,10 @@ enum notify_type_t {
ERX_SUPPORTED = 16427,
/* IFOM capability, 3GPP TS 24.303, annex B.2 */
IFOM_CAPABILITY = 16428,
+ /* SENDER_REQUEST_ID (draft-yeung-g-ikev2) */
+ SENDER_REQUEST_ID = 16429,
+ /* IKEv2 fragmentation supported, RFC 7383 */
+ FRAGMENTATION_SUPPORTED = 16430,
/* IKEv1 initial contact */
INITIAL_CONTACT_IKEV1 = 24578,
/* IKEv1 DPD */
diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index fd61662..600b6dd 100644
--- a/src/libcharon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
@@ -28,7 +28,8 @@
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/cert_payload.h>
#include <encoding/payloads/certreq_payload.h>
-#include <encoding/payloads/encryption_payload.h>
+#include <encoding/payloads/encrypted_payload.h>
+#include <encoding/payloads/encrypted_fragment_payload.h>
#include <encoding/payloads/ts_payload.h>
#include <encoding/payloads/delete_payload.h>
#include <encoding/payloads/vendor_id_payload.h>
@@ -59,7 +60,7 @@ ENUM_NEXT(payload_type_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATION, PL_
ENUM_NEXT(payload_type_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION,
"NAT_D_V1",
"NAT_OA_V1");
-ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA,
+ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_FRAGMENT, PLV1_NAT_OA,
"SECURITY_ASSOCIATION",
"KEY_EXCHANGE",
"ID_INITIATOR",
@@ -76,16 +77,20 @@ ENUM_NEXT(payload_type_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA,
"ENCRYPTED",
"CONFIGURATION",
"EAP",
- "GSPM");
+ "GSPM",
+ "GROUP_ID",
+ "GROUP_SECURITY_ASSOCIATION",
+ "KEY_DOWNLOAD",
+ "ENCRYPTED_FRAGMENT");
#ifdef ME
-ENUM_NEXT(payload_type_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM,
+ENUM_NEXT(payload_type_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_FRAGMENT,
"ID_PEER");
ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER,
"NAT_D_DRAFT_V1",
"NAT_OA_DRAFT_V1",
"FRAGMENT");
#else
-ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM,
+ENUM_NEXT(payload_type_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_FRAGMENT,
"NAT_D_DRAFT_V1",
"NAT_OA_DRAFT_V1",
"FRAGMENT");
@@ -125,7 +130,7 @@ ENUM_NEXT(payload_type_short_names, PLV1_SECURITY_ASSOCIATION, PLV1_CONFIGURATIO
ENUM_NEXT(payload_type_short_names, PLV1_NAT_D, PLV1_NAT_OA, PLV1_CONFIGURATION,
"NAT-D",
"NAT-OA");
-ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_NAT_OA,
+ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_FRAGMENT, PLV1_NAT_OA,
"SA",
"KE",
"IDi",
@@ -142,16 +147,20 @@ ENUM_NEXT(payload_type_short_names, PLV2_SECURITY_ASSOCIATION, PLV2_GSPM, PLV1_N
"E",
"CP",
"EAP",
- "GSPM");
+ "GSPM",
+ "IDg",
+ "GSA",
+ "KD",
+ "EF");
#ifdef ME
-ENUM_NEXT(payload_type_short_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_GSPM,
+ENUM_NEXT(payload_type_short_names, PLV2_ID_PEER, PLV2_ID_PEER, PLV2_FRAGMENT,
"IDp");
ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_ID_PEER,
"NAT-D",
"NAT-OA",
"FRAG");
#else
-ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_GSPM,
+ENUM_NEXT(payload_type_short_names, PLV1_NAT_D_DRAFT_00_03, PLV1_FRAGMENT, PLV2_FRAGMENT,
"NAT-D",
"NAT-OA",
"FRAG");
@@ -244,9 +253,11 @@ payload_t *payload_create(payload_type_t type)
return (payload_t*)eap_payload_create();
case PLV2_ENCRYPTED:
case PLV1_ENCRYPTED:
- return (payload_t*)encryption_payload_create(type);
+ return (payload_t*)encrypted_payload_create(type);
case PLV1_FRAGMENT:
return (payload_t*)fragment_payload_create();
+ case PLV2_FRAGMENT:
+ return (payload_t*)encrypted_fragment_payload_create();
default:
return (payload_t*)unknown_payload_create(type);
}
@@ -261,15 +272,19 @@ bool payload_is_known(payload_type_t type)
{
return TRUE;
}
- if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP)
+ if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION)
{
return TRUE;
}
- if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION)
+ if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA)
{
return TRUE;
}
- if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA)
+ if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP)
+ {
+ return TRUE;
+ }
+ if (type == PLV2_FRAGMENT)
{
return TRUE;
}
diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index d9dd619..036cd42 100644
--- a/src/libcharon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
@@ -193,7 +193,7 @@ enum payload_type_t {
PLV2_TS_RESPONDER = 45,
/**
- * Encryption payload, contains other payloads (E).
+ * Encrypted payload, contains other payloads (E).
*/
PLV2_ENCRYPTED = 46,
@@ -212,6 +212,26 @@ enum payload_type_t {
*/
PLV2_GSPM = 49,
+ /**
+ * Group Identification (draft-yeung-g-ikev2)
+ */
+ PLV2_IDG = 50,
+
+ /**
+ * Group Security Association (draft-yeung-g-ikev2)
+ */
+ PLV2_GSA = 51,
+
+ /**
+ * Key Download (draft-yeung-g-ikev2)
+ */
+ PLV2_KD = 52,
+
+ /**
+ * Encrypted fragment payload (SKF), RFC 7383
+ */
+ PLV2_FRAGMENT = 53,
+
#ifdef ME
/**
* Identification payload for peers has a value from
@@ -231,7 +251,7 @@ enum payload_type_t {
PLV1_NAT_OA_DRAFT_00_03 = 131,
/**
- * IKE fragment (proprietary IKEv1 extension)
+ * IKEv1 fragment (proprietary IKEv1 extension)
*/
PLV1_FRAGMENT = 132,
diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index 8e3a012..407038a 100644
--- a/src/libcharon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -296,7 +296,7 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*,
linked_list_t *substructs, *list;
if (this->type == PLV1_SECURITY_ASSOCIATION)
- { /* IKEv1 proposals start with 0 */
+ { /* IKEv1 proposals may start with 0 or 1 (or any other number really) */
struct_number = ignore_struct_number = -1;
}
@@ -309,17 +309,22 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*,
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &substruct))
{
+ int current_number = substruct->get_proposal_number(substruct);
+
/* check if a proposal has a single protocol */
- if (substruct->get_proposal_number(substruct) == struct_number)
+ if (current_number == struct_number)
{
if (ignore_struct_number < struct_number)
- { /* remove an already added, if first of series */
+ { /* remove an already added substruct, if first of series */
substructs->remove_last(substructs, (void**)&substruct);
ignore_struct_number = struct_number;
}
continue;
}
- struct_number++;
+ /* for IKEv1 the numbers don't have to be consecutive, for IKEv2 they do
+ * but since we don't really care for the actual number we accept them
+ * anyway. we already verified that they increase monotonically. */
+ struct_number = current_number;
substructs->insert_last(substructs, substruct);
}
enumerator->destroy(enumerator);
@@ -364,7 +369,7 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*,
}
if (proposal_number != current_proposal)
{ /* start of a new proposal */
- if (espah && ipcomp)
+ if (espah && ipcomp && ipcomp->get_cpi(ipcomp, NULL))
{ /* previous proposal is valid */
break;
}
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index a2a3b1f..5ce9471 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -524,8 +524,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
#ifdef USE_IKEV2
send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
INVALID_MAJOR_VERSION, chunk_empty);
-#endif /* USE_IKEV2 */
-#ifdef USE_IKEV1
+#elif defined(USE_IKEV1)
send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
INVALID_MAJOR_VERSION, chunk_empty);
#endif /* USE_IKEV1 */
@@ -684,4 +683,3 @@ receiver_t *receiver_create()
return &this->public;
}
-
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 0655959..c3b014c 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index 287c94a..50594a4 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 9fd5150..700a421 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index edda93e..08101d5 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index 5670f43..679d2da 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index da364b0..768c2b3 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index d408cd2..3484e08 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index 97432f1..381d7a1 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 5b20fe5..3b0f876 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index d0ee198..839a379 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 78b66ac..fdbad62 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index 7f18792..9675104 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 5275a34..0610b58 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 5dd623d..38c9d0b 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index c0e4219..f5dfd68 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 615a916..5ccd581 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index cd4355d..04cc422 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index 6719497..60d12dc 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -414,6 +414,30 @@ static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id,
}
/**
+ * Add a DNS/NBNS configuration attribute
+ */
+static void add_nameserver_attribute(eap_radius_provider_t *provider,
+ u_int32_t id, int type, chunk_t data)
+{
+ /* these are from different vendors, but there is currently no conflict */
+ switch (type)
+ {
+ case 5: /* CVPN3000-Primary-DNS */
+ case 6: /* CVPN3000-Secondary-DNS */
+ case 28: /* MS-Primary-DNS-Server */
+ case 29: /* MS-Secondary-DNS-Server */
+ provider->add_attribute(provider, id, INTERNAL_IP4_DNS, data);
+ break;
+ case 7: /* CVPN3000-Primary-WINS */
+ case 8: /* CVPN3000-Secondary-WINS */
+ case 30: /* MS-Primary-NBNS-Server */
+ case 31: /* MS-Secondary-NBNS-Server */
+ provider->add_attribute(provider, id, INTERNAL_IP4_NBNS, data);
+ break;
+ }
+}
+
+/**
* Add a UNITY_LOCAL_LAN or UNITY_SPLIT_INCLUDE attribute
*/
static void add_unity_split_attribute(eap_radius_provider_t *provider,
@@ -515,6 +539,16 @@ static void process_cfg_attributes(radius_message_t *msg)
{
switch (type)
{
+ case 5: /* CVPN3000-Primary-DNS */
+ case 6: /* CVPN3000-Secondary-DNS */
+ case 7: /* CVPN3000-Primary-WINS */
+ case 8: /* CVPN3000-Secondary-WINS */
+ if (data.len == 4)
+ {
+ add_nameserver_attribute(provider,
+ ike_sa->get_unique_id(ike_sa), type, data);
+ }
+ break;
case 15: /* CVPN3000-IPSec-Banner1 */
case 28: /* CVPN3000-IPSec-Default-Domain */
case 29: /* CVPN3000-IPSec-Split-DNS-Names */
@@ -546,6 +580,22 @@ static void process_cfg_attributes(radius_message_t *msg)
break;
}
}
+ if (vendor == PEN_MICROSOFT)
+ {
+ switch (type)
+ {
+ case 28: /* MS-Primary-DNS-Server */
+ case 29: /* MS-Secondary-DNS-Server */
+ case 30: /* MS-Primary-NBNS-Server */
+ case 31: /* MS-Secondary-NBNS-Server */
+ if (data.len == 4)
+ {
+ add_nameserver_attribute(provider,
+ ike_sa->get_unique_id(ike_sa), type, data);
+ }
+ break;
+ }
+ }
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index 0020c5d..31c96d2 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -488,6 +488,16 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
message->add(message, RAT_ACCT_SESSION_ID,
chunk_create(entry->sid, strlen(entry->sid)));
+ if (!entry->interim.interval)
+ {
+ entry->interim.interval = lib->settings->get_time(lib->settings,
+ "%s.plugins.eap-radius.accounting_interval", 0, lib->ns);
+ if (entry->interim.interval)
+ {
+ DBG1(DBG_CFG, "scheduling RADIUS Interim-Updates every %us",
+ entry->interim.interval);
+ }
+ }
schedule_interim(this, entry);
this->mutex->unlock(this->mutex);
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index 494efd9..6a00ea7 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 82e7561..7a08f4e 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index 9a7a190..a1ec7ad 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 886b0c5..bf99ab0 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 57c6424..ce46023 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index eb4d3fa..0c0b7fd 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index c63d56b..25696f5 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index 97552df..2d5d658 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index 70cc184..38c7632 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index 0782dde..d9fa454 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -243,6 +243,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -303,6 +304,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -368,6 +370,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -415,6 +419,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/ext_auth/Makefile.am b/src/libcharon/plugins/ext_auth/Makefile.am
new file mode 100644
index 0000000..d51ea88
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/Makefile.am
@@ -0,0 +1,18 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ext-auth.la
+else
+plugin_LTLIBRARIES = libstrongswan-ext-auth.la
+endif
+
+libstrongswan_ext_auth_la_SOURCES = ext_auth_plugin.h ext_auth_plugin.c \
+ ext_auth_listener.h ext_auth_listener.c
+
+libstrongswan_ext_auth_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in
new file mode 100644
index 0000000..a1b47dd
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/Makefile.in
@@ -0,0 +1,774 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/ext_auth
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ext_auth_la_LIBADD =
+am_libstrongswan_ext_auth_la_OBJECTS = ext_auth_plugin.lo \
+ ext_auth_listener.lo
+libstrongswan_ext_auth_la_OBJECTS = \
+ $(am_libstrongswan_ext_auth_la_OBJECTS)
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libstrongswan_ext_auth_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_ext_auth_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+ at MONOLITHIC_FALSE@am_libstrongswan_ext_auth_la_rpath = -rpath \
+ at MONOLITHIC_FALSE@ $(plugindir)
+ at MONOLITHIC_TRUE@am_libstrongswan_ext_auth_la_rpath =
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_ at AM_V@)
+am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libstrongswan_ext_auth_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ext_auth_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+ at MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ext-auth.la
+ at MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ext-auth.la
+libstrongswan_ext_auth_la_SOURCES = ext_auth_plugin.h ext_auth_plugin.c \
+ ext_auth_listener.h ext_auth_listener.c
+
+libstrongswan_ext_auth_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+libstrongswan-ext-auth.la: $(libstrongswan_ext_auth_la_OBJECTS) $(libstrongswan_ext_auth_la_DEPENDENCIES) $(EXTRA_libstrongswan_ext_auth_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_ext_auth_la_LINK) $(am_libstrongswan_ext_auth_la_rpath) $(libstrongswan_ext_auth_la_OBJECTS) $(libstrongswan_ext_auth_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ext_auth_listener.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ext_auth_plugin.Plo at am__quote@
+
+.c.o:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+ at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/ext_auth/ext_auth_listener.c b/src/libcharon/plugins/ext_auth/ext_auth_listener.c
new file mode 100644
index 0000000..06cec20
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/ext_auth_listener.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras at it.auth.gr)
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/* for vasprintf() */
+#define _GNU_SOURCE
+#include "ext_auth_listener.h"
+
+#include <daemon.h>
+#include <utils/process.h>
+
+#include <stdio.h>
+#include <unistd.h>
+
+typedef struct private_ext_auth_listener_t private_ext_auth_listener_t;
+
+/**
+ * Private data of an ext_auth_listener_t object.
+ */
+struct private_ext_auth_listener_t {
+
+ /**
+ * Public ext_auth_listener_listener_t interface.
+ */
+ ext_auth_listener_t public;
+
+ /**
+ * Path to authorization program
+ */
+ char *script;
+};
+
+/**
+ * Allocate and push a format string to the environment
+ */
+static bool push_env(char *envp[], u_int count, char *fmt, ...)
+{
+ int i = 0;
+ char *str;
+ va_list args;
+
+ while (envp[i])
+ {
+ if (++i + 1 >= count)
+ {
+ return FALSE;
+ }
+ }
+ va_start(args, fmt);
+ if (vasprintf(&str, fmt, args) >= 0)
+ {
+ envp[i] = str;
+ }
+ va_end(args);
+ return envp[i] != NULL;
+}
+
+/**
+ * Free all allocated environment strings
+ */
+static void free_env(char *envp[])
+{
+ int i;
+
+ for (i = 0; envp[i]; i++)
+ {
+ free(envp[i]);
+ }
+}
+
+METHOD(listener_t, authorize, bool,
+ private_ext_auth_listener_t *this, ike_sa_t *ike_sa,
+ bool final, bool *success)
+{
+ if (final)
+ {
+ FILE *shell;
+ process_t *process;
+ char *envp[32] = {};
+ int out, retval;
+
+ *success = FALSE;
+
+ push_env(envp, countof(envp), "IKE_UNIQUE_ID=%u",
+ ike_sa->get_unique_id(ike_sa));
+ push_env(envp, countof(envp), "IKE_NAME=%s",
+ ike_sa->get_name(ike_sa));
+
+ push_env(envp, countof(envp), "IKE_LOCAL_HOST=%H",
+ ike_sa->get_my_host(ike_sa));
+ push_env(envp, countof(envp), "IKE_REMOTE_HOST=%H",
+ ike_sa->get_other_host(ike_sa));
+
+ push_env(envp, countof(envp), "IKE_LOCAL_ID=%Y",
+ ike_sa->get_my_id(ike_sa));
+ push_env(envp, countof(envp), "IKE_REMOTE_ID=%Y",
+ ike_sa->get_other_id(ike_sa));
+
+ if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) ||
+ ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED))
+ {
+ push_env(envp, countof(envp), "IKE_REMOTE_EAP_ID=%Y",
+ ike_sa->get_other_eap_id(ike_sa));
+ }
+
+ process = process_start_shell(envp, NULL, &out, NULL,
+ "2>&1 %s", this->script);
+ if (process)
+ {
+ shell = fdopen(out, "r");
+ if (shell)
+ {
+ while (TRUE)
+ {
+ char resp[128], *e;
+
+ if (fgets(resp, sizeof(resp), shell) == NULL)
+ {
+ if (ferror(shell))
+ {
+ DBG1(DBG_CFG, "error reading from ext-auth script");
+ }
+ break;
+ }
+ else
+ {
+ e = resp + strlen(resp);
+ if (e > resp && e[-1] == '\n')
+ {
+ e[-1] = '\0';
+ }
+ DBG1(DBG_CHD, "ext-auth: %s", resp);
+ }
+ }
+ fclose(shell);
+ }
+ else
+ {
+ close(out);
+ }
+ if (process->wait(process, &retval))
+ {
+ if (retval == EXIT_SUCCESS)
+ {
+ *success = TRUE;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "rejecting IKE_SA for ext-auth result: %d",
+ retval);
+ }
+ }
+ }
+ free_env(envp);
+ }
+ return TRUE;
+}
+
+METHOD(ext_auth_listener_t, destroy, void,
+ private_ext_auth_listener_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+ext_auth_listener_t *ext_auth_listener_create(char *script)
+{
+ private_ext_auth_listener_t *this;
+
+ INIT(this,
+ .public = {
+ .listener = {
+ .authorize = _authorize,
+ },
+ .destroy = _destroy,
+ },
+ .script = script,
+ );
+
+ return &this->public;
+}
diff --git a/src/libcharon/plugins/ext_auth/ext_auth_listener.h b/src/libcharon/plugins/ext_auth/ext_auth_listener.h
new file mode 100644
index 0000000..3fec830
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/ext_auth_listener.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras at it.auth.gr)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup ext_auth_listener ext_auth_listener
+ * @{ @ingroup ext_auth
+ */
+
+#ifndef EXT_AUTH_LISTENER_H_
+#define EXT_AUTH_LISTENER_H_
+
+#include <bus/listeners/listener.h>
+
+typedef struct ext_auth_listener_t ext_auth_listener_t;
+
+/**
+ * Listener using an external script to authorize connection
+ */
+struct ext_auth_listener_t {
+
+ /**
+ * Implements listener_t interface.
+ */
+ listener_t listener;
+
+ /**
+ * Destroy the listener.
+ */
+ void (*destroy)(ext_auth_listener_t *this);
+};
+
+/**
+ * Create ext_auth_listener instance.
+ *
+ * @param script path to authorization script
+ * @return listener instance
+ */
+ext_auth_listener_t *ext_auth_listener_create(char *script);
+
+#endif /** ext_auth_LISTENER_H_ @}*/
diff --git a/src/libcharon/plugins/ext_auth/ext_auth_plugin.c b/src/libcharon/plugins/ext_auth/ext_auth_plugin.c
new file mode 100644
index 0000000..b3698c7
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/ext_auth_plugin.c
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras at it.auth.gr)
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "ext_auth_plugin.h"
+#include "ext_auth_listener.h"
+
+#include <daemon.h>
+
+typedef struct private_ext_auth_plugin_t private_ext_auth_plugin_t;
+
+/**
+ * private data of ext_auth plugin
+ */
+struct private_ext_auth_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ ext_auth_plugin_t public;
+
+ /**
+ * Listener verifying peers during authorization
+ */
+ ext_auth_listener_t *listener;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_ext_auth_plugin_t *this)
+{
+ return "ext-auth";
+}
+
+/**
+ * Create a listener instance, NULL on error
+ */
+static ext_auth_listener_t* create_listener()
+{
+ char *script;
+
+ script = lib->settings->get_str(lib->settings,
+ "%s.plugins.ext-auth.script", NULL, lib->ns);
+ if (!script)
+ {
+ DBG1(DBG_CFG, "no script for ext-auth script defined, disabled");
+ return NULL;
+ }
+ DBG1(DBG_CFG, "using ext-auth script '%s'", script);
+ return ext_auth_listener_create(script);
+}
+
+/**
+ * Register listener
+ */
+static bool plugin_cb(private_ext_auth_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *cb_data)
+{
+ if (reg)
+ {
+ this->listener = create_listener();
+ if (!this->listener)
+ {
+ return FALSE;
+ }
+ charon->bus->add_listener(charon->bus, &this->listener->listener);
+ }
+ else
+ {
+ if (this->listener)
+ {
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ this->listener->destroy(this->listener);
+ }
+ }
+ return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+ private_ext_auth_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "ext_auth"),
+ };
+ *features = f;
+ return countof(f);
+}
+
+
+METHOD(plugin_t, reload, bool,
+ private_ext_auth_plugin_t *this)
+{
+ ext_auth_listener_t *listener;
+
+ /* reload new listener overlapped */
+ listener = create_listener();
+ if (listener)
+ {
+ charon->bus->add_listener(charon->bus, &listener->listener);
+ }
+ if (this->listener)
+ {
+ charon->bus->remove_listener(charon->bus, &this->listener->listener);
+ this->listener->destroy(this->listener);
+ }
+ this->listener = listener;
+
+ return TRUE;
+}
+
+METHOD(plugin_t, destroy, void,
+ private_ext_auth_plugin_t *this)
+{
+ free(this);
+}
+
+/**
+ * Plugin constructor
+ */
+plugin_t *ext_auth_plugin_create()
+{
+ private_ext_auth_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .reload = _reload,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
diff --git a/src/libcharon/plugins/ext_auth/ext_auth_plugin.h b/src/libcharon/plugins/ext_auth/ext_auth_plugin.h
new file mode 100644
index 0000000..1288e24
--- /dev/null
+++ b/src/libcharon/plugins/ext_auth/ext_auth_plugin.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2014 Vyronas Tsingaras (vtsingaras at it.auth.gr)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup ext_auth ext_auth
+ * @ingroup cplugins
+ *
+ * @defgroup ext_auth_plugin ext_auth_plugin
+ * @{ @ingroup ext_auth
+ */
+
+#ifndef EXT_AUTH_PLUGIN_H_
+#define EXT_AUTH_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ext_auth_plugin_t ext_auth_plugin_t;
+
+/**
+ * Plugin using an external script to authorize connections.
+ */
+struct ext_auth_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** EXT_AUTH_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 75ff158..2bfd38b 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index cec7362..aa5bdb7 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index 6ff24c3..e20e872 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -437,11 +437,13 @@ static void process_ike_update(private_ha_dispatcher_t *this,
pools->destroy(pools);
}
}
+#ifdef USE_IKEV1
if (ike_sa->get_version(ike_sa) == IKEV1)
{
lib->processor->queue_job(lib->processor, (job_t*)
adopt_children_job_create(ike_sa->get_id(ike_sa)));
}
+#endif /* USE_IKEV1 */
this->cache->cache(this->cache, ike_sa, message);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
}
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index da2e8d7..bd3fd63 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in
index 460c7b7..7e1f79b 100644
--- a/src/libcharon/plugins/kernel_iph/Makefile.in
+++ b/src/libcharon/plugins/kernel_iph/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index a4e5ba9..c961c0b 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in
index ff987f8..1c92e30 100644
--- a/src/libcharon/plugins/kernel_wfp/Makefile.in
+++ b/src/libcharon/plugins/kernel_wfp/Makefile.in
@@ -243,6 +243,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -303,6 +304,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -368,6 +370,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -415,6 +419,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 78ec666..db4552d 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index df75c0f..418dccb 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -245,6 +245,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -305,6 +306,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -370,6 +372,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -417,6 +421,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index deb517e..f0f2c75 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -241,6 +241,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -301,6 +302,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -366,6 +368,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -413,6 +417,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
index aa3ade0..3a866e9 100644
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ b/src/libcharon/plugins/maemo/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 919b936..e0f70ce 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index ce81fb1..adb61e8 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index 870b427..a0c21c4 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index 35ebf99..14abba9 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 35e7f2a..7c5b030 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index bee1259..548524a 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 081d3ef..9cc3995 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -45,9 +45,6 @@
#include <daemon.h>
#include <threading/thread.h>
-/* Maximum size of a packet */
-#define MAX_PACKET 10000
-
/* these are not defined on some platforms */
#ifndef SOL_IP
#define SOL_IP IPPROTO_IP
@@ -739,7 +736,7 @@ socket_default_socket_t *socket_default_socket_create()
.natt = lib->settings->get_int(lib->settings,
"%s.port_nat_t", CHARON_NATT_PORT, lib->ns),
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, lib->ns),
+ "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
.set_source = lib->settings->get_bool(lib->settings,
"%s.plugins.socket-default.set_source", TRUE,
lib->ns),
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 073806d..892549c 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
index 3161a70..b82a69e 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -42,9 +42,6 @@
#include <threading/rwlock.h>
#include <collections/hashtable.h>
-/* Maximum size of a packet */
-#define MAX_PACKET 10000
-
/* these are not defined on some platforms */
#ifndef SOL_IP
#define SOL_IP IPPROTO_IP
@@ -668,7 +665,7 @@ socket_dynamic_socket_t *socket_dynamic_socket_create()
},
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, lib->ns),
+ "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
);
if (pipe(this->notify) != 0)
diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in
index ff38e81..88b2ac3 100644
--- a/src/libcharon/plugins/socket_win/Makefile.in
+++ b/src/libcharon/plugins/socket_win/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/socket_win/socket_win_socket.c b/src/libcharon/plugins/socket_win/socket_win_socket.c
index 5ebe04a..fbfbeda 100644
--- a/src/libcharon/plugins/socket_win/socket_win_socket.c
+++ b/src/libcharon/plugins/socket_win/socket_win_socket.c
@@ -25,9 +25,6 @@
#include <mswsock.h>
-/* Maximum size of a packet */
-#define MAX_PACKET 10000
-
/* number of sockets in use */
#define SOCKET_COUNT 2
@@ -458,7 +455,7 @@ socket_win_socket_t *socket_win_socket_create()
"%s.port_nat_t", CHARON_NATT_PORT, lib->ns),
},
.max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, lib->ns),
+ "%s.max_packet", PACKET_MAX_DEFAULT, lib->ns),
);
for (i = 0; i < SOCKET_COUNT; i++)
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 208b900..3c13245 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 59a5983..d468018 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index f908219..83431d1 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -65,6 +65,11 @@ struct private_stroke_cred_t {
stroke_cred_t public;
/**
+ * secrets file with credential information
+ */
+ char *secrets_file;
+
+ /**
* credentials
*/
mem_cred_t *creds;
@@ -1297,7 +1302,7 @@ METHOD(stroke_cred_t, reread, void,
if (msg->reread.flags & REREAD_SECRETS)
{
DBG1(DBG_CFG, "rereading secrets");
- load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
+ load_secrets(this, NULL, this->secrets_file, 0, prompt);
}
if (msg->reread.flags & REREAD_CACERTS)
{
@@ -1370,6 +1375,9 @@ stroke_cred_t *stroke_cred_create()
.cachecrl = _cachecrl,
.destroy = _destroy,
},
+ .secrets_file = lib->settings->get_str(lib->settings,
+ "%s.plugins.stroke.secrets_file", SECRETS_FILE,
+ lib->ns),
.creds = mem_cred_create(),
);
@@ -1380,7 +1388,7 @@ stroke_cred_t *stroke_cred_create()
FALSE, lib->ns);
load_certs(this);
- load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
+ load_secrets(this, NULL, this->secrets_file, 0, NULL);
return &this->public;
}
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 769ad52..0e477f9 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index 51d46a6..3f2952c 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index 531c00c..97c4796 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -239,6 +239,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -299,6 +300,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -364,6 +366,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -411,6 +415,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index 948db7e..5e16c3c 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in
index 6e4dbff..1aca319 100644
--- a/src/libcharon/plugins/unit_tester/Makefile.in
+++ b/src/libcharon/plugins/unit_tester/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index 4d411f6..1e04ebc 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index 9f72a80..52a2c7f 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -139,6 +139,23 @@ static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local)
configured->destroy(configured);
}
+/**
+ * Check if any Split-Include attributes are active on this IKE_SA
+ */
+static bool has_split_includes(private_unity_narrow_t *this, ike_sa_t *ike_sa)
+{
+ enumerator_t *enumerator;
+ traffic_selector_t *ts;
+ bool has;
+
+ enumerator = this->handler->create_include_enumerator(this->handler,
+ ike_sa->get_unique_id(ike_sa));
+ has = enumerator->enumerate(enumerator, &ts);
+ enumerator->destroy(enumerator);
+
+ return has;
+}
+
METHOD(listener_t, narrow, bool,
private_unity_narrow_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
narrow_hook_t type, linked_list_t *local, linked_list_t *remote)
@@ -146,23 +163,43 @@ METHOD(listener_t, narrow, bool,
if (ike_sa->get_version(ike_sa) == IKEV1 &&
ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
{
- switch (type)
+ /* depending on who initiates a rekeying the hooks will not match the
+ * roles in the IKE_SA */
+ if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR))
{
- case NARROW_INITIATOR_PRE_AUTH:
- narrow_pre(remote, "other");
- break;
- case NARROW_INITIATOR_POST_AUTH:
- narrow_initiator(this, ike_sa,
- child_sa->get_config(child_sa), remote);
- break;
- case NARROW_RESPONDER:
- narrow_pre(local, "us");
- break;
- case NARROW_RESPONDER_POST:
- narrow_responder_post(child_sa->get_config(child_sa), local);
- break;
- default:
- break;
+ switch (type)
+ {
+ case NARROW_INITIATOR_PRE_AUTH:
+ case NARROW_RESPONDER:
+ if (has_split_includes(this, ike_sa))
+ {
+ narrow_pre(remote, "other");
+ }
+ break;
+ case NARROW_INITIATOR_POST_AUTH:
+ case NARROW_RESPONDER_POST:
+ narrow_initiator(this, ike_sa,
+ child_sa->get_config(child_sa), remote);
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ switch (type)
+ {
+ case NARROW_INITIATOR_PRE_AUTH:
+ case NARROW_RESPONDER:
+ narrow_pre(local, "us");
+ break;
+ case NARROW_INITIATOR_POST_AUTH:
+ case NARROW_RESPONDER_POST:
+ narrow_responder_post(child_sa->get_config(child_sa), local);
+ break;
+ default:
+ break;
+ }
}
}
return TRUE;
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index b377110..834d373 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index 200f298..1d15cc5 100644
--- a/src/libcharon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
@@ -16,9 +16,11 @@
#define _GNU_SOURCE
#include <stdio.h>
+#include <unistd.h>
#include "updown_listener.h"
+#include <utils/process.h>
#include <hydra.h>
#include <daemon.h>
#include <config/child_cfg.h>
@@ -97,53 +99,84 @@ static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid)
}
/**
- * Create variables for handled DNS attributes
+ * Allocate and push a format string to the environment
*/
-static char *make_dns_vars(private_updown_listener_t *this, ike_sa_t *ike_sa)
+static bool push_env(char *envp[], u_int count, char *fmt, ...)
{
- enumerator_t *enumerator;
- host_t *host;
- int v4 = 0, v6 = 0;
- char total[512] = "", current[64];
+ int i = 0;
+ char *str;
+ va_list args;
- if (!this->handler)
+ while (envp[i])
{
- return strdup("");
+ if (++i + 1 >= count)
+ {
+ return FALSE;
+ }
}
+ va_start(args, fmt);
+ if (vasprintf(&str, fmt, args) >= 0)
+ {
+ envp[i] = str;
+ }
+ va_end(args);
+ return envp[i] != NULL;
+}
- enumerator = this->handler->create_dns_enumerator(this->handler,
- ike_sa->get_unique_id(ike_sa));
- while (enumerator->enumerate(enumerator, &host))
+/**
+ * Free all allocated environment strings
+ */
+static void free_env(char *envp[])
+{
+ int i;
+
+ for (i = 0; envp[i]; i++)
{
- switch (host->get_family(host))
+ free(envp[i]);
+ }
+}
+
+/**
+ * Push variables for handled DNS attributes
+ */
+static void push_dns_env(private_updown_listener_t *this, ike_sa_t *ike_sa,
+ char *envp[], u_int count)
+{
+ enumerator_t *enumerator;
+ host_t *host;
+ int v4 = 0, v6 = 0;
+
+ if (this->handler)
+ {
+ enumerator = this->handler->create_dns_enumerator(this->handler,
+ ike_sa->get_unique_id(ike_sa));
+ while (enumerator->enumerate(enumerator, &host))
{
- case AF_INET:
- snprintf(current, sizeof(current),
- "PLUTO_DNS4_%d='%H' ", ++v4, host);
- break;
- case AF_INET6:
- snprintf(current, sizeof(current),
- "PLUTO_DNS6_%d='%H' ", ++v6, host);
- break;
- default:
- continue;
+ switch (host->get_family(host))
+ {
+ case AF_INET:
+ push_env(envp, count, "PLUTO_DNS4_%d=%H", ++v4, host);
+ break;
+ case AF_INET6:
+ push_env(envp, count, "PLUTO_DNS6_%d=%H", ++v6, host);
+ break;
+ default:
+ continue;
+ }
}
- strncat(total, current, sizeof(total) - strlen(total) - 1);
+ enumerator->destroy(enumerator);
}
- enumerator->destroy(enumerator);
-
- return strdup(total);
}
/**
- * Create variables for local virtual IPs
+ * Push variables for local virtual IPs
*/
-static char *make_vip_vars(private_updown_listener_t *this, ike_sa_t *ike_sa)
+static void push_vip_env(private_updown_listener_t *this, ike_sa_t *ike_sa,
+ char *envp[], u_int count)
{
enumerator_t *enumerator;
host_t *host;
int v4 = 0, v6 = 0;
- char total[512] = "", current[64];
bool first = TRUE;
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
@@ -151,28 +184,22 @@ static char *make_vip_vars(private_updown_listener_t *this, ike_sa_t *ike_sa)
{
if (first)
{ /* legacy variable for first VIP */
- snprintf(current, sizeof(current),
- "PLUTO_MY_SOURCEIP='%H' ", host);
- strncat(total, current, sizeof(total) - strlen(total) - 1);
+ first = FALSE;
+ push_env(envp, count, "PLUTO_MY_SOURCEIP=%H", host);
}
switch (host->get_family(host))
{
case AF_INET:
- snprintf(current, sizeof(current),
- "PLUTO_MY_SOURCEIP4_%d='%H' ", ++v4, host);
+ push_env(envp, count, "PLUTO_MY_SOURCEIP4_%d=%H", ++v4, host);
break;
case AF_INET6:
- snprintf(current, sizeof(current),
- "PLUTO_MY_SOURCEIP6_%d='%H' ", ++v6, host);
+ push_env(envp, count, "PLUTO_MY_SOURCEIP6_%d=%H", ++v6, host);
break;
default:
continue;
}
- strncat(total, current, sizeof(total) - strlen(total) - 1);
}
enumerator->destroy(enumerator);
-
- return strdup(total);
}
/**
@@ -196,240 +223,182 @@ static u_int16_t get_port(traffic_selector_t *me,
return local ? me->get_from_port(me) : other->get_from_port(other);
}
-METHOD(listener_t, child_updown, bool,
- private_updown_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
- bool up)
+/**
+ * Invoke the updown script once for given traffic selectors
+ */
+static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa,
+ child_sa_t *child_sa, child_cfg_t *config, bool up,
+ traffic_selector_t *my_ts, traffic_selector_t *other_ts)
{
- traffic_selector_t *my_ts, *other_ts;
- enumerator_t *enumerator;
- child_cfg_t *config;
- host_t *me, *other;
- char *script;
+ host_t *me, *other, *host;
+ char *iface;
+ u_int8_t mask;
+ mark_t mark;
+ bool is_host, is_ipv6;
+ int out;
+ FILE *shell;
+ process_t *process;
+ char *envp[128] = {};
- config = child_sa->get_config(child_sa);
- script = config->get_updown(config);
me = ike_sa->get_my_host(ike_sa);
other = ike_sa->get_other_host(ike_sa);
- if (script == NULL)
+ push_env(envp, countof(envp), "PLUTO_VERSION=1.1");
+ is_host = my_ts->is_host(my_ts, me);
+ if (is_host)
{
- return TRUE;
+ is_ipv6 = me->get_family(me) == AF_INET6;
}
-
- enumerator = child_sa->create_policy_enumerator(child_sa);
- while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
+ else
{
- char command[2048];
- host_t *my_client, *other_client;
- u_int8_t my_client_mask, other_client_mask;
- char *virtual_ip, *iface, *mark_in, *mark_out, *udp_enc, *dns, *xauth;
- mark_t mark;
- bool is_host, is_ipv6, use_ipcomp;
- FILE *shell;
-
- my_ts->to_subnet(my_ts, &my_client, &my_client_mask);
- other_ts->to_subnet(other_ts, &other_client, &other_client_mask);
-
- virtual_ip = make_vip_vars(this, ike_sa);
-
- /* check for the presence of an inbound mark */
- mark = config->get_mark(config, TRUE);
- if (mark.value)
- {
- if (asprintf(&mark_in, "PLUTO_MARK_IN='%u/0x%08x' ",
- mark.value, mark.mask ) < 0)
- {
- mark_in = NULL;
- }
- }
- else
- {
- if (asprintf(&mark_in, "") < 0)
- {
- mark_in = NULL;
- }
- }
-
- /* check for the presence of an outbound mark */
- mark = config->get_mark(config, FALSE);
- if (mark.value)
- {
- if (asprintf(&mark_out, "PLUTO_MARK_OUT='%u/0x%08x' ",
- mark.value, mark.mask ) < 0)
- {
- mark_out = NULL;
- }
- }
- else
- {
- if (asprintf(&mark_out, "") < 0)
- {
- mark_out = NULL;
- }
- }
-
- /* check for a NAT condition causing ESP_IN_UDP encapsulation */
- if (ike_sa->has_condition(ike_sa, COND_NAT_ANY))
+ is_ipv6 = my_ts->get_type(my_ts) == TS_IPV6_ADDR_RANGE;
+ }
+ push_env(envp, countof(envp), "PLUTO_VERB=%s%s%s",
+ up ? "up" : "down",
+ is_host ? "-host" : "-client",
+ is_ipv6 ? "-v6" : "");
+ push_env(envp, countof(envp), "PLUTO_CONNECTION=%s",
+ config->get_name(config));
+ if (up)
+ {
+ if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
+ me, &iface))
{
- if (asprintf(&udp_enc, "PLUTO_UDP_ENC='%u' ",
- other->get_port(other)) < 0)
- {
- udp_enc = NULL;
- }
-
+ cache_iface(this, child_sa->get_reqid(child_sa), iface);
}
else
{
- if (asprintf(&udp_enc, "") < 0)
- {
- udp_enc = NULL;
- }
-
+ iface = NULL;
}
+ }
+ else
+ {
+ iface = uncache_iface(this, child_sa->get_reqid(child_sa));
+ }
+ push_env(envp, countof(envp), "PLUTO_INTERFACE=%s",
+ iface ? iface : "unknown");
+ push_env(envp, countof(envp), "PLUTO_REQID=%u",
+ child_sa->get_reqid(child_sa));
+ push_env(envp, countof(envp), "PLUTO_PROTO=%s",
+ child_sa->get_protocol(child_sa) == PROTO_ESP ? "esp" : "ah");
+ push_env(envp, countof(envp), "PLUTO_UNIQUEID=%u",
+ ike_sa->get_unique_id(ike_sa));
+ push_env(envp, countof(envp), "PLUTO_ME=%H", me);
+ push_env(envp, countof(envp), "PLUTO_MY_ID=%Y", ike_sa->get_my_id(ike_sa));
+ if (my_ts->to_subnet(my_ts, &host, &mask))
+ {
+ push_env(envp, countof(envp), "PLUTO_MY_CLIENT=%+H/%u", host, mask);
+ host->destroy(host);
+ }
+ push_env(envp, countof(envp), "PLUTO_MY_PORT=%u",
+ get_port(my_ts, other_ts, TRUE));
+ push_env(envp, countof(envp), "PLUTO_MY_PROTOCOL=%u",
+ my_ts->get_protocol(my_ts));
+ push_env(envp, countof(envp), "PLUTO_PEER=%H", other);
+ push_env(envp, countof(envp), "PLUTO_PEER_ID=%Y",
+ ike_sa->get_other_id(ike_sa));
+ if (other_ts->to_subnet(other_ts, &host, &mask))
+ {
+ push_env(envp, countof(envp), "PLUTO_PEER_CLIENT=%+H/%u", host, mask);
+ host->destroy(host);
+ }
+ push_env(envp, countof(envp), "PLUTO_PEER_PORT=%u",
+ get_port(my_ts, other_ts, FALSE));
+ push_env(envp, countof(envp), "PLUTO_PEER_PROTOCOL=%u",
+ other_ts->get_protocol(other_ts));
+ if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) ||
+ ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED))
+ {
+ push_env(envp, countof(envp), "PLUTO_XAUTH_ID=%Y",
+ ike_sa->get_other_eap_id(ike_sa));
+ }
+ push_vip_env(this, ike_sa, envp, countof(envp));
+ mark = config->get_mark(config, TRUE);
+ if (mark.value)
+ {
+ push_env(envp, countof(envp), "PLUTO_MARK_IN=%u/0x%08x",
+ mark.value, mark.mask);
+ }
+ mark = config->get_mark(config, FALSE);
+ if (mark.value)
+ {
+ push_env(envp, countof(envp), "PLUTO_MARK_OUT=%u/0x%08x",
+ mark.value, mark.mask);
+ }
+ if (ike_sa->has_condition(ike_sa, COND_NAT_ANY))
+ {
+ push_env(envp, countof(envp), "PLUTO_UDP_ENC=%u",
+ other->get_port(other));
+ }
+ if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE)
+ {
+ push_env(envp, countof(envp), "PLUTO_IPCOMP=1");
+ }
+ push_dns_env(this, ike_sa, envp, countof(envp));
+ if (config->get_hostaccess(config))
+ {
+ push_env(envp, countof(envp), "PLUTO_HOST_ACCESS=1");
+ }
- if (ike_sa->has_condition(ike_sa, COND_EAP_AUTHENTICATED) ||
- ike_sa->has_condition(ike_sa, COND_XAUTH_AUTHENTICATED))
- {
- if (asprintf(&xauth, "PLUTO_XAUTH_ID='%Y' ",
- ike_sa->get_other_eap_id(ike_sa)) < 0)
- {
- xauth = NULL;
- }
- }
- else
+ process = process_start_shell(envp, NULL, &out, NULL, "2>&1 %s",
+ config->get_updown(config));
+ if (process)
+ {
+ shell = fdopen(out, "r");
+ if (shell)
{
- if (asprintf(&xauth, "") < 0)
+ while (TRUE)
{
- xauth = NULL;
- }
- }
+ char resp[128];
- if (up)
- {
- if (hydra->kernel_interface->get_interface(hydra->kernel_interface,
- me, &iface))
- {
- cache_iface(this, child_sa->get_reqid(child_sa), iface);
- }
- else
- {
- iface = NULL;
+ if (fgets(resp, sizeof(resp), shell) == NULL)
+ {
+ if (ferror(shell))
+ {
+ DBG1(DBG_CHD, "error reading from updown script");
+ }
+ break;
+ }
+ else
+ {
+ char *e = resp + strlen(resp);
+ if (e > resp && e[-1] == '\n')
+ {
+ e[-1] = '\0';
+ }
+ DBG1(DBG_CHD, "updown: %s", resp);
+ }
}
+ fclose(shell);
}
else
{
- iface = uncache_iface(this, child_sa->get_reqid(child_sa));
+ close(out);
}
+ process->wait(process, NULL);
+ }
+ free(iface);
+ free_env(envp);
+}
- dns = make_dns_vars(this, ike_sa);
-
- /* check for IPComp */
- use_ipcomp = child_sa->get_ipcomp(child_sa) != IPCOMP_NONE;
-
- /* determine IPv4/IPv6 and client/host situation */
- is_host = my_ts->is_host(my_ts, me);
- is_ipv6 = is_host ? (me->get_family(me) == AF_INET6) :
- (my_ts->get_type(my_ts) == TS_IPV6_ADDR_RANGE);
-
- /* build the command with all env variables.
- */
- snprintf(command, sizeof(command),
- "2>&1 "
- "PLUTO_VERSION='1.1' "
- "PLUTO_VERB='%s%s%s' "
- "PLUTO_CONNECTION='%s' "
- "PLUTO_INTERFACE='%s' "
- "PLUTO_REQID='%u' "
- "PLUTO_PROTO='%s' "
- "PLUTO_UNIQUEID='%u' "
- "PLUTO_ME='%H' "
- "PLUTO_MY_ID='%Y' "
- "PLUTO_MY_CLIENT='%+H/%u' "
- "PLUTO_MY_PORT='%u' "
- "PLUTO_MY_PROTOCOL='%u' "
- "PLUTO_PEER='%H' "
- "PLUTO_PEER_ID='%Y' "
- "PLUTO_PEER_CLIENT='%+H/%u' "
- "PLUTO_PEER_PORT='%u' "
- "PLUTO_PEER_PROTOCOL='%u' "
- "%s"
- "%s"
- "%s"
- "%s"
- "%s"
- "%s"
- "%s"
- "%s"
- "%s",
- up ? "up" : "down",
- is_host ? "-host" : "-client",
- is_ipv6 ? "-v6" : "",
- config->get_name(config),
- iface ? iface : "unknown",
- child_sa->get_reqid(child_sa),
- child_sa->get_protocol(child_sa) == PROTO_ESP ? "esp" : "ah",
- ike_sa->get_unique_id(ike_sa),
- me, ike_sa->get_my_id(ike_sa),
- my_client, my_client_mask,
- get_port(my_ts, other_ts, TRUE),
- my_ts->get_protocol(my_ts),
- other, ike_sa->get_other_id(ike_sa),
- other_client, other_client_mask,
- get_port(my_ts, other_ts, FALSE),
- other_ts->get_protocol(other_ts),
- xauth,
- virtual_ip,
- mark_in,
- mark_out,
- udp_enc,
- use_ipcomp ? "PLUTO_IPCOMP='1' " : "",
- config->get_hostaccess(config) ? "PLUTO_HOST_ACCESS='1' " : "",
- dns,
- script);
- my_client->destroy(my_client);
- other_client->destroy(other_client);
- free(virtual_ip);
- free(mark_in);
- free(mark_out);
- free(udp_enc);
- free(dns);
- free(iface);
- free(xauth);
-
- DBG3(DBG_CHD, "running updown script: %s", command);
- shell = popen(command, "r");
-
- if (shell == NULL)
- {
- DBG1(DBG_CHD, "could not execute updown script '%s'", script);
- return TRUE;
- }
+METHOD(listener_t, child_updown, bool,
+ private_updown_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
+ bool up)
+{
+ traffic_selector_t *my_ts, *other_ts;
+ enumerator_t *enumerator;
+ child_cfg_t *config;
- while (TRUE)
+ config = child_sa->get_config(child_sa);
+ if (config->get_updown(config))
+ {
+ enumerator = child_sa->create_policy_enumerator(child_sa);
+ while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
{
- char resp[128];
-
- if (fgets(resp, sizeof(resp), shell) == NULL)
- {
- if (ferror(shell))
- {
- DBG1(DBG_CHD, "error reading output from updown script");
- }
- break;
- }
- else
- {
- char *e = resp + strlen(resp);
- if (e > resp && e[-1] == '\n')
- { /* trim trailing '\n' */
- e[-1] = '\0';
- }
- DBG1(DBG_CHD, "updown: %s", resp);
- }
+ invoke_once(this, ike_sa, child_sa, config, up, my_ts, other_ts);
}
- pclose(shell);
+ enumerator->destroy(enumerator);
}
- enumerator->destroy(enumerator);
return TRUE;
}
diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am
index 7e459c5..da71de3 100644
--- a/src/libcharon/plugins/vici/Makefile.am
+++ b/src/libcharon/plugins/vici/Makefile.am
@@ -67,3 +67,10 @@ vici_tests_LDFLAGS = @COVERAGE_LDFLAGS@
vici_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
+
+
+SUBDIRS =
+
+if USE_RUBY_GEMS
+SUBDIRS += ruby
+endif
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index e0a6a1b..34546b9 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -80,6 +80,7 @@ build_triplet = @build@
host_triplet = @host@
TESTS = vici_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
+ at USE_RUBY_GEMS_TRUE@am__append_1 = ruby
subdir = src/libcharon/plugins/vici
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
@@ -206,11 +207,27 @@ SOURCES = $(libstrongswan_vici_la_SOURCES) $(libvici_la_SOURCES) \
$(vici_tests_SOURCES)
DIST_SOURCES = $(libstrongswan_vici_la_SOURCES) $(libvici_la_SOURCES) \
$(vici_tests_SOURCES)
+RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
+ ctags-recursive dvi-recursive html-recursive info-recursive \
+ install-data-recursive install-dvi-recursive \
+ install-exec-recursive install-html-recursive \
+ install-info-recursive install-pdf-recursive \
+ install-ps-recursive install-recursive installcheck-recursive \
+ installdirs-recursive pdf-recursive ps-recursive \
+ tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+am__recursive_targets = \
+ $(RECURSIVE_TARGETS) \
+ $(RECURSIVE_CLEAN_TARGETS) \
+ $(am__extra_recursive_targets)
+AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
+ distdir
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -252,7 +269,33 @@ am__tty_colors = { \
std='�[m'; \
fi; \
}
+DIST_SUBDIRS = ruby
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
@@ -284,6 +327,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -344,6 +388,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -409,6 +454,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -456,6 +503,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -520,7 +571,8 @@ vici_tests_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libstrongswan/tests/libtest.la
-all: all-am
+SUBDIRS = $(am__append_1)
+all: all-recursive
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
@@ -869,14 +921,61 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run 'make' without going through this Makefile.
+# To change the values of 'make' variables: instead of editing Makefiles,
+# (1) if the variable is set in 'config.status', edit 'config.status'
+# (which will cause the Makefiles to be regenerated when you run 'make');
+# (2) otherwise, pass the desired values on the 'make' command line.
+$(am__recursive_targets):
+ @fail=; \
+ if $(am__make_keepgoing); then \
+ failcom='fail=yes'; \
+ else \
+ failcom='exit 1'; \
+ fi; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
+tags: tags-recursive
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
@@ -889,7 +988,7 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$$unique; \
fi; \
fi
-ctags: ctags-am
+ctags: ctags-recursive
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
@@ -902,7 +1001,7 @@ GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
+cscopelist: cscopelist-recursive
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
@@ -1044,24 +1143,50 @@ distdir: $(DISTFILES)
|| exit 1; \
fi; \
done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ $(am__make_dryrun) \
+ || test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
+check: check-recursive
all-am: Makefile $(LTLIBRARIES)
-installdirs:
+installdirs: installdirs-recursive
+installdirs-am:
for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(plugindir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-installcheck: installcheck-am
+installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
@@ -1085,96 +1210,97 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
+clean: clean-recursive
clean-am: clean-checkPROGRAMS clean-generic clean-ipseclibLTLIBRARIES \
clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
mostlyclean-am
-distclean: distclean-am
+distclean: distclean-recursive
-rm -rf ./$(DEPDIR) suites/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
-dvi: dvi-am
+dvi: dvi-recursive
dvi-am:
-html: html-am
+html: html-recursive
html-am:
-info: info-am
+info: info-recursive
info-am:
install-data-am: install-ipseclibLTLIBRARIES install-pluginLTLIBRARIES
-install-dvi: install-dvi-am
+install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am:
-install-html: install-html-am
+install-html: install-html-recursive
install-html-am:
-install-info: install-info-am
+install-info: install-info-recursive
install-info-am:
install-man:
-install-pdf: install-pdf-am
+install-pdf: install-pdf-recursive
install-pdf-am:
-install-ps: install-ps-am
+install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
-maintainer-clean: maintainer-clean-am
+maintainer-clean: maintainer-clean-recursive
-rm -rf ./$(DEPDIR) suites/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
-mostlyclean: mostlyclean-am
+mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
-pdf: pdf-am
+pdf: pdf-recursive
pdf-am:
-ps: ps-am
+ps: ps-recursive
ps-am:
uninstall-am: uninstall-ipseclibLTLIBRARIES \
uninstall-pluginLTLIBRARIES
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-checkPROGRAMS clean-generic clean-ipseclibLTLIBRARIES \
- clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-ipseclibLTLIBRARIES \
- install-man install-pdf install-pdf-am \
- install-pluginLTLIBRARIES install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+.MAKE: $(am__recursive_targets) check-am install-am install-strip
+
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
+ check-TESTS check-am clean clean-checkPROGRAMS clean-generic \
+ clean-ipseclibLTLIBRARIES clean-libtool \
+ clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES cscopelist-am \
+ ctags ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-ipseclibLTLIBRARIES install-man \
+ install-pdf install-pdf-am install-pluginLTLIBRARIES \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am \
uninstall-ipseclibLTLIBRARIES uninstall-pluginLTLIBRARIES
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index aeabbbd..2724910 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -84,12 +84,12 @@ The message encoding consists of a sequence of elements. Each element starts
with the element type, optionally followed by an element name and/or an element
value. Currently the following message element types are defined:
-* _SECTION_START = 0_: Begin a new section having a name
-* _SECTION_END = 1_: End a previously started section
-* _KEY_VALUE = 2_: Define a value for a named key in the current section
-* _LIST_START = 3_: Begin a named list for list items
-* _LIST_ITEM = 4_: Define an unnamed item value in the current list
-* _LIST_END = 5_: End a previously started list
+* _SECTION_START = 1_: Begin a new section having a name
+* _SECTION_END = 2_: End a previously started section
+* _KEY_VALUE = 3_: Define a value for a named key in the current section
+* _LIST_START = 4_: Begin a named list for list items
+* _LIST_ITEM = 5_: Define an unnamed item value in the current list
+* _LIST_END = 6_: End a previously started list
Types are encoded as 8-bit values. Types having a name (SECTION_START,
KEY_VALUE and LIST_START) have an ASCII string following the type, which itself
@@ -103,7 +103,8 @@ the length field itself.
The interpretation of any value is not defined by the message format; it can
take arbitrary blobs. The application may specify types for specific keys, such
-as strings or integer representations.
+as strings or integer representations. The vici plugin currently uses
+non-null terminated strings as values only; numbers get encoded as strings.
### Sections ###
@@ -165,6 +166,513 @@ the following C array:
1,
};
+## Client-initiated commands ##
+
+Based on the packet layer, VICI implements commands requested by the client
+and responded to by the server using named _CMD_REQUEST_ and _CMD_RESPONSE_
+packets wrapping messages. The request message may contain command arguments,
+the response message the reply.
+
+Some commands use response streaming, that is, a request triggers a series of
+events to consecutively stream data to the client before the response message
+completes the stream. A client must register for the appropriate event to
+receive the stream, and unregister after the response has been received.
+
+The following client issued commands with the appropriate command input and
+output messages are currently defined:
+
+### version() ###
+
+Returns daemon and system specific version information.
+
+ {} => {
+ daemon = <IKE daemon name>
+ version = <strongSwan version>
+ sysname = <operating system name>
+ release = <operating system release>
+ machine = <hardware identifier>
+ }
+
+### stats() ###
+
+Returns IKE daemon statistics and load information.
+
+ {} => {
+ uptime = {
+ running = <relative uptime in human-readable form>
+ since = <absolute startup time>
+ }
+ workers = {
+ total = <total number of worker threads>
+ idle = <worker threads currently idle>
+ active = {
+ critical = <threads processing "critical" priority jobs>
+ high = <threads processing "high" priority jobs>
+ medium = <threads processing "medium" priority jobs>
+ low = <threads processing "low" priority jobs>
+ }
+ }
+ queues = {
+ critical = <jobs queued with "critical" priority>
+ high = <jobs queued with "high" priority>
+ medium = <jobs queued with "medium" priority>
+ low = <jobs queued with "low" priority>
+ }
+ scheduled = <number of jobs scheduled for timed execution>
+ ikesas = {
+ total = <total number of IKE_SAs active>
+ half-open = <number of IKE_SAs in half-open state>
+ }
+ plugins = [
+ <names of loaded plugins>
+ ]
+ mem = { # available if built with leak-detective or on Windows
+ total = <total heap memory usage in bytes>
+ allocs = <total heap allocation blocks>
+ <heap-name>* = { # on Windows only
+ total = <heap memory usage in bytes by this heap>
+ allocs = <allocated blocks for this heap>
+ }
+ }
+ mallinfo = { # available with mallinfo() support
+ sbrk = <non-mmaped space available>
+ mmap = <mmaped space available>
+ used = <total number of bytes used>
+ free = <available but unused bytes>
+ }
+ }
+
+### reload-settings() ###
+
+Reloads _strongswan.conf_ settings and all plugins supporting configuration
+reload.
+
+ {} => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### initiate() ###
+
+Initiates an SA while streaming _control-log_ events.
+
+ {
+ child = <CHILD_SA configuration name to initiate>
+ timeout = <timeout in seconds before returning>
+ loglevel = <loglevel to issue "control-log" events for>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure or timeout>
+ }
+
+### terminate() ###
+
+Terminates an SA while streaming _control-log_ events.
+
+ {
+ child = <terminate a CHILD_SA by configuration name>
+ ike = <terminate an IKE_SA by configuration name>
+ child_id = <terminate a CHILD_SA by its reqid>
+ ike_id = <terminate an IKE_SA by its unique id>
+ timeout = <timeout in seconds before returning>
+ loglevel = <loglevel to issue "control-log" events for>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure or timeout>
+ }
+
+### install() ###
+
+Install a trap, drop or bypass policy defined by a CHILD_SA config.
+
+ {
+ child = <CHILD_SA configuration name to install>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### uninstall() ###
+
+Uninstall a trap, drop or bypass policy defined by a CHILD_SA config.
+
+ {
+ child = <CHILD_SA configuration name to install>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### list-sas() ###
+
+Lists currently active IKE_SAs and associated CHILD_SAs by streaming _list-sa_
+events.
+
+ {
+ noblock = <use non-blocking mode if key is set>
+ ike = <filter listed IKE_SAs by its name>
+ ike_id = <filter listed IKE_SA by its unique id>
+ } => {
+ # completes after streaming list-sa events
+ }
+
+### list-policies() ###
+
+List currently installed trap, drop and bypass policies by streaming
+_list-policy_ events.
+
+ {
+ drop = <set to yes to list drop policies>
+ pass = <set to yes to list bypass policies>
+ trap = <set to yes to list trap policies>
+ child = <filter by CHILD_SA configuration name>
+ } => {
+ # completes after streaming list-sa events
+ }
+
+### list-conns() ###
+
+List currently loaded connections by streaming _list-conn_ events. This
+call includes all connections known by the daemon, not only those loaded
+over vici.
+
+ {
+ ike = <list connections matching a given configuration name only>
+ } => {
+ # completes after streaming list-conn events
+ }
+
+### get-conns() ###
+
+Return a list of connection names loaded exclusively over vici, not including
+connections found in other backends.
+
+ {} => {
+ conns = [
+ <list of connection names>
+ ]
+ }
+
+### list-certs() ###
+
+List currently loaded certificates by streaming _list-cert_ events. This
+call includes all certificates known by the daemon, not only those loaded
+over vici.
+
+ {
+ type = <certificate type to filter for, or ANY>
+ subject = <set to list only certificates having subject>
+ } => {
+ # completes after streaming list-cert events
+ }
+
+### load-conn() ###
+
+Load a single connection definition into the daemon. An existing connection
+with the same name gets updated or replaced.
+
+ {
+ <IKE_SA config name> = {
+ # IKE configuration parameters with authentication and CHILD_SA
+ # subsections. Refer to swanctl.conf(5) for details.
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+ }
+
+### unload-conn() ###
+
+Unload a previously loaded connection definition by name.
+
+ {
+ name = <IKE_SA config name>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### load-cert() ###
+
+Load a certificate into the daemon.
+
+ {
+ type = <certificate type, X509|X509CA|X509AA|X509CRL|X509AC>
+ data = <PEM or DER encoded certificate data>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### load-key() ###
+
+Load a private key into the daemon.
+
+ {
+ type = <private key type, RSA|ECDSA>
+ data = <PEM or DER encoded key data>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### load-shared() ###
+
+Load a shared IKE PSK, EAP or XAuth secret into the daemon.
+
+ {
+ type = <private key type, IKE|EAP|XAUTH>
+ data = <raw shared key data>
+ owners = [
+ <list of shared key owner identities>
+ ]
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### clear-creds() ###
+
+Clear all loaded certificate, private key and shared key credentials. This
+affects only credentials loaded over vici, but additionally flushes the
+credential cache.
+
+ {} => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### load-pool() ###
+
+Load an in-memory virtual IP and configuration attribute pool. Existing
+pools with the same name get updated, if possible.
+
+ {
+ <pool name> = {
+ addrs = <subnet of virtual IP pool addresses>
+ <attribute type>* = [
+ # attribute type is one of address, dns, nbns, dhcp, netmask,
+ # server, subnet, split_include, split_exclude or a numerical
+ # attribute type identifier.
+ <list of attributes for type>
+ ]
+ }
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### unload-pool() ###
+
+Unload a previously loaded virtual IP and configuration attribute pool.
+Unloading fails for pools with leases currently online.
+
+ {
+ name = <virtual IP address pool to delete>
+ } => {
+ success = <yes or no>
+ errmsg = <error string on failure>
+ }
+
+### get-pools() ###
+
+List the currently loaded pools.
+
+ {} => {
+ <pool name>* = {
+ base = <virtual IP pool base address>
+ size = <total number of addresses in the pool>
+ online = <number of leases online>
+ offline = <number of leases offline>
+ }
+ }
+
+## Server-issued events ##
+
+Based on the packet layer, the vici plugin raises event messages using named
+EVENT packets wrapping messages. The message contains event details.
+
+### log ###
+
+The _log_ event is issued to registered clients for each debug log message.
+This event is not associated with a command.
+
+ {
+ group = <subsystem identifier for debug message>
+ level = <log level, 0-4>
+ thread = <numerical thread identifier issuing the log message>
+ ikesa-name = <name of IKE_SA, if log is associated with any>
+ ikesa-uniqued = <unique identifier of IKE_A, if log associated with any>
+ msg = <log message text>
+ }
+
+### control-log ###
+
+The _control-log_ event is issued for log events during active _initiate_ or
+_terminate_ commands. It is issued only to clients currently having such
+a command active.
+
+ {
+ group = <subsystem identifier for debug message>
+ level = <log level, 0-4>
+ ikesa-name = <name of IKE_SA, if log associated with any>
+ ikesa-uniqued = <unique identifier of IKE_A, if log associated with any>
+ msg = <log message text>
+ }
+
+### list-sa ###
+
+The _list-sa_ event is issued to stream IKE_SAs during an active _list-sas_
+command.
+
+ {
+ <IKE_SA config name> = {
+ uniqueid = <IKE_SA unique identifier>
+ version = <IKE version, 1 or 2>
+ state = <IKE_SA state name>
+ local-host = <local IKE endpoint address>
+ local-id = <local IKE identity>
+ remote-host = <remote IKE endpoint address>
+ remote-id = <remote IKE identity>
+ remote-xauth-id = <remote XAuth identity, if XAuth-authenticated>
+ remote-eap-id = <remote EAP identity, if EAP-authenticated>
+ initiator = <yes, if initiator of IKE_SA>
+ initiator-spi = <hex encoded initiator SPI / cookie>
+ responder-spi = <hex encoded responder SPI / cookie>
+ encr-alg = <IKE encryption algorithm string>
+ encr-keysize = <key size for encr-alg, if applicable>
+ integ-alg = <IKE integrity algorithm string>
+ integ-keysize = <key size for encr-alg, if applicable>
+ prf-alg = <IKE pseudo random function string>
+ dh-group = <IKE Diffie-Hellman group string>
+ established = <seconds the IKE_SA has been established>
+ rekey-time = <seconds before IKE_SA gets rekeyed>
+ reauth-time = <seconds before IKE_SA gets re-authenticated>
+ tasks-queued = [
+ <list of currently queued tasks for execution>
+ ]
+ tasks-active = [
+ <list of tasks currently initiating actively>
+ ]
+ tasks-passive = [
+ <list of tasks currently handling passively>
+ ]
+ child-sas = {
+ <child-sa-name>* = {
+ reqid = <reqid of CHILD_SA>
+ state = <state string of CHILD_SA>
+ mode = <IPsec mode, tunnel|transport|beet>
+ protocol = <IPsec protocol AH|ESP>
+ encap = <yes if using UDP encapsulation>
+ spi-in = <hex encoded inbound SPI>
+ spi-out = <hex encoded outbound SPI>
+ cpi-in = <hex encoded inbound CPI, if using compression>
+ cpi-out = <hex encoded outbound CPI, if using compression>
+ encr-alg = <ESP encryption algorithm name, if any>
+ encr-keysize = <ESP encryption key size, if applicable>
+ integ-alg = <ESP or AH integrity algorithm name, if any>
+ integ-keysize = <ESP or AH integrity key size, if applicable>
+ prf-alg = <CHILD_SA pseudo random function name>
+ dh-group = <CHILD_SA PFS rekeying DH group name, if any>
+ esn = <1 if using extended sequence numbers>
+ bytes-in = <number of input bytes processed>
+ packets-in = <number of input packets processed>
+ use-in = <seconds since last inbound packet, if any>
+ bytes-out = <number of output bytes processed>
+ packets-out = <number of output packets processed>
+ use-out = <seconds since last outbound packet, if any>
+ rekey-time = <seconds before CHILD_SA gets rekeyed>
+ life-time = <seconds before CHILD_SA expires>
+ install-time = <seconds the CHILD_SA has been installed>
+ local-ts = [
+ <list of local traffic selectors>
+ ]
+ remote-ts = [
+ <list of remote traffic selectors>
+ ]
+ }
+ }
+ }
+ }
+
+### list-policy ###
+
+The _list-policy_ event is issued to stream installed policies during an active
+_list-policies_ command.
+
+ {
+ <child-sa-config-name> = {
+ mode = <policy mode, tunnel|transport|pass|drop>
+ local-ts = [
+ <list of local traffic selectors>
+ ]
+ remote-ts = [
+ <list of remote traffic selectors>
+ ]
+ }
+ }
+
+### list-conn ###
+
+The _list-conn_ event is issued to stream loaded connection during an active
+_list-conns_ command.
+
+ {
+ <IKE_SA connection name> = {
+ local_addrs = [
+ <list of valid local IKE endpoint addresses>
+ ]
+ remote_addrs = [
+ <list of valid remote IKE endpoint addresses>
+ ]
+ version = <IKE version as string, IKEv1|IKEv2 or 0 for any>
+
+ local*, remote* = { # multiple local and remote auth sections
+ class = <authentication type>
+ eap-type = <EAP type to authenticate if when using EAP>
+ eap-vendor = <EAP vendor for type, if any>
+ xauth = <xauth backend name>
+ revocation = <revocation policy>
+ id = <IKE identity>
+ aaa_id = <AAA authentication backend identity>
+ eap_id = <EAP identity for authentication>
+ xauth_id = <XAuth username for authentication>
+ groups = [
+ <group membership required to use connection>
+ ]
+ certs = [
+ <certificates allowed for authentication>
+ ]
+ cacerts = [
+ <CA certificates allowed for authentication>
+ ]
+ }
+ children = {
+ <CHILD_SA config name>* = {
+ mode = <IPsec mode>
+ local-ts = [
+ <list of local traffic selectors>
+ ]
+ remote-ts = [
+ <list of remote traffic selectors>
+ ]
+ }
+ }
+ }
+ }
+
+### list-cert ###
+
+The _list-cert_ event is issued to stream loaded certificates during an active
+_list-certs_ command.
+
+ {
+ type = <certificate type>
+ has_privkey = <set if a private key for the certificate is available>
+ data = <ASN1 encoded certificate data>
+ }
+
+
# libvici C client library #
libvici is the reference implementation of a C client library implementing
@@ -172,5 +680,177 @@ the vici protocol. It builds upon libstrongswan, but provides a stable API
to implement client applications in the C programming language. libvici uses
the libstrongswan thread pool to deliver event messages asynchronously.
-More information about the libvici API is available in the libvici.h header
-file.
+## Connecting to the daemon ##
+
+This example shows how to connect to the daemon using the default URI, and
+then perform proper cleanup:
+
+ #include <stdio.h>
+ #include <errno.h>
+ #include <string.h>
+
+ #include <libvici.h>
+
+ int main(int argc, char *argv[])
+ {
+ vici_conn_t *conn;
+ int ret = 0;
+
+ vici_init();
+ conn = vici_connect(NULL);
+ if (conn)
+ {
+ /* do stuff */
+ vici_disconnect(conn);
+ }
+ else
+ {
+ ret = errno;
+ fprintf(stderr, "connecting failed: %s\n", strerror(errno));
+ }
+ vici_deinit();
+ return ret;
+ }
+
+## A simple client request ##
+
+In the following example, a simple _version_ request is issued to the daemon
+and the result is printed:
+
+ int get_version(vici_conn_t *conn)
+ {
+ vici_req_t *req;
+ vici_res_t *res;
+ int ret = 0;
+
+ req = vici_begin("version");
+ res = vici_submit(req, conn);
+ if (res)
+ {
+ printf("%s %s (%s, %s, %s)\n",
+ vici_find_str(res, "", "daemon"),
+ vici_find_str(res, "", "version"),
+ vici_find_str(res, "", "sysname"),
+ vici_find_str(res, "", "release"),
+ vici_find_str(res, "", "machine"));
+ vici_free_res(res);
+ }
+ else
+ {
+ ret = errno;
+ fprintf(stderr, "version request failed: %s\n", strerror(errno));
+ }
+ return ret;
+ }
+
+## A request with event streaming and callback parsing ##
+
+In this more advanced example, the _list-conns_ command is used to stream
+loaded connections with the _list-conn_ event. The event message is parsed
+with a simple callback to print the connection name:
+
+ int conn_cb(void *null, vici_res_t *res, char *name)
+ {
+ printf("%s\n", name);
+ return 0;
+ }
+
+ void list_cb(void *null, char *name, vici_res_t *res)
+ {
+ if (vici_parse_cb(res, conn_cb, NULL, NULL, NULL) != 0)
+ {
+ fprintf(stderr, "parsing failed: %s\n", strerror(errno));
+ }
+ }
+
+ int list_conns(vici_conn_t *conn)
+ {
+ vici_req_t *req;
+ vici_res_t *res;
+ int ret = 0;
+
+ if (vici_register(conn, "list-conn", list_cb, NULL) == 0)
+ {
+ req = vici_begin("list-conns");
+ res = vici_submit(req, conn);
+ if (res)
+ {
+ vici_free_res(res);
+ }
+ else
+ {
+ ret = errno;
+ fprintf(stderr, "request failed: %s\n", strerror(errno));
+ }
+ vici_register(conn, "list-conn", NULL, NULL);
+ }
+ else
+ {
+ ret = errno;
+ fprintf(stderr, "registration failed: %s\n", strerror(errno));
+ }
+ return ret;
+ }
+
+## API documentation ##
+
+More information about the libvici API is available in the _libvici.h_ header
+file or the generated Doxygen documentation.
+
+# vici ruby gem #
+
+The _vici ruby gem_ is a pure ruby implementation of the VICI protocol to
+implement client applications. It is provided in the _ruby_ subdirectory, and
+gets built and installed if strongSwan has been _./configure_'d with
+_--enable-vici_ and _--enable-ruby-gems_.
+
+The _Connection_ class from the _Vici_ module provides the high level interface,
+the underlying classes are usually not required to build ruby applications
+using VICI. The _Connection_ class provides methods for the supported VICI
+commands and an event listening mechanism.
+
+To represent the VICI message data tree, the gem converts the binary encoding
+to ruby data types. The _Connection_ class takes and returns ruby objects for
+the exchanged message data:
+ * Sections get encoded as Hash, containing other sections as Hash, or
+ * Key/Values, where the values are Strings as Hash values
+ * Lists get encoded as Arrays with String values
+Non-String values that are not a Hash nor an Array get converted with .to_s
+during encoding.
+
+## Connecting to the daemon ##
+
+To create a connection to the daemon, a socket must be passed to the
+_Connection_ constructor. There is no default, but on Unix systems usually
+a Unix socket over _/var/run/charon.vici_ is used:
+
+ require "vici"
+ require "socket"
+
+ v = Vici::Connection.new(UNIXSocket.new("/var/run/charon.vici"))
+
+## A simple client request ##
+
+An example to print the daemon version information is as simple as:
+
+ x = v.version
+ puts "%s %s (%s, %s, %s)" % [
+ x["daemon"], x["version"], x["sysname"], x["release"], x["machine"]
+ ]
+
+## A request with closure invocation ##
+
+The _Connection_ class takes care of event streaming by invoking a closure
+for each event. The following example lists all loaded connections using the
+_list-conns_ command and implicitly the _list-conn_ event:
+
+ v.list_conns { |conn|
+ conn.each { |key, value|
+ puts key
+ }
+ }
+
+## API documentation ##
+
+For more details about the ruby gem refer to the comments in the gem source
+code or the generated documentation.
diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c
index a2cbb30..c0205cc 100644
--- a/src/libcharon/plugins/vici/libvici.c
+++ b/src/libcharon/plugins/vici/libvici.c
@@ -438,7 +438,7 @@ void vici_free_req(vici_req_t *req)
free(req);
}
-int vici_dump(vici_res_t *res, char *label, bool pretty, FILE *out)
+int vici_dump(vici_res_t *res, char *label, int pretty, FILE *out)
{
if (res->message->dump(res->message, label, pretty, out))
{
@@ -754,11 +754,14 @@ void vici_init()
library_init(NULL, "vici");
if (lib->processor->get_total_threads(lib->processor) < 4)
{
+ dbg_default_set_level(0);
lib->processor->set_threads(lib->processor, 4);
+ dbg_default_set_level(1);
}
}
void vici_deinit()
{
+ lib->processor->cancel(lib->processor);
library_deinit();
}
diff --git a/src/libcharon/plugins/vici/libvici.h b/src/libcharon/plugins/vici/libvici.h
index 58595d8..641370e 100644
--- a/src/libcharon/plugins/vici/libvici.h
+++ b/src/libcharon/plugins/vici/libvici.h
@@ -75,8 +75,6 @@
#include <stdio.h>
-#include <utils/utils.h>
-
/**
* Opaque vici connection contex.
*/
@@ -284,7 +282,7 @@ void vici_free_req(vici_req_t *req);
* @param out FILE to dump to
* @return 0 if dumped complete message, 1 on error
*/
-int vici_dump(vici_res_t *res, char *label, bool pretty, FILE *out);
+int vici_dump(vici_res_t *res, char *label, int pretty, FILE *out);
/**
* Parse next element from a vici response message.
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.am b/src/libcharon/plugins/vici/ruby/Makefile.am
new file mode 100644
index 0000000..ce38e1c
--- /dev/null
+++ b/src/libcharon/plugins/vici/ruby/Makefile.am
@@ -0,0 +1,22 @@
+EXTRA_DIST = vici.gemspec.in lib/vici.rb
+
+vici.gemspec: $(srcdir)/vici.gemspec.in
+ $(AM_V_GEN) sed \
+ -e "s:@GEM_VERSION@:$(PACKAGE_VERSION):" \
+ $(srcdir)/vici.gemspec.in > $@
+
+vici-$(PACKAGE_VERSION).gem: vici.gemspec
+ $(GEM) build vici.gemspec
+
+all-local: vici-$(PACKAGE_VERSION).gem
+
+clean-local:
+ rm -f vici.gemspec vici-$(PACKAGE_VERSION).gem
+
+install-data-local: vici-$(PACKAGE_VERSION).gem
+ $(GEM) install --install-dir $(DESTDIR)$(RUBYGEMDIR) \
+ vici-$(PACKAGE_VERSION).gem
+
+uninstall-local:
+ $(GEM) uninstall --install-dir $(DESTDIR)$(RUBYGEMDIR) \
+ --version $(PACKAGE_VERSION) vici
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
new file mode 100644
index 0000000..c8a8c11
--- /dev/null
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -0,0 +1,556 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/vici/ruby
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+EXTRA_DIST = vici.gemspec.in lib/vici.rb
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-data-local
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-local
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am all-local check check-am clean clean-generic \
+ clean-libtool clean-local cscopelist-am ctags-am distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-local install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
+ uninstall-am uninstall-local
+
+
+vici.gemspec: $(srcdir)/vici.gemspec.in
+ $(AM_V_GEN) sed \
+ -e "s:@GEM_VERSION@:$(PACKAGE_VERSION):" \
+ $(srcdir)/vici.gemspec.in > $@
+
+vici-$(PACKAGE_VERSION).gem: vici.gemspec
+ $(GEM) build vici.gemspec
+
+all-local: vici-$(PACKAGE_VERSION).gem
+
+clean-local:
+ rm -f vici.gemspec vici-$(PACKAGE_VERSION).gem
+
+install-data-local: vici-$(PACKAGE_VERSION).gem
+ $(GEM) install --install-dir $(DESTDIR)$(RUBYGEMDIR) \
+ vici-$(PACKAGE_VERSION).gem
+
+uninstall-local:
+ $(GEM) uninstall --install-dir $(DESTDIR)$(RUBYGEMDIR) \
+ --version $(PACKAGE_VERSION) vici
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb
new file mode 100644
index 0000000..e8a9ddc
--- /dev/null
+++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb
@@ -0,0 +1,569 @@
+##
+# The Vici module implements a native ruby client side library for the
+# strongSwan VICI protocol. The Connection class provides a high-level
+# interface to issue requests or listen for events.
+#
+# Copyright (C) 2014 Martin Willi
+# Copyright (C) 2014 revosec AG
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+module Vici
+
+ ##
+ # Vici specific exception all others inherit from
+ class Error < StandardError
+ end
+
+ ##
+ # Error while parsing a vici message from the daemon
+ class ParseError < Error
+ end
+
+ ##
+ # Error while encoding a vici message from ruby data structures
+ class EncodeError < Error
+ end
+
+ ##
+ # Error while exchanging messages over the vici Transport layer
+ class TransportError < Error
+ end
+
+ ##
+ # Generic vici command execution error
+ class CommandError < Error
+ end
+
+ ##
+ # Error if an issued vici command is unknown by the daemon
+ class CommandUnknownError < CommandError
+ end
+
+ ##
+ # Error if a command failed to execute in the daemon
+ class CommandExecError < CommandError
+ end
+
+ ##
+ # Generic vici event handling error
+ class EventError < Error
+ end
+
+ ##
+ # Tried to register to / unregister from an unknown vici event
+ class EventUnknownError < EventError
+ end
+
+ ##
+ # Exception to raise from an event listening closure to stop listening
+ class StopEventListening < Exception
+ end
+
+
+ ##
+ # The Message class provides the low level encoding and decoding of vici
+ # protocol messages. Directly using this class is usually not required.
+ class Message
+
+ SECTION_START = 1
+ SECTION_END = 2
+ KEY_VALUE = 3
+ LIST_START = 4
+ LIST_ITEM = 5
+ LIST_END = 6
+
+ def initialize(data = "")
+ if data == nil
+ @root = Hash.new()
+ elsif data.is_a?(Hash)
+ @root = data
+ else
+ @encoded = data
+ end
+ end
+
+ ##
+ # Get the raw byte encoding of an on-the-wire message
+ def encoding
+ if @encoded == nil
+ @encoded = encode(@root)
+ end
+ @encoded
+ end
+
+ ##
+ # Get the root element of the parsed ruby data structures
+ def root
+ if @root == nil
+ @root = parse(@encoded)
+ end
+ @root
+ end
+
+ private
+
+ def encode_name(name)
+ [name.length].pack("c") << name
+ end
+
+ def encode_value(value)
+ if value.class != String
+ value = value.to_s
+ end
+ [value.length].pack("n") << value
+ end
+
+ def encode_kv(encoding, key, value)
+ encoding << KEY_VALUE << encode_name(key) << encode_value(value)
+ end
+
+ def encode_section(encoding, key, value)
+ encoding << SECTION_START << encode_name(key)
+ encoding << encode(value) << SECTION_END
+ end
+
+ def encode_list(encoding, key, value)
+ encoding << LIST_START << encode_name(key)
+ value.each do |item|
+ encoding << LIST_ITEM << encode_value(item)
+ end
+ encoding << LIST_END
+ end
+
+ def encode(node)
+ encoding = ""
+ node.each do |key, value|
+ case value.class
+ when String, Fixnum, true, false
+ encoding = encode_kv(encoding, key, value)
+ else
+ if value.is_a?(Hash)
+ encoding = encode_section(encoding, key, value)
+ elsif value.is_a?(Array)
+ encoding = encode_list(encoding, key, value)
+ else
+ encoding = encode_kv(encoding, key, value)
+ end
+ end
+ end
+ encoding
+ end
+
+ def parse_name(encoding)
+ len = encoding.unpack("c")[0]
+ name = encoding[1, len]
+ return encoding[(1 + len)..-1], name
+ end
+
+ def parse_value(encoding)
+ len = encoding.unpack("n")[0]
+ value = encoding[2, len]
+ return encoding[(2 + len)..-1], value
+ end
+
+ def parse(encoding)
+ stack = [Hash.new]
+ list = nil
+ while encoding.length != 0 do
+ type = encoding.unpack("c")[0]
+ encoding = encoding[1..-1]
+ case type
+ when SECTION_START
+ encoding, name = parse_name(encoding)
+ stack.push(stack[-1][name] = Hash.new)
+ when SECTION_END
+ if stack.length() == 1
+ raise ParseError, "unexpected section end"
+ end
+ stack.pop()
+ when KEY_VALUE
+ encoding, name = parse_name(encoding)
+ encoding, value = parse_value(encoding)
+ stack[-1][name] = value
+ when LIST_START
+ encoding, name = parse_name(encoding)
+ stack[-1][name] = []
+ list = name
+ when LIST_ITEM
+ raise ParseError, "unexpected list item" if list == nil
+ encoding, value = parse_value(encoding)
+ stack[-1][list].push(value)
+ when LIST_END
+ raise ParseError, "unexpected list end" if list == nil
+ list = nil
+ else
+ raise ParseError, "invalid type: #{type}"
+ end
+ end
+ if stack.length() > 1
+ raise ParseError, "unexpected message end"
+ end
+ stack[0]
+ end
+ end
+
+
+ ##
+ # The Transport class implements to low level segmentation of packets
+ # to the underlying transport stream. Directly using this class is usually
+ # not required.
+ class Transport
+
+ CMD_REQUEST = 0
+ CMD_RESPONSE = 1
+ CMD_UNKNOWN = 2
+ EVENT_REGISTER = 3
+ EVENT_UNREGISTER = 4
+ EVENT_CONFIRM = 5
+ EVENT_UNKNOWN = 6
+ EVENT = 7
+
+ ##
+ # Create a transport layer using a provided socket for communication.
+ def initialize(socket)
+ @socket = socket
+ @events = Hash.new
+ end
+
+ ##
+ # Write a packet prefixed by its length over the transport socket. Type
+ # specifies the message, the optional label and message get appended.
+ def write(type, label, message)
+ encoding = ""
+ if label
+ encoding << label.length << label
+ end
+ if message
+ encoding << message.encoding
+ end
+ @socket.send([encoding.length + 1, type].pack("Nc") + encoding, 0)
+ end
+
+ ##
+ # Read a packet from the transport socket. Returns the packet type, and
+ # if available in the packet a label and the contained message.
+ def read
+ len = @socket.recv(4).unpack("N")[0]
+ encoding = @socket.recv(len)
+ type = encoding.unpack("c")[0]
+ len = 1
+ case type
+ when CMD_REQUEST, EVENT_REGISTER, EVENT_UNREGISTER, EVENT
+ label = encoding[2, encoding[1].unpack("c")[0]]
+ len += label.length + 1
+ when CMD_RESPONSE, CMD_UNKNOWN, EVENT_CONFIRM, EVENT_UNKNOWN
+ label = nil
+ else
+ raise TransportError, "invalid message: #{type}"
+ end
+ if encoding.length == len
+ return type, label, Message.new
+ end
+ return type, label, Message.new(encoding[len..-1])
+ end
+
+ def dispatch_event(name, message)
+ @events[name].each do |handler|
+ handler.call(name, message)
+ end
+ end
+
+ def read_and_dispatch_event
+ type, label, message = read
+ p
+ if type == EVENT
+ dispatch_event(label, message)
+ else
+ raise TransportError, "unexpected message: #{type}"
+ end
+ end
+
+ def read_and_dispatch_events
+ loop do
+ type, label, message = read
+ if type == EVENT
+ dispatch_event(label, message)
+ else
+ return type, label, message
+ end
+ end
+ end
+
+ ##
+ # Send a command with a given name, and optionally a message. Returns
+ # the reply message on success.
+ def request(name, message = nil)
+ write(CMD_REQUEST, name, message)
+ type, label, message = read_and_dispatch_events
+ case type
+ when CMD_RESPONSE
+ return message
+ when CMD_UNKNOWN
+ raise CommandUnknownError, name
+ else
+ raise CommandError, "invalid response for #{name}"
+ end
+ end
+
+ ##
+ # Register a handler method for the given event name
+ def register(name, handler)
+ write(EVENT_REGISTER, name, nil)
+ type, label, message = read_and_dispatch_events
+ case type
+ when EVENT_CONFIRM
+ if @events.has_key?(name)
+ @events[name] += [handler]
+ else
+ @events[name] = [handler];
+ end
+ when EVENT_UNKNOWN
+ raise EventUnknownError, name
+ else
+ raise EventError, "invalid response for #{name} register"
+ end
+ end
+
+ ##
+ # Unregister a handler method for the given event name
+ def unregister(name, handler)
+ write(EVENT_UNREGISTER, name, nil)
+ type, label, message = read_and_dispatch_events
+ case type
+ when EVENT_CONFIRM
+ @events[name] -= [handler]
+ when EVENT_UNKNOWN
+ raise EventUnknownError, name
+ else
+ raise EventError, "invalid response for #{name} unregister"
+ end
+ end
+ end
+
+
+ ##
+ # The Connection class provides the high-level interface to monitor, configure
+ # and control the IKE daemon. It takes a connected stream-oriented Socket for
+ # the communication with the IKE daemon.
+ #
+ # This class takes and returns ruby objects for the exchanged message data.
+ # * Sections get encoded as Hash, containing other sections as Hash, or
+ # * Key/Values, where the values are Strings as Hash values
+ # * Lists get encoded as Arrays with String values
+ # Non-String values that are not a Hash nor an Array get converted with .to_s
+ # during encoding.
+ class Connection
+
+ def initialize(socket)
+ @transp = Transport.new(socket)
+ end
+
+ ##
+ # List matching loaded connections. The provided closure is invoked
+ # for each matching connection.
+ def list_conns(match = nil, &block)
+ call_with_event("list-conns", Message.new(match), "list-conn", &block)
+ end
+
+ ##
+ # List matching active SAs. The provided closure is invoked for each
+ # matching SA.
+ def list_sas(match = nil, &block)
+ call_with_event("list-sas", Message.new(match), "list-sa", &block)
+ end
+
+ ##
+ # List matching installed policies. The provided closure is invoked
+ # for each matching policy.
+ def list_policies(match, &block)
+ call_with_event("list-policies", Message.new(match), "list-policy",
+ &block)
+ end
+
+ ##
+ # List matching loaded certificates. The provided closure is invoked
+ # for each matching certificate definition.
+ def list_certs(match = nil, &block)
+ call_with_event("list-certs", Message.new(match), "list-cert", &block)
+ end
+
+ ##
+ # Load a connection into the daemon.
+ def load_conn(conn)
+ check_success(@transp.request("load-conn", Message.new(conn)))
+ end
+
+ ##
+ # Unload a connection from the daemon.
+ def unload_conn(conn)
+ check_success(@transp.request("unload-conn", Message.new(conn)))
+ end
+
+ ##
+ # Get the names of connections managed by vici.
+ def get_conns()
+ @transp.request("get-conns").root
+ end
+
+ ##
+ # Clear all loaded credentials.
+ def clear_creds()
+ check_success(@transp.request("clear-creds"))
+ end
+
+ ##
+ # Load a certificate into the daemon.
+ def load_cert(cert)
+ check_success(@transp.request("load-cert", Message.new(cert)))
+ end
+
+ ##
+ # Load a private key into the daemon.
+ def load_key(key)
+ check_success(@transp.request("load-key", Message.new(key)))
+ end
+
+ ##
+ # Load a shared key into the daemon.
+ def load_shared(shared)
+ check_success(@transp.request("load-shared", Message.new(shared)))
+ end
+
+ ##
+ # Load a virtual IP / attribute pool
+ def load_pool(pool)
+ check_success(@transp.request("load-pool", Message.new(pool)))
+ end
+
+ ##
+ # Unload a virtual IP / attribute pool
+ def unload_pool(pool)
+ check_success(@transp.request("unload-pool", Message.new(pool)))
+ end
+
+ ##
+ # Get the currently loaded pools.
+ def get_pools()
+ @transp.request("get-pools").root
+ end
+
+ ##
+ # Initiate a connection. The provided closure is invoked for each log line.
+ def initiate(options, &block)
+ check_success(call_with_event("initiate", Message.new(options),
+ "control-log", &block))
+ end
+
+ ##
+ # Terminate a connection. The provided closure is invoked for each log line.
+ def terminate(options, &block)
+ check_success(call_with_event("terminate", Message.new(options),
+ "control-log", &block))
+ end
+
+ ##
+ # Install a shunt/route policy.
+ def install(policy)
+ check_success(@transp.request("install", Message.new(policy)))
+ end
+
+ ##
+ # Uninstall a shunt/route policy.
+ def uninstall(policy)
+ check_success(@transp.request("uninstall", Message.new(policy)))
+ end
+
+ ##
+ # Reload strongswan.conf settings.
+ def reload_settings
+ check_success(@transp.request("reload-settings", nil))
+ end
+
+ ##
+ # Get daemon statistics and information.
+ def stats
+ @transp.request("stats", nil).root
+ end
+
+ ##
+ # Get daemon version information
+ def version
+ @transp.request("version", nil).root
+ end
+
+ ##
+ # Listen for a set of event messages. This call is blocking, and invokes
+ # the passed closure for each event received. The closure receives the
+ # event name and the event message as argument. To stop listening, the
+ # closure may raise a StopEventListening exception, the only catched
+ # exception.
+ def listen_events(events, &block)
+ self.class.instance_eval do
+ define_method(:listen_event) do |label, message|
+ block.call(label, message.root)
+ end
+ end
+ events.each do |event|
+ @transp.register(event, method(:listen_event))
+ end
+ begin
+ loop do
+ @transp.read_and_dispatch_event
+ end
+ rescue StopEventListening
+ ensure
+ events.each do |event|
+ @transp.unregister(event, method(:listen_event))
+ end
+ end
+ end
+
+ ##
+ # Issue a command request, but register for a specific event while the
+ # command is active. VICI uses this mechanism to stream potentially large
+ # data objects continuously. The provided closure is invoked for all
+ # event messages.
+ def call_with_event(command, request, event, &block)
+ self.class.instance_eval do
+ define_method(:call_event) do |label, message|
+ block.call(message.root)
+ end
+ end
+ @transp.register(event, method(:call_event))
+ begin
+ reply = @transp.request(command, request)
+ ensure
+ @transp.unregister(event, method(:call_event))
+ end
+ reply
+ end
+
+ ##
+ # Check if the reply of a command indicates "success", otherwise raise a
+ # CommandExecError exception
+ def check_success(reply)
+ root = reply.root
+ if root["success"] != "yes"
+ raise CommandExecError, root["errmsg"]
+ end
+ root
+ end
+ end
+end
diff --git a/src/libcharon/plugins/vici/ruby/vici.gemspec.in b/src/libcharon/plugins/vici/ruby/vici.gemspec.in
new file mode 100644
index 0000000..5ad61c0
--- /dev/null
+++ b/src/libcharon/plugins/vici/ruby/vici.gemspec.in
@@ -0,0 +1,16 @@
+Gem::Specification.new do |s|
+ s.name = "vici"
+ s.version = "@GEM_VERSION@"
+ s.authors = ["Martin Willi"]
+ s.email = ["martin at strongswan.ch"]
+ s.description = %q{
+ The strongSwan VICI protocol allows external application to monitor,
+ configure and control the IKE daemon charon. This ruby gem provides a
+ native client side implementation of the VICI protocol, well suited to
+ script automated tasks in a relaible way.
+ }
+ s.summary = "Native ruby interface for strongSwan VICI"
+ s.homepage = "https://wiki.strongswan.org/projects/strongswan/wiki/Vici"
+ s.license = "MIT"
+ s.files = "lib/vici.rb"
+end
diff --git a/src/libcharon/plugins/vici/suites/test_message.c b/src/libcharon/plugins/vici/suites/test_message.c
index 2931173..e76d273 100644
--- a/src/libcharon/plugins/vici/suites/test_message.c
+++ b/src/libcharon/plugins/vici/suites/test_message.c
@@ -347,7 +347,7 @@ START_TEST(test_get_int)
ck_assert_int_eq(m->get_int(m, 2, "section1.key2"), 0x12);
ck_assert_int_eq(m->get_int(m, 2, "section1.section2.key3"), -1);
ck_assert_int_eq(m->get_int(m, 2, "section1.key4"), 2);
- ck_assert_int_eq(m->get_int(m, 2, "key5"), 0);
+ ck_assert_int_eq(m->get_int(m, 2, "key5"), 2);
ck_assert_int_eq(m->get_int(m, 2, "nonexistent"), 2);
ck_assert_int_eq(m->get_int(m, 2, "n.o.n.e.x.i.s.t.e.n.t"), 2);
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index 3cd0081..292a400 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -450,6 +450,17 @@ CALLBACK(uninstall, vici_message_t*,
return send_reply(this, "policy '%s' not found", child);
}
+CALLBACK(reload_settings, vici_message_t*,
+ private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
+{
+ if (lib->settings->load_files(lib->settings, lib->conf, FALSE))
+ {
+ lib->plugins->reload(lib->plugins, NULL);
+ return send_reply(this, NULL);
+ }
+ return send_reply(this, "reloading '%s' failed", lib->conf);
+}
+
static void manage_command(private_vici_control_t *this,
char *name, vici_command_cb_t cb, bool reg)
{
@@ -466,6 +477,7 @@ static void manage_commands(private_vici_control_t *this, bool reg)
manage_command(this, "terminate", terminate, reg);
manage_command(this, "install", install, reg);
manage_command(this, "uninstall", uninstall, reg);
+ manage_command(this, "reload-settings", reload_settings, reg);
this->dispatcher->manage_event(this->dispatcher, "control-log", reg);
}
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c
index cc6434b..d4c02de 100644
--- a/src/libcharon/plugins/vici/vici_cred.c
+++ b/src/libcharon/plugins/vici/vici_cred.c
@@ -270,13 +270,10 @@ CALLBACK(load_shared, vici_message_t*,
CALLBACK(clear_creds, vici_message_t*,
private_vici_cred_t *this, char *name, u_int id, vici_message_t *message)
{
- vici_builder_t *builder;
-
this->creds->clear(this->creds);
lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
- builder = vici_builder_create();
- return builder->finalize(builder);
+ return create_reply(NULL);
}
static void manage_command(private_vici_cred_t *this,
diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c
index dcc175f..e79fbc8 100644
--- a/src/libcharon/plugins/vici/vici_message.c
+++ b/src/libcharon/plugins/vici/vici_message.c
@@ -355,6 +355,10 @@ METHOD(vici_message_t, vget_int, int,
found = find_value(this, &value, fmt, args);
if (found)
{
+ if (value.len == 0)
+ {
+ return def;
+ }
if (chunk_printable(value, NULL, 0))
{
snprintf(buf, sizeof(buf), "%.*s", (int)value.len, value.ptr);
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index 8a714a9..b1cc1d1 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index 26bb6fb..e393ee1 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index f06fdb5..f0e7727 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index 72f3dc6..a4c1aae 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index 9af015e..296ccaa 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c
index f99c0b9..fb480ee 100644
--- a/src/libcharon/processing/jobs/adopt_children_job.c
+++ b/src/libcharon/processing/jobs/adopt_children_job.c
@@ -17,6 +17,7 @@
#include <daemon.h>
#include <hydra.h>
+#include <collections/array.h>
typedef struct private_adopt_children_job_t private_adopt_children_job_t;
@@ -34,11 +35,17 @@ struct private_adopt_children_job_t {
* IKE_SA id to adopt children from
*/
ike_sa_id_t *id;
+
+ /**
+ * Tasks queued for execution
+ */
+ array_t *tasks;
};
METHOD(job_t, destroy, void,
private_adopt_children_job_t *this)
{
+ array_destroy_offset(this->tasks, offsetof(task_t, destroy));
this->id->destroy(this->id);
free(this);
}
@@ -149,6 +156,32 @@ METHOD(job_t, execute, job_requeue_t,
}
}
children->destroy_offset(children, offsetof(child_sa_t, destroy));
+
+ if (array_count(this->tasks))
+ {
+ ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+ this->id);
+ if (ike_sa)
+ {
+ task_t *task;
+
+ while (array_remove(this->tasks, ARRAY_HEAD, &task))
+ {
+ task->migrate(task, ike_sa);
+ ike_sa->queue_task(ike_sa, task);
+ }
+ if (ike_sa->initiate(ike_sa, NULL, 0, NULL, NULL) == DESTROY_ME)
+ {
+ charon->ike_sa_manager->checkin_and_destroy(
+ charon->ike_sa_manager, ike_sa);
+ }
+ else
+ {
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager,
+ ike_sa);
+ }
+ }
+ }
}
return JOB_REQUEUE_NONE;
}
@@ -159,6 +192,12 @@ METHOD(job_t, get_priority, job_priority_t,
return JOB_PRIO_HIGH;
}
+METHOD(adopt_children_job_t, queue_task, void,
+ private_adopt_children_job_t *this, task_t *task)
+{
+ array_insert_create(&this->tasks, ARRAY_TAIL, task);
+}
+
/**
* See header
*/
@@ -173,6 +212,7 @@ adopt_children_job_t *adopt_children_job_create(ike_sa_id_t *id)
.get_priority = _get_priority,
.destroy = _destroy,
},
+ .queue_task = _queue_task,
},
.id = id->clone(id),
);
diff --git a/src/libcharon/processing/jobs/adopt_children_job.h b/src/libcharon/processing/jobs/adopt_children_job.h
index 073504a..ee99ee4 100644
--- a/src/libcharon/processing/jobs/adopt_children_job.h
+++ b/src/libcharon/processing/jobs/adopt_children_job.h
@@ -24,6 +24,7 @@
#include <library.h>
#include <processing/jobs/job.h>
#include <sa/ike_sa_id.h>
+#include <sa/task.h>
typedef struct adopt_children_job_t adopt_children_job_t;
@@ -36,6 +37,13 @@ struct adopt_children_job_t {
* Implements job_t.
*/
job_t job_interface;
+
+ /**
+ * Queue a job for execution after completing migration.
+ *
+ * @param task task to queue for execution
+ */
+ void (*queue_task)(adopt_children_job_t *this, task_t *task);
};
/**
diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c
index 6943185..e6d7da2 100644
--- a/src/libcharon/processing/jobs/update_sa_job.c
+++ b/src/libcharon/processing/jobs/update_sa_job.c
@@ -63,12 +63,7 @@ METHOD(job_t, execute, job_requeue_t,
}
else
{
- /* we update only if other host is NATed, but not our */
- if (ike_sa->has_condition(ike_sa, COND_NAT_THERE) &&
- !ike_sa->has_condition(ike_sa, COND_NAT_HERE))
- {
- ike_sa->update_hosts(ike_sa, NULL, this->new, FALSE);
- }
+ ike_sa->update_hosts(ike_sa, NULL, this->new, FALSE);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
}
return JOB_REQUEUE_NONE;
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index c338cda..d92b9df 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2013 Tobias Brunner
+ * Copyright (C) 2006-2014 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -16,6 +16,28 @@
* for more details.
*/
+/*
+ * Copyright (c) 2014 Volker Rümelin
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
#include <string.h>
#include <sys/stat.h>
#include <errno.h>
@@ -251,6 +273,11 @@ struct private_ike_sa_t {
* Flush auth configs once established?
*/
bool flush_auth_cfg;
+
+ /**
+ * Maximum length of a single fragment, 0 for address-specific defaults
+ */
+ size_t fragment_size;
};
/**
@@ -909,11 +936,14 @@ METHOD(ike_sa_t, update_hosts, void,
update = TRUE;
}
- if (!other->equals(other, this->other_host))
+ if (!other->equals(other, this->other_host) &&
+ (force || has_condition(this, COND_NAT_THERE)))
{
- /* update others address if we are NOT NATed */
- if ((has_condition(this, COND_NAT_THERE) &&
- !has_condition(this, COND_NAT_HERE)) || force )
+ /* only update other's address if we are behind a static NAT,
+ * which we assume is the case if we are not initiator */
+ if (force ||
+ (!has_condition(this, COND_NAT_HERE) ||
+ !has_condition(this, COND_ORIGINAL_INITIATOR)))
{
set_other_host(this, other->clone(other));
update = TRUE;
@@ -994,6 +1024,69 @@ METHOD(ike_sa_t, generate_message, status_t,
return status;
}
+static bool filter_fragments(private_ike_sa_t *this, packet_t **fragment,
+ packet_t **packet)
+{
+ *packet = (*fragment)->clone(*fragment);
+ set_dscp(this, *packet);
+ return TRUE;
+}
+
+METHOD(ike_sa_t, generate_message_fragmented, status_t,
+ private_ike_sa_t *this, message_t *message, enumerator_t **packets)
+{
+ enumerator_t *fragments;
+ packet_t *packet;
+ status_t status;
+ bool use_frags = FALSE;
+
+ if (this->ike_cfg)
+ {
+ switch (this->ike_cfg->fragmentation(this->ike_cfg))
+ {
+ case FRAGMENTATION_FORCE:
+ use_frags = TRUE;
+ break;
+ case FRAGMENTATION_YES:
+ use_frags = supports_extension(this, EXT_IKE_FRAGMENTATION);
+ if (use_frags && this->version == IKEV1 &&
+ supports_extension(this, EXT_MS_WINDOWS))
+ {
+ /* It seems Windows 7 and 8 peers only accept proprietary
+ * fragmented messages if they expect certificates. */
+ use_frags = message->get_payload(message,
+ PLV1_CERTIFICATE) != NULL;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ if (!use_frags)
+ {
+ status = generate_message(this, message, &packet);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ *packets = enumerator_create_single(packet, NULL);
+ return SUCCESS;
+ }
+
+ this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
+ message->set_ike_sa_id(message, this->ike_sa_id);
+ charon->bus->message(charon->bus, message, FALSE, TRUE);
+ status = message->fragment(message, this->keymat, this->fragment_size,
+ &fragments);
+ if (status == SUCCESS)
+ {
+ charon->bus->message(charon->bus, message, FALSE, FALSE);
+ *packets = enumerator_create_filter(fragments, (void*)filter_fragments,
+ this, NULL);
+ }
+ return status;
+}
+
METHOD(ike_sa_t, set_kmaddress, void,
private_ike_sa_t *this, host_t *local, host_t *remote)
{
@@ -1487,6 +1580,14 @@ METHOD(ike_sa_t, reauth, status_t,
{
return INVALID_STATE;
}
+ if (this->state == IKE_CONNECTING)
+ {
+ DBG0(DBG_IKE, "reinitiating IKE_SA %s[%d]",
+ get_name(this), this->unique_id);
+ reset(this);
+ this->task_manager->queue_ike(this->task_manager);
+ return this->task_manager->initiate(this->task_manager);
+ }
/* we can't reauthenticate as responder when we use EAP or virtual IPs.
* If the peer does not support RFC4478, there is no way to keep the
* IKE_SA up. */
@@ -1650,6 +1751,7 @@ METHOD(ike_sa_t, reestablish, status_t,
new->set_other_host(new, host->clone(host));
host = this->my_host;
new->set_my_host(new, host->clone(host));
+ charon->bus->ike_reestablish_pre(charon->bus, &this->public, new);
/* resolve hosts but use the old addresses above as fallback */
resolve_hosts((private_ike_sa_t*)new);
/* if we already have a virtual IP, we reuse it */
@@ -1734,12 +1836,15 @@ METHOD(ike_sa_t, reestablish, status_t,
if (status == DESTROY_ME)
{
+ charon->bus->ike_reestablish_post(charon->bus, &this->public, new,
+ FALSE);
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new);
status = FAILED;
}
else
{
- charon->bus->ike_reestablish(charon->bus, &this->public, new);
+ charon->bus->ike_reestablish_post(charon->bus, &this->public, new,
+ TRUE);
charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);
status = SUCCESS;
}
@@ -1899,11 +2004,29 @@ static bool is_any_path_valid(private_ike_sa_t *this)
bool valid = FALSE;
enumerator_t *enumerator;
host_t *src = NULL, *addr;
+ int family = AF_UNSPEC;
+
+ switch (charon->socket->supported_families(charon->socket))
+ {
+ case SOCKET_FAMILY_IPV4:
+ family = AF_INET;
+ break;
+ case SOCKET_FAMILY_IPV6:
+ family = AF_INET6;
+ break;
+ case SOCKET_FAMILY_BOTH:
+ case SOCKET_FAMILY_NONE:
+ break;
+ }
DBG1(DBG_IKE, "old path is not available anymore, try to find another");
enumerator = create_peer_address_enumerator(this);
while (enumerator->enumerate(enumerator, &addr))
{
+ if (family != AF_UNSPEC && addr->get_family(addr) != family)
+ {
+ continue;
+ }
DBG1(DBG_IKE, "looking for a route to %H ...", addr);
src = hydra->kernel_interface->get_source_addr(
hydra->kernel_interface, addr, NULL);
@@ -2332,6 +2455,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
.inherit_pre = _inherit_pre,
.inherit_post = _inherit_post,
.generate_message = _generate_message,
+ .generate_message_fragmented = _generate_message_fragmented,
.reset = _reset,
.get_unique_id = _get_unique_id,
.add_virtual_ip = _add_virtual_ip,
@@ -2377,6 +2501,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
"%s.retry_initiate_interval", 0, lib->ns),
.flush_auth_cfg = lib->settings->get_bool(lib->settings,
"%s.flush_auth_cfg", FALSE, lib->ns),
+ .fragment_size = lib->settings->get_int(lib->settings,
+ "%s.fragment_size", 0, lib->ns),
);
if (version == IKEV2)
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 15fb474..c72d873 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2014 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -102,7 +102,7 @@ enum ike_extension_t {
EXT_EAP_ONLY_AUTHENTICATION = (1<<5),
/**
- * peer is probably a Windows 7 RAS client
+ * peer is probably a Windows RAS client
*/
EXT_MS_WINDOWS = (1<<6),
@@ -128,7 +128,7 @@ enum ike_extension_t {
EXT_NATT_DRAFT_02_03 = (1<<10),
/**
- * peer support proprietary IKE fragmentation
+ * peer supports proprietary IKEv1 or standardized IKEv2 fragmentation
*/
EXT_IKE_FRAGMENTATION = (1<<11),
};
@@ -756,7 +756,7 @@ struct ike_sa_t {
status_t (*roam)(ike_sa_t *this, bool address);
/**
- * Processes a incoming IKEv2-Message.
+ * Processes an incoming IKE message.
*
* Message processing may fail. If a critical failure occurs,
* process_message() return DESTROY_ME. Then the caller must
@@ -768,10 +768,10 @@ struct ike_sa_t {
* - FAILED
* - DESTROY_ME if this IKE_SA MUST be deleted
*/
- status_t (*process_message) (ike_sa_t *this, message_t *message);
+ status_t (*process_message)(ike_sa_t *this, message_t *message);
/**
- * Generate a IKE message to send it to the peer.
+ * Generate an IKE message to send it to the peer.
*
* This method generates all payloads in the message and encrypts/signs
* the packet.
@@ -783,8 +783,26 @@ struct ike_sa_t {
* - FAILED
* - DESTROY_ME if this IKE_SA MUST be deleted
*/
- status_t (*generate_message) (ike_sa_t *this, message_t *message,
- packet_t **packet);
+ status_t (*generate_message)(ike_sa_t *this, message_t *message,
+ packet_t **packet);
+
+ /**
+ * Generate an IKE message to send it to the peer. If enabled and supported
+ * it will be fragmented.
+ *
+ * This method generates all payloads in the message and encrypts/signs
+ * the packet/fragments.
+ *
+ * @param message message to generate
+ * @param packets enumerator of generated packet_t* (are not destroyed
+ * with the enumerator)
+ * @return
+ * - SUCCESS
+ * - FAILED
+ * - DESTROY_ME if this IKE_SA MUST be deleted
+ */
+ status_t (*generate_message_fragmented)(ike_sa_t *this, message_t *message,
+ enumerator_t **packets);
/**
* Retransmits a request.
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 8e68e7b..bdabc59 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -384,11 +384,6 @@ struct private_ike_sa_manager_t {
rng_t *rng;
/**
- * SHA1 hasher for IKE_SA_INIT retransmit detection
- */
- hasher_t *hasher;
-
- /**
* reuse existing IKE_SAs in checkout_by_config
*/
bool reuse_ikesa;
@@ -962,49 +957,39 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this)
*
* @returns TRUE on success
*/
-static bool get_init_hash(private_ike_sa_manager_t *this, message_t *message,
- chunk_t *hash)
+static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash)
{
host_t *src;
- if (!this->hasher)
- { /* this might be the case when flush() has been called */
- return FALSE;
- }
if (message->get_first_payload_type(message) == PLV1_FRAGMENT)
{ /* only hash the source IP, port and SPI for fragmented init messages */
u_int16_t port;
u_int64_t spi;
src = message->get_source(message);
- if (!this->hasher->allocate_hash(this->hasher,
- src->get_address(src), NULL))
+ if (!hasher->allocate_hash(hasher, src->get_address(src), NULL))
{
return FALSE;
}
port = src->get_port(src);
- if (!this->hasher->allocate_hash(this->hasher,
- chunk_from_thing(port), NULL))
+ if (!hasher->allocate_hash(hasher, chunk_from_thing(port), NULL))
{
return FALSE;
}
spi = message->get_initiator_spi(message);
- return this->hasher->allocate_hash(this->hasher,
- chunk_from_thing(spi), hash);
+ return hasher->allocate_hash(hasher, chunk_from_thing(spi), hash);
}
if (message->get_exchange_type(message) == ID_PROT)
{ /* include the source for Main Mode as the hash will be the same if
* SPIs are reused by two initiators that use the same proposal */
src = message->get_source(message);
- if (!this->hasher->allocate_hash(this->hasher,
- src->get_address(src), NULL))
+ if (!hasher->allocate_hash(hasher, src->get_address(src), NULL))
{
return FALSE;
}
}
- return this->hasher->allocate_hash(this->hasher,
- message->get_packet_data(message), hash);
+ return hasher->allocate_hash(hasher, message->get_packet_data(message), hash);
}
/**
@@ -1227,15 +1212,19 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
if (is_init)
{
+ hasher_t *hasher;
u_int64_t our_spi;
chunk_t hash;
- if (!get_init_hash(this, message, &hash))
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher || !get_init_hash(hasher, message, &hash))
{
DBG1(DBG_MGR, "ignoring message, failed to hash message");
+ DESTROY_IF(hasher);
id->destroy(id);
return NULL;
}
+ hasher->destroy(hasher);
/* ensure this is not a retransmit of an already handled init message */
switch (check_and_put_init_hash(this, hash, &our_spi))
@@ -1313,8 +1302,9 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
ike_id = entry->ike_sa->get_id(entry->ike_sa);
entry->checked_out = TRUE;
- if (message->get_first_payload_type(message) != PLV1_FRAGMENT)
- {
+ if (message->get_first_payload_type(message) != PLV1_FRAGMENT &&
+ message->get_first_payload_type(message) != PLV2_FRAGMENT)
+ { /* TODO-FRAG: this fails if there are unencrypted payloads */
entry->processing = get_message_id_or_hash(message);
}
if (ike_id->get_responder_spi(ike_id) == 0)
@@ -2058,8 +2048,6 @@ METHOD(ike_sa_manager_t, flush, void,
this->rng->destroy(this->rng);
this->rng = NULL;
- this->hasher->destroy(this->hasher);
- this->hasher = NULL;
}
METHOD(ike_sa_manager_t, destroy, void,
@@ -2134,18 +2122,10 @@ ike_sa_manager_t *ike_sa_manager_create()
},
);
- this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (this->hasher == NULL)
- {
- DBG1(DBG_MGR, "manager initialization failed, no hasher supported");
- free(this);
- return NULL;
- }
this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (this->rng == NULL)
{
DBG1(DBG_MGR, "manager initialization failed, no RNG supported");
- this->hasher->destroy(this->hasher);
free(this);
return NULL;
}
diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index 114b8a3..d01a831 100644
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -536,6 +536,7 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
enumerator_t *enumerator;
peer_cfg_t *current;
host_t *me, *other;
+ int unusable = 0;
if (this->peer_cfg)
{ /* try to find an alternative config */
@@ -571,6 +572,10 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
this->candidates->insert_last(this->candidates, current);
}
}
+ else
+ {
+ unusable++;
+ }
}
enumerator->destroy(enumerator);
@@ -580,6 +585,13 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
this->peer_cfg->get_name(this->peer_cfg));
return this->peer_cfg->get_ref(this->peer_cfg);
}
+ if (unusable)
+ {
+ DBG1(DBG_IKE, "found %d matching config%s, but none allows %N "
+ "authentication using %s Mode", unusable, unusable > 1 ? "s" : "",
+ auth_method_names, method, aggressive ? "Aggressive" : "Main");
+ return NULL;
+ }
DBG1(DBG_IKE, "no peer config found");
return NULL;
}
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 97812a5..0f8e8bc 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2013 Tobias Brunner
+ * Copyright (C) 2007-2014 Tobias Brunner
* Copyright (C) 2007-2011 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -38,8 +38,7 @@
#include <processing/jobs/dpd_timeout_job.h>
#include <processing/jobs/process_message_job.h>
-#include <encoding/payloads/fragment_payload.h>
-#include <bio/bio_writer.h>
+#include <collections/array.h>
/**
* Number of old messages hashes we keep for retransmission.
@@ -51,20 +50,6 @@
#define MAX_OLD_HASHES 2
/**
- * Maximum packet size for fragmented packets (same as in sockets)
- */
-#define MAX_PACKET 10000
-
-/**
- * Maximum size of fragment data when sending packets (currently the same is
- * used for IPv4 and IPv6, even though the latter has a higher minimum datagram
- * size). 576 (= min. IPv4) - 20 (= IP header) - 8 (= UDP header) -
- * - 28 (= IKE header) - 8 (= fragment header) = 512
- * This is reduced by 4 in case of NAT-T (due to the non-ESP marker).
- */
-#define MAX_FRAGMENT_SIZE 512
-
-/**
* First sequence number of responding packets.
*
* To distinguish retransmission jobs for initiating and responding packets,
@@ -127,9 +112,9 @@ struct private_task_manager_t {
u_int32_t hash;
/**
- * packet for retransmission
+ * packet(s) for retransmission
*/
- packet_t *packet;
+ array_t *packets;
/**
* Sequence number of the last sent message
@@ -173,9 +158,9 @@ struct private_task_manager_t {
u_int retransmitted;
/**
- * packet for retransmission
+ * packet(s) for retransmission
*/
- packet_t *packet;
+ array_t *packets;
/**
* type of the initiated exchange
@@ -185,50 +170,9 @@ struct private_task_manager_t {
} initiating;
/**
- * Data used to reassemble a fragmented message
+ * Message we are currently defragmenting, if any (only one at a time)
*/
- struct {
-
- /**
- * Fragment ID (currently only one is supported at a time)
- */
- u_int16_t id;
-
- /**
- * The number of the last fragment (in case we receive the fragments out
- * of order), since the first starts with 1 this defines the number of
- * fragments we expect
- */
- u_int8_t last;
-
- /**
- * List of fragments (fragment_t*)
- */
- linked_list_t *list;
-
- /**
- * Length of all currently received fragments
- */
- size_t len;
-
- /**
- * Maximum length of a fragmented packet
- */
- size_t max_packet;
-
- /**
- * Maximum length of a single fragment (when sending)
- */
- size_t size;
-
- /**
- * The exchange type we use for fragments. Always the initial type even
- * for fragmented quick mode or transaction messages (i.e. either
- * ID_PROT or AGGRESSIVE)
- */
- exchange_type_t exchange;
-
- } frag;
+ message_t *defrag;
/**
* List of queued tasks not yet in action
@@ -277,31 +221,16 @@ struct private_task_manager_t {
};
/**
- * A single fragment within a fragmented message
+ * Reset retransmission packet list
*/
-typedef struct {
-
- /** fragment number */
- u_int8_t num;
-
- /** fragment data */
- chunk_t data;
-
-} fragment_t;
-
-static void fragment_destroy(fragment_t *this)
+static void clear_packets(array_t *array)
{
- chunk_free(&this->data);
- free(this);
-}
+ packet_t *packet;
-static void clear_fragments(private_task_manager_t *this, u_int16_t id)
-{
- DESTROY_FUNCTION_IF(this->frag.list, (void*)fragment_destroy);
- this->frag.list = NULL;
- this->frag.last = 0;
- this->frag.len = 0;
- this->frag.id = id;
+ while (array_remove(array, ARRAY_TAIL, &packet))
+ {
+ packet->destroy(packet);
+ }
}
METHOD(task_manager_t, flush_queue, void,
@@ -321,8 +250,7 @@ METHOD(task_manager_t, flush_queue, void,
list = this->active_tasks;
/* cancel pending retransmits */
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- DESTROY_IF(this->initiating.packet);
- this->initiating.packet = NULL;
+ clear_packets(this->initiating.packets);
break;
case TASK_QUEUE_PASSIVE:
list = this->passive_tasks;
@@ -373,110 +301,53 @@ static bool activate_task(private_task_manager_t *this, task_type_t type)
}
/**
- * Send a single fragment with the given data
+ * Send packets in the given array (they get cloned)
*/
-static bool send_fragment(private_task_manager_t *this, bool request,
- host_t *src, host_t *dst, fragment_payload_t *fragment)
+static void send_packets(private_task_manager_t *this, array_t *packets)
{
- message_t *message;
+ enumerator_t *enumerator;
packet_t *packet;
- status_t status;
- message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION);
- /* other implementations seem to just use 0 as message ID, so here we go */
- message->set_message_id(message, 0);
- message->set_request(message, request);
- message->set_source(message, src->clone(src));
- message->set_destination(message, dst->clone(dst));
- message->set_exchange_type(message, this->frag.exchange);
- message->add_payload(message, (payload_t*)fragment);
-
- status = this->ike_sa->generate_message(this->ike_sa, message, &packet);
- if (status != SUCCESS)
+ enumerator = array_create_enumerator(packets);
+ while (enumerator->enumerate(enumerator, &packet))
{
- DBG1(DBG_IKE, "failed to generate IKE fragment");
- message->destroy(message);
- return FALSE;
+ charon->sender->send(charon->sender, packet->clone(packet));
}
- charon->sender->send(charon->sender, packet);
- message->destroy(message);
- return TRUE;
+ enumerator->destroy(enumerator);
}
/**
- * Send a packet, if supported and required do so in fragments
+ * Generates the given message and stores packet(s) in the given array
*/
-static bool send_packet(private_task_manager_t *this, bool request,
- packet_t *packet)
+static bool generate_message(private_task_manager_t *this, message_t *message,
+ array_t **packets)
{
- bool use_frags = FALSE;
- ike_cfg_t *ike_cfg;
- chunk_t data;
+ enumerator_t *fragments;
+ packet_t *fragment;
- ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
- if (ike_cfg)
+ if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
+ &fragments) != SUCCESS)
{
- switch (ike_cfg->fragmentation(ike_cfg))
- {
- case FRAGMENTATION_FORCE:
- use_frags = TRUE;
- break;
- case FRAGMENTATION_YES:
- use_frags = this->ike_sa->supports_extension(this->ike_sa,
- EXT_IKE_FRAGMENTATION);
- break;
- default:
- break;
- }
+ return FALSE;
}
- data = packet->get_data(packet);
- if (data.len > this->frag.size && use_frags)
+ while (fragments->enumerate(fragments, &fragment))
{
- fragment_payload_t *fragment;
- u_int8_t num, count;
- size_t len, frag_size;
- host_t *src, *dst;
-
- src = packet->get_source(packet);
- dst = packet->get_destination(packet);
-
- frag_size = this->frag.size;
- if (dst->get_port(dst) != IKEV2_UDP_PORT &&
- src->get_port(src) != IKEV2_UDP_PORT)
- { /* reduce size due to non-ESP marker */
- frag_size -= 4;
- }
- count = data.len / frag_size + (data.len % frag_size ? 1 : 0);
-
- DBG1(DBG_IKE, "sending IKE message with length of %zu bytes in "
- "%hhu fragments", data.len, count);
- for (num = 1; num <= count; num++)
- {
- len = min(data.len, frag_size);
- fragment = fragment_payload_create_from_data(num, num == count,
- chunk_create(data.ptr, len));
- if (!send_fragment(this, request, src, dst, fragment))
- {
- packet->destroy(packet);
- return FALSE;
- }
- data = chunk_skip(data, len);
- }
- packet->destroy(packet);
- return TRUE;
+ array_insert_create(packets, ARRAY_TAIL, fragment);
}
- charon->sender->send(charon->sender, packet);
+ fragments->destroy(fragments);
return TRUE;
}
/**
- * Retransmit a packet, either as initiator or as responder
+ * Retransmit a packet (or its fragments)
*/
-static status_t retransmit_packet(private_task_manager_t *this, bool request,
- u_int32_t seqnr, u_int mid, u_int retransmitted, packet_t *packet)
+static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr,
+ u_int mid, u_int retransmitted, array_t *packets)
{
+ packet_t *packet;
u_int32_t t;
+ array_get(packets, 0, &packet);
if (retransmitted > this->retransmit_tries)
{
DBG1(DBG_IKE, "giving up after %u retransmits", retransmitted - 1);
@@ -492,10 +363,7 @@ static status_t retransmit_packet(private_task_manager_t *this, bool request,
mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ);
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet);
}
- if (!send_packet(this, request, packet->clone(packet)))
- {
- return DESTROY_ME;
- }
+ send_packets(this, packets);
lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)
retransmit_job_create(seqnr, this->ike_sa->get_id(this->ike_sa)), t);
return NEED_MORE;
@@ -506,20 +374,22 @@ METHOD(task_manager_t, retransmit, status_t,
{
status_t status = SUCCESS;
- if (seqnr == this->initiating.seqnr && this->initiating.packet)
+ if (seqnr == this->initiating.seqnr &&
+ array_count(this->initiating.packets))
{
- status = retransmit_packet(this, TRUE, seqnr, this->initiating.mid,
- this->initiating.retransmitted, this->initiating.packet);
+ status = retransmit_packet(this, seqnr, this->initiating.mid,
+ this->initiating.retransmitted, this->initiating.packets);
if (status == NEED_MORE)
{
this->initiating.retransmitted++;
status = SUCCESS;
}
}
- if (seqnr == this->responding.seqnr && this->responding.packet)
+ if (seqnr == this->responding.seqnr &&
+ array_count(this->responding.packets))
{
- status = retransmit_packet(this, FALSE, seqnr, this->responding.mid,
- this->responding.retransmitted, this->responding.packet);
+ status = retransmit_packet(this, seqnr, this->responding.mid,
+ this->responding.retransmitted, this->responding.packets);
if (status == NEED_MORE)
{
this->responding.retransmitted++;
@@ -586,7 +456,6 @@ METHOD(task_manager_t, initiate, status_t,
task_t *task;
message_t *message;
host_t *me, *other;
- status_t status;
exchange_type_t exchange = EXCHANGE_TYPE_UNDEFINED;
bool new_mid = FALSE, expect_response = FALSE, cancelled = FALSE, keep = FALSE;
@@ -790,10 +659,8 @@ METHOD(task_manager_t, initiate, status_t,
return initiate(this);
}
- DESTROY_IF(this->initiating.packet);
- status = this->ike_sa->generate_message(this->ike_sa, message,
- &this->initiating.packet);
- if (status != SUCCESS)
+ clear_packets(this->initiating.packets);
+ if (!generate_message(this, message, &this->initiating.packets))
{
/* message generation failed. There is nothing more to do than to
* close the SA */
@@ -811,13 +678,12 @@ METHOD(task_manager_t, initiate, status_t,
}
if (keep)
{ /* keep the packet for retransmission, the responder might request it */
- send_packet(this, TRUE,
- this->initiating.packet->clone(this->initiating.packet));
+ send_packets(this, this->initiating.packets);
}
else
{
- send_packet(this, TRUE, this->initiating.packet);
- this->initiating.packet = NULL;
+ send_packets(this, this->initiating.packets);
+ clear_packets(this->initiating.packets);
}
message->destroy(message);
@@ -848,7 +714,6 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
message_t *message;
host_t *me, *other;
bool delete = FALSE, cancelled = FALSE, expect_request = FALSE;
- status_t status;
me = request->get_destination(request);
other = request->get_source(request);
@@ -900,28 +765,25 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
}
enumerator->destroy(enumerator);
- DESTROY_IF(this->responding.packet);
- this->responding.packet = NULL;
+ clear_packets(this->responding.packets);
if (cancelled)
{
message->destroy(message);
return initiate(this);
}
- status = this->ike_sa->generate_message(this->ike_sa, message,
- &this->responding.packet);
- message->destroy(message);
- if (status != SUCCESS)
+ if (!generate_message(this, message, &this->responding.packets))
{
+ message->destroy(message);
charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
return DESTROY_ME;
}
+ message->destroy(message);
if (expect_request && !delete)
{
return retransmit(this, this->responding.seqnr);
}
- send_packet(this, FALSE,
- this->responding.packet->clone(this->responding.packet));
+ send_packets(this, this->responding.packets);
if (delete)
{
return DESTROY_ME;
@@ -937,7 +799,7 @@ static void send_notify(private_task_manager_t *this, message_t *request,
notify_type_t type)
{
message_t *response;
- packet_t *packet;
+ array_t *packets = NULL;
host_t *me, *other;
u_int32_t mid;
@@ -973,11 +835,12 @@ static void send_notify(private_task_manager_t *this, message_t *request,
}
response->set_source(response, me->clone(me));
response->set_destination(response, other->clone(other));
- if (this->ike_sa->generate_message(this->ike_sa, response,
- &packet) == SUCCESS)
+ if (generate_message(this, response, &packets))
{
- send_packet(this, TRUE, packet);
+ send_packets(this, packets);
}
+ clear_packets(packets);
+ array_destroy(packets);
response->destroy(response);
}
@@ -1075,7 +938,6 @@ static status_t process_request(private_task_manager_t *this,
this->passive_tasks->insert_last(this->passive_tasks, task);
task = (task_t *)isakmp_natd_create(this->ike_sa, FALSE);
this->passive_tasks->insert_last(this->passive_tasks, task);
- this->frag.exchange = AGGRESSIVE;
break;
case QUICK_MODE:
if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
@@ -1164,8 +1026,7 @@ static status_t process_request(private_task_manager_t *this,
else
{ /* We don't send a response, so don't retransmit one if we get
* the same message again. */
- DESTROY_IF(this->responding.packet);
- this->responding.packet = NULL;
+ clear_packets(this->responding.packets);
}
if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
this->queued_tasks->get_count(this->queued_tasks) > 0)
@@ -1237,8 +1098,7 @@ static status_t process_response(private_task_manager_t *this,
enumerator->destroy(enumerator);
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- DESTROY_IF(this->initiating.packet);
- this->initiating.packet = NULL;
+ clear_packets(this->initiating.packets);
if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
{
@@ -1258,107 +1118,23 @@ static status_t process_response(private_task_manager_t *this,
static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
{
- fragment_payload_t *payload;
- enumerator_t *enumerator;
- fragment_t *fragment;
- status_t status = SUCCESS;
- chunk_t data;
- u_int8_t num;
-
- payload = (fragment_payload_t*)msg->get_payload(msg, PLV1_FRAGMENT);
- if (!payload)
- {
- return FAILED;
- }
-
- if (!this->frag.list || this->frag.id != payload->get_id(payload))
- {
- clear_fragments(this, payload->get_id(payload));
- this->frag.list = linked_list_create();
- }
-
- num = payload->get_number(payload);
- if (!this->frag.last && payload->is_last(payload))
- {
- this->frag.last = num;
- }
+ status_t status;
- enumerator = this->frag.list->create_enumerator(this->frag.list);
- while (enumerator->enumerate(enumerator, &fragment))
+ if (!this->defrag)
{
- if (fragment->num == num)
- { /* ignore a duplicate fragment */
- DBG1(DBG_IKE, "received duplicate fragment #%hhu", num);
- enumerator->destroy(enumerator);
- return NEED_MORE;
- }
- if (fragment->num > num)
+ this->defrag = message_create_defrag(msg);
+ if (!this->defrag)
{
- break;
+ return FAILED;
}
}
-
- data = payload->get_data(payload);
- this->frag.len += data.len;
- if (this->frag.len > this->frag.max_packet)
- {
- DBG1(DBG_IKE, "fragmented IKE message is too large");
- enumerator->destroy(enumerator);
- clear_fragments(this, 0);
- return FAILED;
- }
-
- INIT(fragment,
- .num = num,
- .data = chunk_clone(data),
- );
-
- this->frag.list->insert_before(this->frag.list, enumerator, fragment);
- enumerator->destroy(enumerator);
-
- if (this->frag.list->get_count(this->frag.list) == this->frag.last)
+ status = this->defrag->add_fragment(this->defrag, msg);
+ if (status == SUCCESS)
{
- message_t *message;
- packet_t *pkt;
- host_t *src, *dst;
- bio_writer_t *writer;
-
- writer = bio_writer_create(this->frag.len);
- DBG1(DBG_IKE, "received fragment #%hhu, reassembling fragmented IKE "
- "message", num);
- enumerator = this->frag.list->create_enumerator(this->frag.list);
- while (enumerator->enumerate(enumerator, &fragment))
- {
- writer->write_data(writer, fragment->data);
- }
- enumerator->destroy(enumerator);
-
- src = msg->get_source(msg);
- dst = msg->get_destination(msg);
- pkt = packet_create_from_data(src->clone(src), dst->clone(dst),
- writer->extract_buf(writer));
- writer->destroy(writer);
-
- message = message_create_from_packet(pkt);
- if (message->parse_header(message) != SUCCESS)
- {
- DBG1(DBG_IKE, "failed to parse header of reassembled IKE message");
- message->destroy(message);
- status = FAILED;
- }
- else
- {
- lib->processor->queue_job(lib->processor,
- (job_t*)process_message_job_create(message));
- status = NEED_MORE;
-
- }
- clear_fragments(this, 0);
- }
- else
- { /* there are some fragments missing */
- DBG1(DBG_IKE, "received fragment #%hhu, waiting for complete IKE "
- "message", num);
+ lib->processor->queue_job(lib->processor,
+ (job_t*)process_message_job_create(this->defrag));
+ this->defrag = NULL;
+ /* do not process the last fragment */
status = NEED_MORE;
}
return status;
@@ -1435,15 +1211,14 @@ METHOD(task_manager_t, process_message, status_t,
{
if (this->initiating.old_hashes[i] == hash)
{
- if (this->initiating.packet &&
+ if (array_count(this->initiating.packets) &&
i == (this->initiating.old_hash_pos % MAX_OLD_HASHES) &&
(msg->get_exchange_type(msg) == QUICK_MODE ||
msg->get_exchange_type(msg) == AGGRESSIVE))
{
DBG1(DBG_IKE, "received retransmit of response with ID %u, "
"resending last request", mid);
- send_packet(this, TRUE,
- this->initiating.packet->clone(this->initiating.packet));
+ send_packets(this, this->initiating.packets);
return SUCCESS;
}
DBG1(DBG_IKE, "received retransmit of response with ID %u, "
@@ -1484,20 +1259,18 @@ METHOD(task_manager_t, process_message, status_t,
{
if (hash == this->responding.hash)
{
- if (this->responding.packet)
+ if (array_count(this->responding.packets))
{
DBG1(DBG_IKE, "received retransmit of request with ID %u, "
"retransmitting response", mid);
- send_packet(this, FALSE,
- this->responding.packet->clone(this->responding.packet));
+ send_packets(this, this->responding.packets);
}
- else if (this->initiating.packet &&
+ else if (array_count(this->initiating.packets) &&
this->initiating.type == INFORMATIONAL_V1)
{
DBG1(DBG_IKE, "received retransmit of DPD request, "
"retransmitting response");
- send_packet(this, TRUE,
- this->initiating.packet->clone(this->initiating.packet));
+ send_packets(this, this->initiating.packets);
}
else
{
@@ -1593,13 +1366,6 @@ METHOD(task_manager_t, process_message, status_t,
return SUCCESS;
}
-METHOD(task_manager_t, queue_task, void,
- private_task_manager_t *this, task_t *task)
-{
- DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
- this->queued_tasks->insert_last(this->queued_tasks, task);
-}
-
/**
* Check if a given task has been queued already
*/
@@ -1622,6 +1388,28 @@ static bool has_queued(private_task_manager_t *this, task_type_t type)
return found;
}
+METHOD(task_manager_t, queue_task, void,
+ private_task_manager_t *this, task_t *task)
+{
+ task_type_t type = task->get_type(task);
+
+ switch (type)
+ {
+ case TASK_MODE_CONFIG:
+ case TASK_XAUTH:
+ if (has_queued(this, type))
+ {
+ task->destroy(task);
+ return;
+ }
+ break;
+ default:
+ break;
+ }
+ DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task));
+ this->queued_tasks->insert_last(this->queued_tasks, task);
+}
+
METHOD(task_manager_t, queue_ike, void,
private_task_manager_t *this)
{
@@ -1642,7 +1430,6 @@ METHOD(task_manager_t, queue_ike, void,
{
queue_task(this, (task_t*)aggressive_mode_create(this->ike_sa, TRUE));
}
- this->frag.exchange = AGGRESSIVE;
}
else
{
@@ -1969,17 +1756,16 @@ METHOD(task_manager_t, reset, void,
task_t *task;
/* reset message counters and retransmit packets */
- DESTROY_IF(this->responding.packet);
- DESTROY_IF(this->initiating.packet);
- this->responding.packet = NULL;
+ clear_packets(this->responding.packets);
+ clear_packets(this->initiating.packets);
this->responding.seqnr = RESPONDING_SEQ;
this->responding.retransmitted = 0;
- this->initiating.packet = NULL;
this->initiating.mid = 0;
this->initiating.seqnr = 0;
this->initiating.retransmitted = 0;
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- clear_fragments(this, 0);
+ DESTROY_IF(this->defrag);
+ this->defrag = NULL;
if (initiate != UINT_MAX)
{
this->dpd_send = initiate;
@@ -2030,11 +1816,13 @@ METHOD(task_manager_t, destroy, void,
this->active_tasks->destroy(this->active_tasks);
this->queued_tasks->destroy(this->queued_tasks);
this->passive_tasks->destroy(this->passive_tasks);
- clear_fragments(this, 0);
+ DESTROY_IF(this->defrag);
DESTROY_IF(this->queued);
- DESTROY_IF(this->responding.packet);
- DESTROY_IF(this->initiating.packet);
+ clear_packets(this->responding.packets);
+ array_destroy(this->responding.packets);
+ clear_packets(this->initiating.packets);
+ array_destroy(this->initiating.packets);
DESTROY_IF(this->rng);
free(this);
}
@@ -2079,13 +1867,6 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
.responding = {
.seqnr = RESPONDING_SEQ,
},
- .frag = {
- .exchange = ID_PROT,
- .max_packet = lib->settings->get_int(lib->settings,
- "%s.max_packet", MAX_PACKET, lib->ns),
- .size = lib->settings->get_int(lib->settings,
- "%s.fragment_size", MAX_FRAGMENT_SIZE, lib->ns),
- },
.ike_sa = ike_sa,
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
.queued_tasks = linked_list_create(),
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 7009ae9..710bf1c 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -475,6 +475,9 @@ METHOD(task_t, process_r, status_t,
}
case AM_AUTH:
{
+ adopt_children_job_t *job = NULL;
+ xauth_t *xauth = NULL;
+
while (TRUE)
{
if (this->ph1->verify_auth(this->ph1, this->method, message,
@@ -504,8 +507,8 @@ METHOD(task_t, process_r, status_t,
case AUTH_XAUTH_INIT_PSK:
case AUTH_XAUTH_INIT_RSA:
case AUTH_HYBRID_INIT_RSA:
- this->ike_sa->queue_task(this->ike_sa,
- (task_t*)xauth_create(this->ike_sa, TRUE));
+ xauth = xauth_create(this->ike_sa, TRUE);
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth);
break;
case AUTH_XAUTH_RESP_PSK:
case AUTH_XAUTH_RESP_RSA:
@@ -524,9 +527,8 @@ METHOD(task_t, process_r, status_t,
{
return send_delete(this);
}
- lib->processor->queue_job(lib->processor, (job_t*)
- adopt_children_job_create(
- this->ike_sa->get_id(this->ike_sa)));
+ job = adopt_children_job_create(
+ this->ike_sa->get_id(this->ike_sa));
break;
}
/* check for and prepare mode config push/pull */
@@ -542,10 +544,26 @@ METHOD(task_t, process_r, status_t,
{
if (!this->peer_cfg->use_pull_mode(this->peer_cfg))
{
- this->ike_sa->queue_task(this->ike_sa,
- (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE));
+ if (job)
+ {
+ job->queue_task(job, (task_t*)
+ mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
+ else if (xauth)
+ {
+ xauth->queue_mode_config_push(xauth);
+ }
+ else
+ {
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)
+ mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
}
}
+ if (job)
+ {
+ lib->processor->queue_job(lib->processor, (job_t*)job);
+ }
return SUCCESS;
}
default:
diff --git a/src/libcharon/sa/ikev1/tasks/informational.c b/src/libcharon/sa/ikev1/tasks/informational.c
index b742dbe..2798978 100644
--- a/src/libcharon/sa/ikev1/tasks/informational.c
+++ b/src/libcharon/sa/ikev1/tasks/informational.c
@@ -112,16 +112,16 @@ METHOD(task_t, process_r, status_t,
IKEV2_UDP_PORT);
if (redirect)
{ /* treat the redirect as reauthentication */
- DBG1(DBG_IKE, "received %N notify. redirected to %H",
+ DBG1(DBG_IKE, "received %N notify, redirected to %H",
notify_type_names, type, redirect);
/* Cisco boxes reject the first message from 4500 */
me = this->ike_sa->get_my_host(this->ike_sa);
me->set_port(me, charon->socket->get_port(
charon->socket, FALSE));
this->ike_sa->set_other_host(this->ike_sa, redirect);
- this->ike_sa->reauth(this->ike_sa);
+ status = this->ike_sa->reauth(this->ike_sa);
enumerator->destroy(enumerator);
- return DESTROY_ME;
+ return status;
}
else
{
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 426c4bd..0162fd8 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -15,7 +15,7 @@
*/
/*
- * Copyright (C) 2012 Volker Rümelin
+ * Copyright (C) 2012-2014 Volker Rümelin
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -106,10 +106,15 @@ static struct {
"\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"},
/* Proprietary IKE fragmentation extension. Capabilities are handled
- * specially on receipt of this VID. */
+ * specially on receipt of this VID. Windows peers send this VID
+ * without capabilities, but accept it with and without capabilities. */
{ "FRAGMENTATION", EXT_IKE_FRAGMENTATION, FALSE, 20,
"\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3\x80\x00\x00\x00"},
+ /* Windows peers send this VID and a version number */
+ { "MS NT5 ISAKMPOAKLEY", EXT_MS_WINDOWS, FALSE, 20,
+ "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x00"},
+
}, vendor_natt_ids[] = {
/* NAT-Traversal VIDs ordered by preference */
@@ -167,15 +172,27 @@ static struct {
*/
static const u_int32_t fragmentation_ike = 0x80000000;
-/**
- * Check if the given vendor ID indicate support for fragmentation
- */
-static bool fragmentation_supported(chunk_t data, int i)
+static bool is_known_vid(chunk_t data, int i)
{
- if (vendor_ids[i].extension == EXT_IKE_FRAGMENTATION &&
- data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16))
+ switch (vendor_ids[i].extension)
{
- return untoh32(&data.ptr[16]) & fragmentation_ike;
+ case EXT_IKE_FRAGMENTATION:
+ if (data.len >= 16 && memeq(data.ptr, vendor_ids[i].id, 16))
+ {
+ switch (data.len)
+ {
+ case 16:
+ return TRUE;
+ case 20:
+ return untoh32(&data.ptr[16]) & fragmentation_ike;
+ }
+ }
+ break;
+ case EXT_MS_WINDOWS:
+ return data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16);
+ default:
+ return chunk_equals(data, chunk_create(vendor_ids[i].id,
+ vendor_ids[i].len));
}
return FALSE;
}
@@ -251,9 +268,7 @@ static void process(private_isakmp_vendor_t *this, message_t *message)
for (i = 0; i < countof(vendor_ids); i++)
{
- if (chunk_equals(data, chunk_create(vendor_ids[i].id,
- vendor_ids[i].len)) ||
- fragmentation_supported(data, i))
+ if (is_known_vid(data, i))
{
DBG1(DBG_IKE, "received %s vendor ID", vendor_ids[i].desc);
if (vendor_ids[i].extension)
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 8a5d9ae..2fb4c69 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -479,6 +479,8 @@ METHOD(task_t, build_r, status_t,
{
id_payload_t *id_payload;
identification_t *id;
+ adopt_children_job_t *job = NULL;
+ xauth_t *xauth = NULL;
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
if (!id)
@@ -502,8 +504,8 @@ METHOD(task_t, build_r, status_t,
case AUTH_XAUTH_INIT_PSK:
case AUTH_XAUTH_INIT_RSA:
case AUTH_HYBRID_INIT_RSA:
- this->ike_sa->queue_task(this->ike_sa,
- (task_t*)xauth_create(this->ike_sa, TRUE));
+ xauth = xauth_create(this->ike_sa, TRUE);
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth);
break;
case AUTH_XAUTH_RESP_PSK:
case AUTH_XAUTH_RESP_RSA:
@@ -522,9 +524,8 @@ METHOD(task_t, build_r, status_t,
{
return send_notify(this, AUTHENTICATION_FAILED);
}
- lib->processor->queue_job(lib->processor, (job_t*)
- adopt_children_job_create(
- this->ike_sa->get_id(this->ike_sa)));
+ job = adopt_children_job_create(
+ this->ike_sa->get_id(this->ike_sa));
break;
}
if (this->ph1->has_virtual_ip(this->ph1, this->peer_cfg))
@@ -539,10 +540,26 @@ METHOD(task_t, build_r, status_t,
{
if (!this->peer_cfg->use_pull_mode(this->peer_cfg))
{
- this->ike_sa->queue_task(this->ike_sa,
- (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE));
+ if (job)
+ {
+ job->queue_task(job, (task_t*)
+ mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
+ else if (xauth)
+ {
+ xauth->queue_mode_config_push(xauth);
+ }
+ else
+ {
+ this->ike_sa->queue_task(this->ike_sa, (task_t*)
+ mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
}
}
+ if (job)
+ {
+ lib->processor->queue_job(lib->processor, (job_t*)job);
+ }
return SUCCESS;
}
default:
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index e627368..1133aab 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1030,7 +1030,8 @@ METHOD(task_t, process_r, status_t,
}
tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
- if (!this->config || !this->tsi || !this->tsr)
+ if (!this->config || !this->tsi || !this->tsr ||
+ this->mode != this->config->get_mode(this->config))
{
DBG1(DBG_IKE, "no matching CHILD_SA config found");
return send_notify(this, INVALID_ID_INFORMATION);
@@ -1117,11 +1118,22 @@ METHOD(task_t, process_r, status_t,
}
case QM_NEGOTIATED:
{
- if (message->get_exchange_type(message) == INFORMATIONAL_V1 ||
- has_notify_errors(this, message))
+ if (has_notify_errors(this, message))
{
return SUCCESS;
}
+ if (message->get_exchange_type(message) == INFORMATIONAL_V1)
+ {
+ if (message->get_payload(message, PLV1_DELETE))
+ {
+ /* If the DELETE for a Quick Mode follows immediately
+ * after rekeying, we might receive it before the
+ * third completing Quick Mode message. Ignore it, as
+ * it gets handled by a separately queued delete task. */
+ return NEED_MORE;
+ }
+ return SUCCESS;
+ }
if (!install(this))
{
ike_sa_t *ike_sa = this->ike_sa;
@@ -1198,6 +1210,14 @@ METHOD(task_t, build_r, status_t,
this->state = QM_NEGOTIATED;
return NEED_MORE;
}
+ case QM_NEGOTIATED:
+ if (message->get_exchange_type(message) == INFORMATIONAL_V1)
+ {
+ /* skip INFORMATIONAL response if we received a INFORMATIONAL
+ * delete, see process_r() */
+ return ALREADY_DONE;
+ }
+ /* fall */
default:
return FAILED;
}
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index bdc5d67..a770e90 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -19,6 +19,7 @@
#include <hydra.h>
#include <encoding/payloads/cp_payload.h>
#include <processing/jobs/adopt_children_job.h>
+#include <sa/ikev1/tasks/mode_config.h>
typedef struct private_xauth_t private_xauth_t;
@@ -74,6 +75,11 @@ struct private_xauth_t {
* status of Xauth exchange
*/
xauth_status_t status;
+
+ /**
+ * Queue a Mode Config Push mode after completing XAuth?
+ */
+ bool mode_config_push;
};
/**
@@ -290,6 +296,7 @@ METHOD(task_t, process_i_status, status_t,
private_xauth_t *this, message_t *message)
{
cp_payload_t *cp;
+ adopt_children_job_t *job;
cp = (cp_payload_t*)message->get_payload(message, PLV1_CONFIGURATION);
if (!cp || cp->get_type(cp) != CFG_ACK)
@@ -307,8 +314,13 @@ METHOD(task_t, process_i_status, status_t,
return FAILED;
}
this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE);
- lib->processor->queue_job(lib->processor, (job_t*)
- adopt_children_job_create(this->ike_sa->get_id(this->ike_sa)));
+ job = adopt_children_job_create(this->ike_sa->get_id(this->ike_sa));
+ if (this->mode_config_push)
+ {
+ job->queue_task(job,
+ (task_t*)mode_config_create(this->ike_sa, TRUE, FALSE));
+ }
+ lib->processor->queue_job(lib->processor, (job_t*)job);
return SUCCESS;
}
@@ -511,6 +523,12 @@ METHOD(task_t, migrate, void,
}
}
+METHOD(xauth_t, queue_mode_config_push, void,
+ private_xauth_t *this)
+{
+ this->mode_config_push = TRUE;
+}
+
METHOD(task_t, destroy, void,
private_xauth_t *this)
{
@@ -533,6 +551,7 @@ xauth_t *xauth_create(ike_sa_t *ike_sa, bool initiator)
.migrate = _migrate,
.destroy = _destroy,
},
+ .queue_mode_config_push = _queue_mode_config_push,
},
.initiator = initiator,
.ike_sa = ike_sa,
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.h b/src/libcharon/sa/ikev1/tasks/xauth.h
index 303eb31..ffaf32a 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.h
+++ b/src/libcharon/sa/ikev1/tasks/xauth.h
@@ -36,6 +36,11 @@ struct xauth_t {
* Implements the task_t interface
*/
task_t task;
+
+ /**
+ * Queue a Mode Config in Push mode after completing XAuth.
+ */
+ void (*queue_mode_config_push)(xauth_t *this);
};
/**
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index ada798b..eb7df35 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2011 Tobias Brunner
+ * Copyright (C) 2007-2014 Tobias Brunner
* Copyright (C) 2007-2010 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -90,9 +90,14 @@ struct private_task_manager_t {
u_int32_t mid;
/**
- * packet for retransmission
+ * packet(s) for retransmission
*/
- packet_t *packet;
+ array_t *packets;
+
+ /**
+ * Helper to defragment the request
+ */
+ message_t *defrag;
} responding;
@@ -111,15 +116,25 @@ struct private_task_manager_t {
u_int retransmitted;
/**
- * packet for retransmission
+ * packet(s) for retransmission
*/
- packet_t *packet;
+ array_t *packets;
/**
* type of the initated exchange
*/
exchange_type_t type;
+ /**
+ * TRUE if exchange was deferred because no path was available
+ */
+ bool deferred;
+
+ /**
+ * Helper to defragment the response
+ */
+ message_t *defrag;
+
} initiating;
/**
@@ -158,6 +173,19 @@ struct private_task_manager_t {
double retransmit_base;
};
+/**
+ * Reset retransmission packet list
+ */
+static void clear_packets(array_t *array)
+{
+ packet_t *packet;
+
+ while (array_remove(array, ARRAY_TAIL, &packet))
+ {
+ packet->destroy(packet);
+ }
+}
+
METHOD(task_manager_t, flush_queue, void,
private_task_manager_t *this, task_queue_t queue)
{
@@ -217,10 +245,60 @@ static bool activate_task(private_task_manager_t *this, task_type_t type)
return found;
}
+/**
+ * Send packets in the given array (they get cloned). Optionally, the
+ * source and destination addresses are changed before sending it.
+ */
+static void send_packets(private_task_manager_t *this, array_t *packets,
+ host_t *src, host_t *dst)
+{
+ packet_t *packet, *clone;
+ int i;
+
+ for (i = 0; i < array_count(packets); i++)
+ {
+ array_get(packets, i, &packet);
+ clone = packet->clone(packet);
+ if (src)
+ {
+ clone->set_source(clone, src->clone(src));
+ }
+ if (dst)
+ {
+ clone->set_destination(clone, dst->clone(dst));
+ }
+ charon->sender->send(charon->sender, clone);
+ }
+}
+
+/**
+ * Generates the given message and stores packet(s) in the given array
+ */
+static bool generate_message(private_task_manager_t *this, message_t *message,
+ array_t **packets)
+{
+ enumerator_t *fragments;
+ packet_t *fragment;
+
+ if (this->ike_sa->generate_message_fragmented(this->ike_sa, message,
+ &fragments) != SUCCESS)
+ {
+ return FALSE;
+ }
+ while (fragments->enumerate(fragments, &fragment))
+ {
+ array_insert_create(packets, ARRAY_TAIL, fragment);
+ }
+ fragments->destroy(fragments);
+ array_compress(*packets);
+ return TRUE;
+}
+
METHOD(task_manager_t, retransmit, status_t,
private_task_manager_t *this, u_int32_t message_id)
{
- if (this->initiating.packet && message_id == this->initiating.mid)
+ if (message_id == this->initiating.mid &&
+ array_count(this->initiating.packets))
{
u_int32_t timeout;
job_t *job;
@@ -229,23 +307,24 @@ METHOD(task_manager_t, retransmit, status_t,
task_t *task;
ike_mobike_t *mobike = NULL;
+ array_get(this->initiating.packets, 0, &packet);
+
/* check if we are retransmitting a MOBIKE routability check */
- enumerator = array_create_enumerator(this->active_tasks);
- while (enumerator->enumerate(enumerator, (void*)&task))
+ if (this->initiating.type == INFORMATIONAL)
{
- if (task->get_type(task) == TASK_IKE_MOBIKE)
+ enumerator = array_create_enumerator(this->active_tasks);
+ while (enumerator->enumerate(enumerator, (void*)&task))
{
- mobike = (ike_mobike_t*)task;
- if (!mobike->is_probing(mobike))
+ if (task->get_type(task) == TASK_IKE_MOBIKE)
{
- mobike = NULL;
+ mobike = (ike_mobike_t*)task;
+ break;
}
- break;
}
+ enumerator->destroy(enumerator);
}
- enumerator->destroy(enumerator);
- if (mobike == NULL)
+ if (!mobike || !mobike->is_probing(mobike))
{
if (this->initiating.retransmitted <= this->retransmit_tries)
{
@@ -257,7 +336,7 @@ METHOD(task_manager_t, retransmit, status_t,
DBG1(DBG_IKE, "giving up after %d retransmits",
this->initiating.retransmitted - 1);
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT,
- this->initiating.packet);
+ packet);
return DESTROY_ME;
}
@@ -265,11 +344,29 @@ METHOD(task_manager_t, retransmit, status_t,
{
DBG1(DBG_IKE, "retransmit %d of request with message ID %d",
this->initiating.retransmitted, message_id);
- charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND,
- this->initiating.packet);
+ charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet);
+ }
+ if (!mobike)
+ {
+ send_packets(this, this->initiating.packets,
+ this->ike_sa->get_my_host(this->ike_sa),
+ this->ike_sa->get_other_host(this->ike_sa));
+ }
+ else
+ {
+ if (!mobike->transmit(mobike, packet))
+ {
+ DBG1(DBG_IKE, "no route found to reach peer, MOBIKE update "
+ "deferred");
+ this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE);
+ this->initiating.deferred = TRUE;
+ return SUCCESS;
+ }
+ else if (mobike->is_probing(mobike))
+ {
+ timeout = ROUTEABILITY_CHECK_INTERVAL;
+ }
}
- packet = this->initiating.packet->clone(this->initiating.packet);
- charon->sender->send(charon->sender, packet);
}
else
{ /* for routeability checks, we use a more aggressive behavior */
@@ -289,7 +386,16 @@ METHOD(task_manager_t, retransmit, status_t,
DBG1(DBG_IKE, "path probing attempt %d",
this->initiating.retransmitted);
}
- mobike->transmit(mobike, this->initiating.packet);
+ /* TODO-FRAG: presumably these small packets are not fragmented,
+ * we should maybe ensure this is the case when generating them */
+ if (!mobike->transmit(mobike, packet))
+ {
+ DBG1(DBG_IKE, "no route found to reach peer, path probing "
+ "deferred");
+ this->ike_sa->set_condition(this->ike_sa, COND_STALE, TRUE);
+ this->initiating.deferred = TRUE;
+ return SUCCESS;
+ }
}
this->initiating.retransmitted++;
@@ -307,7 +413,6 @@ METHOD(task_manager_t, initiate, status_t,
task_t *task;
message_t *message;
host_t *me, *other;
- status_t status;
exchange_type_t exchange = 0;
if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED)
@@ -315,6 +420,12 @@ METHOD(task_manager_t, initiate, status_t,
DBG2(DBG_IKE, "delaying task initiation, %N exchange in progress",
exchange_type_names, this->initiating.type);
/* do not initiate if we already have a message in the air */
+ if (this->initiating.deferred)
+ { /* re-initiate deferred exchange */
+ this->initiating.deferred = FALSE;
+ this->initiating.retransmitted = 0;
+ return retransmit(this, this->initiating.mid);
+ }
return SUCCESS;
}
@@ -347,39 +458,39 @@ METHOD(task_manager_t, initiate, status_t,
}
break;
case IKE_ESTABLISHED:
- if (activate_task(this, TASK_CHILD_CREATE))
+ if (activate_task(this, TASK_IKE_MOBIKE))
{
- exchange = CREATE_CHILD_SA;
+ exchange = INFORMATIONAL;
break;
}
- if (activate_task(this, TASK_CHILD_DELETE))
+ if (activate_task(this, TASK_IKE_DELETE))
{
exchange = INFORMATIONAL;
break;
}
- if (activate_task(this, TASK_CHILD_REKEY))
+ if (activate_task(this, TASK_CHILD_DELETE))
{
- exchange = CREATE_CHILD_SA;
+ exchange = INFORMATIONAL;
break;
}
- if (activate_task(this, TASK_IKE_DELETE))
+ if (activate_task(this, TASK_IKE_REAUTH))
{
exchange = INFORMATIONAL;
break;
}
- if (activate_task(this, TASK_IKE_REKEY))
+ if (activate_task(this, TASK_CHILD_CREATE))
{
exchange = CREATE_CHILD_SA;
break;
}
- if (activate_task(this, TASK_IKE_REAUTH))
+ if (activate_task(this, TASK_CHILD_REKEY))
{
- exchange = INFORMATIONAL;
+ exchange = CREATE_CHILD_SA;
break;
}
- if (activate_task(this, TASK_IKE_MOBIKE))
+ if (activate_task(this, TASK_IKE_REKEY))
{
- exchange = INFORMATIONAL;
+ exchange = CREATE_CHILD_SA;
break;
}
if (activate_task(this, TASK_IKE_DPD))
@@ -458,6 +569,7 @@ METHOD(task_manager_t, initiate, status_t,
message->set_exchange_type(message, exchange);
this->initiating.type = exchange;
this->initiating.retransmitted = 0;
+ this->initiating.deferred = FALSE;
enumerator = array_create_enumerator(this->active_tasks);
while (enumerator->enumerate(enumerator, &task))
@@ -493,9 +605,7 @@ METHOD(task_manager_t, initiate, status_t,
/* update exchange type if a task changed it */
this->initiating.type = message->get_exchange_type(message);
- status = this->ike_sa->generate_message(this->ike_sa, message,
- &this->initiating.packet);
- if (status != SUCCESS)
+ if (!generate_message(this, message, &this->initiating.packets))
{
/* message generation failed. There is nothing more to do than to
* close the SA */
@@ -567,8 +677,7 @@ static status_t process_response(private_task_manager_t *this,
this->initiating.mid++;
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
- this->initiating.packet->destroy(this->initiating.packet);
- this->initiating.packet = NULL;
+ clear_packets(this->initiating.packets);
array_compress(this->active_tasks);
@@ -636,8 +745,8 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
host_t *me, *other;
bool delete = FALSE, hook = FALSE;
ike_sa_id_t *id = NULL;
- u_int64_t responder_spi;
- status_t status;
+ u_int64_t responder_spi = 0;
+ bool result;
me = request->get_destination(request);
other = request->get_source(request);
@@ -699,23 +808,20 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
}
/* message complete, send it */
- DESTROY_IF(this->responding.packet);
- this->responding.packet = NULL;
- status = this->ike_sa->generate_message(this->ike_sa, message,
- &this->responding.packet);
+ clear_packets(this->responding.packets);
+ result = generate_message(this, message, &this->responding.packets);
message->destroy(message);
if (id)
{
id->set_responder_spi(id, responder_spi);
}
- if (status != SUCCESS)
+ if (!result)
{
charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
return DESTROY_ME;
}
- charon->sender->send(charon->sender,
- this->responding.packet->clone(this->responding.packet));
+ send_packets(this, this->responding.packets, NULL, NULL);
if (delete)
{
if (hook)
@@ -964,6 +1070,48 @@ METHOD(task_manager_t, incr_mid, void,
}
/**
+ * Handle the given IKE fragment, if it is one.
+ *
+ * Returns SUCCESS if the message is not a fragment, and NEED_MORE if it was
+ * handled properly. Error states are returned if the fragment was invalid or
+ * the reassembled message could not have been processed properly.
+ */
+static status_t handle_fragment(private_task_manager_t *this,
+ message_t **defrag, message_t *msg)
+{
+ message_t *reassembled;
+ status_t status;
+
+ if (!msg->get_payload(msg, PLV2_FRAGMENT))
+ {
+ return SUCCESS;
+ }
+ if (!*defrag)
+ {
+ *defrag = message_create_defrag(msg);
+ if (!*defrag)
+ {
+ return FAILED;
+ }
+ }
+ status = (*defrag)->add_fragment(*defrag, msg);
+ if (status == SUCCESS)
+ {
+ /* reinject the reassembled message */
+ reassembled = *defrag;
+ *defrag = NULL;
+ status = this->ike_sa->process_message(this->ike_sa, reassembled);
+ if (status == SUCCESS)
+ {
+ /* avoid processing the last fragment */
+ status = NEED_MORE;
+ }
+ reassembled->destroy(reassembled);
+ }
+ return status;
+}
+
+/**
* Send a notify back to the sender
*/
static void send_notify_response(private_task_manager_t *this,
@@ -1156,6 +1304,11 @@ METHOD(task_manager_t, process_message, status_t,
{ /* with MOBIKE, we do no implicit updates */
this->ike_sa->update_hosts(this->ike_sa, me, other, mid == 1);
}
+ status = handle_fragment(this, &this->responding.defrag, msg);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
charon->bus->message(charon->bus, msg, TRUE, TRUE);
if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
{ /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
@@ -1168,20 +1321,19 @@ METHOD(task_manager_t, process_message, status_t,
}
this->responding.mid++;
}
- else if ((mid == this->responding.mid - 1) && this->responding.packet)
+ else if ((mid == this->responding.mid - 1) &&
+ array_count(this->responding.packets))
{
- packet_t *clone;
- host_t *host;
-
+ status = handle_fragment(this, &this->responding.defrag, msg);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
DBG1(DBG_IKE, "received retransmit of request with ID %d, "
"retransmitting response", mid);
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
- clone = this->responding.packet->clone(this->responding.packet);
- host = msg->get_destination(msg);
- clone->set_source(clone, host->clone(host));
- host = msg->get_source(msg);
- clone->set_destination(clone, host->clone(host));
- charon->sender->send(charon->sender, clone);
+ send_packets(this, this->responding.packets,
+ msg->get_destination(msg), msg->get_source(msg));
}
else
{
@@ -1209,6 +1361,11 @@ METHOD(task_manager_t, process_message, status_t,
this->ike_sa->update_hosts(this->ike_sa, NULL, other, FALSE);
}
}
+ status = handle_fragment(this, &this->initiating.defrag, msg);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
charon->bus->message(charon->bus, msg, TRUE, TRUE);
if (msg->get_exchange_type(msg) == EXCHANGE_TYPE_UNDEFINED)
{ /* ignore messages altered to EXCHANGE_TYPE_UNDEFINED */
@@ -1368,7 +1525,25 @@ METHOD(task_manager_t, queue_mobike, void,
mobike = ike_mobike_create(this->ike_sa, TRUE);
if (roam)
{
+ enumerator_t *enumerator;
+ task_t *current;
+
mobike->roam(mobike, address);
+
+ /* enable path probing for a currently active MOBIKE task. This might
+ * not be the case if an address appeared on a new interface while the
+ * current address is not working but has not yet disappeared. */
+ enumerator = array_create_enumerator(this->active_tasks);
+ while (enumerator->enumerate(enumerator, ¤t))
+ {
+ if (current->get_type(current) == TASK_IKE_MOBIKE)
+ {
+ ike_mobike_t *active = (ike_mobike_t*)current;
+ active->enable_probing(active);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
}
else
{
@@ -1485,10 +1660,12 @@ METHOD(task_manager_t, reset, void,
task_t *task;
/* reset message counters and retransmit packets */
- DESTROY_IF(this->responding.packet);
- DESTROY_IF(this->initiating.packet);
- this->responding.packet = NULL;
- this->initiating.packet = NULL;
+ clear_packets(this->responding.packets);
+ clear_packets(this->initiating.packets);
+ DESTROY_IF(this->responding.defrag);
+ DESTROY_IF(this->initiating.defrag);
+ this->responding.defrag = NULL;
+ this->initiating.defrag = NULL;
if (initiate != UINT_MAX)
{
this->initiating.mid = initiate;
@@ -1542,8 +1719,12 @@ METHOD(task_manager_t, destroy, void,
array_destroy(this->queued_tasks);
array_destroy(this->passive_tasks);
- DESTROY_IF(this->responding.packet);
- DESTROY_IF(this->initiating.packet);
+ clear_packets(this->responding.packets);
+ array_destroy(this->responding.packets);
+ clear_packets(this->initiating.packets);
+ array_destroy(this->initiating.packets);
+ DESTROY_IF(this->responding.defrag);
+ DESTROY_IF(this->initiating.defrag);
free(this);
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index e3c18ea..71c5f22 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -161,6 +161,19 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
message->add_payload(message, (payload_t*)ke_payload);
message->add_payload(message, (payload_t*)nonce_payload);
}
+
+ /* negotiate fragmentation if we are not rekeying */
+ if (!this->old_sa &&
+ this->config->fragmentation(this->config) != FRAGMENTATION_NO)
+ {
+ if (this->initiator ||
+ this->ike_sa->supports_extension(this->ike_sa,
+ EXT_IKE_FRAGMENTATION))
+ {
+ message->add_notify(message, FALSE, FRAGMENTATION_SUPPORTED,
+ chunk_empty);
+ }
+ }
}
/**
@@ -220,6 +233,16 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
this->other_nonce = nonce_payload->get_nonce(nonce_payload);
break;
}
+ case PLV2_NOTIFY:
+ {
+ notify_payload_t *notify = (notify_payload_t*)payload;
+
+ if (notify->get_notify_type(notify) == FRAGMENTATION_SUPPORTED)
+ {
+ this->ike_sa->enable_extension(this->ike_sa,
+ EXT_IKE_FRAGMENTATION);
+ }
+ }
default:
break;
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index 00ca615..d91fa58 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2012 Tobias Brunner
+ * Copyright (C) 2010-2014 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -77,6 +77,11 @@ struct private_ike_mobike_t {
* additional addresses got updated
*/
bool addresses_updated;
+
+ /**
+ * whether the pending updates counter was increased
+ */
+ bool pending_update;
};
/**
@@ -301,35 +306,61 @@ static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local)
host->set_port(host, port);
}
-METHOD(ike_mobike_t, transmit, void,
+METHOD(ike_mobike_t, transmit, bool,
private_ike_mobike_t *this, packet_t *packet)
{
host_t *me, *other, *me_old, *other_old;
enumerator_t *enumerator;
ike_cfg_t *ike_cfg;
packet_t *copy;
+ int family = AF_UNSPEC;
+ bool found = FALSE;
+
+ me_old = this->ike_sa->get_my_host(this->ike_sa);
+ other_old = this->ike_sa->get_other_host(this->ike_sa);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
if (!this->check)
{
- return;
+ me = hydra->kernel_interface->get_source_addr(hydra->kernel_interface,
+ other_old, me_old);
+ if (me)
+ {
+ if (me->ip_equals(me, me_old))
+ {
+ charon->sender->send(charon->sender, packet->clone(packet));
+ me->destroy(me);
+ return TRUE;
+ }
+ me->destroy(me);
+ }
+ this->check = TRUE;
}
- me_old = this->ike_sa->get_my_host(this->ike_sa);
- other_old = this->ike_sa->get_other_host(this->ike_sa);
- ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+ switch (charon->socket->supported_families(charon->socket))
+ {
+ case SOCKET_FAMILY_IPV4:
+ family = AF_INET;
+ break;
+ case SOCKET_FAMILY_IPV6:
+ family = AF_INET6;
+ break;
+ case SOCKET_FAMILY_BOTH:
+ case SOCKET_FAMILY_NONE:
+ break;
+ }
enumerator = this->ike_sa->create_peer_address_enumerator(this->ike_sa);
while (enumerator->enumerate(enumerator, (void**)&other))
{
+ if (family != AF_UNSPEC && other->get_family(other) != family)
+ {
+ continue;
+ }
me = hydra->kernel_interface->get_source_addr(
hydra->kernel_interface, other, NULL);
if (me)
{
- if (me->get_family(me) != other->get_family(other))
- {
- me->destroy(me);
- continue;
- }
/* reuse port for an active address, 4500 otherwise */
apply_port(me, me_old, ike_cfg->get_my_port(ike_cfg), TRUE);
other = other->clone(other);
@@ -339,9 +370,11 @@ METHOD(ike_mobike_t, transmit, void,
copy->set_source(copy, me);
copy->set_destination(copy, other);
charon->sender->send(charon->sender, copy);
+ found = TRUE;
}
}
enumerator->destroy(enumerator);
+ return found;
}
METHOD(task_t, build_i, status_t,
@@ -481,9 +514,7 @@ METHOD(task_t, process_i, status_t,
}
else if (message->get_exchange_type(message) == INFORMATIONAL)
{
- u_int32_t updates = this->ike_sa->get_pending_updates(this->ike_sa) - 1;
- this->ike_sa->set_pending_updates(this->ike_sa, updates);
- if (updates > 0)
+ if (this->ike_sa->get_pending_updates(this->ike_sa) > 1)
{
/* newer update queued, ignore this one */
return SUCCESS;
@@ -560,7 +591,6 @@ METHOD(task_t, process_i, status_t,
this->natd = ike_natd_create(this->ike_sa, this->initiator);
}
this->check = FALSE;
- this->ike_sa->set_pending_updates(this->ike_sa, 1);
return NEED_MORE;
}
}
@@ -573,8 +603,12 @@ METHOD(ike_mobike_t, addresses, void,
private_ike_mobike_t *this)
{
this->address = TRUE;
- this->ike_sa->set_pending_updates(this->ike_sa,
+ if (!this->pending_update)
+ {
+ this->pending_update = TRUE;
+ this->ike_sa->set_pending_updates(this->ike_sa,
this->ike_sa->get_pending_updates(this->ike_sa) + 1);
+ }
}
METHOD(ike_mobike_t, roam, void,
@@ -582,8 +616,12 @@ METHOD(ike_mobike_t, roam, void,
{
this->check = TRUE;
this->address = address;
- this->ike_sa->set_pending_updates(this->ike_sa,
+ if (!this->pending_update)
+ {
+ this->pending_update = TRUE;
+ this->ike_sa->set_pending_updates(this->ike_sa,
this->ike_sa->get_pending_updates(this->ike_sa) + 1);
+ }
}
METHOD(ike_mobike_t, dpd, void,
@@ -593,8 +631,12 @@ METHOD(ike_mobike_t, dpd, void,
{
this->natd = ike_natd_create(this->ike_sa, this->initiator);
}
- this->ike_sa->set_pending_updates(this->ike_sa,
+ if (!this->pending_update)
+ {
+ this->pending_update = TRUE;
+ this->ike_sa->set_pending_updates(this->ike_sa,
this->ike_sa->get_pending_updates(this->ike_sa) + 1);
+ }
}
METHOD(ike_mobike_t, is_probing, bool,
@@ -603,6 +645,12 @@ METHOD(ike_mobike_t, is_probing, bool,
return this->check;
}
+METHOD(ike_mobike_t, enable_probing, void,
+ private_ike_mobike_t *this)
+{
+ this->check = TRUE;
+}
+
METHOD(task_t, get_type, task_type_t,
private_ike_mobike_t *this)
{
@@ -618,11 +666,21 @@ METHOD(task_t, migrate, void,
{
this->natd->task.migrate(&this->natd->task, ike_sa);
}
+ if (this->pending_update)
+ {
+ this->ike_sa->set_pending_updates(this->ike_sa,
+ this->ike_sa->get_pending_updates(this->ike_sa) + 1);
+ }
}
METHOD(task_t, destroy, void,
private_ike_mobike_t *this)
{
+ if (this->pending_update)
+ {
+ this->ike_sa->set_pending_updates(this->ike_sa,
+ this->ike_sa->get_pending_updates(this->ike_sa) - 1);
+ }
chunk_free(&this->cookie2);
if (this->natd)
{
@@ -650,6 +708,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator)
.dpd = _dpd,
.transmit = _transmit,
.is_probing = _is_probing,
+ .enable_probing = _enable_probing,
},
.ike_sa = ike_sa,
.initiator = initiator,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
index b145a9a..bb2318c 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
@@ -70,8 +70,9 @@ struct ike_mobike_t {
* probing.
*
* @param packet the packet to transmit
+ * @return TRUE if transmitted, FALSE if no path found
*/
- void (*transmit)(ike_mobike_t *this, packet_t *packet);
+ bool (*transmit)(ike_mobike_t *this, packet_t *packet);
/**
* Check if this task is probing for routability.
@@ -79,6 +80,11 @@ struct ike_mobike_t {
* @return TRUE if task is probing
*/
bool (*is_probing)(ike_mobike_t *this);
+
+ /**
+ * Enable probing for routability.
+ */
+ void (*enable_probing)(ike_mobike_t *this);
};
/**
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index cc4f6f7..f0e9cbe 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am
index 0c8ecda..510f2a1 100644
--- a/src/libhydra/Makefile.am
+++ b/src/libhydra/Makefile.am
@@ -21,8 +21,7 @@ endif
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" \
- -DPLUGINDIR=\"${plugindir}\" \
- -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+ -DPLUGINDIR=\"${plugindir}\"
AM_LDFLAGS = \
-no-undefined
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in
index 0b494b3..e3ff198 100644
--- a/src/libhydra/Makefile.in
+++ b/src/libhydra/Makefile.in
@@ -291,6 +291,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -351,6 +352,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -416,6 +418,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -463,6 +467,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -492,8 +500,7 @@ libhydra_la_LIBADD = \
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" \
- -DPLUGINDIR=\"${plugindir}\" \
- -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+ -DPLUGINDIR=\"${plugindir}\"
AM_LDFLAGS = \
-no-undefined
diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index ddf2a44..50ea066 100644
--- a/src/libhydra/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index 6f27bf3..076e1f8 100644
--- a/src/libhydra/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in
index 2a67bd5..a9b523e 100644
--- a/src/libhydra/plugins/kernel_netlink/Makefile.in
+++ b/src/libhydra/plugins/kernel_netlink/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index d9b55cf..dfd71f3 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -310,6 +310,12 @@ struct private_kernel_netlink_ipsec_t {
bool install_routes;
/**
+ * Whether to set protocol and ports on selector installed with transport
+ * mode IPsec SAs
+ */
+ bool proto_port_transport;
+
+ /**
* Whether to track the history of a policy
*/
bool policy_history;
@@ -810,7 +816,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this,
u_int32_t reqid = 0;
int proto = 0;
- acquire = (struct xfrm_user_acquire*)NLMSG_DATA(hdr);
+ acquire = NLMSG_DATA(hdr);
rta = XFRM_RTA(hdr, struct xfrm_user_acquire);
rtasize = XFRM_PAYLOAD(hdr, struct xfrm_user_acquire);
@@ -856,7 +862,7 @@ static void process_expire(private_kernel_netlink_ipsec_t *this,
u_int32_t spi, reqid;
u_int8_t protocol;
- expire = (struct xfrm_user_expire*)NLMSG_DATA(hdr);
+ expire = NLMSG_DATA(hdr);
protocol = expire->state.id.proto;
spi = expire->state.id.spi;
reqid = expire->state.reqid;
@@ -890,7 +896,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this,
u_int32_t reqid = 0;
policy_dir_t dir;
- policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr);
+ policy_id = NLMSG_DATA(hdr);
rta = XFRM_RTA(hdr, struct xfrm_userpolicy_id);
rtasize = XFRM_PAYLOAD(hdr, struct xfrm_userpolicy_id);
@@ -957,7 +963,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
struct xfrm_user_mapping *mapping;
u_int32_t spi, reqid;
- mapping = (struct xfrm_user_mapping*)NLMSG_DATA(hdr);
+ mapping = NLMSG_DATA(hdr);
spi = mapping->id.spi;
reqid = mapping->reqid;
@@ -1059,12 +1065,12 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_ALLOCSPI;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userspi_info));
- userspi = (struct xfrm_userspi_info*)NLMSG_DATA(hdr);
+ userspi = NLMSG_DATA(hdr);
host2xfrm(src, &userspi->info.saddr);
host2xfrm(dst, &userspi->info.id.daddr);
userspi->info.id.proto = proto;
@@ -1208,12 +1214,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u} (mark "
"%u/0x%08x)", ntohl(spi), reqid, mark.value, mark.mask);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = inbound ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));
- sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr);
+ sa = NLMSG_DATA(hdr);
host2xfrm(src, &sa->saddr);
host2xfrm(dst, &sa->id.daddr);
sa->id.spi = spi;
@@ -1235,12 +1241,15 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
if (src_ts && dst_ts)
{
sa->sel = ts2selector(src_ts, dst_ts);
- /* don't install proto/port on SA. This would break
- * potential secondary SAs for the same address using a
- * different prot/port. */
- sa->sel.proto = 0;
- sa->sel.dport = sa->sel.dport_mask = 0;
- sa->sel.sport = sa->sel.sport_mask = 0;
+ if (!this->proto_port_transport)
+ {
+ /* don't install proto/port on SA. This would break
+ * potential secondary SAs for the same address using a
+ * different prot/port. */
+ sa->sel.proto = 0;
+ sa->sel.dport = sa->sel.dport_mask = 0;
+ sa->sel.sport = sa->sel.sport_mask = 0;
+ }
}
break;
default:
@@ -1512,7 +1521,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
status = SUCCESS;
failed:
- memwipe(request, sizeof(request));
+ memwipe(&request, sizeof(request));
return status;
}
@@ -1540,12 +1549,12 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x",
ntohl(spi));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_GETAE;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id));
- aevent_id = (struct xfrm_aevent_id*)NLMSG_DATA(hdr);
+ aevent_id = NLMSG_DATA(hdr);
aevent_id->flags = XFRM_AE_RVAL;
host2xfrm(dst, &aevent_id->sa_id.daddr);
@@ -1632,12 +1641,12 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
DBG2(DBG_KNL, "querying SAD entry with SPI %.8x (mark %u/0x%08x)",
ntohl(spi), mark.value, mark.mask);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_GETSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
- sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
+ sa_id = NLMSG_DATA(hdr);
host2xfrm(dst, &sa_id->daddr);
sa_id->spi = spi;
sa_id->proto = protocol;
@@ -1657,7 +1666,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
{
case XFRM_MSG_NEWSA:
{
- sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr);
+ sa = NLMSG_DATA(hdr);
break;
}
case NLMSG_ERROR:
@@ -1735,12 +1744,12 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x (mark %u/0x%08x)",
ntohl(spi), mark.value, mark.mask);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_DELSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
- sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
+ sa_id = NLMSG_DATA(hdr);
host2xfrm(dst, &sa_id->daddr);
sa_id->spi = spi;
sa_id->proto = protocol;
@@ -1804,12 +1813,12 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi));
/* query the existing SA first */
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_GETSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id));
- sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr);
+ sa_id = NLMSG_DATA(hdr);
host2xfrm(dst, &sa_id->daddr);
sa_id->spi = spi;
sa_id->proto = protocol;
@@ -1867,7 +1876,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H",
ntohl(spi), src, dst, new_src, new_dst);
/* copy over the SA from out to request */
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_NEWSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));
@@ -1958,7 +1967,7 @@ failed:
free(replay);
free(replay_esn);
memwipe(out, len);
- memwipe(request, sizeof(request));
+ memwipe(&request, sizeof(request));
free(out);
return status;
@@ -1975,12 +1984,12 @@ METHOD(kernel_ipsec_t, flush_sas, status_t,
DBG2(DBG_KNL, "flushing all SAD entries");
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_FLUSHSA;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush));
- flush = (struct xfrm_usersa_flush*)NLMSG_DATA(hdr);
+ flush = NLMSG_DATA(hdr);
flush->proto = IPSEC_PROTO_ANY;
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
@@ -2011,12 +2020,12 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
memcpy(&clone, policy, sizeof(policy_entry_t));
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = update ? XFRM_MSG_UPDPOLICY : XFRM_MSG_NEWPOLICY;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info));
- policy_info = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr);
+ policy_info = NLMSG_DATA(hdr);
policy_info->sel = policy->sel;
policy_info->dir = policy->direction;
@@ -2335,12 +2344,12 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
src_ts, dst_ts, policy_dir_names, direction,
mark.value, mark.mask);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
hdr->nlmsg_type = XFRM_MSG_GETPOLICY;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id));
- policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr);
+ policy_id = NLMSG_DATA(hdr);
policy_id->sel = ts2selector(src_ts, dst_ts);
policy_id->dir = direction;
@@ -2358,7 +2367,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
{
case XFRM_MSG_NEWPOLICY:
{
- policy = (struct xfrm_userpolicy_info*)NLMSG_DATA(hdr);
+ policy = NLMSG_DATA(hdr);
break;
}
case NLMSG_ERROR:
@@ -2492,12 +2501,12 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_DELPOLICY;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id));
- policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr);
+ policy_id = NLMSG_DATA(hdr);
policy_id->sel = current->sel;
policy_id->dir = direction;
@@ -2551,7 +2560,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t,
DBG2(DBG_KNL, "flushing all policies from SPD");
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = XFRM_MSG_FLUSHPOLICY;
hdr->nlmsg_len = NLMSG_LENGTH(0); /* no data associated */
@@ -2683,6 +2692,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
.policy_history = TRUE,
.install_routes = lib->settings->get_bool(lib->settings,
"%s.install_routes", TRUE, lib->ns),
+ .proto_port_transport = lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-netlink.set_proto_port_transport_sa",
+ FALSE, lib->ns),
);
if (streq(lib->ns, "starter"))
@@ -2699,7 +2711,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
fclose(f);
}
- this->socket_xfrm = netlink_socket_create(NETLINK_XFRM);
+ this->socket_xfrm = netlink_socket_create(NETLINK_XFRM, xfrm_msg_names);
if (!this->socket_xfrm)
{
destroy(this);
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 82b637d..9d9f159 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -78,6 +78,27 @@
#define ROUTING_TABLE_PRIO 0
#endif
+ENUM(rt_msg_names, RTM_NEWLINK, RTM_GETRULE,
+ "RTM_NEWLINK",
+ "RTM_DELLINK",
+ "RTM_GETLINK",
+ "RTM_SETLINK",
+ "RTM_NEWADDR",
+ "RTM_DELADDR",
+ "RTM_GETADDR",
+ "31",
+ "RTM_NEWROUTE",
+ "RTM_DELROUTE",
+ "RTM_GETROUTE",
+ "35",
+ "RTM_NEWNEIGH",
+ "RTM_DELNEIGH",
+ "RTM_GETNEIGH",
+ "RTM_NEWRULE",
+ "RTM_DELRULE",
+ "RTM_GETRULE",
+);
+
typedef struct addr_entry_t addr_entry_t;
/**
@@ -478,6 +499,16 @@ struct private_kernel_netlink_net_t {
* list with routing tables to be excluded from route lookup
*/
linked_list_t *rt_exclude;
+
+ /**
+ * MTU to set on installed routes
+ */
+ u_int32_t mtu;
+
+ /**
+ * MSS to set on installed routes
+ */
+ u_int32_t mss;
};
/**
@@ -928,7 +959,7 @@ static void addr_entry_unregister(addr_entry_t *addr, iface_entry_t *iface,
static void process_link(private_kernel_netlink_net_t *this,
struct nlmsghdr *hdr, bool event)
{
- struct ifinfomsg* msg = (struct ifinfomsg*)(NLMSG_DATA(hdr));
+ struct ifinfomsg* msg = NLMSG_DATA(hdr);
struct rtattr *rta = IFLA_RTA(msg);
size_t rtasize = IFLA_PAYLOAD (hdr);
enumerator_t *enumerator;
@@ -1030,7 +1061,7 @@ static void process_link(private_kernel_netlink_net_t *this,
static void process_addr(private_kernel_netlink_net_t *this,
struct nlmsghdr *hdr, bool event)
{
- struct ifaddrmsg* msg = (struct ifaddrmsg*)(NLMSG_DATA(hdr));
+ struct ifaddrmsg* msg = NLMSG_DATA(hdr);
struct rtattr *rta = IFA_RTA(msg);
size_t rtasize = IFA_PAYLOAD (hdr);
host_t *host = NULL;
@@ -1173,7 +1204,7 @@ static void process_addr(private_kernel_netlink_net_t *this,
*/
static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *hdr)
{
- struct rtmsg* msg = (struct rtmsg*)(NLMSG_DATA(hdr));
+ struct rtmsg* msg = NLMSG_DATA(hdr);
struct rtattr *rta = RTM_RTA(msg);
size_t rtasize = RTM_PAYLOAD(hdr);
u_int32_t rta_oif = 0;
@@ -1530,7 +1561,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
struct rtmsg *msg;
size_t rtasize;
- msg = (struct rtmsg*)(NLMSG_DATA(hdr));
+ msg = NLMSG_DATA(hdr);
rta = RTM_RTA(msg);
rtasize = RTM_PAYLOAD(hdr);
@@ -1615,7 +1646,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
memset(&request, 0, sizeof(request));
family = dest->get_family(dest);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST;
if (family == AF_INET || this->rta_prefsrc_for_ipv6 ||
this->routing_table || match_net)
@@ -1627,7 +1658,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
hdr->nlmsg_type = RTM_GETROUTE;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- msg = (struct rtmsg*)NLMSG_DATA(hdr);
+ msg = NLMSG_DATA(hdr);
msg->rtm_family = family;
if (candidate)
{
@@ -1854,12 +1885,12 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type
chunk = ip->get_address(ip);
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
hdr->nlmsg_type = nlmsg_type;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
- msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
+ msg = NLMSG_DATA(hdr);
msg->ifa_family = ip->get_family(ip);
msg->ifa_flags = 0;
msg->ifa_prefixlen = prefix < 0 ? chunk.len * 8 : prefix;
@@ -2055,6 +2086,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
netlink_buf_t request;
struct nlmsghdr *hdr;
struct rtmsg *msg;
+ struct rtattr *rta;
int ifindex;
chunk_t chunk;
@@ -2081,12 +2113,12 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
hdr->nlmsg_type = nlmsg_type;
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- msg = (struct rtmsg*)NLMSG_DATA(hdr);
+ msg = NLMSG_DATA(hdr);
msg->rtm_family = src_ip->get_family(src_ip);
msg->rtm_dst_len = prefixlen;
msg->rtm_table = this->routing_table;
@@ -2107,6 +2139,30 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
chunk.len = sizeof(ifindex);
netlink_add_attribute(hdr, RTA_OIF, chunk, sizeof(request));
+ if (this->mtu || this->mss)
+ {
+ chunk = chunk_alloca(RTA_LENGTH((sizeof(struct rtattr) +
+ sizeof(u_int32_t)) * 2));
+ chunk.len = 0;
+ rta = (struct rtattr*)chunk.ptr;
+ if (this->mtu)
+ {
+ rta->rta_type = RTAX_MTU;
+ rta->rta_len = RTA_LENGTH(sizeof(u_int32_t));
+ memcpy(RTA_DATA(rta), &this->mtu, sizeof(u_int32_t));
+ chunk.len = rta->rta_len;
+ }
+ if (this->mss)
+ {
+ rta = (struct rtattr*)(chunk.ptr + RTA_ALIGN(chunk.len));
+ rta->rta_type = RTAX_ADVMSS;
+ rta->rta_len = RTA_LENGTH(sizeof(u_int32_t));
+ memcpy(RTA_DATA(rta), &this->mss, sizeof(u_int32_t));
+ chunk.len = RTA_ALIGN(chunk.len) + rta->rta_len;
+ }
+ netlink_add_attribute(hdr, RTA_METRICS, chunk, sizeof(request));
+ }
+
return this->socket->send_ack(this->socket, hdr);
}
@@ -2186,10 +2242,10 @@ static status_t init_address_list(private_kernel_netlink_net_t *this)
memset(&request, 0, sizeof(request));
- in = (struct nlmsghdr*)&request;
+ in = &request.hdr;
in->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT;
- msg = (struct rtgenmsg*)NLMSG_DATA(in);
+ msg = NLMSG_DATA(in);
msg->rtgen_family = AF_UNSPEC;
/* get all links */
@@ -2273,7 +2329,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
char *fwmark;
memset(&request, 0, sizeof(request));
- hdr = (struct nlmsghdr*)request;
+ hdr = &request.hdr;
hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
hdr->nlmsg_type = nlmsg_type;
if (nlmsg_type == RTM_NEWRULE)
@@ -2282,7 +2338,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
}
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- msg = (struct rtmsg*)NLMSG_DATA(hdr);
+ msg = NLMSG_DATA(hdr);
msg->rtm_table = table;
msg->rtm_family = family;
msg->rtm_protocol = RTPROT_BOOT;
@@ -2434,7 +2490,7 @@ kernel_netlink_net_t *kernel_netlink_net_create()
.destroy = _destroy,
},
},
- .socket = netlink_socket_create(NETLINK_ROUTE),
+ .socket = netlink_socket_create(NETLINK_ROUTE, rt_msg_names),
.rt_exclude = linked_list_create(),
.routes = hashtable_create((hashtable_hash_t)route_entry_hash,
(hashtable_equals_t)route_entry_equals, 16),
@@ -2466,6 +2522,10 @@ kernel_netlink_net_t *kernel_netlink_net_create()
"%s.prefer_temporary_addrs", FALSE, lib->ns),
.roam_events = lib->settings->get_bool(lib->settings,
"%s.plugins.kernel-netlink.roam_events", TRUE, lib->ns),
+ .mtu = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.mtu", 0, lib->ns),
+ .mss = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.mss", 0, lib->ns),
);
timerclear(&this->last_route_reinstall);
timerclear(&this->next_roam);
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
index fd00c23..b4cece7 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -46,14 +46,14 @@ struct private_netlink_socket_t {
int seq;
/**
- * netlink socket protocol
+ * netlink socket
*/
- int protocol;
+ int socket;
/**
- * netlink socket
+ * Enum names for Netlink messages
*/
- int socket;
+ enum_name_t *names;
};
/**
@@ -65,10 +65,13 @@ METHOD(netlink_socket_t, netlink_send, status_t,
private_netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out,
size_t *out_len)
{
- int len, addr_len;
+ union {
+ struct nlmsghdr hdr;
+ u_char bytes[4096];
+ } response;
struct sockaddr_nl addr;
- chunk_t result = chunk_empty, tmp;
- struct nlmsghdr *msg, peek;
+ chunk_t result = chunk_empty;
+ int len;
this->mutex->lock(this->mutex);
@@ -80,13 +83,11 @@ METHOD(netlink_socket_t, netlink_send, status_t,
addr.nl_pid = 0;
addr.nl_groups = 0;
- if (this->protocol == NETLINK_XFRM)
+ if (this->names)
{
- chunk_t in_chunk = { (u_char*)in, in->nlmsg_len };
-
- DBG3(DBG_KNL, "sending %N: %B", xfrm_msg_names, in->nlmsg_type, &in_chunk);
+ DBG3(DBG_KNL, "sending %N: %b",
+ this->names, in->nlmsg_type, in, in->nlmsg_len);
}
-
while (TRUE)
{
len = sendto(this->socket, in, in->nlmsg_len, 0,
@@ -108,20 +109,7 @@ METHOD(netlink_socket_t, netlink_send, status_t,
while (TRUE)
{
- char buf[4096];
- tmp.len = sizeof(buf);
- tmp.ptr = buf;
- msg = (struct nlmsghdr*)tmp.ptr;
-
- memset(&addr, 0, sizeof(addr));
- addr.nl_family = AF_NETLINK;
- addr.nl_pid = getpid();
- addr.nl_groups = 0;
- addr_len = sizeof(addr);
-
- len = recvfrom(this->socket, tmp.ptr, tmp.len, 0,
- (struct sockaddr*)&addr, &addr_len);
-
+ len = recv(this->socket, &response, sizeof(response), 0);
if (len < 0)
{
if (errno == EINTR)
@@ -135,17 +123,17 @@ METHOD(netlink_socket_t, netlink_send, status_t,
free(result.ptr);
return FAILED;
}
- if (!NLMSG_OK(msg, len))
+ if (!NLMSG_OK(&response.hdr, len))
{
DBG1(DBG_KNL, "received corrupted netlink message");
this->mutex->unlock(this->mutex);
free(result.ptr);
return FAILED;
}
- if (msg->nlmsg_seq != this->seq)
+ if (response.hdr.nlmsg_seq != this->seq)
{
DBG1(DBG_KNL, "received invalid netlink sequence number");
- if (msg->nlmsg_seq < this->seq)
+ if (response.hdr.nlmsg_seq < this->seq)
{
continue;
}
@@ -154,17 +142,13 @@ METHOD(netlink_socket_t, netlink_send, status_t,
return FAILED;
}
- tmp.len = len;
- result.ptr = realloc(result.ptr, result.len + tmp.len);
- memcpy(result.ptr + result.len, tmp.ptr, tmp.len);
- result.len += tmp.len;
+ result = chunk_cat("mc", result, chunk_create(response.bytes, len));
/* NLM_F_MULTI flag does not seem to be set correctly, we use sequence
* numbers to detect multi header messages */
- len = recvfrom(this->socket, &peek, sizeof(peek), MSG_PEEK | MSG_DONTWAIT,
- (struct sockaddr*)&addr, &addr_len);
-
- if (len == sizeof(peek) && peek.nlmsg_seq == this->seq)
+ len = recv(this->socket, &response.hdr, sizeof(response.hdr),
+ MSG_PEEK | MSG_DONTWAIT);
+ if (len == sizeof(response.hdr) && response.hdr.nlmsg_seq == this->seq)
{
/* seems to be multipart */
continue;
@@ -197,7 +181,7 @@ METHOD(netlink_socket_t, netlink_send_ack, status_t,
{
case NLMSG_ERROR:
{
- struct nlmsgerr* err = (struct nlmsgerr*)NLMSG_DATA(hdr);
+ struct nlmsgerr* err = NLMSG_DATA(hdr);
if (err->error)
{
@@ -235,7 +219,7 @@ METHOD(netlink_socket_t, netlink_send_ack, status_t,
METHOD(netlink_socket_t, destroy, void,
private_netlink_socket_t *this)
{
- if (this->socket > 0)
+ if (this->socket != -1)
{
close(this->socket);
}
@@ -246,10 +230,12 @@ METHOD(netlink_socket_t, destroy, void,
/**
* Described in header.
*/
-netlink_socket_t *netlink_socket_create(int protocol)
+netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names)
{
private_netlink_socket_t *this;
- struct sockaddr_nl addr;
+ struct sockaddr_nl addr = {
+ .nl_family = AF_NETLINK,
+ };
INIT(this,
.public = {
@@ -259,21 +245,16 @@ netlink_socket_t *netlink_socket_create(int protocol)
},
.seq = 200,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
- .protocol = protocol,
+ .socket = socket(AF_NETLINK, SOCK_RAW, protocol),
+ .names = names,
);
- memset(&addr, 0, sizeof(addr));
- addr.nl_family = AF_NETLINK;
-
- this->socket = socket(AF_NETLINK, SOCK_RAW, protocol);
- if (this->socket < 0)
+ if (this->socket == -1)
{
DBG1(DBG_KNL, "unable to create netlink socket");
destroy(this);
return NULL;
}
-
- addr.nl_groups = 0;
if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)))
{
DBG1(DBG_KNL, "unable to bind netlink socket");
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
index 8be935b..069f746 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h
@@ -26,7 +26,10 @@
* 1024 byte is currently sufficient for all operations. Some platform
* require an enforced aligment to four bytes (e.g. ARM).
*/
-typedef u_char netlink_buf_t[1024] __attribute__((aligned(RTA_ALIGNTO)));
+typedef union {
+ struct nlmsghdr hdr;
+ u_char bytes[1024];
+} netlink_buf_t __attribute__((aligned(RTA_ALIGNTO)));
typedef struct netlink_socket_t netlink_socket_t;
@@ -61,9 +64,10 @@ struct netlink_socket_t {
/**
* Create a netlink_socket_t object.
*
- * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE)
+ * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE)
+ * @param names optional enum names for Netlink messages
*/
-netlink_socket_t *netlink_socket_create(int protocol);
+netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names);
/**
* Creates an rtattr and adds it to the given netlink message.
diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in
index 7677696..821ad77 100644
--- a/src/libhydra/plugins/kernel_pfkey/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index e1a58aa..00ab5ab 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1978,8 +1978,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
}
if (packets)
{
- /* not supported by PF_KEY */
- *packets = 0;
+ /* at least on Linux and FreeBSD this contains the number of packets */
+ *packets = response.lft_current->sadb_lifetime_allocations;
}
if (time)
{
diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in
index 7938a3d..662f2fd 100644
--- a/src/libhydra/plugins/kernel_pfroute/Makefile.in
+++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index c4e8664..26fae0d 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -875,6 +875,41 @@ static void process_link(private_kernel_pfroute_net_t *this,
}
}
+#ifdef HAVE_RTM_IFANNOUNCE
+
+/**
+ * Process an RTM_IFANNOUNCE message from the kernel
+ */
+static void process_announce(private_kernel_pfroute_net_t *this,
+ struct if_announcemsghdr *msg)
+{
+ enumerator_t *enumerator;
+ iface_entry_t *iface;
+
+ if (msg->ifan_what != IFAN_DEPARTURE)
+ {
+ /* we handle new interfaces in process_link() */
+ return;
+ }
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->ifaces->create_enumerator(this->ifaces);
+ while (enumerator->enumerate(enumerator, &iface))
+ {
+ if (iface->ifindex == msg->ifan_index)
+ {
+ DBG1(DBG_KNL, "interface %s disappeared", iface->ifname);
+ this->ifaces->remove_at(this->ifaces, enumerator);
+ iface_entry_destroy(iface);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+}
+
+#endif /* HAVE_RTM_IFANNOUNCE */
+
/**
* Process an RTM_*ROUTE message from the kernel
*/
@@ -895,6 +930,9 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
struct rt_msghdr rtm;
struct if_msghdr ifm;
struct ifa_msghdr ifam;
+#ifdef HAVE_RTM_IFANNOUNCE
+ struct if_announcemsghdr ifanm;
+#endif
};
char buf[sizeof(struct sockaddr_storage) * RTAX_MAX];
} msg;
@@ -935,6 +973,11 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
case RTM_IFINFO:
hdrlen = sizeof(msg.ifm);
break;
+#ifdef HAVE_RTM_IFANNOUNCE
+ case RTM_IFANNOUNCE:
+ hdrlen = sizeof(msg.ifanm);
+ break;
+#endif /* HAVE_RTM_IFANNOUNCE */
case RTM_ADD:
case RTM_DELETE:
case RTM_GET:
@@ -957,6 +1000,11 @@ static bool receive_events(private_kernel_pfroute_net_t *this, int fd,
case RTM_IFINFO:
process_link(this, &msg.ifm);
break;
+#ifdef HAVE_RTM_IFANNOUNCE
+ case RTM_IFANNOUNCE:
+ process_announce(this, &msg.ifanm);
+ break;
+#endif /* HAVE_RTM_IFANNOUNCE */
case RTM_ADD:
case RTM_DELETE:
process_route(this, &msg.rtm);
@@ -1518,8 +1566,7 @@ retry:
{ /* timed out? */
break;
}
- if (this->reply->rtm_msglen < sizeof(*this->reply) ||
- msg.hdr.rtm_seq != this->reply->rtm_seq)
+ if (!this->reply)
{
continue;
}
@@ -1559,6 +1606,8 @@ retry:
{
failed = TRUE;
}
+ free(this->reply);
+ this->reply = NULL;
/* signal completion of query to a waiting thread */
this->waiting_seq = 0;
this->condvar->signal(this->condvar);
diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in
index 32eed61..5b4c7bc 100644
--- a/src/libhydra/plugins/resolve/Makefile.in
+++ b/src/libhydra/plugins/resolve/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk
index 4253fe2..8269d72 100644
--- a/src/libimcv/Android.mk
+++ b/src/libimcv/Android.mk
@@ -41,7 +41,62 @@ libimcv_la_SOURCES := \
os_info/os_info.h os_info/os_info.c \
pa_tnc/pa_tnc_attr.h \
pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
- pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c
+ pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \
+ pts/pts.h pts/pts.c \
+ pts/pts_error.h pts/pts_error.c \
+ pts/pts_pcr.h pts/pts_pcr.c \
+ pts/pts_proto_caps.h \
+ pts/pts_req_func_comp_evid.h \
+ pts/pts_simple_evid_final.h \
+ pts/pts_creds.h pts/pts_creds.c \
+ pts/pts_database.h pts/pts_database.c \
+ pts/pts_dh_group.h pts/pts_dh_group.c \
+ pts/pts_file_meas.h pts/pts_file_meas.c \
+ pts/pts_file_meta.h pts/pts_file_meta.c \
+ pts/pts_file_type.h pts/pts_file_type.c \
+ pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
+ pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
+ pts/pts_meas_algo.h pts/pts_meas_algo.c \
+ pts/components/pts_component.h \
+ pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
+ pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
+ pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
+ pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
+ pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
+ pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
+ pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
+ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
+ seg/seg_contract.h seg/seg_contract.c \
+ seg/seg_contract_manager.h seg/seg_contract_manager.c \
+ seg/seg_env.h seg/seg_env.c \
+ swid/swid_error.h swid/swid_error.c \
+ swid/swid_inventory.h swid/swid_inventory.c \
+ swid/swid_tag.h swid/swid_tag.c \
+ swid/swid_tag_id.h swid/swid_tag_id.c \
+ tcg/tcg_attr.h tcg/tcg_attr.c \
+ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
+ tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
+ tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
+ tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
+ tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
+ tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
+ tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
+ tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
+ tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
+ tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
+ tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
+ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
+ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
+ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
+ tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
+ tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
+ tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES))
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index 4bed3bf..d9a5cd5 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -1,6 +1,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif
+ -I$(top_srcdir)/src/libtncif \
+ -DIPSEC_SCRIPT=\"${ipsec_script}\"
ipseclib_LTLIBRARIES = libimcv.la
@@ -11,6 +12,10 @@ libimcv_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libtncif/libtncif.la
+if USE_TROUSERS
+ libimcv_la_LIBADD += -ltspi
+endif
+
if USE_WINDOWS
libimcv_la_LIBADD += -lws2_32
endif
@@ -54,7 +59,62 @@ libimcv_la_SOURCES = \
os_info/os_info.h os_info/os_info.c \
pa_tnc/pa_tnc_attr.h \
pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
- pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c
+ pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \
+ pts/pts.h pts/pts.c \
+ pts/pts_error.h pts/pts_error.c \
+ pts/pts_pcr.h pts/pts_pcr.c \
+ pts/pts_proto_caps.h \
+ pts/pts_req_func_comp_evid.h \
+ pts/pts_simple_evid_final.h \
+ pts/pts_creds.h pts/pts_creds.c \
+ pts/pts_database.h pts/pts_database.c \
+ pts/pts_dh_group.h pts/pts_dh_group.c \
+ pts/pts_file_meas.h pts/pts_file_meas.c \
+ pts/pts_file_meta.h pts/pts_file_meta.c \
+ pts/pts_file_type.h pts/pts_file_type.c \
+ pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
+ pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
+ pts/pts_meas_algo.h pts/pts_meas_algo.c \
+ pts/components/pts_component.h \
+ pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
+ pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
+ pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
+ pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
+ pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
+ pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
+ pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
+ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
+ seg/seg_contract.h seg/seg_contract.c \
+ seg/seg_contract_manager.h seg/seg_contract_manager.c \
+ seg/seg_env.h seg/seg_env.c \
+ swid/swid_error.h swid/swid_error.c \
+ swid/swid_inventory.h swid/swid_inventory.c \
+ swid/swid_tag.h swid/swid_tag.c \
+ swid/swid_tag_id.h swid/swid_tag_id.c \
+ tcg/tcg_attr.h tcg/tcg_attr.c \
+ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
+ tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
+ tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
+ tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
+ tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
+ tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
+ tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
+ tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
+ tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
+ tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
+ tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
+ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
+ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
+ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
+ tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
+ tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
+ tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
@@ -95,3 +155,45 @@ endif
if USE_IMV_OS
SUBDIRS += plugins/imv_os
endif
+
+if USE_IMC_ATTESTATION
+ SUBDIRS += plugins/imc_attestation
+endif
+
+if USE_IMV_ATTESTATION
+ SUBDIRS += plugins/imv_attestation
+endif
+
+if USE_IMC_SWID
+ SUBDIRS += plugins/imc_swid
+endif
+
+if USE_IMV_SWID
+ SUBDIRS += plugins/imv_swid
+endif
+
+TESTS = imcv_tests
+
+check_PROGRAMS = $(TESTS)
+
+imcv_tests_SOURCES = \
+ ita/ita_attr_command.c \
+ pa_tnc/pa_tnc_attr_manager.c \
+ seg/seg_env.c seg/seg_contract.c \
+ seg/seg_contract_manager.c \
+ suites/test_imcv_seg.c \
+ ietf/ietf_attr_pa_tnc_error.c \
+ tcg/seg/tcg_seg_attr_seg_env.c \
+ imcv.c imcv_tests.h imcv_tests.c
+
+imcv_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ @COVERAGE_CFLAGS@
+
+imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+imcv_tests_LDADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 4614dd6..239e62a 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -81,14 +81,21 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
- at USE_WINDOWS_TRUE@am__append_1 = -lws2_32
+ at USE_TROUSERS_TRUE@am__append_1 = -ltspi
+ at USE_WINDOWS_TRUE@am__append_2 = -lws2_32
ipsec_PROGRAMS = imv_policy_manager$(EXEEXT)
- at USE_IMC_TEST_TRUE@am__append_2 = plugins/imc_test
- at USE_IMV_TEST_TRUE@am__append_3 = plugins/imv_test
- at USE_IMC_SCANNER_TRUE@am__append_4 = plugins/imc_scanner
- at USE_IMV_SCANNER_TRUE@am__append_5 = plugins/imv_scanner
- at USE_IMC_OS_TRUE@am__append_6 = plugins/imc_os
- at USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os
+ at USE_IMC_TEST_TRUE@am__append_3 = plugins/imc_test
+ at USE_IMV_TEST_TRUE@am__append_4 = plugins/imv_test
+ at USE_IMC_SCANNER_TRUE@am__append_5 = plugins/imc_scanner
+ at USE_IMV_SCANNER_TRUE@am__append_6 = plugins/imv_scanner
+ at USE_IMC_OS_TRUE@am__append_7 = plugins/imc_os
+ at USE_IMV_OS_TRUE@am__append_8 = plugins/imv_os
+ at USE_IMC_ATTESTATION_TRUE@am__append_9 = plugins/imc_attestation
+ at USE_IMV_ATTESTATION_TRUE@am__append_10 = plugins/imv_attestation
+ at USE_IMC_SWID_TRUE@am__append_11 = plugins/imc_swid
+ at USE_IMV_SWID_TRUE@am__append_12 = plugins/imv_swid
+TESTS = imcv_tests$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libimcv
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp $(dist_templates_DATA)
@@ -142,7 +149,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES)
am__DEPENDENCIES_1 =
libimcv_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1)
+ $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
am__dirstamp = $(am__leading_dot)dirstamp
am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
imc/imc_os_info.lo imv/imv_agent.lo imv/imv_database.lo \
@@ -163,7 +171,42 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
ita/ita_attr_get_settings.lo ita/ita_attr_settings.lo \
ita/ita_attr_angel.lo ita/ita_attr_device_id.lo \
os_info/os_info.lo pa_tnc/pa_tnc_msg.lo \
- pa_tnc/pa_tnc_attr_manager.lo
+ pa_tnc/pa_tnc_attr_manager.lo pts/pts.lo pts/pts_error.lo \
+ pts/pts_pcr.lo pts/pts_creds.lo pts/pts_database.lo \
+ pts/pts_dh_group.lo pts/pts_file_meas.lo pts/pts_file_meta.lo \
+ pts/pts_file_type.lo pts/pts_ima_bios_list.lo \
+ pts/pts_ima_event_list.lo pts/pts_meas_algo.lo \
+ pts/components/pts_component_manager.lo \
+ pts/components/pts_comp_evidence.lo \
+ pts/components/pts_comp_func_name.lo \
+ pts/components/ita/ita_comp_func_name.lo \
+ pts/components/ita/ita_comp_ima.lo \
+ pts/components/ita/ita_comp_tboot.lo \
+ pts/components/ita/ita_comp_tgrub.lo \
+ pts/components/tcg/tcg_comp_func_name.lo seg/seg_contract.lo \
+ seg/seg_contract_manager.lo seg/seg_env.lo swid/swid_error.lo \
+ swid/swid_inventory.lo swid/swid_tag.lo swid/swid_tag_id.lo \
+ tcg/tcg_attr.lo tcg/pts/tcg_pts_attr_proto_caps.lo \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \
+ tcg/pts/tcg_pts_attr_dh_nonce_finish.lo \
+ tcg/pts/tcg_pts_attr_meas_algo.lo \
+ tcg/pts/tcg_pts_attr_get_tpm_version_info.lo \
+ tcg/pts/tcg_pts_attr_tpm_version_info.lo \
+ tcg/pts/tcg_pts_attr_get_aik.lo tcg/pts/tcg_pts_attr_aik.lo \
+ tcg/pts/tcg_pts_attr_req_func_comp_evid.lo \
+ tcg/pts/tcg_pts_attr_gen_attest_evid.lo \
+ tcg/pts/tcg_pts_attr_simple_comp_evid.lo \
+ tcg/pts/tcg_pts_attr_simple_evid_final.lo \
+ tcg/pts/tcg_pts_attr_req_file_meas.lo \
+ tcg/pts/tcg_pts_attr_file_meas.lo \
+ tcg/pts/tcg_pts_attr_req_file_meta.lo \
+ tcg/pts/tcg_pts_attr_unix_file_meta.lo \
+ tcg/seg/tcg_seg_attr_max_size.lo \
+ tcg/seg/tcg_seg_attr_seg_env.lo \
+ tcg/seg/tcg_seg_attr_next_seg.lo tcg/swid/tcg_swid_attr_req.lo \
+ tcg/swid/tcg_swid_attr_tag_id_inv.lo \
+ tcg/swid/tcg_swid_attr_tag_inv.lo
libimcv_la_OBJECTS = $(am_libimcv_la_OBJECTS)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
@@ -172,7 +215,24 @@ am__v_lt_1 =
libimcv_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libimcv_la_LDFLAGS) $(LDFLAGS) -o $@
+am__EXEEXT_1 = imcv_tests$(EXEEXT)
PROGRAMS = $(ipsec_PROGRAMS)
+am_imcv_tests_OBJECTS = ita/imcv_tests-ita_attr_command.$(OBJEXT) \
+ pa_tnc/imcv_tests-pa_tnc_attr_manager.$(OBJEXT) \
+ seg/imcv_tests-seg_env.$(OBJEXT) \
+ seg/imcv_tests-seg_contract.$(OBJEXT) \
+ seg/imcv_tests-seg_contract_manager.$(OBJEXT) \
+ suites/imcv_tests-test_imcv_seg.$(OBJEXT) \
+ ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT) \
+ tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT) \
+ imcv_tests-imcv.$(OBJEXT) imcv_tests-imcv_tests.$(OBJEXT)
+imcv_tests_OBJECTS = $(am_imcv_tests_OBJECTS)
+imcv_tests_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
+imcv_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(imcv_tests_CFLAGS) \
+ $(CFLAGS) $(imcv_tests_LDFLAGS) $(LDFLAGS) -o $@
am_imv_policy_manager_OBJECTS = imv/imv_policy_manager.$(OBJEXT) \
imv/imv_policy_manager_usage.$(OBJEXT)
imv_policy_manager_OBJECTS = $(am_imv_policy_manager_OBJECTS)
@@ -213,8 +273,10 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(libimcv_la_SOURCES) $(imv_policy_manager_SOURCES)
-DIST_SOURCES = $(libimcv_la_SOURCES) $(imv_policy_manager_SOURCES)
+SOURCES = $(libimcv_la_SOURCES) $(imcv_tests_SOURCES) \
+ $(imv_policy_manager_SOURCES)
+DIST_SOURCES = $(libimcv_la_SOURCES) $(imcv_tests_SOURCES) \
+ $(imv_policy_manager_SOURCES)
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
ctags-recursive dvi-recursive html-recursive info-recursive \
install-data-recursive install-dvi-recursive \
@@ -256,8 +318,32 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red='�[0;31m'; \
+ grn='�[0;32m'; \
+ lgn='�[1;32m'; \
+ blu='�[1;34m'; \
+ mgn='�[0;35m'; \
+ brg='�[1m'; \
+ std='�[m'; \
+ fi; \
+}
DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \
- plugins/imv_scanner plugins/imc_os plugins/imv_os
+ plugins/imv_scanner plugins/imc_os plugins/imv_os \
+ plugins/imc_attestation plugins/imv_attestation \
+ plugins/imc_swid plugins/imv_swid
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -315,6 +401,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -375,6 +462,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -440,6 +528,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -487,6 +577,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -498,7 +592,8 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif
+ -I$(top_srcdir)/src/libtncif \
+ -DIPSEC_SCRIPT=\"${ipsec_script}\"
ipseclib_LTLIBRARIES = libimcv.la
libimcv_la_LDFLAGS = \
@@ -506,7 +601,8 @@ libimcv_la_LDFLAGS = \
libimcv_la_LIBADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la $(am__append_1)
+ $(top_builddir)/src/libtncif/libtncif.la $(am__append_1) \
+ $(am__append_2)
libimcv_la_SOURCES = \
imcv.h imcv.c \
imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \
@@ -546,7 +642,62 @@ libimcv_la_SOURCES = \
os_info/os_info.h os_info/os_info.c \
pa_tnc/pa_tnc_attr.h \
pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
- pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c
+ pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \
+ pts/pts.h pts/pts.c \
+ pts/pts_error.h pts/pts_error.c \
+ pts/pts_pcr.h pts/pts_pcr.c \
+ pts/pts_proto_caps.h \
+ pts/pts_req_func_comp_evid.h \
+ pts/pts_simple_evid_final.h \
+ pts/pts_creds.h pts/pts_creds.c \
+ pts/pts_database.h pts/pts_database.c \
+ pts/pts_dh_group.h pts/pts_dh_group.c \
+ pts/pts_file_meas.h pts/pts_file_meas.c \
+ pts/pts_file_meta.h pts/pts_file_meta.c \
+ pts/pts_file_type.h pts/pts_file_type.c \
+ pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
+ pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
+ pts/pts_meas_algo.h pts/pts_meas_algo.c \
+ pts/components/pts_component.h \
+ pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
+ pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
+ pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
+ pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
+ pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
+ pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
+ pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
+ pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
+ seg/seg_contract.h seg/seg_contract.c \
+ seg/seg_contract_manager.h seg/seg_contract_manager.c \
+ seg/seg_env.h seg/seg_env.c \
+ swid/swid_error.h swid/swid_error.c \
+ swid/swid_inventory.h swid/swid_inventory.c \
+ swid/swid_tag.h swid/swid_tag.c \
+ swid/swid_tag_id.h swid/swid_tag_id.c \
+ tcg/tcg_attr.h tcg/tcg_attr.c \
+ tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
+ tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
+ tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
+ tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
+ tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
+ tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
+ tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
+ tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
+ tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
+ tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
+ tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
+ tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
+ tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
+ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
+ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
+ tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
+ tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
+ tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
+ tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
@@ -560,8 +711,32 @@ imv_policy_manager_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la
#imv/imv_policy_manager.o : $(top_builddir)/config.status
-SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \
- $(am__append_5) $(am__append_6) $(am__append_7)
+SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \
+ $(am__append_6) $(am__append_7) $(am__append_8) \
+ $(am__append_9) $(am__append_10) $(am__append_11) \
+ $(am__append_12)
+imcv_tests_SOURCES = \
+ ita/ita_attr_command.c \
+ pa_tnc/pa_tnc_attr_manager.c \
+ seg/seg_env.c seg/seg_contract.c \
+ seg/seg_contract_manager.c \
+ suites/test_imcv_seg.c \
+ ietf/ietf_attr_pa_tnc_error.c \
+ tcg/seg/tcg_seg_attr_seg_env.c \
+ imcv.c imcv_tests.h imcv_tests.c
+
+imcv_tests_CFLAGS = \
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libstrongswan/tests \
+ @COVERAGE_CFLAGS@
+
+imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+imcv_tests_LDADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(top_builddir)/src/libstrongswan/tests/libtest.la
+
all: all-recursive
.SUFFIXES:
@@ -728,9 +903,176 @@ pa_tnc/pa_tnc_msg.lo: pa_tnc/$(am__dirstamp) \
pa_tnc/$(DEPDIR)/$(am__dirstamp)
pa_tnc/pa_tnc_attr_manager.lo: pa_tnc/$(am__dirstamp) \
pa_tnc/$(DEPDIR)/$(am__dirstamp)
+pts/$(am__dirstamp):
+ @$(MKDIR_P) pts
+ @: > pts/$(am__dirstamp)
+pts/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) pts/$(DEPDIR)
+ @: > pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_error.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_pcr.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_creds.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_database.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_dh_group.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_file_meas.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_file_meta.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_file_type.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_ima_bios_list.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_ima_event_list.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/pts_meas_algo.lo: pts/$(am__dirstamp) \
+ pts/$(DEPDIR)/$(am__dirstamp)
+pts/components/$(am__dirstamp):
+ @$(MKDIR_P) pts/components
+ @: > pts/components/$(am__dirstamp)
+pts/components/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/$(DEPDIR)
+ @: > pts/components/$(DEPDIR)/$(am__dirstamp)
+pts/components/pts_component_manager.lo: \
+ pts/components/$(am__dirstamp) \
+ pts/components/$(DEPDIR)/$(am__dirstamp)
+pts/components/pts_comp_evidence.lo: pts/components/$(am__dirstamp) \
+ pts/components/$(DEPDIR)/$(am__dirstamp)
+pts/components/pts_comp_func_name.lo: pts/components/$(am__dirstamp) \
+ pts/components/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/ita
+ @: > pts/components/ita/$(am__dirstamp)
+pts/components/ita/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/ita/$(DEPDIR)
+ @: > pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/ita_comp_func_name.lo: \
+ pts/components/ita/$(am__dirstamp) \
+ pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/ita_comp_ima.lo: \
+ pts/components/ita/$(am__dirstamp) \
+ pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/ita_comp_tboot.lo: \
+ pts/components/ita/$(am__dirstamp) \
+ pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/ita/ita_comp_tgrub.lo: \
+ pts/components/ita/$(am__dirstamp) \
+ pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+pts/components/tcg/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/tcg
+ @: > pts/components/tcg/$(am__dirstamp)
+pts/components/tcg/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) pts/components/tcg/$(DEPDIR)
+ @: > pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
+pts/components/tcg/tcg_comp_func_name.lo: \
+ pts/components/tcg/$(am__dirstamp) \
+ pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
+seg/$(am__dirstamp):
+ @$(MKDIR_P) seg
+ @: > seg/$(am__dirstamp)
+seg/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) seg/$(DEPDIR)
+ @: > seg/$(DEPDIR)/$(am__dirstamp)
+seg/seg_contract.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp)
+seg/seg_contract_manager.lo: seg/$(am__dirstamp) \
+ seg/$(DEPDIR)/$(am__dirstamp)
+seg/seg_env.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp)
+swid/$(am__dirstamp):
+ @$(MKDIR_P) swid
+ @: > swid/$(am__dirstamp)
+swid/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) swid/$(DEPDIR)
+ @: > swid/$(DEPDIR)/$(am__dirstamp)
+swid/swid_error.lo: swid/$(am__dirstamp) \
+ swid/$(DEPDIR)/$(am__dirstamp)
+swid/swid_inventory.lo: swid/$(am__dirstamp) \
+ swid/$(DEPDIR)/$(am__dirstamp)
+swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp)
+swid/swid_tag_id.lo: swid/$(am__dirstamp) \
+ swid/$(DEPDIR)/$(am__dirstamp)
+tcg/$(am__dirstamp):
+ @$(MKDIR_P) tcg
+ @: > tcg/$(am__dirstamp)
+tcg/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) tcg/$(DEPDIR)
+ @: > tcg/$(DEPDIR)/$(am__dirstamp)
+tcg/tcg_attr.lo: tcg/$(am__dirstamp) tcg/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/$(am__dirstamp):
+ @$(MKDIR_P) tcg/pts
+ @: > tcg/pts/$(am__dirstamp)
+tcg/pts/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) tcg/pts/$(DEPDIR)
+ @: > tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_proto_caps.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_dh_nonce_finish.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_meas_algo.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_get_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_get_aik.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_aik.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_req_func_comp_evid.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_gen_attest_evid.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_simple_comp_evid.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_simple_evid_final.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_req_file_meas.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_file_meas.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_req_file_meta.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/pts/tcg_pts_attr_unix_file_meta.lo: tcg/pts/$(am__dirstamp) \
+ tcg/pts/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/$(am__dirstamp):
+ @$(MKDIR_P) tcg/seg
+ @: > tcg/seg/$(am__dirstamp)
+tcg/seg/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) tcg/seg/$(DEPDIR)
+ @: > tcg/seg/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/tcg_seg_attr_max_size.lo: tcg/seg/$(am__dirstamp) \
+ tcg/seg/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/tcg_seg_attr_seg_env.lo: tcg/seg/$(am__dirstamp) \
+ tcg/seg/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/tcg_seg_attr_next_seg.lo: tcg/seg/$(am__dirstamp) \
+ tcg/seg/$(DEPDIR)/$(am__dirstamp)
+tcg/swid/$(am__dirstamp):
+ @$(MKDIR_P) tcg/swid
+ @: > tcg/swid/$(am__dirstamp)
+tcg/swid/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) tcg/swid/$(DEPDIR)
+ @: > tcg/swid/$(DEPDIR)/$(am__dirstamp)
+tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \
+ tcg/swid/$(DEPDIR)/$(am__dirstamp)
+tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \
+ tcg/swid/$(DEPDIR)/$(am__dirstamp)
+tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \
+ tcg/swid/$(DEPDIR)/$(am__dirstamp)
libimcv.la: $(libimcv_la_OBJECTS) $(libimcv_la_DEPENDENCIES) $(EXTRA_libimcv_la_DEPENDENCIES)
$(AM_V_CCLD)$(libimcv_la_LINK) -rpath $(ipseclibdir) $(libimcv_la_OBJECTS) $(libimcv_la_LIBADD) $(LIBS)
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
@$(NORMAL_INSTALL)
@list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
@@ -780,6 +1122,32 @@ clean-ipsecPROGRAMS:
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
+ita/imcv_tests-ita_attr_command.$(OBJEXT): ita/$(am__dirstamp) \
+ ita/$(DEPDIR)/$(am__dirstamp)
+pa_tnc/imcv_tests-pa_tnc_attr_manager.$(OBJEXT): \
+ pa_tnc/$(am__dirstamp) pa_tnc/$(DEPDIR)/$(am__dirstamp)
+seg/imcv_tests-seg_env.$(OBJEXT): seg/$(am__dirstamp) \
+ seg/$(DEPDIR)/$(am__dirstamp)
+seg/imcv_tests-seg_contract.$(OBJEXT): seg/$(am__dirstamp) \
+ seg/$(DEPDIR)/$(am__dirstamp)
+seg/imcv_tests-seg_contract_manager.$(OBJEXT): seg/$(am__dirstamp) \
+ seg/$(DEPDIR)/$(am__dirstamp)
+suites/$(am__dirstamp):
+ @$(MKDIR_P) suites
+ @: > suites/$(am__dirstamp)
+suites/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) suites/$(DEPDIR)
+ @: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/imcv_tests-test_imcv_seg.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
+ietf/imcv_tests-ietf_attr_pa_tnc_error.$(OBJEXT): \
+ ietf/$(am__dirstamp) ietf/$(DEPDIR)/$(am__dirstamp)
+tcg/seg/imcv_tests-tcg_seg_attr_seg_env.$(OBJEXT): \
+ tcg/seg/$(am__dirstamp) tcg/seg/$(DEPDIR)/$(am__dirstamp)
+
+imcv_tests$(EXEEXT): $(imcv_tests_OBJECTS) $(imcv_tests_DEPENDENCIES) $(EXTRA_imcv_tests_DEPENDENCIES)
+ @rm -f imcv_tests$(EXEEXT)
+ $(AM_V_CCLD)$(imcv_tests_LINK) $(imcv_tests_OBJECTS) $(imcv_tests_LDADD) $(LIBS)
imv/imv_policy_manager.$(OBJEXT): imv/$(am__dirstamp) \
imv/$(DEPDIR)/$(am__dirstamp)
imv/imv_policy_manager_usage.$(OBJEXT): imv/$(am__dirstamp) \
@@ -838,11 +1206,34 @@ mostlyclean-compile:
-rm -f os_info/*.lo
-rm -f pa_tnc/*.$(OBJEXT)
-rm -f pa_tnc/*.lo
+ -rm -f pts/*.$(OBJEXT)
+ -rm -f pts/*.lo
+ -rm -f pts/components/*.$(OBJEXT)
+ -rm -f pts/components/*.lo
+ -rm -f pts/components/ita/*.$(OBJEXT)
+ -rm -f pts/components/ita/*.lo
+ -rm -f pts/components/tcg/*.$(OBJEXT)
+ -rm -f pts/components/tcg/*.lo
+ -rm -f seg/*.$(OBJEXT)
+ -rm -f seg/*.lo
+ -rm -f suites/*.$(OBJEXT)
+ -rm -f swid/*.$(OBJEXT)
+ -rm -f swid/*.lo
+ -rm -f tcg/*.$(OBJEXT)
+ -rm -f tcg/*.lo
+ -rm -f tcg/pts/*.$(OBJEXT)
+ -rm -f tcg/pts/*.lo
+ -rm -f tcg/seg/*.$(OBJEXT)
+ -rm -f tcg/seg/*.lo
+ -rm -f tcg/swid/*.$(OBJEXT)
+ -rm -f tcg/swid/*.lo
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imcv.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imcv_tests-imcv.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imcv_tests-imcv_tests.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ietf/$(DEPDIR)/ietf_attr.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ietf/$(DEPDIR)/ietf_attr_assess_result.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ietf/$(DEPDIR)/ietf_attr_attr_request.Plo at am__quote@
@@ -856,6 +1247,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at ietf/$(DEPDIR)/ietf_attr_product_info.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ietf/$(DEPDIR)/ietf_attr_remediation_instr.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ietf/$(DEPDIR)/ietf_attr_string_version.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at imc/$(DEPDIR)/imc_agent.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at imc/$(DEPDIR)/imc_msg.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at imc/$(DEPDIR)/imc_os_info.Plo at am__quote@
@@ -871,6 +1263,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at imv/$(DEPDIR)/imv_session.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at imv/$(DEPDIR)/imv_session_manager.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at imv/$(DEPDIR)/imv_workitem.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ita/$(DEPDIR)/ita_attr.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ita/$(DEPDIR)/ita_attr_angel.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ita/$(DEPDIR)/ita_attr_command.Plo at am__quote@
@@ -879,8 +1272,65 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at ita/$(DEPDIR)/ita_attr_get_settings.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ita/$(DEPDIR)/ita_attr_settings.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at os_info/$(DEPDIR)/os_info.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at pa_tnc/$(DEPDIR)/pa_tnc_attr_manager.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at pa_tnc/$(DEPDIR)/pa_tnc_msg.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_creds.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_database.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_dh_group.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_error.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_file_meas.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_file_meta.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_file_type.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_ima_bios_list.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_ima_event_list.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_meas_algo.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_pcr.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/components/$(DEPDIR)/pts_comp_evidence.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/components/$(DEPDIR)/pts_comp_func_name.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/components/$(DEPDIR)/pts_component_manager.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/components/ita/$(DEPDIR)/ita_comp_func_name.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/components/ita/$(DEPDIR)/ita_comp_ima.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/components/ita/$(DEPDIR)/ita_comp_tboot.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/components/ita/$(DEPDIR)/ita_comp_tgrub.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at pts/components/tcg/$(DEPDIR)/tcg_comp_func_name.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at seg/$(DEPDIR)/imcv_tests-seg_contract.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at seg/$(DEPDIR)/imcv_tests-seg_env.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at seg/$(DEPDIR)/seg_contract.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at seg/$(DEPDIR)/seg_contract_manager.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at seg/$(DEPDIR)/seg_env.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at swid/$(DEPDIR)/swid_error.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at swid/$(DEPDIR)/swid_inventory.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at swid/$(DEPDIR)/swid_tag.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at swid/$(DEPDIR)/swid_tag_id.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/$(DEPDIR)/tcg_attr.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_aik.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_finish.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_req.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_resp.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_file_meas.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_gen_attest_evid.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_get_aik.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_get_tpm_version_info.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_meas_algo.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_proto_caps.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meas.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meta.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_req_func_comp_evid.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_comp_evid.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_evid_final.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_tpm_version_info.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_unix_file_meta.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/seg/$(DEPDIR)/tcg_seg_attr_max_size.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/seg/$(DEPDIR)/tcg_seg_attr_next_seg.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/seg/$(DEPDIR)/tcg_seg_attr_seg_env.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo at am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -906,6 +1356,146 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+ita/imcv_tests-ita_attr_command.o: ita/ita_attr_command.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ita/imcv_tests-ita_attr_command.o -MD -MP -MF ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo -c -o ita/imcv_tests-ita_attr_command.o `test -f 'ita/ita_attr_command.c' || echo '$(srcdir)/'`ita/ita_attr_command.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ita/ita_attr_command.c' object='ita/imcv_tests-ita_attr_command.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ita/imcv_tests-ita_attr_command.o `test -f 'ita/ita_attr_command.c' || echo '$(srcdir)/'`ita/ita_attr_command.c
+
+ita/imcv_tests-ita_attr_command.obj: ita/ita_attr_command.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ita/imcv_tests-ita_attr_command.obj -MD -MP -MF ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo -c -o ita/imcv_tests-ita_attr_command.obj `if test -f 'ita/ita_attr_command.c'; then $(CYGPATH_W) 'ita/ita_attr_command.c'; else $(CYGPATH_W) '$(srcdir)/ita/ita_attr_command.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ita/$(DEPDIR)/imcv_tests-ita_attr_command.Tpo ita/$(DEPDIR)/imcv_tests-ita_attr_command.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ita/ita_attr_command.c' object='ita/imcv_tests-ita_attr_command.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ita/imcv_tests-ita_attr_command.obj `if test -f 'ita/ita_attr_command.c'; then $(CYGPATH_W) 'ita/ita_attr_command.c'; else $(CYGPATH_W) '$(srcdir)/ita/ita_attr_command.c'; fi`
+
+pa_tnc/imcv_tests-pa_tnc_attr_manager.o: pa_tnc/pa_tnc_attr_manager.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT pa_tnc/imcv_tests-pa_tnc_attr_manager.o -MD -MP -MF pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.o `test -f 'pa_tnc/pa_tnc_attr_manager.c' || echo '$(srcdir)/'`pa_tnc/pa_tnc_attr_manager.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pa_tnc/pa_tnc_attr_manager.c' object='pa_tnc/imcv_tests-pa_tnc_attr_manager.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.o `test -f 'pa_tnc/pa_tnc_attr_manager.c' || echo '$(srcdir)/'`pa_tnc/pa_tnc_attr_manager.c
+
+pa_tnc/imcv_tests-pa_tnc_attr_manager.obj: pa_tnc/pa_tnc_attr_manager.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT pa_tnc/imcv_tests-pa_tnc_attr_manager.obj -MD -MP -MF pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.obj `if test -f 'pa_tnc/pa_tnc_attr_manager.c'; then $(CYGPATH_W) 'pa_tnc/pa_tnc_attr_manager.c'; else $(CYGPATH_W) '$(srcdir)/pa_tnc/pa_tnc_attr_manager.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Tpo pa_tnc/$(DEPDIR)/imcv_tests-pa_tnc_attr_manager.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pa_tnc/pa_tnc_attr_manager.c' object='pa_tnc/imcv_tests-pa_tnc_attr_manager.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o pa_tnc/imcv_tests-pa_tnc_attr_manager.obj `if test -f 'pa_tnc/pa_tnc_attr_manager.c'; then $(CYGPATH_W) 'pa_tnc/pa_tnc_attr_manager.c'; else $(CYGPATH_W) '$(srcdir)/pa_tnc/pa_tnc_attr_manager.c'; fi`
+
+seg/imcv_tests-seg_env.o: seg/seg_env.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_env.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_env.Tpo -c -o seg/imcv_tests-seg_env.o `test -f 'seg/seg_env.c' || echo '$(srcdir)/'`seg/seg_env.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_env.Tpo seg/$(DEPDIR)/imcv_tests-seg_env.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_env.c' object='seg/imcv_tests-seg_env.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_env.o `test -f 'seg/seg_env.c' || echo '$(srcdir)/'`seg/seg_env.c
+
+seg/imcv_tests-seg_env.obj: seg/seg_env.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_env.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_env.Tpo -c -o seg/imcv_tests-seg_env.obj `if test -f 'seg/seg_env.c'; then $(CYGPATH_W) 'seg/seg_env.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_env.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_env.Tpo seg/$(DEPDIR)/imcv_tests-seg_env.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_env.c' object='seg/imcv_tests-seg_env.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_env.obj `if test -f 'seg/seg_env.c'; then $(CYGPATH_W) 'seg/seg_env.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_env.c'; fi`
+
+seg/imcv_tests-seg_contract.o: seg/seg_contract.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo -c -o seg/imcv_tests-seg_contract.o `test -f 'seg/seg_contract.c' || echo '$(srcdir)/'`seg/seg_contract.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract.c' object='seg/imcv_tests-seg_contract.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract.o `test -f 'seg/seg_contract.c' || echo '$(srcdir)/'`seg/seg_contract.c
+
+seg/imcv_tests-seg_contract.obj: seg/seg_contract.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo -c -o seg/imcv_tests-seg_contract.obj `if test -f 'seg/seg_contract.c'; then $(CYGPATH_W) 'seg/seg_contract.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract.c' object='seg/imcv_tests-seg_contract.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract.obj `if test -f 'seg/seg_contract.c'; then $(CYGPATH_W) 'seg/seg_contract.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract.c'; fi`
+
+seg/imcv_tests-seg_contract_manager.o: seg/seg_contract_manager.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract_manager.o -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo -c -o seg/imcv_tests-seg_contract_manager.o `test -f 'seg/seg_contract_manager.c' || echo '$(srcdir)/'`seg/seg_contract_manager.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract_manager.c' object='seg/imcv_tests-seg_contract_manager.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract_manager.o `test -f 'seg/seg_contract_manager.c' || echo '$(srcdir)/'`seg/seg_contract_manager.c
+
+seg/imcv_tests-seg_contract_manager.obj: seg/seg_contract_manager.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT seg/imcv_tests-seg_contract_manager.obj -MD -MP -MF seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo -c -o seg/imcv_tests-seg_contract_manager.obj `if test -f 'seg/seg_contract_manager.c'; then $(CYGPATH_W) 'seg/seg_contract_manager.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract_manager.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Tpo seg/$(DEPDIR)/imcv_tests-seg_contract_manager.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='seg/seg_contract_manager.c' object='seg/imcv_tests-seg_contract_manager.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o seg/imcv_tests-seg_contract_manager.obj `if test -f 'seg/seg_contract_manager.c'; then $(CYGPATH_W) 'seg/seg_contract_manager.c'; else $(CYGPATH_W) '$(srcdir)/seg/seg_contract_manager.c'; fi`
+
+suites/imcv_tests-test_imcv_seg.o: suites/test_imcv_seg.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_seg.o -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo -c -o suites/imcv_tests-test_imcv_seg.o `test -f 'suites/test_imcv_seg.c' || echo '$(srcdir)/'`suites/test_imcv_seg.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_seg.c' object='suites/imcv_tests-test_imcv_seg.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_seg.o `test -f 'suites/test_imcv_seg.c' || echo '$(srcdir)/'`suites/test_imcv_seg.c
+
+suites/imcv_tests-test_imcv_seg.obj: suites/test_imcv_seg.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT suites/imcv_tests-test_imcv_seg.obj -MD -MP -MF suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo -c -o suites/imcv_tests-test_imcv_seg.obj `if test -f 'suites/test_imcv_seg.c'; then $(CYGPATH_W) 'suites/test_imcv_seg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_seg.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Tpo suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_imcv_seg.c' object='suites/imcv_tests-test_imcv_seg.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o suites/imcv_tests-test_imcv_seg.obj `if test -f 'suites/test_imcv_seg.c'; then $(CYGPATH_W) 'suites/test_imcv_seg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_imcv_seg.c'; fi`
+
+ietf/imcv_tests-ietf_attr_pa_tnc_error.o: ietf/ietf_attr_pa_tnc_error.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/imcv_tests-ietf_attr_pa_tnc_error.o -MD -MP -MF ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.o `test -f 'ietf/ietf_attr_pa_tnc_error.c' || echo '$(srcdir)/'`ietf/ietf_attr_pa_tnc_error.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/ietf_attr_pa_tnc_error.c' object='ietf/imcv_tests-ietf_attr_pa_tnc_error.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.o `test -f 'ietf/ietf_attr_pa_tnc_error.c' || echo '$(srcdir)/'`ietf/ietf_attr_pa_tnc_error.c
+
+ietf/imcv_tests-ietf_attr_pa_tnc_error.obj: ietf/ietf_attr_pa_tnc_error.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT ietf/imcv_tests-ietf_attr_pa_tnc_error.obj -MD -MP -MF ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.obj `if test -f 'ietf/ietf_attr_pa_tnc_error.c'; then $(CYGPATH_W) 'ietf/ietf_attr_pa_tnc_error.c'; else $(CYGPATH_W) '$(srcdir)/ietf/ietf_attr_pa_tnc_error.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Tpo ietf/$(DEPDIR)/imcv_tests-ietf_attr_pa_tnc_error.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ietf/ietf_attr_pa_tnc_error.c' object='ietf/imcv_tests-ietf_attr_pa_tnc_error.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o ietf/imcv_tests-ietf_attr_pa_tnc_error.obj `if test -f 'ietf/ietf_attr_pa_tnc_error.c'; then $(CYGPATH_W) 'ietf/ietf_attr_pa_tnc_error.c'; else $(CYGPATH_W) '$(srcdir)/ietf/ietf_attr_pa_tnc_error.c'; fi`
+
+tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o: tcg/seg/tcg_seg_attr_seg_env.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o -MD -MP -MF tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o `test -f 'tcg/seg/tcg_seg_attr_seg_env.c' || echo '$(srcdir)/'`tcg/seg/tcg_seg_attr_seg_env.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tcg/seg/tcg_seg_attr_seg_env.c' object='tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.o `test -f 'tcg/seg/tcg_seg_attr_seg_env.c' || echo '$(srcdir)/'`tcg/seg/tcg_seg_attr_seg_env.c
+
+tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj: tcg/seg/tcg_seg_attr_seg_env.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj -MD -MP -MF tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj `if test -f 'tcg/seg/tcg_seg_attr_seg_env.c'; then $(CYGPATH_W) 'tcg/seg/tcg_seg_attr_seg_env.c'; else $(CYGPATH_W) '$(srcdir)/tcg/seg/tcg_seg_attr_seg_env.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Tpo tcg/seg/$(DEPDIR)/imcv_tests-tcg_seg_attr_seg_env.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tcg/seg/tcg_seg_attr_seg_env.c' object='tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o tcg/seg/imcv_tests-tcg_seg_attr_seg_env.obj `if test -f 'tcg/seg/tcg_seg_attr_seg_env.c'; then $(CYGPATH_W) 'tcg/seg/tcg_seg_attr_seg_env.c'; else $(CYGPATH_W) '$(srcdir)/tcg/seg/tcg_seg_attr_seg_env.c'; fi`
+
+imcv_tests-imcv.o: imcv.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv.o -MD -MP -MF $(DEPDIR)/imcv_tests-imcv.Tpo -c -o imcv_tests-imcv.o `test -f 'imcv.c' || echo '$(srcdir)/'`imcv.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv.Tpo $(DEPDIR)/imcv_tests-imcv.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv.c' object='imcv_tests-imcv.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv.o `test -f 'imcv.c' || echo '$(srcdir)/'`imcv.c
+
+imcv_tests-imcv.obj: imcv.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv.obj -MD -MP -MF $(DEPDIR)/imcv_tests-imcv.Tpo -c -o imcv_tests-imcv.obj `if test -f 'imcv.c'; then $(CYGPATH_W) 'imcv.c'; else $(CYGPATH_W) '$(srcdir)/imcv.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv.Tpo $(DEPDIR)/imcv_tests-imcv.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv.c' object='imcv_tests-imcv.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv.obj `if test -f 'imcv.c'; then $(CYGPATH_W) 'imcv.c'; else $(CYGPATH_W) '$(srcdir)/imcv.c'; fi`
+
+imcv_tests-imcv_tests.o: imcv_tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv_tests.o -MD -MP -MF $(DEPDIR)/imcv_tests-imcv_tests.Tpo -c -o imcv_tests-imcv_tests.o `test -f 'imcv_tests.c' || echo '$(srcdir)/'`imcv_tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv_tests.Tpo $(DEPDIR)/imcv_tests-imcv_tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv_tests.c' object='imcv_tests-imcv_tests.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv_tests.o `test -f 'imcv_tests.c' || echo '$(srcdir)/'`imcv_tests.c
+
+imcv_tests-imcv_tests.obj: imcv_tests.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -MT imcv_tests-imcv_tests.obj -MD -MP -MF $(DEPDIR)/imcv_tests-imcv_tests.Tpo -c -o imcv_tests-imcv_tests.obj `if test -f 'imcv_tests.c'; then $(CYGPATH_W) 'imcv_tests.c'; else $(CYGPATH_W) '$(srcdir)/imcv_tests.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/imcv_tests-imcv_tests.Tpo $(DEPDIR)/imcv_tests-imcv_tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imcv_tests.c' object='imcv_tests-imcv_tests.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(imcv_tests_CFLAGS) $(CFLAGS) -c -o imcv_tests-imcv_tests.obj `if test -f 'imcv_tests.c'; then $(CYGPATH_W) 'imcv_tests.c'; else $(CYGPATH_W) '$(srcdir)/imcv_tests.c'; fi`
+
mostlyclean-libtool:
-rm -f *.lo
@@ -917,6 +1507,16 @@ clean-libtool:
-rm -rf ita/.libs ita/_libs
-rm -rf os_info/.libs os_info/_libs
-rm -rf pa_tnc/.libs pa_tnc/_libs
+ -rm -rf pts/.libs pts/_libs
+ -rm -rf pts/components/.libs pts/components/_libs
+ -rm -rf pts/components/ita/.libs pts/components/ita/_libs
+ -rm -rf pts/components/tcg/.libs pts/components/tcg/_libs
+ -rm -rf seg/.libs seg/_libs
+ -rm -rf swid/.libs swid/_libs
+ -rm -rf tcg/.libs tcg/_libs
+ -rm -rf tcg/pts/.libs tcg/pts/_libs
+ -rm -rf tcg/seg/.libs tcg/seg/_libs
+ -rm -rf tcg/swid/.libs tcg/swid/_libs
install-dist_templatesDATA: $(dist_templates_DATA)
@$(NORMAL_INSTALL)
@list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
@@ -1038,6 +1638,99 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ fi; \
+ echo "$${col}$$dashes$${std}"; \
+ echo "$${col}$$banner$${std}"; \
+ test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+ test -z "$$report" || echo "$${col}$$report$${std}"; \
+ echo "$${col}$$dashes$${std}"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -1094,6 +1787,8 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-recursive
all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA)
installdirs: installdirs-recursive
@@ -1139,17 +1834,39 @@ distclean-generic:
-rm -f os_info/$(am__dirstamp)
-rm -f pa_tnc/$(DEPDIR)/$(am__dirstamp)
-rm -f pa_tnc/$(am__dirstamp)
+ -rm -f pts/$(DEPDIR)/$(am__dirstamp)
+ -rm -f pts/$(am__dirstamp)
+ -rm -f pts/components/$(DEPDIR)/$(am__dirstamp)
+ -rm -f pts/components/$(am__dirstamp)
+ -rm -f pts/components/ita/$(DEPDIR)/$(am__dirstamp)
+ -rm -f pts/components/ita/$(am__dirstamp)
+ -rm -f pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
+ -rm -f pts/components/tcg/$(am__dirstamp)
+ -rm -f seg/$(DEPDIR)/$(am__dirstamp)
+ -rm -f seg/$(am__dirstamp)
+ -rm -f suites/$(DEPDIR)/$(am__dirstamp)
+ -rm -f suites/$(am__dirstamp)
+ -rm -f swid/$(DEPDIR)/$(am__dirstamp)
+ -rm -f swid/$(am__dirstamp)
+ -rm -f tcg/$(DEPDIR)/$(am__dirstamp)
+ -rm -f tcg/$(am__dirstamp)
+ -rm -f tcg/pts/$(DEPDIR)/$(am__dirstamp)
+ -rm -f tcg/pts/$(am__dirstamp)
+ -rm -f tcg/seg/$(DEPDIR)/$(am__dirstamp)
+ -rm -f tcg/seg/$(am__dirstamp)
+ -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp)
+ -rm -f tcg/swid/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
-clean-am: clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \
- clean-libtool mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \
+ clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1196,7 +1913,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) ietf/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1216,17 +1933,17 @@ ps-am:
uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \
uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES
-.MAKE: $(am__recursive_targets) install-am install-strip
+.MAKE: $(am__recursive_targets) check-am install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
- check-am clean clean-generic clean-ipsecPROGRAMS \
- clean-ipseclibLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dist_templatesDATA install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am \
+ check-TESTS check-am clean clean-checkPROGRAMS clean-generic \
+ clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES clean-libtool \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dist_templatesDATA \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-html install-html-am install-info install-info-am \
install-ipsecPROGRAMS install-ipsecSCRIPTS \
install-ipseclibLTLIBRARIES install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c
index 2f38198..67269af 100644
--- a/src/libimcv/ietf/ietf_attr.c
+++ b/src/libimcv/ietf/ietf_attr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -47,34 +47,35 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
/**
* See header
*/
-pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
+pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value)
{
switch (type)
{
case IETF_ATTR_ATTRIBUTE_REQUEST:
- return ietf_attr_attr_request_create_from_data(value);
+ return ietf_attr_attr_request_create_from_data(length, value);
case IETF_ATTR_PRODUCT_INFORMATION:
- return ietf_attr_product_info_create_from_data(value);
+ return ietf_attr_product_info_create_from_data(length, value);
case IETF_ATTR_NUMERIC_VERSION:
- return ietf_attr_numeric_version_create_from_data(value);
+ return ietf_attr_numeric_version_create_from_data(length, value);
case IETF_ATTR_STRING_VERSION:
- return ietf_attr_string_version_create_from_data(value);
+ return ietf_attr_string_version_create_from_data(length, value);
case IETF_ATTR_OPERATIONAL_STATUS:
- return ietf_attr_op_status_create_from_data(value);
+ return ietf_attr_op_status_create_from_data(length, value);
case IETF_ATTR_PORT_FILTER:
- return ietf_attr_port_filter_create_from_data(value);
+ return ietf_attr_port_filter_create_from_data(length, value);
case IETF_ATTR_INSTALLED_PACKAGES:
- return ietf_attr_installed_packages_create_from_data(value);
+ return ietf_attr_installed_packages_create_from_data(length, value);
case IETF_ATTR_PA_TNC_ERROR:
- return ietf_attr_pa_tnc_error_create_from_data(value);
+ return ietf_attr_pa_tnc_error_create_from_data(length, value);
case IETF_ATTR_ASSESSMENT_RESULT:
- return ietf_attr_assess_result_create_from_data(value);
+ return ietf_attr_assess_result_create_from_data(length, value);
case IETF_ATTR_REMEDIATION_INSTRUCTIONS:
- return ietf_attr_remediation_instr_create_from_data(value);
+ return ietf_attr_remediation_instr_create_from_data(length, value);
case IETF_ATTR_FORWARDING_ENABLED:
- return ietf_attr_fwd_enabled_create_from_data(value);
+ return ietf_attr_fwd_enabled_create_from_data(length, value);
case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
- return ietf_attr_default_pwd_enabled_create_from_data(value);
+ return ietf_attr_default_pwd_enabled_create_from_data(length, value);
case IETF_ATTR_TESTING:
case IETF_ATTR_RESERVED:
default:
diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h
index d22175d..169ed78 100644
--- a/src/libimcv/ietf/ietf_attr.h
+++ b/src/libimcv/ietf/ietf_attr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -56,8 +56,10 @@ extern enum_name_t *ietf_attr_names;
* Create an IETF PA-TNC attribute from data
*
* @param type attribute type
- * @param value attribute value
+ * @param length attribute length
+ * @param value attribute value or segment
*/
-pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value);
+pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_assess_result.c b/src/libimcv/ietf/ietf_attr_assess_result.c
index 55226e3..1cffdca 100644
--- a/src/libimcv/ietf/ietf_attr_assess_result.c
+++ b/src/libimcv/ietf/ietf_attr_assess_result.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,7 +50,12 @@ struct private_ietf_attr_assess_result_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer = bio_writer_create(ASSESS_RESULT_SIZE);
writer->write_uint32(writer, this->result);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -115,10 +121,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
bio_reader_t *reader;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < ASSESS_RESULT_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF assessment result");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -128,6 +139,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_assess_result_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_assess_result_t *this)
{
@@ -167,6 +184,7 @@ pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -183,7 +201,8 @@ pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_assess_result_t *this;
@@ -196,12 +215,14 @@ pa_tnc_attr_t *ietf_attr_assess_result_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_result = _get_result,
},
.type = { PEN_IETF, IETF_ATTR_ASSESSMENT_RESULT },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_assess_result.h b/src/libimcv/ietf/ietf_attr_assess_result.h
index e94b57b..b1a5166 100644
--- a/src/libimcv/ietf/ietf_attr_assess_result.h
+++ b/src/libimcv/ietf/ietf_attr_assess_result.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -56,8 +56,10 @@ pa_tnc_attr_t* ietf_attr_assess_result_create(u_int32_t result);
/**
* Creates an ietf_attr_assess_result_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_assess_result_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_assess_result_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_ASSESS_RESULT_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_attr_request.c b/src/libimcv/ietf/ietf_attr_attr_request.c
index 3b4fd26..3862a0a 100644
--- a/src/libimcv/ietf/ietf_attr_attr_request.c
+++ b/src/libimcv/ietf/ietf_attr_attr_request.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -59,7 +59,12 @@ struct private_ietf_attr_attr_request_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -126,6 +131,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -150,11 +156,17 @@ METHOD(pa_tnc_attr_t, process, status_t,
u_int8_t reserved;
int count;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+
count = this->value.len / ATTR_REQUEST_ENTRY_SIZE;
if (this->value.len != ATTR_REQUEST_ENTRY_SIZE * count)
{
DBG1(DBG_TNC, "incorrect attribute length for IETF attribute request");
- *offset = 0;
return FAILED;
}
@@ -184,6 +196,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_attr_request_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_attr_request_t *this)
{
@@ -224,6 +242,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -246,7 +265,8 @@ pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_attr_request_t *this;
@@ -259,6 +279,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -266,6 +287,7 @@ pa_tnc_attr_t *ietf_attr_attr_request_create_from_data(chunk_t data)
.create_enumerator = _create_enumerator,
},
.type = { PEN_IETF, IETF_ATTR_ATTRIBUTE_REQUEST },
+ .length = length,
.value = chunk_clone(data),
.list = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/ietf/ietf_attr_attr_request.h b/src/libimcv/ietf/ietf_attr_attr_request.h
index fc9e086..47b0386 100644
--- a/src/libimcv/ietf/ietf_attr_attr_request.h
+++ b/src/libimcv/ietf/ietf_attr_attr_request.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -62,10 +62,10 @@ struct ietf_attr_attr_request_t {
pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type);
/**
- * Creates an ietf_attr_attr_request_t object from received data
- *
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_attr_request_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_attr_request_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_ATTR_REQUEST_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
index 2c6b3d5..ee5864d 100644
--- a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
+++ b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,7 +50,12 @@ struct private_ietf_attr_default_pwd_enabled_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint32(writer, this->status);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -118,6 +124,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len != DEFAULT_PWD_ENABLED_SIZE)
{
DBG1(DBG_TNC, "incorrect size for IETF factory default password "
@@ -139,6 +149,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_default_pwd_enabled_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_default_pwd_enabled_t *this)
{
@@ -178,6 +194,7 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create(bool status)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -194,7 +211,8 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create(bool status)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_default_pwd_enabled_t *this;
@@ -207,12 +225,14 @@ pa_tnc_attr_t *ietf_attr_default_pwd_enabled_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_status = _get_status,
},
.type = { PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
index 6fe1a02..3999590 100644
--- a/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
+++ b/src/libimcv/ietf/ietf_attr_default_pwd_enabled.h
@@ -56,8 +56,10 @@ pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create(bool status);
/**
* Creates an ietf_attr_default_pwd_enabled_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_default_pwd_enabled_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_PWD_ENABLED_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.c b/src/libimcv/ietf/ietf_attr_fwd_enabled.c
index a906b22..c00a5ef 100644
--- a/src/libimcv/ietf/ietf_attr_fwd_enabled.c
+++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,7 +50,12 @@ struct private_ietf_attr_fwd_enabled_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -107,6 +112,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint32(writer, this->fwd_status);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -118,6 +124,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len != FORWARDING_ENABLED_SIZE)
{
DBG1(DBG_TNC, "incorrect size for IETF forwarding enabled attribute");
@@ -138,6 +148,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_fwd_enabled_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_fwd_enabled_t *this)
{
@@ -177,6 +193,7 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -193,7 +210,8 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_fwd_enabled_t *this;
@@ -206,12 +224,14 @@ pa_tnc_attr_t *ietf_attr_fwd_enabled_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_status = _get_status,
},
.type = { PEN_IETF, IETF_ATTR_FORWARDING_ENABLED },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.h b/src/libimcv/ietf/ietf_attr_fwd_enabled.h
index 4171438..c4b6c15 100644
--- a/src/libimcv/ietf/ietf_attr_fwd_enabled.h
+++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-14 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -57,8 +57,10 @@ pa_tnc_attr_t* ietf_attr_fwd_enabled_create(os_fwd_status_t fwd_status);
/**
* Creates an ietf_attr_fwd_enabled_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_fwd_enabled_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_fwd_enabled_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_FWD_ENABLED_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.c b/src/libimcv/ietf/ietf_attr_installed_packages.c
index f33f643..39eea55 100644
--- a/src/libimcv/ietf/ietf_attr_installed_packages.c
+++ b/src/libimcv/ietf/ietf_attr_installed_packages.c
@@ -57,16 +57,36 @@ struct private_ietf_attr_installed_packages_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Offset up to which attribute value has been processed
+ */
+ size_t offset;
+
+ /**
+ * Current position of attribute value pointer
*/
chunk_t value;
/**
+ * Contains complete attribute or current segment
+ */
+ chunk_t segment;
+
+ /**
* Noskip flag
*/
bool noskip_flag;
/**
+ * Number of Installed Packages in attribute
+ */
+ uint16_t count;
+
+ /**
* List of Installed Package entries
*/
linked_list_t *packages;
@@ -143,6 +163,8 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->segment = this->value;
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -151,72 +173,91 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
bio_reader_t *reader;
package_entry_t *entry;
- status_t status = FAILED;
+ status_t status = NEED_MORE;
chunk_t name, version;
- u_int16_t reserved, count;
+ u_int16_t reserved;
u_char *pos;
- *offset = 0;
-
- if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for IETF installed packages");
- return FAILED;
+ if (this->offset == 0)
+ {
+ if (this->length < IETF_INSTALLED_PACKAGES_MIN_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_IETF,
+ ietf_attr_names, this->type.type);
+ *offset = this->offset;
+ return FAILED;
+ }
+ if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE)
+ {
+ return NEED_MORE;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint16(reader, &reserved);
+ reader->read_uint16(reader, &this->count);
+ this->offset = IETF_INSTALLED_PACKAGES_MIN_SIZE;
+ this->value = reader->peek(reader);
+ reader->destroy(reader);
}
+
reader = bio_reader_create(this->value);
- reader->read_uint16(reader, &reserved);
- reader->read_uint16(reader, &count);
- *offset = IETF_INSTALLED_PACKAGES_MIN_SIZE;
- while (reader->remaining(reader))
+ while (this->count)
{
- if (!reader->read_data8(reader, &name))
+ if (!reader->read_data8(reader, &name) ||
+ !reader->read_data8(reader, &version))
{
- DBG1(DBG_TNC, "insufficient data for IETF installed package name");
goto end;
}
pos = memchr(name.ptr, '\0', name.len);
if (pos)
{
DBG1(DBG_TNC, "nul termination in IETF installed package name");
- *offset += 1 + (pos - name.ptr);
- goto end;
- }
- *offset += 1 + name.len;
-
- if (!reader->read_data8(reader, &version))
- {
- DBG1(DBG_TNC, "insufficient data for IETF installed package version");
+ *offset = this->offset + 1 + (pos - name.ptr);
+ status = FAILED;
goto end;
}
pos = memchr(version.ptr, '\0', version.len);
if (pos)
{
DBG1(DBG_TNC, "nul termination in IETF installed package version");
- *offset += 1 + (pos - version.ptr);
+ *offset = this->offset + 1 + name.len + 1 + (pos - version.ptr);
+ status = FAILED;
goto end;
}
- *offset += 1 + version.len;
+ this->offset += this->value.len - reader->remaining(reader);
+ this->value = reader->peek(reader);
entry = malloc_thing(package_entry_t);
entry->name = chunk_clone(name);
entry->version = chunk_clone(version);
this->packages->insert_last(this->packages, entry);
+
+ /* at least one tag ID was processed */
+ status = SUCCESS;
+ this->count--;
}
- if (count != this->packages->get_count(this->packages))
+ if (this->length != this->offset)
{
- DBG1(DBG_TNC, "IETF installed package count unequal to "
- "number of included packages");
- goto end;
+ DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_IETF,
+ ietf_attr_names, this->type.type);
+ *offset = this->offset;
+ status = FAILED;
}
- status = SUCCESS;
end:
reader->destroy(reader);
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_installed_packages_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("cc", this->value, segment);
+ chunk_free(&this->segment);
+ this->segment = this->value;
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_installed_packages_t *this)
{
@@ -230,7 +271,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
if (ref_put(&this->ref))
{
this->packages->destroy_function(this->packages, (void*)free_package_entry);
- free(this->value.ptr);
+ free(this->segment.ptr);
free(this);
}
}
@@ -269,6 +310,23 @@ METHOD(ietf_attr_installed_packages_t, create_enumerator, enumerator_t*,
(void*)package_filter, NULL, NULL);
}
+METHOD(ietf_attr_installed_packages_t, get_count, uint16_t,
+ private_ietf_attr_installed_packages_t *this)
+{
+ return this->count;
+}
+
+METHOD(ietf_attr_installed_packages_t, clear_packages, void,
+ private_ietf_attr_installed_packages_t *this)
+{
+ package_entry_t *entry;
+
+ while (this->packages->remove_first(this->packages,(void**)&entry) == SUCCESS)
+ {
+ free_package_entry(entry);
+ }
+}
+
/**
* Described in header.
*/
@@ -285,11 +343,14 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create(void)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.add = _add,
.create_enumerator = _create_enumerator,
+ .get_count = _get_count,
+ .clear_packages = _clear_packages,
},
.type = { PEN_IETF, IETF_ATTR_INSTALLED_PACKAGES },
.packages = linked_list_create(),
@@ -300,9 +361,11 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create(void)
}
/**
- * Described in header.
+ * Described in header. .length = length,
+
*/
-pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_installed_packages_t *this;
@@ -315,18 +378,25 @@ pa_tnc_attr_t *ietf_attr_installed_packages_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.add = _add,
.create_enumerator = _create_enumerator,
+ .get_count = _get_count,
+ .clear_packages = _clear_packages,
},
.type = {PEN_IETF, IETF_ATTR_INSTALLED_PACKAGES },
- .value = chunk_clone(data),
+ .length = length,
+ .segment = chunk_clone(data),
.packages = linked_list_create(),
.ref = 1,
);
+ /* received either complete attribute value or first segment */
+ this->value = this->segment;
+
return &this->public.pa_tnc_attribute;
}
diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.h b/src/libimcv/ietf/ietf_attr_installed_packages.h
index e19d0f4..9f7b7cb 100644
--- a/src/libimcv/ietf/ietf_attr_installed_packages.h
+++ b/src/libimcv/ietf/ietf_attr_installed_packages.h
@@ -56,6 +56,18 @@ struct ietf_attr_installed_packages_t {
*/
enumerator_t* (*create_enumerator)(ietf_attr_installed_packages_t *this);
+ /**
+ * Number of Installed Packages still missing
+ *
+ * @return Number of missing installed packages
+ */
+ uint16_t (*get_count)(ietf_attr_installed_packages_t *this);
+
+ /**
+ * Remove all Installed Packages from list
+ */
+ void (*clear_packages)(ietf_attr_installed_packages_t *this);
+
};
/**
@@ -67,8 +79,10 @@ pa_tnc_attr_t* ietf_attr_installed_packages_create(void);
/**
* Creates an ietf_attr_installed_packages_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_installed_packages_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_installed_packages_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_INSTALLED_PACKAGES_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.c b/src/libimcv/ietf/ietf_attr_numeric_version.c
index 7392564..c8fd6c1 100644
--- a/src/libimcv/ietf/ietf_attr_numeric_version.c
+++ b/src/libimcv/ietf/ietf_attr_numeric_version.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -56,7 +56,12 @@ struct private_ietf_attr_numeric_version_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -138,6 +143,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint16(writer, this->service_pack_minor);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -146,10 +152,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
bio_reader_t *reader;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < NUMERIC_VERSION_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF numeric version");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -163,6 +174,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_numeric_version_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_numeric_version_t *this)
{
@@ -231,6 +248,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -253,7 +271,8 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_numeric_version_t *this;
@@ -266,6 +285,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -274,6 +294,7 @@ pa_tnc_attr_t *ietf_attr_numeric_version_create_from_data(chunk_t data)
.get_service_pack = _get_service_pack,
},
.type = { PEN_IETF, IETF_ATTR_NUMERIC_VERSION },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.h b/src/libimcv/ietf/ietf_attr_numeric_version.h
index bbda6b8..34393c6 100644
--- a/src/libimcv/ietf/ietf_attr_numeric_version.h
+++ b/src/libimcv/ietf/ietf_attr_numeric_version.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-14 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -77,8 +77,10 @@ pa_tnc_attr_t* ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor
/**
* Creates an ietf_attr_numeric_version_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_numeric_version_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_numeric_version_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_NUMERIC_VERSION_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_op_status.c b/src/libimcv/ietf/ietf_attr_op_status.c
index 2353068..d061a52 100644
--- a/src/libimcv/ietf/ietf_attr_op_status.c
+++ b/src/libimcv/ietf/ietf_attr_op_status.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -76,7 +76,12 @@ struct private_ietf_attr_op_status_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -154,6 +159,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, chunk_create(last_use, 20));
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -167,6 +173,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len != OP_STATUS_SIZE)
{
DBG1(DBG_TNC, "incorrect size for IETF operational status");
@@ -212,6 +222,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_op_status_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_op_status_t *this)
{
@@ -264,6 +280,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -284,7 +301,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_op_status_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_op_status_create_from_data(size_t length, chunk_t data)
{
private_ietf_attr_op_status_t *this;
@@ -297,6 +314,7 @@ pa_tnc_attr_t *ietf_attr_op_status_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
diff --git a/src/libimcv/ietf/ietf_attr_op_status.h b/src/libimcv/ietf/ietf_attr_op_status.h
index b70fab6..f19185f 100644
--- a/src/libimcv/ietf/ietf_attr_op_status.h
+++ b/src/libimcv/ietf/ietf_attr_op_status.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-14 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -100,8 +100,10 @@ pa_tnc_attr_t* ietf_attr_op_status_create(u_int8_t status, u_int8_t result,
/**
* Creates an ietf_attr_op_status_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_op_status_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_op_status_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_OP_STATUS_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
index 5f20f89..0dbb4aa 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -113,7 +113,12 @@ struct private_ietf_attr_pa_tnc_error_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -133,14 +138,19 @@ struct private_ietf_attr_pa_tnc_error_t {
chunk_t msg_info;
/**
- * First 8 bytes of unsupported PA-TNC attribute
+ * Flags of unsupported PA-TNC attribute
+ */
+ uint8_t flags;
+
+ /**
+ * Vendor ID and type of unsupported PA-TNC attribute
*/
- chunk_t attr_info;
+ pen_type_t unsupported_type;
/**
* PA-TNC error offset
*/
- u_int32_t error_offset;
+ uint32_t error_offset;
/**
* Reference count
@@ -200,26 +210,35 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_uint16(writer, PA_ERROR_VERSION_RESERVED);
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- writer->write_data(writer, this->attr_info);
+ writer->write_uint8 (writer, this->flags);
+ writer->write_uint24(writer, this->unsupported_type.vendor_id);
+ writer->write_uint32(writer, this->unsupported_type.type);
break;
default:
break;
}
}
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
METHOD(pa_tnc_attr_t, process, status_t,
- private_ietf_attr_pa_tnc_error_t *this, u_int32_t *offset)
+ private_ietf_attr_pa_tnc_error_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- u_int8_t reserved;
+ uint8_t reserved;
+ uint32_t vendor_id, type;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PA_ERROR_HEADER_SIZE)
{
DBG1(DBG_TNC, "insufficient data for PA-TNC error header");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -250,8 +269,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
}
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- if (!reader->read_data(reader, PA_ERROR_ATTR_INFO_SIZE,
- &this->attr_info))
+ if (reader->remaining(reader) < PA_ERROR_ATTR_INFO_SIZE)
{
reader->destroy(reader);
DBG1(DBG_TNC, "insufficient data for unsupported attribute "
@@ -259,7 +277,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE;
return FAILED;
}
- this->attr_info = chunk_clone(this->attr_info);
+ reader->read_uint8 (reader, &this->flags);
+ reader->read_uint24(reader, &vendor_id);
+ reader->read_uint32(reader, &type);
+ this->unsupported_type = pen_type_create(vendor_id, type);
break;
default:
break;
@@ -275,6 +296,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_pa_tnc_error_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_pa_tnc_error_t *this)
{
@@ -289,7 +316,6 @@ METHOD(pa_tnc_attr_t, destroy, void,
{
free(this->value.ptr);
free(this->msg_info.ptr);
- free(this->attr_info.ptr);
free(this);
}
}
@@ -306,19 +332,24 @@ METHOD(ietf_attr_pa_tnc_error_t, get_msg_info, chunk_t,
return this->msg_info;
}
-METHOD(ietf_attr_pa_tnc_error_t, get_attr_info, chunk_t,
- private_ietf_attr_pa_tnc_error_t *this)
+METHOD(ietf_attr_pa_tnc_error_t, get_unsupported_attr, pen_type_t,
+ private_ietf_attr_pa_tnc_error_t *this, uint8_t *flags)
{
- return this->attr_info;
+ if (flags)
+ {
+ *flags = this->flags;
+ }
+ return this->unsupported_type;
}
-METHOD(ietf_attr_pa_tnc_error_t, set_attr_info, void,
- private_ietf_attr_pa_tnc_error_t *this, chunk_t attr_info)
+METHOD(ietf_attr_pa_tnc_error_t, set_unsupported_attr, void,
+ private_ietf_attr_pa_tnc_error_t *this, uint8_t flags, pen_type_t type)
{
- this->attr_info = chunk_clone(attr_info);
+ this->flags = flags;
+ this->unsupported_type = type;
}
-METHOD(ietf_attr_pa_tnc_error_t, get_offset, u_int32_t,
+METHOD(ietf_attr_pa_tnc_error_t, get_offset, uint32_t,
private_ietf_attr_pa_tnc_error_t *this)
{
return this->error_offset;
@@ -340,13 +371,14 @@ static private_ietf_attr_pa_tnc_error_t* create_generic()
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_error_code = _get_error_code,
.get_msg_info = _get_msg_info,
- .get_attr_info = _get_attr_info,
- .set_attr_info = _set_attr_info,
+ .get_unsupported_attr = _get_unsupported_attr,
+ .set_unsupported_attr = _set_unsupported_attr,
.get_offset = _get_offset,
},
.type = { PEN_IETF, IETF_ATTR_PA_TNC_ERROR },
@@ -385,7 +417,7 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_type_t error_code,
*/
pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code,
chunk_t msg_info,
- u_int32_t error_offset)
+ uint32_t error_offset)
{
private_ietf_attr_pa_tnc_error_t *this;
@@ -403,11 +435,13 @@ pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_pa_tnc_error_t *this;
this = create_generic();
+ this->length = length;
this->value = chunk_clone(data);
return &this->public.pa_tnc_attribute;
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
index faa38f8..b1df194 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -69,25 +69,29 @@ struct ietf_attr_pa_tnc_error_t {
chunk_t (*get_msg_info)(ietf_attr_pa_tnc_error_t *this);
/**
- * Get first 8 bytes of unsupported PA-TNC attribute
+ * Get flags, vendor ID and type of unsupported PA-TNC attribute
*
- * @return PA-TNC attribute info
+ * @param flags PA-TNC attribute flags
+ * @return PA-TNC attribute vendor ID and type
*/
- chunk_t (*get_attr_info)(ietf_attr_pa_tnc_error_t *this);
+ pen_type_t (*get_unsupported_attr)(ietf_attr_pa_tnc_error_t *this,
+ uint8_t *flags);
/**
- * Set first 8 bytes of unsupported PA-TNC attribute
+ * Set flags, vendor ID and type of unsupported PA-TNC attribute
*
- * @param attr_info PA-TNC message info
+ * @param flags PA-TNC attribute flags
+ * @param attr_info PA-TNC attribute vendor ID and type
*/
- void (*set_attr_info)(ietf_attr_pa_tnc_error_t *this, chunk_t attr_info);
+ void (*set_unsupported_attr)(ietf_attr_pa_tnc_error_t *this, uint8_t flags,
+ pen_type_t type);
/**
* Get the PA-TNC error offset
*
* @return PA-TNC error offset
*/
- u_int32_t (*get_offset)(ietf_attr_pa_tnc_error_t *this);
+ uint32_t (*get_offset)(ietf_attr_pa_tnc_error_t *this);
};
@@ -111,13 +115,15 @@ pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_type_t error_code,
*/
pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_with_offset(pen_type_t error_code,
chunk_t header,
- u_int32_t error_offset);
+ uint32_t error_offset);
/**
* Creates an ietf_attr_pa_tnc_error_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_PA_TNC_ERROR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c
index 1d516a5..4682440 100644
--- a/src/libimcv/ietf/ietf_attr_port_filter.c
+++ b/src/libimcv/ietf/ietf_attr_port_filter.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -63,7 +64,12 @@ struct private_ietf_attr_port_filter_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -131,6 +137,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -141,11 +148,16 @@ METHOD(pa_tnc_attr_t, process, status_t,
port_entry_t *entry;
u_int8_t blocked;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len % PORT_FILTER_ENTRY_SIZE)
{
DBG1(DBG_TNC, "ietf port filter attribute value is not a multiple of %d",
PORT_FILTER_ENTRY_SIZE);
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -164,6 +176,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_port_filter_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_port_filter_t *this)
{
@@ -231,6 +249,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create(void)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -248,7 +267,8 @@ pa_tnc_attr_t *ietf_attr_port_filter_create(void)
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_port_filter_t *this;
@@ -261,6 +281,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -268,6 +289,7 @@ pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
.create_port_enumerator = _create_port_enumerator,
},
.type = {PEN_IETF, IETF_ATTR_PORT_FILTER },
+ .length = length,
.value = chunk_clone(data),
.ports = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.h b/src/libimcv/ietf/ietf_attr_port_filter.h
index 93b696e..d383b19 100644
--- a/src/libimcv/ietf/ietf_attr_port_filter.h
+++ b/src/libimcv/ietf/ietf_attr_port_filter.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -67,8 +67,10 @@ pa_tnc_attr_t* ietf_attr_port_filter_create(void);
/**
* Creates an ietf_attr_port_filter_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_port_filter_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_port_filter_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_PORT_FILTER_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_product_info.c b/src/libimcv/ietf/ietf_attr_product_info.c
index a107c27..37c89e9 100644
--- a/src/libimcv/ietf/ietf_attr_product_info.c
+++ b/src/libimcv/ietf/ietf_attr_product_info.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -51,7 +52,12 @@ struct private_ietf_attr_product_info_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -120,6 +126,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, this->product_name);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -129,10 +136,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
bio_reader_t *reader;
chunk_t product_name;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < PRODUCT_INFO_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF product information");
- *offset = 0;
return FAILED;
}
reader = bio_reader_create(this->value);
@@ -153,6 +165,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_product_info_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_product_info_t *this)
{
@@ -202,6 +220,7 @@ pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -220,7 +239,8 @@ pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_product_info_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_product_info_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_product_info_t *this;
@@ -233,12 +253,14 @@ pa_tnc_attr_t *ietf_attr_product_info_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_info = _get_info,
},
.type = { PEN_IETF, IETF_ATTR_PRODUCT_INFORMATION },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_product_info.h b/src/libimcv/ietf/ietf_attr_product_info.h
index d0b2d2a..5151b58 100644
--- a/src/libimcv/ietf/ietf_attr_product_info.h
+++ b/src/libimcv/ietf/ietf_attr_product_info.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,8 +60,10 @@ pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
/**
* Creates an ietf_attr_product_info_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_product_info_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_product_info_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_PRODUCT_INFO_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.c b/src/libimcv/ietf/ietf_attr_remediation_instr.c
index 5d85e5d..6407037 100644
--- a/src/libimcv/ietf/ietf_attr_remediation_instr.c
+++ b/src/libimcv/ietf/ietf_attr_remediation_instr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -79,7 +79,12 @@ struct private_ietf_attr_remediation_instr_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -155,6 +160,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data (writer, this->parameters);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -168,6 +174,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < REMEDIATION_INSTR_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF remediation instructions");
@@ -218,6 +228,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_remediation_instr_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_remediation_instr_t *this)
{
@@ -275,6 +291,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create(pen_type_t parameters_type,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -328,7 +345,8 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_string(chunk_t string,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_remediation_instr_t *this;
@@ -341,6 +359,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -350,6 +369,7 @@ pa_tnc_attr_t *ietf_attr_remediation_instr_create_from_data(chunk_t data)
.get_string = _get_string,
},
.type = { PEN_IETF, IETF_ATTR_REMEDIATION_INSTRUCTIONS },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.h b/src/libimcv/ietf/ietf_attr_remediation_instr.h
index 5c7c889..bc03e99 100644
--- a/src/libimcv/ietf/ietf_attr_remediation_instr.h
+++ b/src/libimcv/ietf/ietf_attr_remediation_instr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -102,8 +102,10 @@ pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_string(chunk_t string,
/**
* Creates an ietf_attr_remediation_instr_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_remediation_instr_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_REMEDIATION_INSTR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_string_version.c b/src/libimcv/ietf/ietf_attr_string_version.c
index 68adde6..c46200b 100644
--- a/src/libimcv/ietf/ietf_attr_string_version.c
+++ b/src/libimcv/ietf/ietf_attr_string_version.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -54,7 +54,12 @@ struct private_ietf_attr_string_version_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -124,6 +129,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data8(writer, this->config);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -137,6 +143,10 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < STRING_VERSION_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for IETF string version");
@@ -198,6 +208,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ietf_attr_string_version_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ietf_attr_string_version_t *this)
{
@@ -254,6 +270,7 @@ pa_tnc_attr_t *ietf_attr_string_version_create(chunk_t version, chunk_t build,
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -272,7 +289,8 @@ pa_tnc_attr_t *ietf_attr_string_version_create(chunk_t version, chunk_t build,
/**
* Described in header.
*/
-pa_tnc_attr_t *ietf_attr_string_version_create_from_data(chunk_t data)
+pa_tnc_attr_t *ietf_attr_string_version_create_from_data(size_t length,
+ chunk_t data)
{
private_ietf_attr_string_version_t *this;
@@ -285,12 +303,14 @@ pa_tnc_attr_t *ietf_attr_string_version_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_version = _get_version,
},
.type = { PEN_IETF, IETF_ATTR_STRING_VERSION },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ietf/ietf_attr_string_version.h b/src/libimcv/ietf/ietf_attr_string_version.h
index 9ccc1f0..432ed4a 100644
--- a/src/libimcv/ietf/ietf_attr_string_version.h
+++ b/src/libimcv/ietf/ietf_attr_string_version.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,8 +60,10 @@ pa_tnc_attr_t* ietf_attr_string_version_create(chunk_t version, chunk_t build,
/**
* Creates an ietf_attr_string_version_t object from received data
*
- * @param value unparsed attribute value
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ietf_attr_string_version_create_from_data(chunk_t value);
+pa_tnc_attr_t* ietf_attr_string_version_create_from_data(size_t length,
+ chunk_t value);
#endif /** IETF_ATTR_STRING_VERSION_H_ @}*/
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c
index 5331517..0d622f1 100644
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -59,6 +59,11 @@ struct private_imc_agent_t {
linked_list_t *additional_ids;
/**
+ * list of non-fatal unsupported PA-TNC attribute types
+ */
+ linked_list_t *non_fatal_attr_types;
+
+ /**
* list of TNCC connection entries
*/
linked_list_t *connections;
@@ -510,11 +515,29 @@ METHOD(imc_agent_t, create_id_enumerator, enumerator_t*,
return this->additional_ids->create_enumerator(this->additional_ids);
}
+METHOD(imc_agent_t, add_non_fatal_attr_type, void,
+ private_imc_agent_t *this, pen_type_t type)
+{
+ pen_type_t *type_p;
+
+ type_p = malloc_thing(pen_type_t);
+ *type_p = type;
+ this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p);
+}
+
+METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*,
+ private_imc_agent_t *this)
+{
+ return this->non_fatal_attr_types;
+}
+
METHOD(imc_agent_t, destroy, void,
private_imc_agent_t *this)
{
DBG1(DBG_IMC, "IMC %u \"%s\" terminated", this->id, this->name);
this->additional_ids->destroy(this->additional_ids);
+ this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types,
+ free);
this->connections->destroy_function(this->connections, free);
this->connection_lock->destroy(this->connection_lock);
free(this);
@@ -550,6 +573,8 @@ imc_agent_t *imc_agent_create(const char *name,
.reserve_additional_ids = _reserve_additional_ids,
.count_additional_ids = _count_additional_ids,
.create_id_enumerator = _create_id_enumerator,
+ .add_non_fatal_attr_type = _add_non_fatal_attr_type,
+ .get_non_fatal_attr_types = _get_non_fatal_attr_types,
.destroy = _destroy,
},
.name = name,
@@ -557,6 +582,7 @@ imc_agent_t *imc_agent_create(const char *name,
.type_count = type_count,
.id = id,
.additional_ids = linked_list_create(),
+ .non_fatal_attr_types = linked_list_create(),
.connections = linked_list_create(),
.connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h
index 0a1638f..8bdfb6c 100644
--- a/src/libimcv/imc/imc_agent.h
+++ b/src/libimcv/imc/imc_agent.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -172,6 +172,16 @@ struct imc_agent_t {
enumerator_t* (*create_id_enumerator)(imc_agent_t *this);
/**
+ * Add an item to the list of non-fatal unsupported PA-TNC attribute types
+ */
+ void (*add_non_fatal_attr_type)(imc_agent_t *this, pen_type_t type);
+
+ /**
+ * Get a list of non-fatal unsupported PA-TNC attribute types
+ */
+ linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this);
+
+ /**
* Destroys an imc_agent_t object
*/
void (*destroy)(imc_agent_t *this);
diff --git a/src/libimcv/imc/imc_msg.c b/src/libimcv/imc/imc_msg.c
index 1cf81c7..83337cf 100644
--- a/src/libimcv/imc/imc_msg.c
+++ b/src/libimcv/imc/imc_msg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -18,8 +18,12 @@
#include "ietf/ietf_attr.h"
#include "ietf/ietf_attr_assess_result.h"
#include "ietf/ietf_attr_remediation_instr.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/seg/tcg_seg_attr_next_seg.h"
#include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
#include <pen/pen.h>
#include <collections/linked_list.h>
@@ -104,11 +108,18 @@ METHOD(imc_msg_t, send_, TNC_Result,
pa_tnc_attr_t *attr;
TNC_UInt32 msg_flags;
TNC_MessageType msg_type;
- bool attr_added;
+ bool attr_added, oversize;
chunk_t msg;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
enumerator_t *enumerator;
TNC_Result result = TNC_RESULT_SUCCESS;
+ /* Get IF-M segmentation contract for this subtype if any */
+ contracts = this->state->get_contracts(this->state);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->dst_id);
+
while (this->attr_list->get_count(this->attr_list))
{
pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
@@ -117,6 +128,17 @@ METHOD(imc_msg_t, send_, TNC_Result,
enumerator = this->attr_list->create_enumerator(this->attr_list);
while (enumerator->enumerate(enumerator, &attr))
{
+ if (contract && contract->check_size(contract, attr, &oversize))
+ {
+ if (oversize)
+ {
+ /* TODO generate SWID error msg */
+ }
+ else
+ {
+ attr = contract->first_segment(contract, attr);
+ }
+ }
if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
{
attr_added = TRUE;
@@ -208,8 +230,9 @@ static void print_assessment_trailer(bool first)
}
METHOD(imc_msg_t, receive, TNC_Result,
- private_imc_msg_t *this, bool *fatal_error)
+ private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error)
{
+ linked_list_t *non_fatal_types;
TNC_UInt32 target_imc_id;
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
@@ -251,26 +274,14 @@ METHOD(imc_msg_t, receive, TNC_Result,
break;
case VERIFY_ERROR:
{
- imc_msg_t *error_msg;
- TNC_Result result;
-
- error_msg = imc_msg_create_as_reply(&this->public);
-
/* extract and copy by reference all error attributes */
enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- error_msg->add_attribute(error_msg, attr->get_ref(attr));
+ out_msg->add_attribute(out_msg, attr->get_ref(attr));
}
enumerator->destroy(enumerator);
-
- /*
- * send the PA-TNC message containing all error attributes
- * with the excl flag set
- */
- result = error_msg->send(error_msg, TRUE);
- error_msg->destroy(error_msg);
- return result;
+ return TNC_RESULT_SUCCESS;
}
case FAILED:
default:
@@ -281,8 +292,192 @@ METHOD(imc_msg_t, receive, TNC_Result,
target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
this->dst_id : this->agent->get_id(this->agent);
+ /* process any IF-M segmentation contracts */
+ enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+ pen_type_t type;
+
+ type = attr->get_type(attr);
+
+ contracts = this->state->get_contracts(this->state);
+
+ if (type.vendor_id != PEN_TCG)
+ {
+ continue;
+ }
+
+ switch (type.type)
+ {
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size,
+ &max_seg_size);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->src_id);
+ if (contract)
+ {
+ contract->set_max_size(contract, max_attr_size,
+ max_seg_size);
+ }
+ else
+ {
+ contract = seg_contract_create(this->msg_type, max_attr_size,
+ max_seg_size, FALSE, this->src_id, TRUE);
+ contract->set_responder(contract, target_imc_id);
+ contracts->add_contract(contracts, contract);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMC, "%s", buf);
+
+ /* Determine maximum PA-TNC attribute segment size */
+ my_max_seg_size = this->state->get_max_msg_len(this->state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* If segmentation is possible select lower segment size */
+ if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ max_seg_size > my_max_seg_size)
+ {
+ max_seg_size = my_max_seg_size;
+ contract->set_max_size(contract, max_attr_size,
+ max_seg_size);
+ DBG2(DBG_IMC, " lowered maximum segment size to %u bytes",
+ max_seg_size);
+ }
+
+ /* Add Maximum Attribute Size Response attribute */
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ break;
+ }
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size,
+ &max_seg_size);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, this->src_id);
+ if (!contract)
+ {
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, TNC_IMCID_ANY);
+ if (contract)
+ {
+ contract = contract->clone(contract);
+ contract->set_responder(contract, this->src_id);
+ contracts->add_contract(contracts, contract);
+ }
+ }
+ if (contract)
+ {
+ contract->get_max_size(contract, &my_max_attr_size,
+ &my_max_seg_size);
+ if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ my_max_seg_size > max_seg_size)
+ {
+ my_max_seg_size = max_seg_size;
+ contract->set_max_size(contract, my_max_attr_size,
+ my_max_seg_size);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN, FALSE);
+ DBG2(DBG_IMC, "%s", buf);
+ }
+ else
+ {
+ /* TODO no request pending */
+ DBG1(DBG_IMC, "no contract for this PA message type found");
+ }
+ break;
+ }
+ case TCG_SEG_ATTR_SEG_ENV:
+ {
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ pa_tnc_attr_t *error;
+ uint32_t base_attr_id;
+ bool more;
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, this->src_id);
+ if (!contract)
+ {
+ DBG2(DBG_IMC, "no contract for received attribute segment "
+ "with base attribute ID %u", base_attr_id);
+ continue;
+ }
+ attr = contract->add_segment(contract, attr, &error, &more);
+ if (error)
+ {
+ out_msg->add_attribute(out_msg, error);
+ }
+ if (attr)
+ {
+ this->pa_msg->add_attribute(this->pa_msg, attr);
+ }
+ if (more)
+ {
+ /* Send Next Segment Request */
+ attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ }
+ break;
+ }
+ case TCG_SEG_NEXT_SEG_REQ:
+ {
+ tcg_seg_attr_next_seg_t *attr_cast;
+ uint32_t base_attr_id;
+
+ attr_cast = (tcg_seg_attr_next_seg_t*)attr;
+ base_attr_id = attr_cast->get_base_attr_id(attr_cast);
+
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->src_id);
+ if (!contract)
+ {
+ /* TODO no contract - generate error message */
+ DBG1(DBG_IMC, "no contract for received next segment "
+ "request with base attribute ID %u", base_attr_id);
+ continue;
+ }
+ attr = contract->next_segment(contract, base_attr_id);
+ if (attr)
+ {
+ out_msg->add_attribute(out_msg, attr);
+ }
+ else
+ {
+ /* TODO no more segments - generate error message */
+ DBG1(DBG_IMC, "no more segments found for "
+ "base attribute ID %u", base_attr_id);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
/* preprocess any received IETF standard error attributes */
- *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+ non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+ *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+ non_fatal_types);
/* preprocess any received IETF assessment result attribute */
enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
@@ -297,16 +492,16 @@ METHOD(imc_msg_t, receive, TNC_Result,
if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
{
ietf_attr_assess_result_t *attr_cast;
- TNC_IMV_Evaluation_Result result;
+ TNC_IMV_Evaluation_Result res;
attr_cast = (ietf_attr_assess_result_t*)attr;
- result = attr_cast->get_result(attr_cast);
- this->state->set_result(this->state, target_imc_id, result);
+ res = attr_cast->get_result(attr_cast);
+ this->state->set_result(this->state, target_imc_id, res);
print_assessment_header(this->agent->get_name(this->agent),
target_imc_id, this->src_id, &first);
DBG1(DBG_IMC, "assessment result is '%N'",
- TNC_IMV_Evaluation_Result_names, result);
+ TNC_IMV_Evaluation_Result_names, res);
}
else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
{
diff --git a/src/libimcv/imc/imc_msg.h b/src/libimcv/imc/imc_msg.h
index 588225d..a8c4d3c 100644
--- a/src/libimcv/imc/imc_msg.h
+++ b/src/libimcv/imc/imc_msg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -65,10 +65,12 @@ struct imc_msg_t {
/**
* Processes a received PA-TNC message
*
+ * @param out_msg outgoing PA-TN message
* @param fatal_error TRUE if IMV sent a fatal error message
* @return TNC result code
*/
- TNC_Result (*receive)(imc_msg_t *this, bool *fatal_error);
+ TNC_Result (*receive)(imc_msg_t *this, imc_msg_t *out_msg,
+ bool *fatal_error);
/**
* Add a PA-TNC attribute to the send queue
diff --git a/src/libimcv/imc/imc_os_info.h b/src/libimcv/imc/imc_os_info.h
index a6db443..6bb0e96 100644
--- a/src/libimcv/imc/imc_os_info.h
+++ b/src/libimcv/imc/imc_os_info.h
@@ -15,7 +15,7 @@
/**
* @defgroup imc_os_info imc_os_info
- * @{ @ingroup libimcv
+ * @{ @ingroup libimcv_imc
*/
#ifndef IMC_OS_INFO_H_
diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h
index 7e763fb..efcf567 100644
--- a/src/libimcv/imc/imc_state.h
+++ b/src/libimcv/imc/imc_state.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -22,6 +22,8 @@
#ifndef IMC_STATE_H_
#define IMC_STATE_H_
+#include "seg/seg_contract_manager.h"
+
#include <tncif.h>
#include <tncifimv.h>
#include <tncifimc.h>
@@ -80,6 +82,13 @@ struct imc_state_t {
u_int32_t (*get_max_msg_len)(imc_state_t *this);
/**
+ * Get attribute segmentation contracts associated with TNCCS Connection
+ *
+ * @return contracts associated with TNCCS Connection
+ */
+ seg_contract_manager_t* (*get_contracts)(imc_state_t *this);
+
+ /**
* Change the connection state
*
* @param new_state new connection state
diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c
index 30679a3..bd4156c 100644
--- a/src/libimcv/imcv.c
+++ b/src/libimcv/imcv.c
@@ -15,6 +15,14 @@
#include "imcv.h"
#include "ietf/ietf_attr.h"
#include "ita/ita_attr.h"
+#include "tcg/tcg_attr.h"
+#include "pts/components/pts_component.h"
+#include "pts/components/pts_component_manager.h"
+#include "pts/components/tcg/tcg_comp_func_name.h"
+#include "pts/components/ita/ita_comp_func_name.h"
+#include "pts/components/ita/ita_comp_ima.h"
+#include "pts/components/ita/ita_comp_tboot.h"
+#include "pts/components/ita/ita_comp_tgrub.h"
#include <utils/debug.h>
#include <utils/utils.h>
@@ -24,8 +32,12 @@
#include <syslog.h>
#endif
+#ifndef IPSEC_SCRIPT
+#define IPSEC_SCRIPT "ipsec"
+#endif
+
#define IMCV_DEBUG_LEVEL 1
-#define IMCV_DEFAULT_POLICY_SCRIPT "ipsec _imv_policy"
+#define IMCV_DEFAULT_POLICY_SCRIPT IPSEC_SCRIPT " _imv_policy"
/**
@@ -44,6 +56,11 @@ imv_session_manager_t *imcv_sessions;
imv_database_t *imcv_db;
/**
+ * PTS Functional Component manager
+ */
+pts_component_manager_t *imcv_pts_components;
+
+/**
* Reference count for libimcv
*/
static refcount_t libimcv_ref = 0;
@@ -162,7 +179,26 @@ bool libimcv_init(bool is_imv)
ietf_attr_create_from_data, ietf_attr_names);
imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_ITA,
ita_attr_create_from_data, ita_attr_names);
-
+ imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
+ tcg_attr_create_from_data, tcg_attr_names);
+
+ imcv_pts_components = pts_component_manager_create();
+ imcv_pts_components->add_vendor(imcv_pts_components, PEN_TCG,
+ pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
+ pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
+ imcv_pts_components->add_vendor(imcv_pts_components, PEN_ITA,
+ pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
+ pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);
+
+ imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_TGRUB,
+ pts_ita_comp_tgrub_create);
+ imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_TBOOT,
+ pts_ita_comp_tboot_create);
+ imcv_pts_components->add_component(imcv_pts_components, PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_IMA,
+ pts_ita_comp_ima_create);
if (is_imv)
{
/* instantiate global IMV session manager */
@@ -193,8 +229,13 @@ void libimcv_deinit(void)
{
if (ref_put(&libimcv_ref))
{
+ imcv_pts_components->remove_vendor(imcv_pts_components, PEN_TCG);
+ imcv_pts_components->remove_vendor(imcv_pts_components, PEN_ITA);
+ imcv_pts_components->destroy(imcv_pts_components);
+
imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_IETF);
imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_ITA);
+ imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
DESTROY_IF(imcv_pa_tnc_attributes);
imcv_pa_tnc_attributes = NULL;
DESTROY_IF(imcv_db);
diff --git a/src/libimcv/imcv.h b/src/libimcv/imcv.h
index 7710388..31536ec 100644
--- a/src/libimcv/imcv.h
+++ b/src/libimcv/imcv.h
@@ -27,6 +27,12 @@
* @defgroup libimcv_plugins plugins
* @ingroup libimcv
*
+ * @defgroup libimcv_seg seg
+ * @ingroup libimcv
+ *
+ * @defgroup libimcv_swid swid
+ * @ingroup libimcv
+ *
* @addtogroup libimcv
* @{
*/
@@ -37,6 +43,7 @@
#include "pa_tnc/pa_tnc_attr_manager.h"
#include "imv/imv_database.h"
#include "imv/imv_session_manager.h"
+#include "pts/components/pts_component_manager.h"
#include <library.h>
@@ -68,4 +75,9 @@ extern imv_database_t* imcv_db;
*/
extern imv_session_manager_t* imcv_sessions;
+/**
+ * PTS Functional Component manager
+ */
+extern pts_component_manager_t* imcv_pts_components;
+
#endif /** IMCV_H_ @}*/
diff --git a/src/libimcv/imcv_tests.c b/src/libimcv/imcv_tests.c
new file mode 100644
index 0000000..e9bb303
--- /dev/null
+++ b/src/libimcv/imcv_tests.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+
+#include <library.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#include "imcv_tests.h"
+#undef TEST_SUITE
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+ { .suite = x, },
+#include "imcv_tests.h"
+ { .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+ if (!init)
+ {
+ lib->processor->set_threads(lib->processor, 0);
+ lib->processor->cancel(lib->processor);
+ }
+ return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+ return test_runner_run("libimcv", tests, test_runner_init);
+}
diff --git a/src/libimcv/imcv_tests.h b/src/libimcv/imcv_tests.h
new file mode 100644
index 0000000..d3ea24b
--- /dev/null
+++ b/src/libimcv/imcv_tests.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+TEST_SUITE(imcv_seg_suite_create)
+
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index b45cad4..425748f 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -306,6 +306,23 @@ INSERT INTO products ( /* 51 */
'Android 4.4.4'
);
+INSERT INTO products ( /* 52 */
+ name
+) VALUES (
+ 'Debian 7.6 i686'
+);
+
+INSERT INTO products ( /* 53 */
+ name
+) VALUES (
+ 'Debian 7.6 x86_64'
+);
+INSERT INTO products ( /* 54 */
+ name
+) VALUES (
+ 'Debian 7.6 armv6l'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -777,6 +794,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 52
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -825,6 +848,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 53
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
@@ -1026,6 +1055,12 @@ INSERT INTO groups_product_defaults (
14, 48
);
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
+ 14, 54
+);
+
/* Policies */
INSERT INTO policies ( /* 1 */
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index a46455d..6b24f4b 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -65,6 +65,11 @@ struct private_imv_agent_t {
linked_list_t *additional_ids;
/**
+ * list of non-fatal unsupported PA-TNC attribute types
+ */
+ linked_list_t *non_fatal_attr_types;
+
+ /**
* list of TNCS connection entries
*/
linked_list_t *connections;
@@ -772,11 +777,29 @@ METHOD(imv_agent_t, provide_recommendation, TNC_Result,
return this->provide_recommendation(this->id, connection_id, rec, eval);
}
+METHOD(imv_agent_t, add_non_fatal_attr_type, void,
+ private_imv_agent_t *this, pen_type_t type)
+{
+ pen_type_t *type_p;
+
+ type_p = malloc_thing(pen_type_t);
+ *type_p = type;
+ this->non_fatal_attr_types->insert_last(this->non_fatal_attr_types, type_p);
+}
+
+METHOD(imv_agent_t, get_non_fatal_attr_types, linked_list_t*,
+ private_imv_agent_t *this)
+{
+ return this->non_fatal_attr_types;
+}
+
METHOD(imv_agent_t, destroy, void,
private_imv_agent_t *this)
{
DBG1(DBG_IMV, "IMV %u \"%s\" terminated", this->id, this->name);
this->additional_ids->destroy(this->additional_ids);
+ this->non_fatal_attr_types->destroy_function(this->non_fatal_attr_types,
+ free);
this->connections->destroy_offset(this->connections,
offsetof(imv_state_t, destroy));
this->connection_lock->destroy(this->connection_lock);
@@ -815,6 +838,8 @@ imv_agent_t *imv_agent_create(const char *name,
.create_id_enumerator = _create_id_enumerator,
.create_language_enumerator = _create_language_enumerator,
.provide_recommendation = _provide_recommendation,
+ .add_non_fatal_attr_type = _add_non_fatal_attr_type,
+ .get_non_fatal_attr_types = _get_non_fatal_attr_types,
.destroy = _destroy,
},
.name = name,
@@ -822,6 +847,7 @@ imv_agent_t *imv_agent_create(const char *name,
.type_count = type_count,
.id = id,
.additional_ids = linked_list_create(),
+ .non_fatal_attr_types = linked_list_create(),
.connections = linked_list_create(),
.connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
diff --git a/src/libimcv/imv/imv_agent.h b/src/libimcv/imv/imv_agent.h
index 47ce770..1f6a10b 100644
--- a/src/libimcv/imv/imv_agent.h
+++ b/src/libimcv/imv/imv_agent.h
@@ -189,6 +189,16 @@ struct imv_agent_t {
TNC_Result (*provide_recommendation)(imv_agent_t *this, imv_state_t* state);
/**
+ * Add an item to the list of non-fatal unsupported PA-TNC attribute types
+ */
+ void (*add_non_fatal_attr_type)(imv_agent_t *this, pen_type_t type);
+
+ /**
+ * Get a list of non-fatal unsupported PA-TNC attribute types
+ */
+ linked_list_t* (*get_non_fatal_attr_types)(imv_agent_t *this);
+
+ /**
* Destroys an imv_agent_t object
*/
void (*destroy)(imv_agent_t *this);
diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c
index e718175..fdf6332 100644
--- a/src/libimcv/imv/imv_msg.c
+++ b/src/libimcv/imv/imv_msg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -18,8 +18,12 @@
#include "ietf/ietf_attr.h"
#include "ietf/ietf_attr_assess_result.h"
#include "ietf/ietf_attr_remediation_instr.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/seg/tcg_seg_attr_next_seg.h"
#include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
#include <pen/pen.h>
#include <collections/linked_list.h>
@@ -121,11 +125,18 @@ METHOD(imv_msg_t, send_, TNC_Result,
pa_tnc_attr_t *attr;
TNC_UInt32 msg_flags;
TNC_MessageType msg_type;
- bool attr_added;
+ bool attr_added, oversize;
chunk_t msg;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
enumerator_t *enumerator;
TNC_Result result = TNC_RESULT_SUCCESS;
+ /* Get IF-M segmentation contract for this subtype if any */
+ contracts = this->state->get_contracts(this->state);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->dst_id);
+
while (this->attr_list->get_count(this->attr_list))
{
pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
@@ -134,6 +145,17 @@ METHOD(imv_msg_t, send_, TNC_Result,
enumerator = this->attr_list->create_enumerator(this->attr_list);
while (enumerator->enumerate(enumerator, &attr))
{
+ if (contract && contract->check_size(contract, attr, &oversize))
+ {
+ if (oversize)
+ {
+ /* TODO generate SWID error msg */
+ }
+ else
+ {
+ attr = contract->first_segment(contract, attr);
+ }
+ }
if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
{
attr_added = TRUE;
@@ -246,8 +268,11 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
}
METHOD(imv_msg_t, receive, TNC_Result,
- private_imv_msg_t *this, bool *fatal_error)
+ private_imv_msg_t *this, imv_msg_t *out_msg, bool *fatal_error)
{
+ TNC_Result result = TNC_RESULT_SUCCESS;
+ TNC_UInt32 target_imv_id;
+ linked_list_t *non_fatal_types;
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
chunk_t msg;
@@ -286,36 +311,211 @@ METHOD(imv_msg_t, receive, TNC_Result,
break;
case VERIFY_ERROR:
{
- imv_msg_t *error_msg;
- TNC_Result result;
-
- error_msg = imv_msg_create_as_reply(&this->public);
-
/* extract and copy by reference all error attributes */
enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- error_msg->add_attribute(error_msg, attr->get_ref(attr));
+ out_msg->add_attribute(out_msg, attr->get_ref(attr));
}
enumerator->destroy(enumerator);
-
- /*
- * send the PA-TNC message containing all error attributes
- * with the excl flag set
- */
- result = error_msg->send(error_msg, TRUE);
- error_msg->destroy(error_msg);
- return result;
}
case FAILED:
default:
return TNC_RESULT_FATAL;
}
+ /* determine target IMV ID */
+ target_imv_id = (this->dst_id != TNC_IMVID_ANY) ?
+ this->dst_id : this->agent->get_id(this->agent);
+
+ /* process IF-M segmentation attributes */
+ enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+ seg_contract_manager_t *contracts;
+ seg_contract_t *contract;
+ char buf[BUF_LEN];
+ pen_type_t type;
+
+ type = attr->get_type(attr);
+
+ if (type.vendor_id != PEN_TCG)
+ {
+ continue;
+ }
+
+ contracts = this->state->get_contracts(this->state);
+
+ switch (type.type)
+ {
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size,
+ &max_seg_size);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->src_id);
+ if (contract)
+ {
+ contract->set_max_size(contract, max_attr_size,
+ max_seg_size);
+ }
+ else
+ {
+ contract = seg_contract_create(this->msg_type, max_attr_size,
+ max_seg_size, FALSE, this->src_id, FALSE);
+ contract->set_responder(contract, target_imv_id);
+ contracts->add_contract(contracts, contract);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+
+ /* Determine maximum PA-TNC attribute segment size */
+ my_max_seg_size = this->state->get_max_msg_len(this->state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* If segmentation is possible select lower segment size */
+ if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ max_seg_size > my_max_seg_size)
+ {
+ max_seg_size = my_max_seg_size;
+ contract->set_max_size(contract, max_attr_size,
+ max_seg_size);
+ DBG2(DBG_IMV, " lowered maximum segment size to %u bytes",
+ max_seg_size);
+ }
+
+ /* Add Maximum Attribute Size Response attribute */
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ break;
+ }
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size,
+ &max_seg_size);
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, this->src_id);
+ if (!contract)
+ {
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, TNC_IMCID_ANY);
+ if (contract)
+ {
+ contract = contract->clone(contract);
+ contract->set_responder(contract, this->src_id);
+ contracts->add_contract(contracts, contract);
+ }
+ }
+ if (contract)
+ {
+ contract->get_max_size(contract, &my_max_attr_size,
+ &my_max_seg_size);
+ if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ my_max_seg_size > max_seg_size)
+ {
+ my_max_seg_size = max_seg_size;
+ contract->set_max_size(contract, my_max_attr_size,
+ my_max_seg_size);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN, FALSE);
+ DBG2(DBG_IMV, "%s", buf);
+ }
+ else
+ {
+ /* TODO no request pending */
+ DBG1(DBG_IMV, "no contract for this PA message type found");
+ }
+ break;
+ }
+ case TCG_SEG_ATTR_SEG_ENV:
+ {
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ pa_tnc_attr_t *error;
+ uint32_t base_attr_id;
+ bool more;
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+
+ contract = contracts->get_contract(contracts, this->msg_type,
+ TRUE, this->src_id);
+ if (!contract)
+ {
+ DBG2(DBG_IMV, "no contract for received attribute segment "
+ "with base attribute ID %u", base_attr_id);
+ continue;
+ }
+ attr = contract->add_segment(contract, attr, &error, &more);
+ if (error)
+ {
+ out_msg->add_attribute(out_msg, error);
+ }
+ if (attr)
+ {
+ this->pa_msg->add_attribute(this->pa_msg, attr);
+ }
+ if (more)
+ {
+ /* Send Next Segment Request */
+ attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ }
+ break;
+ }
+ case TCG_SEG_NEXT_SEG_REQ:
+ {
+ tcg_seg_attr_next_seg_t *attr_cast;
+ uint32_t base_attr_id;
+
+ attr_cast = (tcg_seg_attr_next_seg_t*)attr;
+ base_attr_id = attr_cast->get_base_attr_id(attr_cast);
+
+ contract = contracts->get_contract(contracts, this->msg_type,
+ FALSE, this->src_id);
+ if (!contract)
+ {
+ /* TODO no contract - generate error message */
+ DBG1(DBG_IMV, "no contract for received next segment "
+ "request with base attribute ID %u", base_attr_id);
+ continue;
+ }
+ attr = contract->next_segment(contract, base_attr_id);
+ if (attr)
+ {
+ out_msg->add_attribute(out_msg, attr);
+ }
+ else
+ {
+ /* TODO no more segments - generate error message */
+ DBG1(DBG_IMV, "no more segments found for "
+ "base attribute ID %u", base_attr_id);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
/* preprocess any received IETF standard error attributes */
- *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+ non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+ *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+ non_fatal_types);
- return TNC_RESULT_SUCCESS;
+ return result;
}
METHOD(imv_msg_t, get_attribute_count, int,
diff --git a/src/libimcv/imv/imv_msg.h b/src/libimcv/imv/imv_msg.h
index dfec169..43b91e9 100644
--- a/src/libimcv/imv/imv_msg.h
+++ b/src/libimcv/imv/imv_msg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -79,10 +79,12 @@ struct imv_msg_t {
/**
* Processes a received PA-TNC message
*
+ * @param out_msg outgoing PA-TN message
* @param fatal_error TRUE if IMC sent a fatal error message
* @return TNC result code
*/
- TNC_Result (*receive)(imv_msg_t *this, bool *fatal_error);
+ TNC_Result (*receive)(imv_msg_t *this, imv_msg_t *out_msg,
+ bool *fatal_error);
/**
* Add a PA-TNC attribute to the send queue
diff --git a/src/libimcv/imv/imv_os_info.h b/src/libimcv/imv/imv_os_info.h
index b68a17e..7cd609a 100644
--- a/src/libimcv/imv/imv_os_info.h
+++ b/src/libimcv/imv/imv_os_info.h
@@ -15,7 +15,7 @@
/**
* @defgroup imv_os_info imv_os_info
- * @{ @ingroup libimcv
+ * @{ @ingroup libimcv_imv
*/
#ifndef IMV_OS_INFO_H_
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index d11d15e..30ed612 100644
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -23,6 +23,7 @@
#define IMV_STATE_H_
#include "imv_session.h"
+#include "seg/seg_contract_manager.h"
#include <tncifimv.h>
@@ -108,6 +109,13 @@ struct imv_state_t {
imv_session_t* (*get_session)(imv_state_t *this);
/**
+ * Get attribute segmentation contracts associated with TNCCS Connection
+ *
+ * @return Contracts associated with TNCCS Connection
+ */
+ seg_contract_manager_t* (*get_contracts)(imv_state_t *this);
+
+ /**
* Change the connection state
*
* @param new_state new connection state
diff --git a/src/libimcv/ita/ita_attr.c b/src/libimcv/ita/ita_attr.c
index f395671..9d7706d 100644
--- a/src/libimcv/ita/ita_attr.c
+++ b/src/libimcv/ita/ita_attr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -35,24 +35,25 @@ ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_DEVICE_ID,
/**
* See header
*/
-pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value)
+pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value)
{
switch (type)
{
case ITA_ATTR_COMMAND:
- return ita_attr_command_create_from_data(value);
+ return ita_attr_command_create_from_data(length, value);
case ITA_ATTR_DUMMY:
- return ita_attr_dummy_create_from_data(value);
+ return ita_attr_dummy_create_from_data(length, value);
case ITA_ATTR_GET_SETTINGS:
- return ita_attr_get_settings_create_from_data(value);
+ return ita_attr_get_settings_create_from_data(length, value);
case ITA_ATTR_SETTINGS:
- return ita_attr_settings_create_from_data(value);
+ return ita_attr_settings_create_from_data(length, value);
case ITA_ATTR_START_ANGEL:
- return ita_attr_angel_create_from_data(TRUE, value);
+ return ita_attr_angel_create_from_data(TRUE);
case ITA_ATTR_STOP_ANGEL:
- return ita_attr_angel_create_from_data(FALSE, value);
+ return ita_attr_angel_create_from_data(FALSE);
case ITA_ATTR_DEVICE_ID:
- return ita_attr_device_id_create_from_data(value);
+ return ita_attr_device_id_create_from_data(length, value);
default:
return NULL;
}
diff --git a/src/libimcv/ita/ita_attr.h b/src/libimcv/ita/ita_attr.h
index ac5d8ab..7378a1c 100644
--- a/src/libimcv/ita/ita_attr.h
+++ b/src/libimcv/ita/ita_attr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -50,8 +50,10 @@ extern enum_name_t *ita_attr_names;
* Create a ITA PA-TNC attribute from data
*
* @param type attribute type
- * @param value attribute value
+ * @param length attribute length
+ * @param value attribute value or segment
*/
-pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, chunk_t value);
+pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value);
#endif /** ITA_ATTR_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_angel.c b/src/libimcv/ita/ita_attr_angel.c
index 0e9cff0..1108636 100644
--- a/src/libimcv/ita/ita_attr_angel.c
+++ b/src/libimcv/ita/ita_attr_angel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -86,6 +86,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_angel_t *this, chunk_t segment)
+{
+ /* nothing to add */
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_angel_t *this)
{
@@ -118,6 +124,7 @@ pa_tnc_attr_t *ita_attr_angel_create(bool start)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -132,7 +139,7 @@ pa_tnc_attr_t *ita_attr_angel_create(bool start)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start, chunk_t data)
+pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start)
{
private_ita_attr_angel_t *this;
@@ -145,6 +152,7 @@ pa_tnc_attr_t *ita_attr_angel_create_from_data(bool start, chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
diff --git a/src/libimcv/ita/ita_attr_angel.h b/src/libimcv/ita/ita_attr_angel.h
index d42e711..8cd979b 100644
--- a/src/libimcv/ita/ita_attr_angel.h
+++ b/src/libimcv/ita/ita_attr_angel.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -49,8 +49,7 @@ pa_tnc_attr_t* ita_attr_angel_create(bool start);
* Creates an ita_attr_angel_t object from received data
*
* @param start TRUE for Start, FALSE for Stop Angel attribute
- * @param value binary value blob
*/
-pa_tnc_attr_t* ita_attr_angel_create_from_data(bool start, chunk_t value);
+pa_tnc_attr_t* ita_attr_angel_create_from_data(bool start);
#endif /** ITA_ATTR_ANGEL_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c
index 9692e1f..a6b187f 100644
--- a/src/libimcv/ita/ita_attr_command.c
+++ b/src/libimcv/ita/ita_attr_command.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -40,7 +40,12 @@ struct private_ita_attr_command_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -91,18 +96,30 @@ METHOD(pa_tnc_attr_t, build, void,
{
return;
}
- this->value = chunk_create(this->command, strlen(this->command));
- this->value = chunk_clone(this->value);
+ this->value = chunk_clone(chunk_from_str(this->command));
+ this->length = this->value.len;
}
METHOD(pa_tnc_attr_t, process, status_t,
private_ita_attr_command_t *this, u_int32_t *offset)
{
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
this->command = strndup(this->value.ptr, this->value.len);
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_command_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_command_t *this)
{
@@ -143,6 +160,7 @@ pa_tnc_attr_t *ita_attr_command_create(char *command)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -159,7 +177,7 @@ pa_tnc_attr_t *ita_attr_command_create(char *command)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_command_create_from_data(chunk_t data)
+pa_tnc_attr_t *ita_attr_command_create_from_data(size_t length, chunk_t data)
{
private_ita_attr_command_t *this;
@@ -172,12 +190,14 @@ pa_tnc_attr_t *ita_attr_command_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_command = _get_command,
},
.type = {PEN_ITA, ITA_ATTR_COMMAND },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ita/ita_attr_command.h b/src/libimcv/ita/ita_attr_command.h
index 3926c38..dd4701e 100644
--- a/src/libimcv/ita/ita_attr_command.h
+++ b/src/libimcv/ita/ita_attr_command.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -54,8 +54,9 @@ pa_tnc_attr_t* ita_attr_command_create(char *command);
/**
* Creates an ita_attr_command_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_command_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_command_create_from_data(size_t length, chunk_t value);
#endif /** ITA_ATTR_COMMAND_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_device_id.c b/src/libimcv/ita/ita_attr_device_id.c
index 36907eb..2328426 100644
--- a/src/libimcv/ita/ita_attr_device_id.c
+++ b/src/libimcv/ita/ita_attr_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -38,7 +38,12 @@ struct private_ita_attr_device_id_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -86,9 +91,21 @@ METHOD(pa_tnc_attr_t, build, void,
METHOD(pa_tnc_attr_t, process, status_t,
private_ita_attr_device_id_t *this, u_int32_t *offset)
{
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_device_id_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_device_id_t *this)
{
@@ -109,7 +126,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value)
+pa_tnc_attr_t *ita_attr_device_id_create_from_data(size_t length, chunk_t value)
{
private_ita_attr_device_id_t *this;
@@ -122,11 +139,13 @@ pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.type = { PEN_ITA, ITA_ATTR_DEVICE_ID },
+ .length = length,
.value = chunk_clone(value),
.ref = 1,
);
@@ -139,6 +158,6 @@ pa_tnc_attr_t *ita_attr_device_id_create_from_data(chunk_t value)
*/
pa_tnc_attr_t *ita_attr_device_id_create(chunk_t value)
{
- return ita_attr_device_id_create_from_data(value);
+ return ita_attr_device_id_create_from_data(value.len, value);
}
diff --git a/src/libimcv/ita/ita_attr_device_id.h b/src/libimcv/ita/ita_attr_device_id.h
index ffacdba..94bb778 100644
--- a/src/libimcv/ita/ita_attr_device_id.h
+++ b/src/libimcv/ita/ita_attr_device_id.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -48,8 +48,9 @@ pa_tnc_attr_t* ita_attr_device_id_create(chunk_t value);
/**
* Creates an ita_attr_device_id_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_device_id_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_device_id_create_from_data(size_t length, chunk_t value);
#endif /** ITA_ATTR_DEVICE_ID_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_dummy.c b/src/libimcv/ita/ita_attr_dummy.c
index 6497d46..0d21ac6 100644
--- a/src/libimcv/ita/ita_attr_dummy.c
+++ b/src/libimcv/ita/ita_attr_dummy.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -38,7 +38,12 @@ struct private_ita_attr_dummy_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -89,18 +94,28 @@ METHOD(pa_tnc_attr_t, build, void,
{
return;
}
- this->value = chunk_alloc(this->size);
+ this->value = chunk_alloc(this->length);
memset(this->value.ptr, 0xdd, this->value.len);
}
METHOD(pa_tnc_attr_t, process, status_t,
private_ita_attr_dummy_t *this, u_int32_t *offset)
{
- this->size = this->value.len;
+ *offset = 0;
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
return SUCCESS;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_dummy_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_dummy_t *this)
{
@@ -121,13 +136,13 @@ METHOD(pa_tnc_attr_t, destroy, void,
METHOD(ita_attr_dummy_t, get_size, int,
private_ita_attr_dummy_t *this)
{
- return this->size;
+ return this->length;
}
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_dummy_create(int size)
+pa_tnc_attr_t *ita_attr_dummy_create(size_t size)
{
private_ita_attr_dummy_t *this;
@@ -140,13 +155,14 @@ pa_tnc_attr_t *ita_attr_dummy_create(int size)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_size = _get_size,
},
.type = { PEN_ITA, ITA_ATTR_DUMMY },
- .size = size,
+ .length = size,
.ref = 1,
);
@@ -156,7 +172,7 @@ pa_tnc_attr_t *ita_attr_dummy_create(int size)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_dummy_create_from_data(chunk_t data)
+pa_tnc_attr_t *ita_attr_dummy_create_from_data(size_t length, chunk_t data)
{
private_ita_attr_dummy_t *this;
@@ -169,12 +185,14 @@ pa_tnc_attr_t *ita_attr_dummy_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
.get_size = _get_size,
},
.type = { PEN_ITA, ITA_ATTR_DUMMY },
+ .length = length,
.value = chunk_clone(data),
.ref = 1,
);
diff --git a/src/libimcv/ita/ita_attr_dummy.h b/src/libimcv/ita/ita_attr_dummy.h
index 1f85ece..717862e 100644
--- a/src/libimcv/ita/ita_attr_dummy.h
+++ b/src/libimcv/ita/ita_attr_dummy.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -49,13 +49,14 @@ struct ita_attr_dummy_t {
*
* @param size size of dummy attribute value
*/
-pa_tnc_attr_t* ita_attr_dummy_create(int size);
+pa_tnc_attr_t* ita_attr_dummy_create(size_t size);
/**
* Creates an ita_attr_dummy_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_dummy_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_dummy_create_from_data(size_t length, chunk_t value);
#endif /** ITA_ATTR_DUMMY_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c
index d0bc31d..3c047fb 100644
--- a/src/libimcv/ita/ita_attr_get_settings.c
+++ b/src/libimcv/ita/ita_attr_get_settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -64,7 +64,12 @@ struct private_ita_attr_get_settings_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -130,6 +135,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -141,10 +147,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
chunk_t name;
status_t status = FAILED;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < ITA_GET_SETTINGS_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for ITA Get Settings attribute");
- *offset = 0;
return FAILED;
}
@@ -171,6 +182,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_get_settings_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_get_settings_t *this)
{
@@ -217,6 +234,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create(char *name)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -238,7 +256,8 @@ pa_tnc_attr_t *ita_attr_get_settings_create(char *name)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data)
+pa_tnc_attr_t *ita_attr_get_settings_create_from_data(size_t length,
+ chunk_t data)
{
private_ita_attr_get_settings_t *this;
@@ -251,6 +270,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -258,6 +278,7 @@ pa_tnc_attr_t *ita_attr_get_settings_create_from_data(chunk_t data)
.create_enumerator = _create_enumerator,
},
.type = { PEN_ITA, ITA_ATTR_GET_SETTINGS },
+ .length = length,
.value = chunk_clone(data),
.list = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/ita/ita_attr_get_settings.h b/src/libimcv/ita/ita_attr_get_settings.h
index 975fd0d..2eb43f5 100644
--- a/src/libimcv/ita/ita_attr_get_settings.h
+++ b/src/libimcv/ita/ita_attr_get_settings.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -61,8 +61,10 @@ pa_tnc_attr_t* ita_attr_get_settings_create(char *name);
/**
* Creates an ita_attr_get_settings_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_get_settings_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_get_settings_create_from_data(size_t length,
+ chunk_t value);
#endif /** ITA_ATTR_GET_SETTINGS_H_ @}*/
diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c
index 0d2967e..ced3477 100644
--- a/src/libimcv/ita/ita_attr_settings.c
+++ b/src/libimcv/ita/ita_attr_settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -91,7 +91,12 @@ struct private_ita_attr_settings_t {
pen_type_t type;
/**
- * Attribute value
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
*/
chunk_t value;
@@ -159,6 +164,7 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator->destroy(enumerator);
this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
writer->destroy(writer);
}
@@ -171,10 +177,15 @@ METHOD(pa_tnc_attr_t, process, status_t,
entry_t *entry;
status_t status = FAILED;
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
if (this->value.len < ITA_SETTINGS_MIN_SIZE)
{
DBG1(DBG_TNC, "insufficient data for ITA Settings attribute");
- *offset = 0;
return FAILED;
}
@@ -216,6 +227,12 @@ end:
return status;
}
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_ita_attr_settings_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
private_ita_attr_settings_t *this)
{
@@ -279,6 +296,7 @@ pa_tnc_attr_t *ita_attr_settings_create(void)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -296,7 +314,7 @@ pa_tnc_attr_t *ita_attr_settings_create(void)
/**
* Described in header.
*/
-pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data)
+pa_tnc_attr_t *ita_attr_settings_create_from_data(size_t length, chunk_t data)
{
private_ita_attr_settings_t *this;
@@ -309,6 +327,7 @@ pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data)
.set_noskip_flag = _set_noskip_flag,
.build = _build,
.process = _process,
+ .add_segment = _add_segment,
.get_ref = _get_ref,
.destroy = _destroy,
},
@@ -316,6 +335,7 @@ pa_tnc_attr_t *ita_attr_settings_create_from_data(chunk_t data)
.create_enumerator = _create_enumerator,
},
.type = { PEN_ITA, ITA_ATTR_SETTINGS },
+ .length = length,
.value = chunk_clone(data),
.list = linked_list_create(),
.ref = 1,
diff --git a/src/libimcv/ita/ita_attr_settings.h b/src/libimcv/ita/ita_attr_settings.h
index eb7eeda..87eb87f 100644
--- a/src/libimcv/ita/ita_attr_settings.h
+++ b/src/libimcv/ita/ita_attr_settings.h
@@ -60,8 +60,9 @@ pa_tnc_attr_t* ita_attr_settings_create(void);
/**
* Creates an ita_attr_settings_t object from received data
*
- * @param value binary value blob
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
*/
-pa_tnc_attr_t* ita_attr_settings_create_from_data(chunk_t value);
+pa_tnc_attr_t* ita_attr_settings_create_from_data(size_t length, chunk_t value);
#endif /** ITA_ATTR_SETTINGS_H_ @}*/
diff --git a/src/libimcv/os_info/os_info.h b/src/libimcv/os_info/os_info.h
index 0313554..aa7b137 100644
--- a/src/libimcv/os_info/os_info.h
+++ b/src/libimcv/os_info/os_info.h
@@ -21,7 +21,6 @@
#ifndef OS_INFO_H_
#define OS_INFO_H_
-typedef struct os_info_t os_info_t;
typedef enum os_type_t os_type_t;
typedef enum os_fwd_status_t os_fwd_status_t;
typedef enum os_package_state_t os_package_state_t;
diff --git a/src/libimcv/pa_tnc/pa_tnc_attr.h b/src/libimcv/pa_tnc/pa_tnc_attr.h
index 1e0c339..be0bef3 100644
--- a/src/libimcv/pa_tnc/pa_tnc_attr.h
+++ b/src/libimcv/pa_tnc/pa_tnc_attr.h
@@ -26,8 +26,12 @@ typedef struct pa_tnc_attr_t pa_tnc_attr_t;
#include <library.h>
#include <pen/pen.h>
+#define PA_TNC_ATTR_INFO_SIZE 8
#define PA_TNC_ATTR_HEADER_SIZE 12
+#define PA_TNC_ATTR_FLAG_NONE 0x00
+#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7)
+
/**
* Interface for an RFC 5792 PA-TNC Posture Attribute.
*
@@ -70,12 +74,19 @@ struct pa_tnc_attr_t {
/**
* Process the value of an PA-TNC attribute to extract its parameters
*
- * @param relative error offset within attribute body
+ * @param offset relative error offset within attribute body
* @return result status
*/
status_t (*process)(pa_tnc_attr_t *this, uint32_t *offset);
/**
+ * Add a data segment to an attribute allowing incremental processing
+ *
+ * @param segment data segment to be appended
+ */
+ void (*add_segment)(pa_tnc_attr_t *this, chunk_t segment);
+
+ /**
* Get a new reference to the PA-TNC attribute
*
* @return this, with an increased refcount
diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.c b/src/libimcv/pa_tnc/pa_tnc_attr_manager.c
index 900a557..522213b 100644
--- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.c
+++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
*
* HSR Hochschule fuer Technik Rapperswil
*
@@ -16,6 +16,10 @@
#include "pa_tnc_attr_manager.h"
+#include "imcv.h"
+#include "pa_tnc_attr.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
+
#include <collections/linked_list.h>
#include <utils/debug.h>
@@ -100,14 +104,102 @@ METHOD(pa_tnc_attr_manager_t, get_names, enum_name_t*,
return attr_names;
}
+/**
+ * PA-TNC attribute
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | PA-TNC Attribute Vendor ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | PA-TNC Attribute Type |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | PA-TNC Attribute Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Attribute Value (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
METHOD(pa_tnc_attr_manager_t, create, pa_tnc_attr_t*,
- private_pa_tnc_attr_manager_t *this, pen_t vendor_id, u_int32_t type,
- chunk_t value)
+ private_pa_tnc_attr_manager_t *this, bio_reader_t *reader, bool segmented,
+ uint32_t *offset, chunk_t msg_info, pa_tnc_attr_t **error)
{
+ uint8_t flags;
+ uint32_t type, length, value_len;
+ chunk_t value;
+ ietf_attr_pa_tnc_error_t *error_attr;
+ pen_t vendor_id;
+ pen_type_t unsupported_type;
+ pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
+ enum_name_t *pa_attr_names;
+ pa_tnc_attr_t *attr = NULL;
enumerator_t *enumerator;
entry_t *entry;
- pa_tnc_attr_t *attr = NULL;
+ /* properly initialize error return argument in case of no error */
+ *error = NULL;
+
+ if (reader->remaining(reader) < PA_TNC_ATTR_HEADER_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header");
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset);
+ return NULL;
+ }
+ reader->read_uint8 (reader, &flags);
+ reader->read_uint24(reader, &vendor_id);
+ reader->read_uint32(reader, &type);
+ reader->read_uint32(reader, &length);
+
+ pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
+ vendor_id);
+ if (pa_attr_names)
+ {
+ DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' "
+ "0x%06x/0x%08x", pen_names, vendor_id,
+ pa_attr_names, type, vendor_id, type);
+ }
+ else
+ {
+ DBG2(DBG_TNC, "processing PA-TNC attribute type '%N' "
+ "0x%06x/0x%08x", pen_names, vendor_id,
+ vendor_id, type);
+ }
+
+ if (length < PA_TNC_ATTR_HEADER_SIZE)
+ {
+ DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
+ length);
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset + PA_TNC_ATTR_INFO_SIZE);
+ return NULL;
+ }
+ length -= PA_TNC_ATTR_HEADER_SIZE;
+ value_len = segmented ? reader->remaining(reader) : length;
+
+ if (!reader->read_data(reader, value_len, &value))
+ {
+ DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset + PA_TNC_ATTR_INFO_SIZE);
+ return NULL;
+ }
+ DBG3(DBG_TNC, "%B", &value);
+
+ if (vendor_id == PEN_RESERVED)
+ {
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset + 1);
+ return NULL;
+ }
+ if (type == IETF_ATTR_RESERVED)
+ {
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, *offset + 4);
+ return NULL;
+ }
+
+ /* check if the attribute type is registered */
enumerator = this->list->create_enumerator(this->list);
while (enumerator->enumerate(enumerator, &entry))
{
@@ -115,13 +207,71 @@ METHOD(pa_tnc_attr_manager_t, create, pa_tnc_attr_t*,
{
if (entry->attr_create)
{
- attr = entry->attr_create(type, value);
+ attr = entry->attr_create(type, length, value);
}
break;
}
}
enumerator->destroy(enumerator);
+ if (!attr)
+ {
+ if (!(flags & PA_TNC_ATTR_FLAG_NOSKIP))
+ {
+ DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
+ (*offset) += PA_TNC_ATTR_HEADER_SIZE + length;
+ return NULL;
+ }
+
+ DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
+ unsupported_type = pen_type_create(vendor_id, type);
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_ATTR_TYPE_NOT_SUPPORTED);
+ *error = ietf_attr_pa_tnc_error_create(error_code, msg_info);
+ error_attr = (ietf_attr_pa_tnc_error_t*)(*error);
+ error_attr->set_unsupported_attr(error_attr, flags, unsupported_type);
+ return NULL;
+ }
+ (*offset) += PA_TNC_ATTR_HEADER_SIZE;
+
+ return attr;
+}
+
+METHOD(pa_tnc_attr_manager_t, construct, pa_tnc_attr_t*,
+ private_pa_tnc_attr_manager_t *this, pen_t vendor_id, uint32_t type,
+ chunk_t value)
+{
+ enum_name_t *pa_attr_names;
+ pa_tnc_attr_t *attr = NULL;
+ enumerator_t *enumerator;
+ entry_t *entry;
+
+ pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
+ vendor_id);
+ if (pa_attr_names)
+ {
+ DBG2(DBG_TNC, "generating PA-TNC attribute type '%N/%N' "
+ "0x%06x/0x%08x", pen_names, vendor_id,
+ pa_attr_names, type, vendor_id, type);
+ }
+ else
+ {
+ DBG2(DBG_TNC, "generating PA-TNC attribute type '%N' "
+ "0x%06x/0x%08x", pen_names, vendor_id,
+ vendor_id, type);
+ }
+ enumerator = this->list->create_enumerator(this->list);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->vendor_id == vendor_id)
+ {
+ if (entry->attr_create)
+ {
+ attr = entry->attr_create(type, value.len, value);
+ }
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
return attr;
}
@@ -145,6 +295,7 @@ pa_tnc_attr_manager_t *pa_tnc_attr_manager_create(void)
.remove_vendor = _remove_vendor,
.get_names = _get_names,
.create = _create,
+ .construct = _construct,
.destroy = _destroy,
},
.list = linked_list_create(),
diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
index 121be7f..8607fee 100644
--- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
+++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -26,8 +26,10 @@ typedef struct pa_tnc_attr_manager_t pa_tnc_attr_manager_t;
#include "pa_tnc_attr.h"
#include <library.h>
+#include <bio/bio_reader.h>
-typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, chunk_t value);
+typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, size_t length,
+ chunk_t value);
/**
* Manages PA-TNC attributes for arbitrary PENs
@@ -61,15 +63,29 @@ struct pa_tnc_attr_manager_t {
enum_name_t* (*get_names)(pa_tnc_attr_manager_t *this, pen_t vendor_id);
/**
- * Create a PA-TNC attribute object from data for a given vendor ID and type
+ * Create and pre-parse a PA-TNC attribute object from data
+ *
+ * @param reader PA-TNC attribute as encoded data
+ * @param segmented TRUE if attribute is segmented
+ * @param offset Offset in bytes where an error has been found
+ * @param msg_info Message info added to an error attribute
+ * @param error Error attribute if an error occurred
+ * @return PA-TNC attribute object if supported, NULL else
+ */
+ pa_tnc_attr_t* (*create)(pa_tnc_attr_manager_t *this, bio_reader_t *reader,
+ bool segmented, uint32_t *offset, chunk_t msg_info,
+ pa_tnc_attr_t **error);
+
+ /**
+ * Generically construct a PA-TNC attribute from type and data
*
* @param vendor_id Private Enterprise Number (PEN)
* @param type PA-TNC attribute type
* @param value PA-TNC attribute value as encoded data
* @return PA-TNC attribute object if supported, NULL else
*/
- pa_tnc_attr_t* (*create)(pa_tnc_attr_manager_t *this, pen_t vendor_id,
- u_int32_t type, chunk_t value);
+ pa_tnc_attr_t* (*construct)(pa_tnc_attr_manager_t *this, pen_t vendor_id,
+ uint32_t type, chunk_t value);
/**
* Destroys a pa_tnc_attr_manager_t object.
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c
index 77d383b..d9b4417 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.c
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.c
@@ -40,26 +40,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
#define PA_TNC_RESERVED 0x000000
/**
- * PA-TNC attribute
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | PA-TNC Attribute Vendor ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | PA-TNC Attribute Type |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | PA-TNC Attribute Length |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Attribute Value (Variable Length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define PA_TNC_ATTR_FLAG_NONE 0x00
-#define PA_TNC_ATTR_FLAG_NOSKIP (1<<7)
-#define PA_TNC_ATTR_INFO_SIZE 8
-
-/**
* Private data of a pa_tnc_msg_t object.
*
*/
@@ -96,6 +76,11 @@ struct private_pa_tnc_msg_t {
size_t max_msg_len;
/**
+ * TRUE if attribute was extracted from data
+ */
+ bool from_data;
+
+ /**
* Encoded message
*/
chunk_t encoding;
@@ -113,17 +98,19 @@ METHOD(pa_tnc_msg_t, add_attribute, bool,
chunk_t attr_value;
size_t attr_len;
- attr->build(attr);
- attr_value = attr->get_value(attr);
- attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
-
- if (this->max_msg_len && this->msg_len + attr_len > this->max_msg_len)
+ if (!this->from_data)
{
- /* attribute just does not fit into this message */
- return FALSE;
- }
- this->msg_len += attr_len;
+ attr->build(attr);
+ attr_value = attr->get_value(attr);
+ attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
+ if (this->max_msg_len && this->msg_len + attr_len > this->max_msg_len)
+ {
+ /* attribute just does not fit into this message */
+ return FALSE;
+ }
+ this->msg_len += attr_len;
+ }
this->attributes->insert_last(this->attributes, attr);
return TRUE;
}
@@ -201,7 +188,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
private_pa_tnc_msg_t *this)
{
bio_reader_t *reader;
- pa_tnc_attr_t *error;
+ pa_tnc_attr_t *attr, *error;
+ pen_type_t attr_type;
+ chunk_t attr_value;
uint8_t version;
uint32_t reserved, offset, attr_offset;
pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
@@ -231,119 +220,38 @@ METHOD(pa_tnc_msg_t, process, status_t,
offset = PA_TNC_HEADER_SIZE;
/* pre-process PA-TNC attributes */
- while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
+ while (reader->remaining(reader) > 0)
{
- pen_t vendor_id;
- uint8_t flags;
- uint32_t type, length;
- chunk_t value, attr_info;
- pa_tnc_attr_t *attr;
- enum_name_t *pa_attr_names;
- ietf_attr_pa_tnc_error_t *error_attr;
-
- attr_info = reader->peek(reader);
- attr_info.len = PA_TNC_ATTR_INFO_SIZE;
- reader->read_uint8 (reader, &flags);
- reader->read_uint24(reader, &vendor_id);
- reader->read_uint32(reader, &type);
- reader->read_uint32(reader, &length);
-
- pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
- vendor_id);
- if (pa_attr_names)
- {
- DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' "
- "0x%06x/0x%08x", pen_names, vendor_id,
- pa_attr_names, type, vendor_id, type);
- }
- else
- {
- DBG2(DBG_TNC, "processing PA-TNC attribute type '%N' "
- "0x%06x/0x%08x", pen_names, vendor_id,
- vendor_id, type);
- }
-
- if (length < PA_TNC_ATTR_HEADER_SIZE)
- {
- DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
- length);
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset + PA_TNC_ATTR_INFO_SIZE);
- goto err;
- }
-
- if (!reader->read_data(reader, length - PA_TNC_ATTR_HEADER_SIZE, &value))
- {
- DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset + PA_TNC_ATTR_INFO_SIZE);
- goto err;
- }
- DBG3(DBG_TNC, "%B", &value);
-
- if (vendor_id == PEN_RESERVED)
- {
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset + 1);
- goto err;
- }
- if (type == IETF_ATTR_RESERVED)
- {
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset + 4);
- goto err;
- }
attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes,
- vendor_id, type, value);
+ reader, FALSE, &offset, this->encoding, &error);
if (!attr)
{
- if (flags & PA_TNC_ATTR_FLAG_NOSKIP)
- {
- DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
- error_code = pen_type_create(PEN_IETF,
- PA_ERROR_ATTR_TYPE_NOT_SUPPORTED);
- error = ietf_attr_pa_tnc_error_create(error_code,
- this->encoding);
- error_attr = (ietf_attr_pa_tnc_error_t*)error;
- error_attr->set_attr_info(error_attr, attr_info);
- goto err;
- }
- else
- {
- DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
- offset += length;
- continue;
- }
+ goto err;
}
+ attr_value = attr->get_value(attr);
+ attr_type = attr->get_type(attr);
if (attr->process(attr, &attr_offset) != SUCCESS)
{
attr->destroy(attr);
- if (vendor_id == PEN_IETF && type == IETF_ATTR_PA_TNC_ERROR)
+
+ if (attr_type.vendor_id == PEN_IETF &&
+ attr_type.type == IETF_ATTR_PA_TNC_ERROR)
{
- /* error while processing a PA-TNC error attribute - abort */
- reader->destroy(reader);
- return FAILED;
+ /* suppress error while processing a PA-TNC error attribute */
+ offset += attr_value.len;
+ continue;
}
- error_code = pen_type_create(PEN_IETF,
- PA_ERROR_INVALID_PARAMETER);
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding,
- offset + PA_TNC_ATTR_HEADER_SIZE + attr_offset);
+ this->encoding, offset + attr_offset);
goto err;
}
+ offset += attr_value.len;
this->attributes->insert_last(this->attributes, attr);
- offset += length;
}
-
- if (reader->remaining(reader) == 0)
- {
- reader->destroy(reader);
- return SUCCESS;
- }
- DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header");
- error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
- this->encoding, offset);
+ reader->destroy(reader);
+ return SUCCESS;
err:
reader->destroy(reader);
@@ -352,24 +260,27 @@ err:
}
METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
- private_pa_tnc_msg_t *this)
+ private_pa_tnc_msg_t *this, linked_list_t *non_fatal_types)
{
- enumerator_t *enumerator;
+ enumerator_t *e1, *e2;
+ enum_name_t *pa_attr_names;
pa_tnc_attr_t *attr;
- pen_type_t type;
+ pen_type_t type, unsupported_type;
+ uint8_t flags;
bool fatal_error = FALSE;
- enumerator = this->attributes->create_enumerator(this->attributes);
- while (enumerator->enumerate(enumerator, &attr))
+ e1 = this->attributes->create_enumerator(this->attributes);
+ while (e1->enumerate(e1, &attr))
{
type = attr->get_type(attr);
if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
{
ietf_attr_pa_tnc_error_t *error_attr;
- pen_type_t error_code;
- chunk_t msg_info, attr_info;
+ pen_type_t error_code, *non_fatal_type;
+ chunk_t msg_info;
uint32_t offset;
+ bool fatal_current_error = TRUE;
error_attr = (ietf_attr_pa_tnc_error_t*)attr;
error_code = error_attr->get_error_code(error_attr);
@@ -391,16 +302,49 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
DBG1(DBG_TNC, " occurred at offset of %u bytes", offset);
break;
case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
- attr_info = error_attr->get_attr_info(error_attr);
- DBG1(DBG_TNC, " unsupported attribute %#B", &attr_info);
+ unsupported_type =
+ error_attr->get_unsupported_attr(error_attr, &flags);
+ pa_attr_names =
+ imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
+ unsupported_type.vendor_id);
+ if (pa_attr_names)
+ {
+ DBG1(DBG_TNC, " unsupported attribute type '%N/%N' "
+ "0x%06x/0x%08x, flags 0x%02x",
+ pen_names, unsupported_type.vendor_id,
+ pa_attr_names, unsupported_type.type,
+ unsupported_type.vendor_id, unsupported_type.type,
+ flags);
+ }
+ else
+ {
+ DBG1(DBG_TNC, " unsupported attribute type '%N' "
+ "0x%06x/0x%08x, flags 0x%02x",
+ pen_names, unsupported_type.vendor_id,
+ unsupported_type.vendor_id, unsupported_type.type,
+ flags);
+ }
+ e2 = non_fatal_types->create_enumerator(non_fatal_types);
+ while (e2->enumerate(e2, &non_fatal_type))
+ {
+ if (pen_type_equals(unsupported_type, *non_fatal_type))
+ {
+ fatal_current_error = FALSE;
+ break;
+ }
+ }
+ e2->destroy(e2);
break;
default:
break;
}
- fatal_error = TRUE;
+ if (fatal_current_error)
+ {
+ fatal_error = TRUE;
+ }
}
}
- enumerator->destroy(enumerator);
+ e1->destroy(e1);
return fatal_error;
}
@@ -476,6 +420,7 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
.encoding = chunk_clone(data),
.attributes = linked_list_create(),
.errors = linked_list_create(),
+ .from_data = TRUE,
);
return &this->public;
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h
index 84814b9..57ff1a0 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.h
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.h
@@ -68,9 +68,11 @@ struct pa_tnc_msg_t {
/**
* Process all IETF standard error PA-TNC attributes
*
- * @return TRUE if at least one error attribute processed
+ * @param non_fatal_types list of non fatal unsupported attribute types
+ * @return TRUE if at least one fatal error processed
*/
- bool (*process_ietf_std_errors)(pa_tnc_msg_t *this);
+ bool (*process_ietf_std_errors)(pa_tnc_msg_t *this,
+ linked_list_t *non_fatal_types);
/**
* Enumerates over all PA-TNC attributes
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.am b/src/libimcv/plugins/imc_attestation/Makefile.am
new file mode 100644
index 0000000..e7b1f1c
--- /dev/null
+++ b/src/libimcv/plugins/imc_attestation/Makefile.am
@@ -0,0 +1,18 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libimcv
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+imcv_LTLIBRARIES = imc-attestation.la
+
+imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+imc_attestation_la_SOURCES = imc_attestation.c \
+ imc_attestation_state.h imc_attestation_state.c \
+ imc_attestation_process.h imc_attestation_process.c
+
+imc_attestation_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
new file mode 100644
index 0000000..3c5017f
--- /dev/null
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -0,0 +1,765 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libimcv/plugins/imc_attestation
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(imcvdir)"
+LTLIBRARIES = $(imcv_LTLIBRARIES)
+imc_attestation_la_DEPENDENCIES = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+am_imc_attestation_la_OBJECTS = imc_attestation.lo \
+ imc_attestation_state.lo imc_attestation_process.lo
+imc_attestation_la_OBJECTS = $(am_imc_attestation_la_OBJECTS)
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+imc_attestation_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(imc_attestation_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_ at AM_V@)
+am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(imc_attestation_la_SOURCES)
+DIST_SOURCES = $(imc_attestation_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libimcv
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+imcv_LTLIBRARIES = imc-attestation.la
+imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+imc_attestation_la_SOURCES = imc_attestation.c \
+ imc_attestation_state.h imc_attestation_state.c \
+ imc_attestation_process.h imc_attestation_process.c
+
+imc_attestation_la_LDFLAGS = -module -avoid-version -no-undefined
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
+ }
+
+uninstall-imcvLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
+ done
+
+clean-imcvLTLIBRARIES:
+ -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
+ @list='$(imcv_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+imc-attestation.la: $(imc_attestation_la_OBJECTS) $(imc_attestation_la_DEPENDENCIES) $(EXTRA_imc_attestation_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(imc_attestation_la_LINK) -rpath $(imcvdir) $(imc_attestation_la_OBJECTS) $(imc_attestation_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_attestation.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_attestation_process.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_attestation_state.Plo at am__quote@
+
+.c.o:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+ at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(imcvdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-imcvLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-imcvLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
+ ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am \
+ install-imcvLTLIBRARIES install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-imcvLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c
new file mode 100644
index 0000000..0dd88b6
--- /dev/null
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@@ -0,0 +1,335 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imc_attestation_state.h"
+#include "imc_attestation_process.h"
+
+#include <imc/imc_agent.h>
+#include <imc/imc_msg.h>
+#include <ietf/ietf_attr.h>
+#include <ietf/ietf_attr_pa_tnc_error.h>
+#include <ietf/ietf_attr_product_info.h>
+#include <ietf/ietf_attr_string_version.h>
+#include <ietf/ietf_attr_assess_result.h>
+#include <tcg/pts/tcg_pts_attr_proto_caps.h>
+#include <tcg/pts/tcg_pts_attr_meas_algo.h>
+#include <os_info/os_info.h>
+#include <pts/pts_error.h>
+
+#include <tncif_pa_subtypes.h>
+
+#include <pen/pen.h>
+#include <utils/debug.h>
+#include <collections/linked_list.h>
+
+/* IMC definitions */
+
+static const char imc_name[] = "Attestation";
+
+static pen_type_t msg_types[] = {
+ { PEN_TCG, PA_SUBTYPE_TCG_PTS }
+};
+
+static imc_agent_t *imc_attestation;
+
+/**
+ * Supported PTS measurement algorithms
+ */
+static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
+
+/**
+ * Supported PTS Diffie Hellman Groups
+ */
+static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
+
+/**
+ * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id,
+ TNC_Version min_version,
+ TNC_Version max_version,
+ TNC_Version *actual_version)
+{
+ bool mandatory_dh_groups;
+
+ if (imc_attestation)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
+ return TNC_RESULT_ALREADY_INITIALIZED;
+ }
+ imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types),
+ imc_id, actual_version);
+ if (!imc_attestation)
+ {
+ return TNC_RESULT_FATAL;
+ }
+
+ mandatory_dh_groups = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-attestation.mandatory_dh_groups", TRUE, lib->ns);
+
+ if (!pts_meas_algo_probe(&supported_algorithms) ||
+ !pts_dh_group_probe(&supported_dh_groups, mandatory_dh_groups))
+ {
+ imc_attestation->destroy(imc_attestation);
+ imc_attestation = NULL;
+ return TNC_RESULT_FATAL;
+ }
+
+ if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
+ {
+ DBG1(DBG_IMC, "no common IF-IMC version");
+ return TNC_RESULT_NO_COMMON_VERSION;
+ }
+ return TNC_RESULT_SUCCESS;
+}
+
+/**
+ * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id,
+ TNC_ConnectionState new_state)
+{
+ imc_state_t *state;
+
+ if (!imc_attestation)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ switch (new_state)
+ {
+ case TNC_CONNECTION_STATE_CREATE:
+ state = imc_attestation_state_create(connection_id);
+ return imc_attestation->create_state(imc_attestation, state);
+ case TNC_CONNECTION_STATE_HANDSHAKE:
+ if (imc_attestation->change_state(imc_attestation, connection_id,
+ new_state, &state) != TNC_RESULT_SUCCESS)
+ {
+ return TNC_RESULT_FATAL;
+ }
+ state->set_result(state, imc_id,
+ TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ return TNC_RESULT_SUCCESS;
+ case TNC_CONNECTION_STATE_DELETE:
+ return imc_attestation->delete_state(imc_attestation, connection_id);
+ case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
+ case TNC_CONNECTION_STATE_ACCESS_NONE:
+ default:
+ return imc_attestation->change_state(imc_attestation, connection_id,
+ new_state, NULL);
+ }
+}
+
+
+/**
+ * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id)
+{
+ if (!imc_attestation)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+
+ return TNC_RESULT_SUCCESS;
+}
+
+static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
+{
+ imc_msg_t *out_msg;
+ imc_attestation_state_t *attestation_state;
+ enumerator_t *enumerator;
+ pa_tnc_attr_t *attr;
+ pen_type_t type;
+ TNC_Result result;
+ bool fatal_error = FALSE;
+
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
+ /* parse received PA-TNC message and handle local and remote errors */
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ out_msg->destroy(out_msg);
+ return result;
+ }
+
+ /* analyze PA-TNC attributes */
+ enumerator = in_msg->create_attribute_enumerator(in_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ type = attr->get_type(attr);
+
+ if (type.vendor_id == PEN_IETF)
+ {
+ if (type.type == IETF_ATTR_PA_TNC_ERROR)
+ {
+ ietf_attr_pa_tnc_error_t *error_attr;
+ pen_type_t error_code;
+ chunk_t msg_info;
+
+ error_attr = (ietf_attr_pa_tnc_error_t*)attr;
+ error_code = error_attr->get_error_code(error_attr);
+
+ if (error_code.vendor_id == PEN_TCG)
+ {
+ msg_info = error_attr->get_msg_info(error_attr);
+
+ DBG1(DBG_IMC, "received TCG-PTS error '%N'",
+ pts_error_code_names, error_code.type);
+ DBG1(DBG_IMC, "error information: %B", &msg_info);
+
+ result = TNC_RESULT_FATAL;
+ }
+ }
+ }
+ else if (type.vendor_id == PEN_TCG)
+ {
+ attestation_state = (imc_attestation_state_t*)state;
+
+ if (!imc_attestation_process(attr, out_msg, attestation_state,
+ supported_algorithms, supported_dh_groups))
+ {
+ result = TNC_RESULT_FATAL;
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (result == TNC_RESULT_SUCCESS)
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
+/**
+ * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_MessageType msg_type)
+{
+ imc_state_t *state;
+ imc_msg_t *in_msg;
+ TNC_Result result;
+
+ if (!imc_attestation)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+
+ in_msg = imc_msg_create_from_data(imc_attestation, state, connection_id,
+ msg_type, chunk_create(msg, msg_len));
+ result = receive_message(state, in_msg);
+ in_msg->destroy(in_msg);
+
+ return result;
+}
+
+/**
+ * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
+ */
+TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id,
+ TNC_UInt32 msg_flags,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype,
+ TNC_UInt32 src_imv_id,
+ TNC_UInt32 dst_imc_id)
+{
+ imc_state_t *state;
+ imc_msg_t *in_msg;
+ TNC_Result result;
+
+ if (!imc_attestation)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ in_msg = imc_msg_create_from_long_data(imc_attestation, state, connection_id,
+ src_imv_id, dst_imc_id, msg_vid, msg_subtype,
+ chunk_create(msg, msg_len));
+ result =receive_message(state, in_msg);
+ in_msg->destroy(in_msg);
+
+ return result;
+}
+
+/**
+ * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id)
+{
+ if (!imc_attestation)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ return TNC_RESULT_SUCCESS;
+}
+
+/**
+ * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id)
+{
+ if (!imc_attestation)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ imc_attestation->destroy(imc_attestation);
+ imc_attestation = NULL;
+
+ return TNC_RESULT_SUCCESS;
+}
+
+/**
+ * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
+ TNC_TNCC_BindFunctionPointer bind_function)
+{
+ if (!imc_attestation)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ return imc_attestation->bind_functions(imc_attestation, bind_function);
+}
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
new file mode 100644
index 0000000..2fc2998
--- /dev/null
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c
@@ -0,0 +1,480 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+
+#include <stdio.h>
+/* for isdigit */
+#include <ctype.h>
+
+#include "imc_attestation_process.h"
+
+#include <ietf/ietf_attr_pa_tnc_error.h>
+
+#include <pts/pts.h>
+
+#include <tcg/pts/tcg_pts_attr_proto_caps.h>
+#include <tcg/pts/tcg_pts_attr_meas_algo.h>
+#include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
+#include <tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h>
+#include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
+#include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
+#include <tcg/pts/tcg_pts_attr_tpm_version_info.h>
+#include <tcg/pts/tcg_pts_attr_get_aik.h>
+#include <tcg/pts/tcg_pts_attr_aik.h>
+#include <tcg/pts/tcg_pts_attr_req_func_comp_evid.h>
+#include <tcg/pts/tcg_pts_attr_gen_attest_evid.h>
+#include <tcg/pts/tcg_pts_attr_simple_comp_evid.h>
+#include <tcg/pts/tcg_pts_attr_simple_evid_final.h>
+#include <tcg/pts/tcg_pts_attr_req_file_meas.h>
+#include <tcg/pts/tcg_pts_attr_file_meas.h>
+#include <tcg/pts/tcg_pts_attr_req_file_meta.h>
+#include <tcg/pts/tcg_pts_attr_unix_file_meta.h>
+
+#include <utils/debug.h>
+#include <utils/lexparser.h>
+
+#define DEFAULT_NONCE_LEN 20
+
+bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
+ imc_attestation_state_t *attestation_state,
+ pts_meas_algorithms_t supported_algorithms,
+ pts_dh_group_t supported_dh_groups)
+{
+ chunk_t attr_info;
+ pts_t *pts;
+ pts_error_code_t pts_error;
+ pen_type_t attr_type;
+ bool valid_path;
+
+ pts = attestation_state->get_pts(attestation_state);
+ attr_type = attr->get_type(attr);
+
+ switch (attr_type.type)
+ {
+ case TCG_PTS_REQ_PROTO_CAPS:
+ {
+ tcg_pts_attr_proto_caps_t *attr_cast;
+ pts_proto_caps_flag_t imc_caps, imv_caps;
+
+ attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
+ imv_caps = attr_cast->get_flags(attr_cast);
+ imc_caps = pts->get_proto_caps(pts);
+ pts->set_proto_caps(pts, imc_caps & imv_caps);
+
+ /* Send PTS Protocol Capabilities attribute */
+ attr = tcg_pts_attr_proto_caps_create(imc_caps & imv_caps, FALSE);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ case TCG_PTS_MEAS_ALGO:
+ {
+ tcg_pts_attr_meas_algo_t *attr_cast;
+ pts_meas_algorithms_t offered_algorithms, selected_algorithm;
+
+ attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
+ offered_algorithms = attr_cast->get_algorithms(attr_cast);
+ selected_algorithm = pts_meas_algo_select(supported_algorithms,
+ offered_algorithms);
+ if (selected_algorithm == PTS_MEAS_ALGO_NONE)
+ {
+ attr = pts_hash_alg_error_create(supported_algorithms);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+
+ /* Send Measurement Algorithm Selection attribute */
+ pts->set_meas_algorithm(pts, selected_algorithm);
+ attr = tcg_pts_attr_meas_algo_create(selected_algorithm, TRUE);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ case TCG_PTS_DH_NONCE_PARAMS_REQ:
+ {
+ tcg_pts_attr_dh_nonce_params_req_t *attr_cast;
+ pts_dh_group_t offered_dh_groups, selected_dh_group;
+ chunk_t responder_value, responder_nonce;
+ int nonce_len, min_nonce_len;
+
+ nonce_len = lib->settings->get_int(lib->settings,
+ "%s.plugins.imc-attestation.nonce_len",
+ DEFAULT_NONCE_LEN, lib->ns);
+
+ attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
+ min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
+ if (nonce_len < PTS_MIN_NONCE_LEN ||
+ (min_nonce_len > 0 && nonce_len < min_nonce_len))
+ {
+ attr = pts_dh_nonce_error_create(nonce_len, PTS_MAX_NONCE_LEN);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+
+ offered_dh_groups = attr_cast->get_dh_groups(attr_cast);
+ selected_dh_group = pts_dh_group_select(supported_dh_groups,
+ offered_dh_groups);
+ if (selected_dh_group == PTS_DH_GROUP_NONE)
+ {
+ attr = pts_dh_group_error_create(supported_dh_groups);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+
+ /* Create own DH factor and nonce */
+ if (!pts->create_dh_nonce(pts, selected_dh_group, nonce_len))
+ {
+ return FALSE;
+ }
+ pts->get_my_public_value(pts, &responder_value, &responder_nonce);
+
+ /* Send DH Nonce Parameters Response attribute */
+ attr = tcg_pts_attr_dh_nonce_params_resp_create(selected_dh_group,
+ supported_algorithms, responder_nonce, responder_value);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ case TCG_PTS_DH_NONCE_FINISH:
+ {
+ tcg_pts_attr_dh_nonce_finish_t *attr_cast;
+ pts_meas_algorithms_t selected_algorithm;
+ chunk_t initiator_nonce, initiator_value;
+ int nonce_len;
+
+ attr_cast = (tcg_pts_attr_dh_nonce_finish_t*)attr;
+ selected_algorithm = attr_cast->get_hash_algo(attr_cast);
+ if (!(selected_algorithm & supported_algorithms))
+ {
+ DBG1(DBG_IMC, "PTS-IMV selected unsupported DH hash algorithm");
+ return FALSE;
+ }
+ pts->set_dh_hash_algorithm(pts, selected_algorithm);
+
+ initiator_value = attr_cast->get_initiator_value(attr_cast);
+ initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
+
+ nonce_len = lib->settings->get_int(lib->settings,
+ "%s.plugins.imc-attestation.nonce_len",
+ DEFAULT_NONCE_LEN, lib->ns);
+ if (nonce_len != initiator_nonce.len)
+ {
+ DBG1(DBG_IMC, "initiator and responder DH nonces "
+ "have differing lengths");
+ return FALSE;
+ }
+
+ pts->set_peer_public_value(pts, initiator_value, initiator_nonce);
+ if (!pts->calculate_secret(pts))
+ {
+ return FALSE;
+ }
+ break;
+ }
+ case TCG_PTS_GET_TPM_VERSION_INFO:
+ {
+ chunk_t tpm_version_info, attr_info;
+ pen_type_t error_code = { PEN_TCG, TCG_PTS_TPM_VERS_NOT_SUPPORTED };
+
+ if (!pts->get_tpm_version_info(pts, &tpm_version_info))
+ {
+ attr_info = attr->get_value(attr);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+
+ /* Send TPM Version Info attribute */
+ attr = tcg_pts_attr_tpm_version_info_create(tpm_version_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ case TCG_PTS_GET_AIK:
+ {
+ certificate_t *aik;
+
+ aik = pts->get_aik(pts);
+ if (!aik)
+ {
+ DBG1(DBG_IMC, "no AIK certificate or public key available");
+ break;
+ }
+
+ /* Send AIK attribute */
+ attr = tcg_pts_attr_aik_create(aik);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ case TCG_PTS_REQ_FILE_MEAS:
+ {
+ tcg_pts_attr_req_file_meas_t *attr_cast;
+ char *pathname;
+ u_int16_t request_id;
+ bool is_directory;
+ u_int32_t delimiter;
+ pts_file_meas_t *measurements;
+ pen_type_t error_code;
+
+ attr_info = attr->get_value(attr);
+ attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
+ is_directory = attr_cast->get_directory_flag(attr_cast);
+ request_id = attr_cast->get_request_id(attr_cast);
+ delimiter = attr_cast->get_delimiter(attr_cast);
+ pathname = attr_cast->get_pathname(attr_cast);
+ valid_path = pts->is_path_valid(pts, pathname, &pts_error);
+
+ if (valid_path && pts_error)
+ {
+ error_code = pen_type_create(PEN_TCG, pts_error);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ else if (!valid_path)
+ {
+ break;
+ }
+
+ if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
+ {
+ error_code = pen_type_create(PEN_TCG,
+ TCG_PTS_INVALID_DELIMITER);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+
+ /* Do PTS File Measurements and send them to PTS-IMV */
+ DBG2(DBG_IMC, "measurement request %d for %s '%s'",
+ request_id, is_directory ? "directory" : "file",
+ pathname);
+ measurements = pts_file_meas_create_from_path(request_id,
+ pathname, is_directory, TRUE,
+ pts->get_meas_algorithm(pts));
+ if (!measurements)
+ {
+ /* TODO handle error codes from measurements */
+ return FALSE;
+ }
+ attr = tcg_pts_attr_file_meas_create(measurements);
+ attr->set_noskip_flag(attr, TRUE);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ case TCG_PTS_REQ_FILE_META:
+ {
+ tcg_pts_attr_req_file_meta_t *attr_cast;
+ char *pathname;
+ bool is_directory;
+ u_int8_t delimiter;
+ pts_file_meta_t *metadata;
+ pen_type_t error_code;
+
+ attr_info = attr->get_value(attr);
+ attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
+ is_directory = attr_cast->get_directory_flag(attr_cast);
+ delimiter = attr_cast->get_delimiter(attr_cast);
+ pathname = attr_cast->get_pathname(attr_cast);
+
+ valid_path = pts->is_path_valid(pts, pathname, &pts_error);
+ if (valid_path && pts_error)
+ {
+ error_code = pen_type_create(PEN_TCG, pts_error);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ else if (!valid_path)
+ {
+ break;
+ }
+ if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
+ {
+ error_code = pen_type_create(PEN_TCG,
+ TCG_PTS_INVALID_DELIMITER);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ /* Get File Metadata and send them to PTS-IMV */
+ DBG2(DBG_IMC, "metadata request for %s '%s'",
+ is_directory ? "directory" : "file",
+ pathname);
+ metadata = pts->get_metadata(pts, pathname, is_directory);
+
+ if (!metadata)
+ {
+ /* TODO handle error codes from measurements */
+ return FALSE;
+ }
+ attr = tcg_pts_attr_unix_file_meta_create(metadata);
+ attr->set_noskip_flag(attr, TRUE);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ case TCG_PTS_REQ_FUNC_COMP_EVID:
+ {
+ tcg_pts_attr_req_func_comp_evid_t *attr_cast;
+ pts_proto_caps_flag_t negotiated_caps;
+ pts_comp_func_name_t *name;
+ pts_comp_evidence_t *evid;
+ pts_component_t *comp;
+ pen_type_t error_code;
+ u_int32_t depth;
+ u_int8_t flags;
+ status_t status;
+ enumerator_t *e;
+
+ attr_info = attr->get_value(attr);
+ attr_cast = (tcg_pts_attr_req_func_comp_evid_t*)attr;
+
+ DBG1(DBG_IMC, "evidence requested for %d functional components",
+ attr_cast->get_count(attr_cast));
+
+ e = attr_cast->create_enumerator(attr_cast);
+ while (e->enumerate(e, &flags, &depth, &name))
+ {
+ name->log(name, "* ");
+ negotiated_caps = pts->get_proto_caps(pts);
+
+ if (flags & PTS_REQ_FUNC_COMP_EVID_TTC)
+ {
+ error_code = pen_type_create(PEN_TCG,
+ TCG_PTS_UNABLE_DET_TTC);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ if (flags & PTS_REQ_FUNC_COMP_EVID_VER &&
+ !(negotiated_caps & PTS_PROTO_CAPS_V))
+ {
+ error_code = pen_type_create(PEN_TCG,
+ TCG_PTS_UNABLE_LOCAL_VAL);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ if (flags & PTS_REQ_FUNC_COMP_EVID_CURR &&
+ !(negotiated_caps & PTS_PROTO_CAPS_C))
+ {
+ error_code = pen_type_create(PEN_TCG,
+ TCG_PTS_UNABLE_CUR_EVID);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ if (flags & PTS_REQ_FUNC_COMP_EVID_PCR &&
+ !(negotiated_caps & PTS_PROTO_CAPS_T))
+ {
+ error_code = pen_type_create(PEN_TCG,
+ TCG_PTS_UNABLE_DET_PCR);
+ attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ if (depth > 0)
+ {
+ DBG1(DBG_IMC, "the Attestation IMC currently does not "
+ "support sub component measurements");
+ return FALSE;
+ }
+ comp = attestation_state->create_component(attestation_state,
+ name, depth);
+ if (!comp)
+ {
+ DBG2(DBG_IMC, " not registered: no evidence provided");
+ continue;
+ }
+
+ /* do the component evidence measurement[s] and cache them */
+ do
+ {
+ status = comp->measure(comp, name->get_qualifier(name),
+ pts, &evid);
+ if (status == FAILED)
+ {
+ break;
+ }
+ attestation_state->add_evidence(attestation_state, evid);
+ }
+ while (status == NEED_MORE);
+ }
+ e->destroy(e);
+ break;
+ }
+ case TCG_PTS_GEN_ATTEST_EVID:
+ {
+ pts_simple_evid_final_flag_t flags;
+ pts_meas_algorithms_t comp_hash_algorithm;
+ pts_comp_evidence_t *evid;
+ chunk_t pcr_composite, quote_sig;
+ bool use_quote2;
+
+ /* Send cached Component Evidence entries */
+ while (attestation_state->next_evidence(attestation_state, &evid))
+ {
+ attr = tcg_pts_attr_simple_comp_evid_create(evid);
+ msg->add_attribute(msg, attr);
+ }
+
+ use_quote2 = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-attestation.use_quote2", TRUE,
+ lib->ns);
+ if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig))
+ {
+ DBG1(DBG_IMC, "error occurred during TPM quote operation");
+ return FALSE;
+ }
+
+ /* Send Simple Evidence Final attribute */
+ flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 :
+ PTS_SIMPLE_EVID_FINAL_QUOTE_INFO;
+ comp_hash_algorithm = PTS_MEAS_ALGO_SHA1;
+
+ attr = tcg_pts_attr_simple_evid_final_create(flags,
+ comp_hash_algorithm, pcr_composite, quote_sig);
+ msg->add_attribute(msg, attr);
+ break;
+ }
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ case TCG_SEG_NEXT_SEG_REQ:
+ break;
+
+ /* TODO: Not implemented yet */
+ case TCG_PTS_REQ_INTEG_MEAS_LOG:
+ /* Attributes using XML */
+ case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
+ case TCG_PTS_UPDATE_TEMPL_REF_MANI:
+ /* On Windows only*/
+ case TCG_PTS_REQ_REGISTRY_VALUE:
+ /* Received on IMV side only*/
+ case TCG_PTS_PROTO_CAPS:
+ case TCG_PTS_DH_NONCE_PARAMS_RESP:
+ case TCG_PTS_MEAS_ALGO_SELECTION:
+ case TCG_PTS_TPM_VERSION_INFO:
+ case TCG_PTS_TEMPL_REF_MANI_SET_META:
+ case TCG_PTS_AIK:
+ case TCG_PTS_SIMPLE_COMP_EVID:
+ case TCG_PTS_SIMPLE_EVID_FINAL:
+ case TCG_PTS_VERIFICATION_RESULT:
+ case TCG_PTS_INTEG_REPORT:
+ case TCG_PTS_UNIX_FILE_META:
+ case TCG_PTS_FILE_MEAS:
+ case TCG_PTS_INTEG_MEAS_LOG:
+ default:
+ DBG1(DBG_IMC, "received unsupported attribute '%N/%N'",
+ pen_names, PEN_TCG, tcg_attr_names, attr_type.type);
+ break;
+ }
+ return TRUE;
+}
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.h b/src/libimcv/plugins/imc_attestation/imc_attestation_process.h
similarity index 100%
rename from src/libpts/plugins/imc_attestation/imc_attestation_process.h
rename to src/libimcv/plugins/imc_attestation/imc_attestation_process.h
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
new file mode 100644
index 0000000..0b594cb
--- /dev/null
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
@@ -0,0 +1,260 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imc_attestation_state.h"
+
+#include <imcv.h>
+
+#include <tncif_names.h>
+
+#include <collections/linked_list.h>
+#include <utils/debug.h>
+
+typedef struct private_imc_attestation_state_t private_imc_attestation_state_t;
+typedef struct func_comp_t func_comp_t;
+
+/**
+ * Private data of an imc_attestation_state_t object.
+ */
+struct private_imc_attestation_state_t {
+
+ /**
+ * Public members of imc_attestation_state_t
+ */
+ imc_attestation_state_t public;
+
+ /**
+ * TNCCS connection ID
+ */
+ TNC_ConnectionID connection_id;
+
+ /**
+ * TNCCS connection state
+ */
+ TNC_ConnectionState state;
+
+ /**
+ * Assessment/Evaluation Result
+ */
+ TNC_IMV_Evaluation_Result result;
+
+ /**
+ * Does the TNCCS connection support long message types?
+ */
+ bool has_long;
+
+ /**
+ * Does the TNCCS connection support exclusive delivery?
+ */
+ bool has_excl;
+
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ u_int32_t max_msg_len;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
+ * PTS object
+ */
+ pts_t *pts;
+
+ /**
+ * List of Functional Components
+ */
+ linked_list_t *components;
+
+ /**
+ * Functional Component Evidence cache list
+ */
+ linked_list_t *list;
+
+};
+
+METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
+ private_imc_attestation_state_t *this)
+{
+ return this->connection_id;
+}
+
+METHOD(imc_state_t, has_long, bool,
+ private_imc_attestation_state_t *this)
+{
+ return this->has_long;
+}
+
+METHOD(imc_state_t, has_excl, bool,
+ private_imc_attestation_state_t *this)
+{
+ return this->has_excl;
+}
+
+METHOD(imc_state_t, set_flags, void,
+ private_imc_attestation_state_t *this, bool has_long, bool has_excl)
+{
+ this->has_long = has_long;
+ this->has_excl = has_excl;
+}
+
+METHOD(imc_state_t, set_max_msg_len, void,
+ private_imc_attestation_state_t *this, u_int32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+ private_imc_attestation_state_t *this)
+{
+ return this->max_msg_len;
+}
+
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_attestation_state_t *this)
+{
+ return this->contracts;
+}
+
+METHOD(imc_state_t, change_state, void,
+ private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
+{
+ this->state = new_state;
+}
+
+METHOD(imc_state_t, set_result, void,
+ private_imc_attestation_state_t *this, TNC_IMCID id,
+ TNC_IMV_Evaluation_Result result)
+{
+ this->result = result;
+}
+
+METHOD(imc_state_t, get_result, bool,
+ private_imc_attestation_state_t *this, TNC_IMCID id,
+ TNC_IMV_Evaluation_Result *result)
+{
+ if (result)
+ {
+ *result = this->result;
+ }
+ return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
+METHOD(imc_state_t, destroy, void,
+ private_imc_attestation_state_t *this)
+{
+ this->pts->destroy(this->pts);
+ this->components->destroy_offset(this->components,
+ offsetof(pts_component_t, destroy));
+ this->list->destroy_offset(this->list,
+ offsetof(pts_comp_evidence_t, destroy));
+ this->contracts->destroy(this->contracts);
+ free(this);
+}
+
+METHOD(imc_attestation_state_t, get_pts, pts_t*,
+ private_imc_attestation_state_t *this)
+{
+ return this->pts;
+}
+
+METHOD(imc_attestation_state_t, create_component, pts_component_t*,
+ private_imc_attestation_state_t *this, pts_comp_func_name_t *name,
+ u_int32_t depth)
+{
+ enumerator_t *enumerator;
+ pts_component_t *component;
+ bool found = FALSE;
+
+ enumerator = this->components->create_enumerator(this->components);
+ while (enumerator->enumerate(enumerator, &component))
+ {
+ if (name->equals(name, component->get_comp_func_name(component)))
+ {
+ found = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (!found)
+ {
+ component = imcv_pts_components->create(imcv_pts_components,
+ name, depth, NULL);
+ if (!component)
+ {
+ return NULL;
+ }
+ this->components->insert_last(this->components, component);
+
+ }
+ return component;
+}
+
+METHOD(imc_attestation_state_t, add_evidence, void,
+ private_imc_attestation_state_t *this, pts_comp_evidence_t *evid)
+{
+ this->list->insert_last(this->list, evid);
+}
+
+METHOD(imc_attestation_state_t, next_evidence, bool,
+ private_imc_attestation_state_t *this, pts_comp_evidence_t **evid)
+{
+ return this->list->remove_first(this->list, (void**)evid) == SUCCESS;
+}
+
+/**
+ * Described in header.
+ */
+imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
+{
+ private_imc_attestation_state_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .get_connection_id = _get_connection_id,
+ .has_long = _has_long,
+ .has_excl = _has_excl,
+ .set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
+ .change_state = _change_state,
+ .set_result = _set_result,
+ .get_result = _get_result,
+ .destroy = _destroy,
+ },
+ .get_pts = _get_pts,
+ .create_component = _create_component,
+ .add_evidence = _add_evidence,
+ .next_evidence = _next_evidence,
+ },
+ .connection_id = connection_id,
+ .state = TNC_CONNECTION_STATE_CREATE,
+ .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .contracts = seg_contract_manager_create(),
+ .pts = pts_create(TRUE),
+ .components = linked_list_create(),
+ .list = linked_list_create(),
+ );
+
+ return &this->public.interface;
+}
+
+
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h
new file mode 100644
index 0000000..854c882
--- /dev/null
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc_attestation imc_attestation
+ * @ingroup libimcv_plugins
+ *
+ * @defgroup imc_attestation_state_t imc_attestation_state
+ * @{ @ingroup imc_attestation
+ */
+
+#ifndef IMC_ATTESTATION_STATE_H_
+#define IMC_ATTESTATION_STATE_H_
+
+#include <imc/imc_state.h>
+#include <pts/pts.h>
+#include <pts/components/pts_component.h>
+#include <pts/components/pts_comp_evidence.h>
+#include <library.h>
+
+typedef struct imc_attestation_state_t imc_attestation_state_t;
+
+/**
+ * Internal state of an imc_attestation_t connection instance
+ */
+struct imc_attestation_state_t {
+
+ /**
+ * imc_state_t interface
+ */
+ imc_state_t interface;
+
+ /**
+ * Get the PTS object
+ *
+ * @return PTS object
+ */
+ pts_t* (*get_pts)(imc_attestation_state_t *this);
+
+ /**
+ * Create and add an entry to the list of Functional Components
+ *
+ * @param name Component Functional Name
+ * @param depth Sub-component Depth
+ * @return created functional component instance or NULL
+ */
+ pts_component_t* (*create_component)(imc_attestation_state_t *this,
+ pts_comp_func_name_t *name, u_int32_t depth);
+
+ /**
+ * Add an entry to the Component Evidence cache list
+ *
+ * @param evid Component Evidence entry
+ */
+ void (*add_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t *evid);
+
+ /**
+ * Removes next entry from the Component Evidence cache list and returns it
+ *
+ * @param evid Next Component Evidence entry
+ * @return TRUE if next entry is available
+ */
+ bool (*next_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t** evid);
+
+};
+
+/**
+ * Create an imc_attestation_state_t instance
+ *
+ * @param id connection ID
+ */
+imc_state_t* imc_attestation_state_create(TNC_ConnectionID id);
+
+#endif /** IMC_ATTESTATION_STATE_H_ @}*/
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index 2f0b854..3f4cf41 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -230,6 +230,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -290,6 +291,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -355,6 +357,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -402,6 +406,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index c624d26..86d2e09 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -30,7 +30,6 @@
#include <ita/ita_attr.h>
#include <ita/ita_attr_get_settings.h>
#include <ita/ita_attr_settings.h>
-#include <ita/ita_attr_angel.h>
#include <ita/ita_attr_device_id.h>
#include <tncif_pa_subtypes.h>
@@ -341,69 +340,24 @@ static void add_device_id(imc_msg_t *msg)
*/
static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
{
- pa_tnc_attr_t *attr = NULL, *attr_angel;
+ pa_tnc_attr_t *attr;
ietf_attr_installed_packages_t *attr_cast;
enumerator_t *enumerator;
chunk_t name, version;
- size_t max_attr_size, attr_size, entry_size;
- bool first = TRUE;
-
- /**
- * Compute the maximum IETF Installed Packages attribute size
- * leaving space for an additional ITA Angel attribute
- */
- max_attr_size = state->get_max_msg_len(state) -
- PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
- /* At least one IETF Installed Packages attribute is sent */
attr = ietf_attr_installed_packages_create();
- attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE;
enumerator = os->create_package_enumerator(os);
- if (enumerator)
+ while (enumerator->enumerate(enumerator, &name, &version))
{
- while (enumerator->enumerate(enumerator, &name, &version))
- {
- DBG2(DBG_IMC, "package '%.*s' (%.*s)",
- name.len, name.ptr, version.len, version.ptr);
-
- entry_size = 2 + name.len + version.len;
- if (attr_size + entry_size > max_attr_size)
- {
- if (first)
- {
- /**
- * Send an ITA Start Angel attribute to the IMV signalling
- * that multiple ITA Installed Package attributes follow.
- */
- attr_angel = ita_attr_angel_create(TRUE);
- msg->add_attribute(msg, attr_angel);
- first = FALSE;
- }
- msg->add_attribute(msg, attr);
-
- /* create the next IETF Installed Packages attribute */
- attr = ietf_attr_installed_packages_create();
- attr_size = PA_TNC_ATTR_HEADER_SIZE +
- IETF_INSTALLED_PACKAGES_MIN_SIZE;
- }
- attr_cast = (ietf_attr_installed_packages_t*)attr;
- attr_cast->add(attr_cast, name, version);
- attr_size += entry_size;
- }
- enumerator->destroy(enumerator);
+ DBG2(DBG_IMC, "package '%.*s' (%.*s)",
+ name.len, name.ptr, version.len, version.ptr);
+ attr_cast = (ietf_attr_installed_packages_t*)attr;
+ attr_cast->add(attr_cast, name, version);
}
- msg->add_attribute(msg, attr);
+ enumerator->destroy(enumerator);
- if (!first)
- {
- /**
- * If we sent an ITA Start Angel attribute in the first place,
- * terminate by appending a matching ITA Stop Angel attribute.
- */
- attr_angel = ita_attr_angel_create(FALSE);
- msg->add_attribute(msg, attr_angel);
- }
+ msg->add_attribute(msg, attr);
}
/**
@@ -491,13 +445,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
TNC_Result result;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -582,6 +539,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
}
else
{
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c
index f49959a..139ab05 100644
--- a/src/libimcv/plugins/imc_os/imc_os_state.c
+++ b/src/libimcv/plugins/imc_os/imc_os_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,6 +60,11 @@ struct private_imc_os_state_t {
* Maximum PA-TNC message size for this TNCCS connection
*/
u_int32_t max_msg_len;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
@@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_os_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_os_state_t *this, TNC_ConnectionState new_state)
{
@@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool,
METHOD(imc_state_t, destroy, void,
private_imc_os_state_t *this)
{
+ this->contracts->destroy(this->contracts);
free(this);
}
@@ -145,6 +157,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
@@ -154,6 +167,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
);
return &this->public.interface;
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index c66bb1a..a192b0a 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index 2be6a87..0478841 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -299,13 +299,16 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
TNC_Result result = TNC_RESULT_SUCCESS;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -352,6 +355,7 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
}
else if (result == TNC_RESULT_SUCCESS)
{
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
index b5a6cdd..d357859 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -60,6 +60,11 @@ struct private_imc_scanner_state_t {
* Maximum PA-TNC message size for this TNCCS connection
*/
u_int32_t max_msg_len;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
@@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_scanner_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
{
@@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool,
METHOD(imc_state_t, destroy, void,
private_imc_scanner_state_t *this)
{
+ this->contracts->destroy(this->contracts);
free(this);
}
@@ -145,6 +157,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
@@ -154,6 +167,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
);
return &this->public.interface;
diff --git a/src/libimcv/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am
new file mode 100644
index 0000000..c1cdb98
--- /dev/null
+++ b/src/libimcv/plugins/imc_swid/Makefile.am
@@ -0,0 +1,37 @@
+regid = regid.2004-03.org.strongswan
+unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW)
+swid_tag = $(regid)_$(unique_sw_id).swidtag
+
+swiddir = $(prefix)/share/$(regid)
+swid_DATA = $(swid_tag)
+ipsec_DATA = $(swid_tag)
+EXTRA_DIST = $(regid)_strongSwan.swidtag.in
+CLEANFILES = $(regid)_strongSwan*.swidtag
+
+$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \
+ -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \
+ -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \
+ -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \
+ $(srcdir)/$(regid)_strongSwan.swidtag.in > $@
+
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libimcv \
+ -DSWID_DIRECTORY=\"${prefix}/share\"
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+imcv_LTLIBRARIES = imc-swid.la
+
+imc_swid_la_LIBADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
+
+imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
new file mode 100644
index 0000000..f1859a2
--- /dev/null
+++ b/src/libimcv/plugins/imc_swid/Makefile.in
@@ -0,0 +1,826 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libimcv/plugins/imc_swid
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" \
+ "$(DESTDIR)$(swiddir)"
+LTLIBRARIES = $(imcv_LTLIBRARIES)
+imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+am_imc_swid_la_OBJECTS = imc_swid.lo imc_swid_state.lo
+imc_swid_la_OBJECTS = $(am_imc_swid_la_OBJECTS)
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+imc_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(imc_swid_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_ at AM_V@)
+am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(imc_swid_la_SOURCES)
+DIST_SOURCES = $(imc_swid_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+DATA = $(ipsec_DATA) $(swid_DATA)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+regid = regid.2004-03.org.strongswan
+unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW)
+swid_tag = $(regid)_$(unique_sw_id).swidtag
+swiddir = $(prefix)/share/$(regid)
+swid_DATA = $(swid_tag)
+ipsec_DATA = $(swid_tag)
+EXTRA_DIST = $(regid)_strongSwan.swidtag.in
+CLEANFILES = $(regid)_strongSwan*.swidtag
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libimcv \
+ -DSWID_DIRECTORY=\"${prefix}/share\"
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+imcv_LTLIBRARIES = imc-swid.la
+imc_swid_la_LIBADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
+imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
+ }
+
+uninstall-imcvLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
+ done
+
+clean-imcvLTLIBRARIES:
+ -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
+ @list='$(imcv_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+imc-swid.la: $(imc_swid_la_OBJECTS) $(imc_swid_la_DEPENDENCIES) $(EXTRA_imc_swid_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(imc_swid_la_LINK) -rpath $(imcvdir) $(imc_swid_la_OBJECTS) $(imc_swid_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_swid.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_swid_state.Plo at am__quote@
+
+.c.o:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+ at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-ipsecDATA: $(ipsec_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(ipsec_DATA)'; test -n "$(ipsecdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(ipsecdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(ipsecdir)" || exit $$?; \
+ done
+
+uninstall-ipsecDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(ipsec_DATA)'; test -n "$(ipsecdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(ipsecdir)'; $(am__uninstall_files_from_dir)
+install-swidDATA: $(swid_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(swid_DATA)'; test -n "$(swiddir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(swiddir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \
+ done
+
+uninstall-swidDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(swid_DATA)'; test -n "$(swiddir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(swiddir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-imcvLTLIBRARIES install-ipsecDATA \
+ install-swidDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \
+ uninstall-swidDATA
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
+ ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am \
+ install-imcvLTLIBRARIES install-info install-info-am \
+ install-ipsecDATA install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip install-swidDATA \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
+ uninstall-ipsecDATA uninstall-swidDATA
+
+
+$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in
+ $(AM_V_GEN) \
+ sed \
+ -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \
+ -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \
+ -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \
+ -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \
+ $(srcdir)/$(regid)_strongSwan.swidtag.in > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libimcv/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c
new file mode 100644
index 0000000..40f352a
--- /dev/null
+++ b/src/libimcv/plugins/imc_swid/imc_swid.c
@@ -0,0 +1,424 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imc_swid_state.h"
+
+#include <imc/imc_agent.h>
+#include <imc/imc_msg.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/swid/tcg_swid_attr_req.h"
+#include "tcg/swid/tcg_swid_attr_tag_inv.h"
+#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
+#include "swid/swid_inventory.h"
+#include "swid/swid_error.h"
+
+#include <tncif_pa_subtypes.h>
+
+#include <pen/pen.h>
+#include <utils/debug.h>
+
+#define SWID_GENERATOR "/usr/local/bin/swid_generator"
+
+/* IMC definitions */
+
+static const char imc_name[] = "SWID";
+
+static pen_type_t msg_types[] = {
+ { PEN_TCG, PA_SUBTYPE_TCG_SWID }
+};
+
+static imc_agent_t *imc_swid;
+
+/**
+ * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
+ TNC_Version min_version,
+ TNC_Version max_version,
+ TNC_Version *actual_version)
+{
+ if (imc_swid)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
+ return TNC_RESULT_ALREADY_INITIALIZED;
+ }
+ imc_swid = imc_agent_create(imc_name, msg_types, countof(msg_types),
+ imc_id, actual_version);
+ if (!imc_swid)
+ {
+ return TNC_RESULT_FATAL;
+ }
+ if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
+ {
+ DBG1(DBG_IMC, "no common IF-IMC version");
+ return TNC_RESULT_NO_COMMON_VERSION;
+ }
+ return TNC_RESULT_SUCCESS;
+}
+
+/**
+ * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id,
+ TNC_ConnectionState new_state)
+{
+ imc_state_t *state;
+
+ if (!imc_swid)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ switch (new_state)
+ {
+ case TNC_CONNECTION_STATE_CREATE:
+ state = imc_swid_state_create(connection_id);
+ return imc_swid->create_state(imc_swid, state);
+ case TNC_CONNECTION_STATE_HANDSHAKE:
+ if (imc_swid->change_state(imc_swid, connection_id, new_state,
+ &state) != TNC_RESULT_SUCCESS)
+ {
+ return TNC_RESULT_FATAL;
+ }
+ state->set_result(state, imc_id,
+ TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ return TNC_RESULT_SUCCESS;
+ case TNC_CONNECTION_STATE_DELETE:
+ return imc_swid->delete_state(imc_swid, connection_id);
+ default:
+ return imc_swid->change_state(imc_swid, connection_id,
+ new_state, NULL);
+ }
+}
+
+/**
+ * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id)
+{
+ imc_state_t *state;
+ imc_msg_t *out_msg;
+ pa_tnc_attr_t *attr;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ size_t max_attr_size = SWID_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ char buf[BUF_LEN];
+ TNC_Result result = TNC_RESULT_SUCCESS;
+
+ if (!imc_swid)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ if (!imc_swid->get_state(imc_swid, connection_id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* Announce support of PA-TNC segmentation to IMV */
+ contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
+ TRUE, imc_id, TRUE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMC, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+
+ /* send PA-TNC message with the excl flag not set */
+ out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id,
+ TNC_IMVID_ANY, msg_types[0]);
+ out_msg->add_attribute(out_msg, attr);
+ result = out_msg->send(out_msg, FALSE);
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
+/**
+ * Add one or multiple SWID Inventory attributes to the send queue
+ */
+static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
+ uint32_t request_id, bool full_tags,
+ swid_inventory_t *targets)
+{
+ pa_tnc_attr_t *attr, *attr_error;
+ imc_swid_state_t *swid_state;
+ swid_inventory_t *swid_inventory;
+ char *swid_directory, *swid_generator;
+ uint32_t eid_epoch;
+ bool swid_pretty, swid_full;
+ enumerator_t *enumerator;
+
+ swid_directory = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-swid.swid_directory",
+ SWID_DIRECTORY, lib->ns);
+ swid_generator = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-swid.swid_generator",
+ SWID_GENERATOR, lib->ns);
+ swid_pretty = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-swid.swid_pretty",
+ FALSE, lib->ns);
+ swid_full = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-swid.swid_full",
+ FALSE, lib->ns);
+
+ swid_inventory = swid_inventory_create(full_tags);
+ if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator,
+ targets, swid_pretty, swid_full))
+ {
+ swid_inventory->destroy(swid_inventory);
+ attr_error = swid_error_create(TCG_SWID_ERROR, request_id,
+ 0, "error in SWID tag collection");
+ msg->add_attribute(msg, attr_error);
+ return FALSE;
+ }
+ DBG1(DBG_IMC, "collected %d SWID tag%s%s",
+ swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
+ swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
+
+ swid_state = (imc_swid_state_t*)state;
+ eid_epoch = swid_state->get_eid_epoch(swid_state);
+
+ if (full_tags)
+ {
+ tcg_swid_attr_tag_inv_t *swid_attr;
+ swid_tag_t *tag;
+
+ /* Send a TCG SWID Tag Inventory attribute */
+ attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+ swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
+
+ enumerator = swid_inventory->create_enumerator(swid_inventory);
+ while (enumerator->enumerate(enumerator, &tag))
+ {
+ swid_attr->add(swid_attr, tag->get_ref(tag));
+ }
+ enumerator->destroy(enumerator);
+ }
+ else
+ {
+ tcg_swid_attr_tag_id_inv_t *swid_id_attr;
+ swid_tag_id_t *tag_id;
+
+ /* Send a TCG SWID Tag ID Inventory attribute */
+ attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+ swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+
+ enumerator = swid_inventory->create_enumerator(swid_inventory);
+ while (enumerator->enumerate(enumerator, &tag_id))
+ {
+ swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
+ }
+ enumerator->destroy(enumerator);
+ }
+
+ msg->add_attribute(msg, attr);
+ swid_inventory->destroy(swid_inventory);
+
+ return TRUE;
+}
+
+static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
+{
+ imc_msg_t *out_msg;
+ pa_tnc_attr_t *attr;
+ enumerator_t *enumerator;
+ pen_type_t type;
+ TNC_Result result;
+ bool fatal_error = FALSE;
+
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
+ /* parse received PA-TNC message and handle local and remote errors */
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ out_msg->destroy(out_msg);
+ return result;
+ }
+
+ /* analyze PA-TNC attributes */
+ enumerator = in_msg->create_attribute_enumerator(in_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ tcg_swid_attr_req_t *attr_req;
+ uint8_t flags;
+ uint32_t request_id;
+ bool full_tags;
+ swid_inventory_t *targets;
+
+ type = attr->get_type(attr);
+
+ if (type.vendor_id != PEN_TCG || type.type != TCG_SWID_REQUEST)
+ {
+ continue;
+ }
+
+ attr_req = (tcg_swid_attr_req_t*)attr;
+ flags = attr_req->get_flags(attr_req);
+ request_id = attr_req->get_request_id(attr_req);
+ targets = attr_req->get_targets(attr_req);
+
+ if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
+ {
+ attr = swid_error_create(TCG_SWID_SUBSCRIPTION_DENIED, request_id,
+ 0, "no subscription available yet");
+ out_msg->add_attribute(out_msg, attr);
+ break;
+ }
+ full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
+
+ if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (fatal_error)
+ {
+ result = TNC_RESULT_FATAL;
+ }
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
+/**
+ * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
+
+ */
+TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_MessageType msg_type)
+{
+ imc_state_t *state;
+ imc_msg_t *in_msg;
+ TNC_Result result;
+
+ if (!imc_swid)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ if (!imc_swid->get_state(imc_swid, connection_id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ in_msg = imc_msg_create_from_data(imc_swid, state, connection_id, msg_type,
+ chunk_create(msg, msg_len));
+ result = receive_message(state, in_msg);
+ in_msg->destroy(in_msg);
+
+ return result;
+}
+
+/**
+ * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
+ */
+TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id,
+ TNC_UInt32 msg_flags,
+ TNC_BufferReference msg,
+ TNC_UInt32 msg_len,
+ TNC_VendorID msg_vid,
+ TNC_MessageSubtype msg_subtype,
+ TNC_UInt32 src_imv_id,
+ TNC_UInt32 dst_imc_id)
+{
+ imc_state_t *state;
+ imc_msg_t *in_msg;
+ TNC_Result result;
+
+ if (!imc_swid)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ if (!imc_swid->get_state(imc_swid, connection_id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ in_msg = imc_msg_create_from_long_data(imc_swid, state, connection_id,
+ src_imv_id, dst_imc_id,msg_vid, msg_subtype,
+ chunk_create(msg, msg_len));
+ result =receive_message(state, in_msg);
+ in_msg->destroy(in_msg);
+
+ return result;
+}
+
+/**
+ * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id)
+{
+ if (!imc_swid)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ return TNC_RESULT_SUCCESS;
+}
+
+/**
+ * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
+{
+ if (!imc_swid)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ imc_swid->destroy(imc_swid);
+ imc_swid = NULL;
+
+ return TNC_RESULT_SUCCESS;
+}
+
+/**
+ * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
+ TNC_TNCC_BindFunctionPointer bind_function)
+{
+ if (!imc_swid)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ return imc_swid->bind_functions(imc_swid, bind_function);
+}
diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c
new file mode 100644
index 0000000..65c279b
--- /dev/null
+++ b/src/libimcv/plugins/imc_swid/imc_swid_state.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imc_swid_state.h"
+
+#include <tncif_names.h>
+
+#include <utils/debug.h>
+
+typedef struct private_imc_swid_state_t private_imc_swid_state_t;
+
+/**
+ * Private data of an imc_swid_state_t object.
+ */
+struct private_imc_swid_state_t {
+
+ /**
+ * Public members of imc_swid_state_t
+ */
+ imc_swid_state_t public;
+
+ /**
+ * TNCCS connection ID
+ */
+ TNC_ConnectionID connection_id;
+
+ /**
+ * TNCCS connection state
+ */
+ TNC_ConnectionState state;
+
+ /**
+ * Assessment/Evaluation Result
+ */
+ TNC_IMV_Evaluation_Result result;
+
+ /**
+ * Does the TNCCS connection support long message types?
+ */
+ bool has_long;
+
+ /**
+ * Does the TNCCS connection support exclusive delivery?
+ */
+ bool has_excl;
+
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ u_int32_t max_msg_len;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
+ * Event ID Epoch
+ */
+ u_int32_t eid_epoch;
+};
+
+METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
+ private_imc_swid_state_t *this)
+{
+ return this->connection_id;
+}
+
+METHOD(imc_state_t, has_long, bool,
+ private_imc_swid_state_t *this)
+{
+ return this->has_long;
+}
+
+METHOD(imc_state_t, has_excl, bool,
+ private_imc_swid_state_t *this)
+{
+ return this->has_excl;
+}
+
+METHOD(imc_state_t, set_flags, void,
+ private_imc_swid_state_t *this, bool has_long, bool has_excl)
+{
+ this->has_long = has_long;
+ this->has_excl = has_excl;
+}
+
+METHOD(imc_state_t, set_max_msg_len, void,
+ private_imc_swid_state_t *this, u_int32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+ private_imc_swid_state_t *this)
+{
+ return this->max_msg_len;
+}
+
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_swid_state_t *this)
+{
+ return this->contracts;
+}
+
+METHOD(imc_state_t, change_state, void,
+ private_imc_swid_state_t *this, TNC_ConnectionState new_state)
+{
+ this->state = new_state;
+}
+
+METHOD(imc_state_t, set_result, void,
+ private_imc_swid_state_t *this, TNC_IMCID id,
+ TNC_IMV_Evaluation_Result result)
+{
+ this->result = result;
+}
+
+METHOD(imc_state_t, get_result, bool,
+ private_imc_swid_state_t *this, TNC_IMCID id,
+ TNC_IMV_Evaluation_Result *result)
+{
+ if (result)
+ {
+ *result = this->result;
+ }
+ return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
+METHOD(imc_state_t, destroy, void,
+ private_imc_swid_state_t *this)
+{
+ this->contracts->destroy(this->contracts);
+ free(this);
+}
+
+METHOD(imc_swid_state_t, get_eid_epoch, u_int32_t,
+ private_imc_swid_state_t *this)
+{
+ return this->eid_epoch;
+}
+
+/**
+ * Described in header.
+ */
+imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
+{
+ private_imc_swid_state_t *this;
+ u_int32_t eid_epoch;
+ nonce_gen_t *ng;
+
+ ng = lib->crypto->create_nonce_gen(lib->crypto);
+ if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&eid_epoch))
+ {
+ DBG1(DBG_TNC, "failed to generate random EID epoch value");
+ DESTROY_IF(ng);
+ return NULL;
+ }
+ ng->destroy(ng);
+
+ DBG1(DBG_IMC, "creating random EID epoch 0x%08x", eid_epoch);
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .get_connection_id = _get_connection_id,
+ .has_long = _has_long,
+ .has_excl = _has_excl,
+ .set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
+ .change_state = _change_state,
+ .set_result = _set_result,
+ .get_result = _get_result,
+ .destroy = _destroy,
+ },
+ .get_eid_epoch = _get_eid_epoch,
+ },
+ .state = TNC_CONNECTION_STATE_CREATE,
+ .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
+ .eid_epoch = eid_epoch,
+ );
+
+
+ return &this->public.interface;
+}
+
+
diff --git a/src/libpts/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h
similarity index 100%
rename from src/libpts/plugins/imc_swid/imc_swid_state.h
rename to src/libimcv/plugins/imc_swid/imc_swid_state.h
diff --git a/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
similarity index 100%
rename from src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
rename to src/libimcv/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index 1702574..3e1d023 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -230,6 +230,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -290,6 +291,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -355,6 +357,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -402,6 +406,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c
index ee982d9..d38ace1 100644
--- a/src/libimcv/plugins/imc_test/imc_test.c
+++ b/src/libimcv/plugins/imc_test/imc_test.c
@@ -181,7 +181,7 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
}
}
-static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg)
+static void create_message(imc_state_t *state, imc_msg_t *out_msg)
{
imc_test_state_t *test_state;
pa_tnc_attr_t *attr;
@@ -196,9 +196,6 @@ static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg)
attr = ita_attr_command_create(test_state->get_command(test_state));
attr->set_noskip_flag(attr, TRUE);
out_msg->add_attribute(out_msg, attr);
-
- /* send PA-TNC message with the excl flag set */
- return out_msg->send(out_msg, TRUE);
}
/**
@@ -224,10 +221,11 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
return TNC_RESULT_FATAL;
}
- /* send PA message for primary IMC ID */
+ /* send PA message for primary IMC ID with the EXCL flag set */
out_msg = imc_msg_create(imc_test, state, connection_id, imc_id,
TNC_IMVID_ANY, msg_types[0]);
- result = send_message(state, out_msg);
+ create_message(state, out_msg);
+ result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
/* Exit if there are no additional IMC IDs */
@@ -253,7 +251,8 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
additional_id = (TNC_UInt32)pointer;
out_msg = imc_msg_create(imc_test, state, connection_id, additional_id,
TNC_IMVID_ANY, msg_types[0]);
- result = send_message(state, out_msg);
+ create_message(state, out_msg);
+ result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
}
enumerator->destroy(enumerator);
@@ -267,13 +266,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
pen_type_t attr_type;
- TNC_Result result;
+ TNC_Result result = TNC_RESULT_SUCCESS;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
@@ -308,16 +311,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
if (fatal_error)
{
- return TNC_RESULT_FATAL;
+ result = TNC_RESULT_FATAL;
}
-
- /* if no assessment result is known then repeat the measurement */
- if (state->get_result(state, in_msg->get_dst_id(in_msg), NULL))
+ else
{
- return TNC_RESULT_SUCCESS;
+ /* if no assessment result is known then repeat the measurement */
+ if (!state->get_result(state, in_msg->get_dst_id(in_msg), NULL))
+ {
+ create_message(state, out_msg);
+ }
+ result = out_msg->send(out_msg, TRUE);
}
- out_msg = imc_msg_create_as_reply(in_msg);
- result = send_message(state, out_msg);
out_msg->destroy(out_msg);
return result;
diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c
index e7beca0..d3f6805 100644
--- a/src/libimcv/plugins/imc_test/imc_test_state.c
+++ b/src/libimcv/plugins/imc_test/imc_test_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -64,6 +64,11 @@ struct private_imc_test_state_t {
u_int32_t max_msg_len;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* Command to transmit to IMV
*/
char *command;
@@ -130,6 +135,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_test_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_test_state_t *this, TNC_ConnectionState new_state)
{
@@ -195,6 +206,7 @@ METHOD(imc_state_t, destroy, void,
private_imc_test_state_t *this)
{
this->results->destroy_function(this->results, free);
+ this->contracts->destroy(this->contracts);
free(this->command);
free(this);
}
@@ -261,6 +273,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
@@ -275,6 +288,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
.results = linked_list_create(),
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.command = strdup(command),
.dummy_size = dummy_size,
.first_handshake = TRUE,
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.am b/src/libimcv/plugins/imv_attestation/Makefile.am
new file mode 100644
index 0000000..6c5bf89
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/Makefile.am
@@ -0,0 +1,33 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libimcv \
+ -DPLUGINS=\""${attest_plugins}\""
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+imcv_LTLIBRARIES = imv-attestation.la
+
+imv_attestation_la_LIBADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+imv_attestation_la_SOURCES = imv_attestation.c \
+ imv_attestation_state.h imv_attestation_state.c \
+ imv_attestation_agent.h imv_attestation_agent.c \
+ imv_attestation_process.h imv_attestation_process.c \
+ imv_attestation_build.h imv_attestation_build.c
+
+imv_attestation_la_LDFLAGS = -module -avoid-version -no-undefined
+
+ipsec_PROGRAMS = attest
+attest_SOURCES = attest.c \
+ attest_usage.h attest_usage.c \
+ attest_db.h attest_db.c
+attest_LDADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+attest.o : $(top_builddir)/config.status
+
+EXTRA_DIST = build-database.sh
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
new file mode 100644
index 0000000..3ba7c8c
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -0,0 +1,847 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+ipsec_PROGRAMS = attest$(EXEEXT)
+subdir = src/libimcv/plugins/imv_attestation
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"
+LTLIBRARIES = $(imcv_LTLIBRARIES)
+imv_attestation_la_DEPENDENCIES = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+am_imv_attestation_la_OBJECTS = imv_attestation.lo \
+ imv_attestation_state.lo imv_attestation_agent.lo \
+ imv_attestation_process.lo imv_attestation_build.lo
+imv_attestation_la_OBJECTS = $(am_imv_attestation_la_OBJECTS)
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+imv_attestation_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(imv_attestation_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+PROGRAMS = $(ipsec_PROGRAMS)
+am_attest_OBJECTS = attest.$(OBJEXT) attest_usage.$(OBJEXT) \
+ attest_db.$(OBJEXT)
+attest_OBJECTS = $(am_attest_OBJECTS)
+attest_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_ at AM_V@)
+am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(imv_attestation_la_SOURCES) $(attest_SOURCES)
+DIST_SOURCES = $(imv_attestation_la_SOURCES) $(attest_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libimcv \
+ -DPLUGINS=\""${attest_plugins}\""
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+imcv_LTLIBRARIES = imv-attestation.la
+imv_attestation_la_LIBADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+imv_attestation_la_SOURCES = imv_attestation.c \
+ imv_attestation_state.h imv_attestation_state.c \
+ imv_attestation_agent.h imv_attestation_agent.c \
+ imv_attestation_process.h imv_attestation_process.c \
+ imv_attestation_build.h imv_attestation_build.c
+
+imv_attestation_la_LDFLAGS = -module -avoid-version -no-undefined
+attest_SOURCES = attest.c \
+ attest_usage.h attest_usage.c \
+ attest_db.h attest_db.c
+
+attest_LDADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la
+
+EXTRA_DIST = build-database.sh
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
+ }
+
+uninstall-imcvLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
+ done
+
+clean-imcvLTLIBRARIES:
+ -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
+ @list='$(imcv_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+imv-attestation.la: $(imv_attestation_la_OBJECTS) $(imv_attestation_la_DEPENDENCIES) $(EXTRA_imv_attestation_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(imv_attestation_la_LINK) -rpath $(imcvdir) $(imv_attestation_la_OBJECTS) $(imv_attestation_la_LIBADD) $(LIBS)
+install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-ipsecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files
+
+clean-ipsecPROGRAMS:
+ @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+attest$(EXEEXT): $(attest_OBJECTS) $(attest_DEPENDENCIES) $(EXTRA_attest_DEPENDENCIES)
+ @rm -f attest$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(attest_OBJECTS) $(attest_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/attest.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/attest_db.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/attest_usage.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation_agent.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation_build.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation_process.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation_state.Plo at am__quote@
+
+.c.o:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+ at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-imcvLTLIBRARIES clean-ipsecPROGRAMS \
+ clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-imcvLTLIBRARIES install-ipsecPROGRAMS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-imcvLTLIBRARIES clean-ipsecPROGRAMS clean-libtool \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-imcvLTLIBRARIES install-info install-info-am \
+ install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
+ uninstall-ipsecPROGRAMS
+
+attest.o : $(top_builddir)/config.status
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libimcv/plugins/imv_attestation/attest.c b/src/libimcv/plugins/imv_attestation/attest.c
new file mode 100644
index 0000000..1143a03
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/attest.c
@@ -0,0 +1,484 @@
+/*
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <libgen.h>
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif
+
+#include <library.h>
+#include <utils/debug.h>
+
+#include <imcv.h>
+#include <pts/pts_meas_algo.h>
+
+#include "attest_db.h"
+#include "attest_usage.h"
+
+/**
+ * global debug output variables
+ */
+static int debug_level = 1;
+static bool stderr_quiet = TRUE;
+
+/**
+ * attest dbg function
+ */
+static void attest_dbg(debug_t group, level_t level, char *fmt, ...)
+{
+ va_list args;
+
+ if (level <= debug_level)
+ {
+ if (!stderr_quiet)
+ {
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\n");
+ va_end(args);
+ }
+
+#ifdef HAVE_SYSLOG
+ {
+ int priority = LOG_INFO;
+ char buffer[8192];
+ char *current = buffer, *next;
+
+ /* write in memory buffer first */
+ va_start(args, fmt);
+ vsnprintf(buffer, sizeof(buffer), fmt, args);
+ va_end(args);
+
+ /* do a syslog with every line */
+ while (current)
+ {
+ next = strchr(current, '\n');
+ if (next)
+ {
+ *(next++) = '\0';
+ }
+ syslog(priority, "%s\n", current);
+ current = next;
+ }
+ }
+#endif /* HAVE_SYSLOG */
+ }
+}
+
+/**
+ * global attestation database object
+ */
+attest_db_t *attest;
+
+
+/**
+ * atexit handler to close db on shutdown
+ */
+static void cleanup(void)
+{
+ attest->destroy(attest);
+ libimcv_deinit();
+#ifdef HAVE_SYSLOG
+ closelog();
+#endif
+}
+
+static void do_args(int argc, char *argv[])
+{
+ enum {
+ OP_UNDEF,
+ OP_USAGE,
+ OP_KEYS,
+ OP_COMPONENTS,
+ OP_DEVICES,
+ OP_DIRECTORIES,
+ OP_FILES,
+ OP_HASHES,
+ OP_MEASUREMENTS,
+ OP_PACKAGES,
+ OP_PRODUCTS,
+ OP_SESSIONS,
+ OP_ADD,
+ OP_DEL,
+ } op = OP_UNDEF;
+
+ /* reinit getopt state */
+ optind = 0;
+
+ while (TRUE)
+ {
+ int c;
+
+ struct option long_opts[] = {
+ { "help", no_argument, NULL, 'h' },
+ { "components", no_argument, NULL, 'c' },
+ { "devices", no_argument, NULL, 'e' },
+ { "directories", no_argument, NULL, 'd' },
+ { "dirs", no_argument, NULL, 'd' },
+ { "files", no_argument, NULL, 'f' },
+ { "keys", no_argument, NULL, 'k' },
+ { "packages", no_argument, NULL, 'g' },
+ { "products", no_argument, NULL, 'p' },
+ { "hashes", no_argument, NULL, 'H' },
+ { "measurements", no_argument, NULL, 'm' },
+ { "sessions", no_argument, NULL, 's' },
+ { "add", no_argument, NULL, 'a' },
+ { "delete", no_argument, NULL, 'r' },
+ { "del", no_argument, NULL, 'r' },
+ { "remove", no_argument, NULL, 'r' },
+ { "aik", required_argument, NULL, 'A' },
+ { "blacklist", no_argument, NULL, 'B' },
+ { "component", required_argument, NULL, 'C' },
+ { "comp", required_argument, NULL, 'C' },
+ { "directory", required_argument, NULL, 'D' },
+ { "dir", required_argument, NULL, 'D' },
+ { "file", required_argument, NULL, 'F' },
+ { "package", required_argument, NULL, 'G' },
+ { "key", required_argument, NULL, 'K' },
+ { "measdir", required_argument, NULL, 'M' },
+ { "owner", required_argument, NULL, 'O' },
+ { "product", required_argument, NULL, 'P' },
+ { "relative", no_argument, NULL, 'R' },
+ { "rel", no_argument, NULL, 'R' },
+ { "sequence", required_argument, NULL, 'S' },
+ { "seq", required_argument, NULL, 'S' },
+ { "utc", no_argument, NULL, 'U' },
+ { "version", required_argument, NULL, 'V' },
+ { "security", no_argument, NULL, 'Y' },
+ { "sha1", no_argument, NULL, '1' },
+ { "sha256", no_argument, NULL, '2' },
+ { "sha384", no_argument, NULL, '3' },
+ { "did", required_argument, NULL, '4' },
+ { "fid", required_argument, NULL, '5' },
+ { "pid", required_argument, NULL, '6' },
+ { "cid", required_argument, NULL, '7' },
+ { "kid", required_argument, NULL, '8' },
+ { "gid", required_argument, NULL, '9' },
+ { 0,0,0,0 }
+ };
+
+ c = getopt_long(argc, argv, "", long_opts, NULL);
+ switch (c)
+ {
+ case EOF:
+ break;
+ case 'h':
+ op = OP_USAGE;
+ break;
+ case 'c':
+ op = OP_COMPONENTS;
+ continue;
+ case 'd':
+ op = OP_DIRECTORIES;
+ continue;
+ case 'e':
+ op = OP_DEVICES;
+ continue;
+ case 'f':
+ op = OP_FILES;
+ continue;
+ case 'g':
+ op = OP_PACKAGES;
+ continue;
+ case 'k':
+ op = OP_KEYS;
+ continue;
+ case 'p':
+ op = OP_PRODUCTS;
+ continue;
+ case 'H':
+ op = OP_HASHES;
+ continue;
+ case 'm':
+ op = OP_MEASUREMENTS;
+ continue;
+ case 's':
+ op = OP_SESSIONS;
+ continue;
+ case 'a':
+ op = OP_ADD;
+ continue;
+ case 'r':
+ op = OP_DEL;
+ continue;
+ case 'A':
+ {
+ certificate_t *aik_cert;
+ public_key_t *aik_key;
+ chunk_t aik;
+
+ aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+ CERT_X509, BUILD_FROM_FILE, optarg, BUILD_END);
+ if (!aik_cert)
+ {
+ printf("AIK certificate '%s' could not be loaded\n", optarg);
+ exit(EXIT_FAILURE);
+ }
+ aik_key = aik_cert->get_public_key(aik_cert);
+ aik_cert->destroy(aik_cert);
+
+ if (!aik_key)
+ {
+ printf("AIK public key could not be retrieved\n");
+ exit(EXIT_FAILURE);
+ }
+ if (!aik_key->get_fingerprint(aik_key, KEYID_PUBKEY_INFO_SHA1,
+ &aik))
+ {
+ printf("AIK fingerprint could not be computed\n");
+ aik_key->destroy(aik_key);
+ exit(EXIT_FAILURE);
+ }
+ aik = chunk_clone(aik);
+ aik_key->destroy(aik_key);
+
+ if (!attest->set_key(attest, aik, op == OP_ADD))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ }
+ case 'B':
+ attest->set_package_state(attest, OS_PACKAGE_STATE_BLACKLIST);
+ continue;
+ case 'C':
+ if (!attest->set_component(attest, optarg, op == OP_ADD))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case 'D':
+ if (!attest->set_directory(attest, optarg, op == OP_ADD))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case 'F':
+ {
+ char *dir = path_dirname(optarg);
+ char *file = path_basename(optarg);
+
+ if (*dir != '.')
+ {
+ if (!attest->set_directory(attest, dir, op == OP_ADD))
+ {
+ free(file);
+ free(dir);
+ exit(EXIT_FAILURE);
+ }
+ }
+ free(dir);
+
+ if (!attest->set_file(attest, file, op == OP_ADD))
+ {
+ free(file);
+ exit(EXIT_FAILURE);
+ }
+ free(file);
+ continue;
+ }
+ case 'G':
+ if (!attest->set_package(attest, optarg, op == OP_ADD))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case 'K':
+ {
+ chunk_t aik;
+
+ aik = chunk_from_hex(chunk_create(optarg, strlen(optarg)), NULL);
+ if (!attest->set_key(attest, aik, op == OP_ADD))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ }
+ case 'M':
+ if (!attest->set_meas_directory(attest, optarg))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case 'O':
+ attest->set_owner(attest, optarg);
+ continue;
+ case 'P':
+ if (!attest->set_product(attest, optarg, op == OP_ADD))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case 'R':
+ attest->set_relative(attest);
+ continue;
+ case 'S':
+ attest->set_sequence(attest, atoi(optarg));
+ continue;
+ case 'U':
+ attest->set_utc(attest);
+ continue;
+ case 'V':
+ if (!attest->set_version(attest, optarg))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case 'Y':
+ attest->set_package_state(attest, OS_PACKAGE_STATE_SECURITY);
+ continue;
+ case '1':
+ attest->set_algo(attest, PTS_MEAS_ALGO_SHA1);
+ continue;
+ case '2':
+ attest->set_algo(attest, PTS_MEAS_ALGO_SHA256);
+ continue;
+ case '3':
+ attest->set_algo(attest, PTS_MEAS_ALGO_SHA384);
+ continue;
+ case '4':
+ if (!attest->set_did(attest, atoi(optarg)))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case '5':
+ if (!attest->set_fid(attest, atoi(optarg)))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case '6':
+ if (!attest->set_pid(attest, atoi(optarg)))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case '7':
+ if (!attest->set_cid(attest, atoi(optarg)))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case '8':
+ if (!attest->set_kid(attest, atoi(optarg)))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case '9':
+ if (!attest->set_gid(attest, atoi(optarg)))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ }
+ break;
+ }
+
+ switch (op)
+ {
+ case OP_USAGE:
+ usage();
+ break;
+ case OP_PACKAGES:
+ attest->list_packages(attest);
+ break;
+ case OP_PRODUCTS:
+ attest->list_products(attest);
+ break;
+ case OP_KEYS:
+ attest->list_keys(attest);
+ break;
+ case OP_COMPONENTS:
+ attest->list_components(attest);
+ break;
+ case OP_DEVICES:
+ attest->list_devices(attest);
+ break;
+ case OP_DIRECTORIES:
+ attest->list_directories(attest);
+ break;
+ case OP_FILES:
+ attest->list_files(attest);
+ break;
+ case OP_HASHES:
+ attest->list_hashes(attest);
+ break;
+ case OP_MEASUREMENTS:
+ attest->list_measurements(attest);
+ break;
+ case OP_SESSIONS:
+ attest->list_sessions(attest);
+ break;
+ case OP_ADD:
+ attest->add(attest);
+ break;
+ case OP_DEL:
+ attest->delete(attest);
+ break;
+ default:
+ usage();
+ exit(EXIT_FAILURE);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ char *uri;
+
+ /* enable attest debugging hook */
+ dbg = attest_dbg;
+#ifdef HAVE_SYSLOG
+ openlog("attest", 0, LOG_DEBUG);
+#endif
+
+ atexit(library_deinit);
+
+ /* initialize library */
+ if (!library_init(NULL, "attest"))
+ {
+ exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+ }
+ if (!lib->plugins->load(lib->plugins,
+ lib->settings->get_str(lib->settings, "attest.load", PLUGINS)))
+ {
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
+
+ uri = lib->settings->get_str(lib->settings, "attest.database", NULL);
+ if (!uri)
+ {
+ fprintf(stderr, "database URI attest.database not set.\n");
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
+ attest = attest_db_create(uri);
+ if (!attest)
+ {
+ exit(SS_RC_INITIALIZATION_FAILED);
+ }
+ atexit(cleanup);
+ libimcv_init(FALSE);
+
+ do_args(argc, argv);
+
+ exit(EXIT_SUCCESS);
+}
diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c
new file mode 100644
index 0000000..f85a02b
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/attest_db.c
@@ -0,0 +1,1995 @@
+/*
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <libgen.h>
+#include <time.h>
+
+#include <tncif_names.h>
+
+#include "attest_db.h"
+
+#include "imcv.h"
+#include "pts/pts_meas_algo.h"
+#include "pts/pts_file_meas.h"
+#include "pts/components/pts_comp_func_name.h"
+
+#define IMA_MAX_NAME_LEN 255
+#define DEVICE_MAX_LEN 20
+
+typedef struct private_attest_db_t private_attest_db_t;
+
+/**
+ * Private data of an attest_db_t object.
+ */
+struct private_attest_db_t {
+
+ /**
+ * Public members of attest_db_state_t
+ */
+ attest_db_t public;
+
+ /**
+ * Component Functional Name to be queried
+ */
+ pts_comp_func_name_t *cfn;
+
+ /**
+ * Primary key of the Component Functional Name to be queried
+ */
+ int cid;
+
+ /**
+ * TRUE if Component Functional Name has been set
+ */
+ bool comp_set;
+
+ /**
+ * Directory containing the Measurement file to be queried
+ */
+ char *dir;
+
+ /**
+ * Primary key of the directory to be queried
+ */
+ int did;
+
+ /**
+ * Measurement file to be queried
+ */
+ char *file;
+
+ /**
+ * Primary key of measurement file to be queried
+ */
+ int fid;
+
+ /**
+ * Directory where file measurement are to be taken
+ */
+ char *meas_dir;
+
+ /**
+ * AIK to be queried
+ */
+ chunk_t key;
+
+ /**
+ * Primary key of the AIK to be queried
+ */
+ int kid;
+
+ /**
+ * TRUE if AIK has been set
+ */
+ bool key_set;
+
+ /**
+ * Software package to be queried
+ */
+ char *package;
+
+ /**
+ * Primary key of software package to be queried
+ */
+ int gid;
+
+ /**
+ * TRUE if package has been set
+ */
+ bool package_set;
+
+ /**
+ * Software product to be queried
+ */
+ char *product;
+
+ /**
+ * Primary key of software product to be queried
+ */
+ int pid;
+
+ /**
+ * TRUE if product has been set
+ */
+ bool product_set;
+
+ /**
+ * Software package version to be queried
+ */
+ char *version;
+
+ /**
+ * TRUE if version has been set
+ */
+ bool version_set;
+
+ /**
+ * TRUE if relative filenames are to be used
+ */
+ bool relative;
+
+ /**
+ * TRUE if dates are to be displayed in UTC
+ */
+ bool utc;
+
+ /**
+ * Package security or blacklist state
+ */
+ os_package_state_t package_state;
+
+ /**
+ * Sequence number for ordering entries
+ */
+ int seq_no;
+
+ /**
+ * File measurement hash algorithm
+ */
+ pts_meas_algorithms_t algo;
+
+ /**
+ * Optional owner (user/host name)
+ */
+ char *owner;
+
+ /**
+ * Attestation database
+ */
+ database_t *db;
+
+};
+
+char* print_cfn(pts_comp_func_name_t *cfn)
+{
+ static char buf[BUF_LEN];
+ char flags[8];
+ int type, vid, name, qualifier, n;
+ enum_name_t *names, *types;
+
+ vid = cfn->get_vendor_id(cfn),
+ name = cfn->get_name(cfn);
+ qualifier = cfn->get_qualifier(cfn);
+ n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier);
+
+ names = imcv_pts_components->get_comp_func_names(imcv_pts_components, vid);
+ types = imcv_pts_components->get_qualifier_type_names(imcv_pts_components,
+ vid);
+ type = imcv_pts_components->get_qualifier(imcv_pts_components, cfn, flags);
+ if (names && types)
+ {
+ n = snprintf(buf + n, BUF_LEN - n, " %N/%N [%s] %N",
+ pen_names, vid, names, name, flags, types, type);
+ }
+ return buf;
+}
+
+/**
+ * Get the directory separator to append to a path
+ */
+static const char* get_separator(const char *path)
+{
+ if (streq(path, DIRECTORY_SEPARATOR))
+ { /* root directory on Unix file system, no separator */
+ return "";
+ }
+ else
+ { /* non-root or Windows path, use system specific separator */
+ return DIRECTORY_SEPARATOR;
+ }
+}
+
+METHOD(attest_db_t, set_component, bool,
+ private_attest_db_t *this, char *comp, bool create)
+{
+ enumerator_t *e;
+ char *pos1, *pos2;
+ int vid, name, qualifier;
+ pts_comp_func_name_t *cfn;
+
+ if (this->comp_set)
+ {
+ printf("component has already been set\n");
+ return FALSE;
+ }
+
+ /* parse component string */
+ pos1 = strchr(comp, '/');
+ pos2 = strchr(comp, '-');
+ if (!pos1 || !pos2)
+ {
+ printf("component string must have the form \"vendor_id/name-qualifier\"\n");
+ return FALSE;
+ }
+ vid = atoi(comp);
+ name = atoi(pos1 + 1);
+ qualifier = atoi(pos2 + 1);
+ cfn = pts_comp_func_name_create(vid, name, qualifier);
+
+ e = this->db->query(this->db,
+ "SELECT id FROM components "
+ "WHERE vendor_id = ? AND name = ? AND qualifier = ?",
+ DB_UINT, vid, DB_INT, name, DB_INT, qualifier, DB_INT);
+ if (e)
+ {
+ if (e->enumerate(e, &this->cid))
+ {
+ this->comp_set = TRUE;
+ this->cfn = cfn;
+ }
+ e->destroy(e);
+ }
+ if (this->comp_set)
+ {
+ return TRUE;
+ }
+
+ if (!create)
+ {
+ printf("component '%s' not found in database\n", print_cfn(cfn));
+ cfn->destroy(cfn);
+ return FALSE;
+ }
+
+ /* Add a new database entry */
+ this->comp_set = this->db->execute(this->db, &this->cid,
+ "INSERT INTO components (vendor_id, name, qualifier) "
+ "VALUES (?, ?, ?)",
+ DB_INT, vid, DB_INT, name, DB_INT, qualifier) == 1;
+
+ printf("component '%s' %sinserted into database\n", print_cfn(cfn),
+ this->comp_set ? "" : "could not be ");
+ if (this->comp_set)
+ {
+ this->cfn = cfn;
+ }
+ else
+ {
+ cfn->destroy(cfn);
+ }
+ return this->comp_set;
+}
+
+METHOD(attest_db_t, set_cid, bool,
+ private_attest_db_t *this, int cid)
+{
+ enumerator_t *e;
+ int vid, name, qualifier;
+
+ if (this->comp_set)
+ {
+ printf("component has already been set\n");
+ return FALSE;
+ }
+ this->cid = cid;
+
+ e = this->db->query(this->db, "SELECT vendor_id, name, qualifier "
+ "FROM components WHERE id = ?",
+ DB_UINT, cid, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ if (e->enumerate(e, &vid, &name, &qualifier))
+ {
+ this->cfn = pts_comp_func_name_create(vid, name, qualifier);
+ this->comp_set = TRUE;
+ }
+ else
+ {
+ printf("no component found with cid %d\n", cid);
+ }
+ e->destroy(e);
+ }
+ return this->comp_set;
+}
+
+METHOD(attest_db_t, set_directory, bool,
+ private_attest_db_t *this, char *dir, bool create)
+{
+ enumerator_t *e;
+ int did;
+ size_t len;
+
+ if (this->did)
+ {
+ printf("directory has already been set\n");
+ return FALSE;
+ }
+
+ /* remove trailing '/' or '\' character if not root directory */
+ len = strlen(dir);
+ if (len > 1 && dir[len-1] == DIRECTORY_SEPARATOR[0])
+ {
+ dir[len-1] = '\0';
+ }
+ this->dir = strdup(dir);
+
+ e = this->db->query(this->db,
+ "SELECT id FROM directories WHERE path = ?",
+ DB_TEXT, dir, DB_INT);
+ if (e)
+ {
+ if (e->enumerate(e, &did))
+ {
+ this->did = did;
+ }
+ e->destroy(e);
+ }
+ if (this->did)
+ {
+ return TRUE;
+ }
+
+ if (!create)
+ {
+ printf("directory '%s' not found in database\n", dir);
+ return FALSE;
+ }
+
+ /* Add a new database entry */
+ if (1 == this->db->execute(this->db, &did,
+ "INSERT INTO directories (path) VALUES (?)", DB_TEXT, dir))
+ {
+ this->did = did;
+ }
+ printf("directory '%s' %sinserted into database\n", dir,
+ this->did ? "" : "could not be ");
+
+ return this->did > 0;
+}
+
+METHOD(attest_db_t, set_did, bool,
+ private_attest_db_t *this, int did)
+{
+ enumerator_t *e;
+ char *dir;
+
+ if (this->did)
+ {
+ printf("directory has already been set\n");
+ return FALSE;
+ }
+
+ e = this->db->query(this->db, "SELECT path FROM directories WHERE id = ?",
+ DB_UINT, did, DB_TEXT);
+ if (e)
+ {
+ if (e->enumerate(e, &dir))
+ {
+ this->dir = strdup(dir);
+ this->did = did;
+ }
+ else
+ {
+ printf("no directory found with did %d\n", did);
+ }
+ e->destroy(e);
+ }
+ return this->did > 0;
+}
+
+METHOD(attest_db_t, set_file, bool,
+ private_attest_db_t *this, char *file, bool create)
+{
+ int fid;
+ enumerator_t *e;
+
+ if (this->file)
+ {
+ printf("file has already been set\n");
+ return FALSE;
+ }
+ this->file = strdup(file);
+
+ if (!this->did)
+ {
+ return TRUE;
+ }
+ e = this->db->query(this->db, "SELECT id FROM files "
+ "WHERE dir = ? AND name = ?",
+ DB_INT, this->did, DB_TEXT, file, DB_INT);
+ if (e)
+ {
+ if (e->enumerate(e, &fid))
+ {
+ this->fid = fid;
+ }
+ e->destroy(e);
+ }
+ if (this->fid)
+ {
+ return TRUE;
+ }
+
+ if (!create)
+ {
+ printf("file '%s%s%s' not found in database\n",
+ this->dir, get_separator(this->dir), file);
+ return FALSE;
+ }
+
+ /* Add a new database entry */
+ if (1 == this->db->execute(this->db, &fid,
+ "INSERT INTO files (dir, name) VALUES (?, ?)",
+ DB_INT, this->did, DB_TEXT, file))
+ {
+ this->fid = fid;
+ }
+ printf("file '%s%s%s' %sinserted into database\n", this->dir,
+ get_separator(this->dir), file, this->fid ? "" : "could not be ");
+
+ return this->fid > 0;
+}
+
+METHOD(attest_db_t, set_fid, bool,
+ private_attest_db_t *this, int fid)
+{
+ enumerator_t *e;
+ int did;
+ char *file;
+
+ if (this->fid)
+ {
+ printf("file has already been set\n");
+ return FALSE;
+ }
+
+ e = this->db->query(this->db, "SELECT dir, name FROM files WHERE id = ?",
+ DB_UINT, fid, DB_INT, DB_TEXT);
+ if (e)
+ {
+ if (e->enumerate(e, &did, &file))
+ {
+ if (did)
+ {
+ set_did(this, did);
+ }
+ this->file = strdup(file);
+ this->fid = fid;
+ }
+ else
+ {
+ printf("no file found with fid %d\n", fid);
+ }
+ e->destroy(e);
+ }
+ return this->fid > 0;
+}
+
+METHOD(attest_db_t, set_meas_directory, bool,
+ private_attest_db_t *this, char *dir)
+{
+ size_t len;
+
+ /* remove trailing '/' character if not root directory */
+ len = strlen(dir);
+ if (len > 1 && dir[len-1] == '/')
+ {
+ dir[len-1] = '\0';
+ }
+ this->meas_dir = strdup(dir);
+
+ return TRUE;
+}
+
+METHOD(attest_db_t, set_key, bool,
+ private_attest_db_t *this, chunk_t key, bool create)
+{
+ enumerator_t *e;
+ char *owner;
+
+ if (this->key_set)
+ {
+ printf("key has already been set\n");
+ return FALSE;
+ }
+ this->key = key;
+
+ e = this->db->query(this->db, "SELECT id, owner FROM keys WHERE keyid= ?",
+ DB_BLOB, this->key, DB_INT, DB_TEXT);
+ if (e)
+ {
+ if (e->enumerate(e, &this->kid, &owner))
+ {
+ free(this->owner);
+ this->owner = strdup(owner);
+ this->key_set = TRUE;
+ }
+ e->destroy(e);
+ }
+ if (this->key_set)
+ {
+ return TRUE;
+ }
+
+ if (!create)
+ {
+ printf("key '%#B' not found in database\n", &this->key);
+ return FALSE;
+ }
+
+ /* Add a new database entry */
+ if (!this->owner)
+ {
+ this->owner = strdup("");
+ }
+ this->key_set = this->db->execute(this->db, &this->kid,
+ "INSERT INTO keys (keyid, owner) VALUES (?, ?)",
+ DB_BLOB, this->key, DB_TEXT, this->owner) == 1;
+
+ printf("key '%#B' %sinserted into database\n", &this->key,
+ this->key_set ? "" : "could not be ");
+
+ return this->key_set;
+
+};
+
+METHOD(attest_db_t, set_kid, bool,
+ private_attest_db_t *this, int kid)
+{
+ enumerator_t *e;
+ chunk_t key;
+ char *owner;
+
+ if (this->key_set)
+ {
+ printf("key has already been set\n");
+ return FALSE;
+ }
+ this->kid = kid;
+
+ e = this->db->query(this->db, "SELECT keyid, owner FROM keys WHERE id = ?",
+ DB_UINT, kid, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ if (e->enumerate(e, &key, &owner))
+ {
+ this->owner = strdup(owner);
+ this->key = chunk_clone(key);
+ this->key_set = TRUE;
+ }
+ else
+ {
+ printf("no key found with kid %d\n", kid);
+ }
+ e->destroy(e);
+ }
+ return this->key_set;
+
+};
+
+METHOD(attest_db_t, set_product, bool,
+ private_attest_db_t *this, char *product, bool create)
+{
+ enumerator_t *e;
+
+ if (this->product_set)
+ {
+ printf("product has already been set\n");
+ return FALSE;
+ }
+ this->product = strdup(product);
+
+ e = this->db->query(this->db, "SELECT id FROM products WHERE name = ?",
+ DB_TEXT, product, DB_INT);
+ if (e)
+ {
+ if (e->enumerate(e, &this->pid))
+ {
+ this->product_set = TRUE;
+ }
+ e->destroy(e);
+ }
+ if (this->product_set)
+ {
+ return TRUE;
+ }
+
+ if (!create)
+ {
+ printf("product '%s' not found in database\n", product);
+ return FALSE;
+ }
+
+ /* Add a new database entry */
+ this->product_set = this->db->execute(this->db, &this->pid,
+ "INSERT INTO products (name) VALUES (?)",
+ DB_TEXT, product) == 1;
+
+ printf("product '%s' %sinserted into database\n", product,
+ this->product_set ? "" : "could not be ");
+
+ return this->product_set;
+}
+
+METHOD(attest_db_t, set_pid, bool,
+ private_attest_db_t *this, int pid)
+{
+ enumerator_t *e;
+ char *product;
+
+ if (this->product_set)
+ {
+ printf("product has already been set\n");
+ return FALSE;
+ }
+ this->pid = pid;
+
+ e = this->db->query(this->db, "SELECT name FROM products WHERE id = ?",
+ DB_UINT, pid, DB_TEXT);
+ if (e)
+ {
+ if (e->enumerate(e, &product))
+ {
+ this->product = strdup(product);
+ this->product_set = TRUE;
+ }
+ else
+ {
+ printf("no product found with pid %d in database\n", pid);
+ }
+ e->destroy(e);
+ }
+ return this->product_set;
+}
+
+METHOD(attest_db_t, set_package, bool,
+ private_attest_db_t *this, char *package, bool create)
+{
+ enumerator_t *e;
+
+ if (this->package_set)
+ {
+ printf("package has already been set\n");
+ return FALSE;
+ }
+ this->package = strdup(package);
+
+ e = this->db->query(this->db, "SELECT id FROM packages WHERE name = ?",
+ DB_TEXT, package, DB_INT);
+ if (e)
+ {
+ if (e->enumerate(e, &this->gid))
+ {
+ this->package_set = TRUE;
+ }
+ e->destroy(e);
+ }
+ if (this->package_set)
+ {
+ return TRUE;
+ }
+
+ if (!create)
+ {
+ printf("package '%s' not found in database\n", package);
+ return FALSE;
+ }
+
+ /* Add a new database entry */
+ this->package_set = this->db->execute(this->db, &this->gid,
+ "INSERT INTO packages (name) VALUES (?)",
+ DB_TEXT, package) == 1;
+
+ printf("package '%s' %sinserted into database\n", package,
+ this->package_set ? "" : "could not be ");
+
+ return this->package_set;
+}
+
+METHOD(attest_db_t, set_gid, bool,
+ private_attest_db_t *this, int gid)
+{
+ enumerator_t *e;
+ char *package;
+
+ if (this->package_set)
+ {
+ printf("package has already been set\n");
+ return FALSE;
+ }
+ this->gid = gid;
+
+ e = this->db->query(this->db, "SELECT name FROM packages WHERE id = ?",
+ DB_UINT, gid, DB_TEXT);
+ if (e)
+ {
+ if (e->enumerate(e, &package))
+ {
+ this->package = strdup(package);
+ this->package_set = TRUE;
+ }
+ else
+ {
+ printf("no package found with gid %d in database\n", gid);
+ }
+ e->destroy(e);
+ }
+ return this->package_set;
+}
+
+METHOD(attest_db_t, set_version, bool,
+ private_attest_db_t *this, char *version)
+{
+ if (this->version_set)
+ {
+ printf("version has already been set\n");
+ return FALSE;
+ }
+ this->version = strdup(version);
+ this->version_set = TRUE;
+
+ return TRUE;
+}
+
+
+METHOD(attest_db_t, set_algo, void,
+ private_attest_db_t *this, pts_meas_algorithms_t algo)
+{
+ this->algo = algo;
+}
+
+METHOD(attest_db_t, set_relative, void,
+ private_attest_db_t *this)
+{
+ this->relative = TRUE;
+}
+
+METHOD(attest_db_t, set_package_state, void,
+ private_attest_db_t *this, os_package_state_t package_state)
+{
+ this->package_state = package_state;
+}
+
+METHOD(attest_db_t, set_sequence, void,
+ private_attest_db_t *this, int seq_no)
+{
+ this->seq_no = seq_no;
+}
+
+METHOD(attest_db_t, set_owner, void,
+ private_attest_db_t *this, char *owner)
+{
+ free(this->owner);
+ this->owner = strdup(owner);
+}
+
+METHOD(attest_db_t, set_utc, void,
+ private_attest_db_t *this)
+{
+ this->utc = TRUE;
+}
+
+METHOD(attest_db_t, list_components, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ pts_comp_func_name_t *cfn;
+ int seq_no, cid, vid, name, qualifier, count = 0;
+
+ if (this->kid)
+ {
+ e = this->db->query(this->db,
+ "SELECT kc.seq_no, c.id, c.vendor_id, c.name, c.qualifier "
+ "FROM components AS c "
+ "JOIN key_component AS kc ON c.id = kc.component "
+ "WHERE kc.key = ? ORDER BY kc.seq_no",
+ DB_UINT, this->kid, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ while (e->enumerate(e, &cid, &seq_no, &vid, &name, &qualifier))
+ {
+ cfn = pts_comp_func_name_create(vid, name, qualifier);
+ printf("%4d: #%-2d %s\n", seq_no, cid, print_cfn(cfn));
+ cfn->destroy(cfn);
+ count++;
+ }
+ e->destroy(e);
+ printf("%d component%s found for key %#B\n", count,
+ (count == 1) ? "" : "s", &this->key);
+ }
+ }
+ else
+ {
+ e = this->db->query(this->db,
+ "SELECT id, vendor_id, name, qualifier FROM components "
+ "ORDER BY vendor_id, name, qualifier",
+ DB_INT, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ while (e->enumerate(e, &cid, &vid, &name, &qualifier))
+ {
+ cfn = pts_comp_func_name_create(vid, name, qualifier);
+ printf("%4d: %s\n", cid, print_cfn(cfn));
+ cfn->destroy(cfn);
+ count++;
+ }
+ e->destroy(e);
+ printf("%d component%s found\n", count, (count == 1) ? "" : "s");
+ }
+ }
+}
+
+METHOD(attest_db_t, list_devices, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e, *e_ar;
+ chunk_t ar_id_value = chunk_empty;
+ char *product, *device;
+ time_t timestamp;
+ int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0;
+ int session_id, rec;
+ u_int32_t ar_id_type;
+ u_int tstamp;
+
+ e = this->db->query(this->db,
+ "SELECT d.id, d.value, s.id, s.time, s.identity, s.rec, p.name "
+ "FROM devices AS d "
+ "JOIN sessions AS s ON d.id = s.device "
+ "JOIN products AS p ON p.id = s.product "
+ "ORDER BY d.value, s.time DESC", DB_INT, DB_TEXT, DB_INT, DB_UINT,
+ DB_INT, DB_INT, DB_TEXT);
+
+ if (e)
+ {
+ while (e->enumerate(e, &id, &device, &session_id, &tstamp, &ar_id, &rec,
+ &product))
+ {
+ if (id != last_id)
+ {
+ printf("%4d: %s - %s\n", id, device, product);
+ device_count++;
+ last_id = id;
+ }
+ timestamp = tstamp;
+ printf("%4d: %T", session_id, ×tamp, this->utc);
+ if (ar_id)
+ {
+ if (ar_id != last_ar_id)
+ {
+ chunk_free(&ar_id_value);
+ e_ar = this->db->query(this->db,
+ "SELECT type, value FROM identities "
+ "WHERE id = ?", DB_INT, ar_id, DB_INT, DB_BLOB);
+ if (e_ar)
+ {
+ e_ar->enumerate(e_ar, &ar_id_type, &ar_id_value);
+ ar_id_value = chunk_clone(ar_id_value);
+ e_ar->destroy(e_ar);
+ }
+ }
+ if (ar_id_value.len)
+ {
+ printf(" %.*s", (int)ar_id_value.len, ar_id_value.ptr);
+ }
+ last_ar_id = ar_id;
+ }
+ printf(" - %N\n", TNC_IMV_Action_Recommendation_names, rec);
+ }
+ e->destroy(e);
+ free(ar_id_value.ptr);
+
+ printf("%d device%s found\n", device_count,
+ (device_count == 1) ? "" : "s");
+ }
+}
+
+METHOD(attest_db_t, list_keys, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ chunk_t keyid;
+ char *owner;
+ int kid, count = 0;
+
+ if (this->cid)
+ {
+ e = this->db->query(this->db,
+ "SELECT k.id, k.keyid, k.owner FROM keys AS k "
+ "JOIN key_component AS kc ON k.id = kc.key "
+ "WHERE kc.component = ? ORDER BY k.keyid",
+ DB_UINT, this->cid, DB_INT, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &kid, &keyid, &owner))
+ {
+ printf("%4d: %#B '%s'\n", kid, &keyid, owner);
+ count++;
+ }
+ e->destroy(e);
+ }
+ }
+ else
+ {
+ e = this->db->query(this->db, "SELECT id, keyid, owner FROM keys "
+ "ORDER BY keyid",
+ DB_INT, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &kid, &keyid, &owner))
+ {
+ printf("%4d: %#B '%s'\n", kid, &keyid, owner);
+ count++;
+ }
+ e->destroy(e);
+ }
+ }
+
+ printf("%d key%s found", count, (count == 1) ? "" : "s");
+ if (this->comp_set)
+ {
+ printf(" for component '%s'", print_cfn(this->cfn));
+ }
+ printf("\n");
+}
+
+METHOD(attest_db_t, list_files, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ char *dir, *file;
+ int did, last_did = 0, fid, count = 0;
+
+ if (this->did)
+ {
+ e = this->db->query(this->db,
+ "SELECT id, name FROM files WHERE dir = ? ORDER BY name",
+ DB_INT, this->did, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &fid, &file))
+ {
+ printf("%4d: %s\n", fid, file);
+ count++;
+ }
+ e->destroy(e);
+ }
+ printf("%d file%s found in directory '%s'\n", count,
+ (count == 1) ? "" : "s", this->dir);
+ }
+ else
+ {
+ e = this->db->query(this->db,
+ "SELECT d.id, d.path, f.id, f.name FROM files AS f "
+ "JOIN directories AS d ON f.dir = d.id "
+ "ORDER BY d.path, f.name",
+ DB_INT, DB_TEXT, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &did, &dir, &fid, &file))
+ {
+ if (did != last_did)
+ {
+ printf("%4d: %s\n", did, dir);
+ last_did = did;
+ }
+ printf("%4d: %s\n", fid, file);
+ count++;
+ }
+ e->destroy(e);
+ }
+ printf("%d file%s found\n", count, (count == 1) ? "" : "s");
+ }
+}
+
+METHOD(attest_db_t, list_directories, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ char *dir;
+ int did, count = 0;
+
+ if (this->file)
+ {
+ e = this->db->query(this->db,
+ "SELECT d.id, d.path FROM directories AS d "
+ "JOIN files AS f ON f.dir = d.id WHERE f.name = ? "
+ "ORDER BY path", DB_TEXT, this->file, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &did, &dir))
+ {
+ printf("%4d: %s\n", did, dir);
+ count++;
+ }
+ e->destroy(e);
+ }
+ printf("%d director%s found containing file '%s'\n", count,
+ (count == 1) ? "y" : "ies", this->file);
+ }
+ else
+ {
+ e = this->db->query(this->db,
+ "SELECT id, path FROM directories ORDER BY path",
+ DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &did, &dir))
+ {
+ printf("%4d: %s\n", did, dir);
+ count++;
+ }
+ e->destroy(e);
+ }
+ printf("%d director%s found\n", count, (count == 1) ? "y" : "ies");
+ }
+}
+
+METHOD(attest_db_t, list_packages, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ char *package, *version;
+ os_package_state_t package_state;
+ int blacklist, security, gid, gid_old = 0, spaces, count = 0, t;
+ time_t timestamp;
+
+ if (this->pid)
+ {
+ e = this->db->query(this->db,
+ "SELECT p.id, p.name, "
+ "v.release, v.security, v.blacklist, v.time "
+ "FROM packages AS p JOIN versions AS v ON v.package = p.id "
+ "WHERE v.product = ? ORDER BY p.name, v.release",
+ DB_INT, this->pid,
+ DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ while (e->enumerate(e, &gid, &package,
+ &version, &security, &blacklist, &t))
+ {
+ if (gid != gid_old)
+ {
+ printf("%5d: %s,", gid, package);
+ gid_old = gid;
+ }
+ else
+ {
+ spaces = 8 + strlen(package);
+ while (spaces--)
+ {
+ printf(" ");
+ }
+ }
+ timestamp = t;
+ if (blacklist)
+ {
+ package_state = OS_PACKAGE_STATE_BLACKLIST;
+ }
+ else
+ {
+ package_state = security ? OS_PACKAGE_STATE_SECURITY :
+ OS_PACKAGE_STATE_UPDATE;
+ }
+ printf(" %T (%s)%N\n", ×tamp, this->utc, version,
+ os_package_state_names, package_state);
+ count++;
+ }
+ e->destroy(e);
+ }
+ }
+ else
+ {
+ e = this->db->query(this->db, "SELECT id, name FROM packages "
+ "ORDER BY name",
+ DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &gid, &package))
+ {
+ printf("%4d: %s\n", gid, package);
+ count++;
+ }
+ e->destroy(e);
+ }
+ }
+
+ printf("%d package%s found", count, (count == 1) ? "" : "s");
+ if (this->product_set)
+ {
+ printf(" for product '%s'", this->product);
+ }
+ printf("\n");
+}
+
+METHOD(attest_db_t, list_products, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ char *product;
+ int pid, meas, meta, count = 0;
+
+ if (this->fid)
+ {
+ e = this->db->query(this->db,
+ "SELECT p.id, p.name, pf.measurement, pf.metadata "
+ "FROM products AS p "
+ "JOIN product_file AS pf ON p.id = pf.product "
+ "WHERE pf.file = ? ORDER BY p.name",
+ DB_UINT, this->fid, DB_INT, DB_TEXT, DB_INT, DB_INT);
+ if (e)
+ {
+ while (e->enumerate(e, &pid, &product, &meas, &meta))
+ {
+ printf("%4d: |%s%s| %s\n", pid, meas ? "M":" ", meta ? "T":" ",
+ product);
+ count++;
+ }
+ e->destroy(e);
+ }
+ }
+ else
+ {
+ e = this->db->query(this->db, "SELECT id, name FROM products "
+ "ORDER BY name",
+ DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &pid, &product))
+ {
+ printf("%4d: %s\n", pid, product);
+ count++;
+ }
+ e->destroy(e);
+ }
+ }
+
+ printf("%d product%s found", count, (count == 1) ? "" : "s");
+ if (this->fid)
+ {
+ printf(" for file '%s'", this->file);
+ }
+ printf("\n");
+}
+
+METHOD(attest_db_t, list_hashes, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ chunk_t hash;
+ char *file, *dir, *product;
+ int id, fid, fid_old = 0, did, did_old = 0, pid, pid_old = 0, count = 0;
+
+ if (this->pid && this->fid && this->did)
+ {
+ printf("%4d: %s\n", this->did, this->dir);
+ printf("%4d: %s\n", this->fid, this->file);
+ e = this->db->query(this->db,
+ "SELECT id, hash FROM file_hashes "
+ "WHERE algo = ? AND file = ? AND product = ?",
+ DB_INT, this->algo, DB_INT, this->fid, DB_INT, this->pid,
+ DB_INT, DB_BLOB);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &hash))
+ {
+ printf("%4d: %#B\n", id, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for product '%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", this->product);
+ }
+ }
+ else if (this->pid && this->file)
+ {
+ e = this->db->query(this->db,
+ "SELECT h.id, h.hash, f.id, d.id, d.path "
+ "FROM file_hashes AS h "
+ "JOIN files AS f ON h.file = f.id "
+ "JOIN directories AS d ON f.dir = d.id "
+ "WHERE h.algo = ? AND h.product = ? AND f.name = ? "
+ "ORDER BY d.path, f.name, h.hash",
+ DB_INT, this->algo, DB_INT, this->pid, DB_TEXT, this->file,
+ DB_INT, DB_BLOB, DB_INT, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &hash, &fid, &did, &dir))
+ {
+ if (did != did_old)
+ {
+ printf("%4d: %s\n", did, dir);
+ did_old = did;
+ }
+ if (fid != fid_old)
+ {
+ printf("%4d: %s\n", fid, this->file);
+ fid_old = fid;
+ }
+ printf("%4d: %#B\n", id, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for product '%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", this->product);
+ }
+ }
+ else if (this->pid && this->did)
+ {
+ printf("%4d: %s\n", this->did, this->dir);
+ e = this->db->query(this->db,
+ "SELECT h.id, h.hash, f.id, f.name "
+ "FROM file_hashes AS h "
+ "JOIN files AS f ON h.file = f.id "
+ "WHERE h.algo = ? AND h.product = ? AND f.dir = ? "
+ "ORDER BY f.name, h.hash",
+ DB_INT, this->algo, DB_INT, this->pid, DB_INT, this->did,
+ DB_INT, DB_BLOB, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &hash, &fid, &file))
+ {
+ if (fid != fid_old)
+ {
+ printf("%4d: %s\n", fid, file);
+ fid_old = fid;
+ }
+ printf("%4d: %#B\n", id, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for product '%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", this->product);
+ }
+ }
+ else if (this->pid)
+ {
+ e = this->db->query(this->db,
+ "SELECT h.id, h.hash, f.id, f.name, d.id, d.path "
+ "FROM file_hashes AS h "
+ "JOIN files AS f ON h.file = f.id "
+ "JOIN directories AS d ON f.dir = d.id "
+ "WHERE h.algo = ? AND h.product = ? "
+ "ORDER BY d.path, f.name, h.hash",
+ DB_INT, this->algo, DB_INT, this->pid,
+ DB_INT, DB_BLOB, DB_INT, DB_TEXT, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &hash, &fid, &file, &did, &dir))
+ {
+ if (did != did_old)
+ {
+ printf("%4d: %s\n", did, dir);
+ did_old = did;
+ }
+ if (fid != fid_old)
+ {
+ printf("%4d: %s\n", fid, file);
+ fid_old = fid;
+ }
+ printf("%4d: %#B\n", id, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for product '%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", this->product);
+ }
+ }
+ else if (this->fid && this->did)
+ {
+ e = this->db->query(this->db,
+ "SELECT h.id, h.hash, p.id, p.name FROM file_hashes AS h "
+ "JOIN products AS p ON h.product = p.id "
+ "WHERE h.algo = ? AND h.file = ? "
+ "ORDER BY p.name, h.hash",
+ DB_INT, this->algo, DB_INT, this->fid,
+ DB_INT, DB_BLOB, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &hash, &pid, &product))
+ {
+ if (pid != pid_old)
+ {
+ printf("%4d: %s\n", pid, product);
+ pid_old = pid;
+ }
+ printf("%4d: %#B\n", id, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for file '%s%s%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", this->dir,
+ get_separator(this->dir), this->file);
+ }
+ }
+ else if (this->file)
+ {
+ e = this->db->query(this->db,
+ "SELECT h.id, h.hash, f.id, d.id, d.path, p.id, p.name "
+ "FROM file_hashes AS h "
+ "JOIN files AS f ON h.file = f.id "
+ "JOIN directories AS d ON f.dir = d.id "
+ "JOIN products AS p ON h.product = p.id "
+ "WHERE h.algo = ? AND f.name = ? "
+ "ORDER BY d.path, f.name, p.name, h.hash",
+ DB_INT, this->algo, DB_TEXT, this->file,
+ DB_INT, DB_BLOB, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &hash, &fid, &did, &dir, &pid, &product))
+ {
+ if (did != did_old)
+ {
+ printf("%4d: %s\n", did, dir);
+ did_old = did;
+ }
+ if (fid != fid_old)
+ {
+ printf("%4d: %s\n", fid, this->file);
+ fid_old = fid;
+ pid_old = 0;
+ }
+ if (pid != pid_old)
+ {
+ printf("%4d: %s\n", pid, product);
+ pid_old = pid;
+ }
+ printf("%4d: %#B\n", id, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found\n", count, pts_meas_algorithm_names,
+ this->algo, (count == 1) ? "" : "s");
+ }
+
+ }
+ else if (this->did)
+ {
+ e = this->db->query(this->db,
+ "SELECT h.id, h.hash, f.id, f.name, p.id, p.name "
+ "FROM file_hashes AS h "
+ "JOIN files AS f ON h.file = f.id "
+ "JOIN products AS p ON h.product = p.id "
+ "WHERE h.algo = ? AND f.dir = ? "
+ "ORDER BY f.name, p.name, h.hash",
+ DB_INT, this->algo, DB_INT, this->did,
+ DB_INT, DB_BLOB, DB_INT, DB_TEXT, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &hash, &fid, &file, &pid, &product))
+ {
+ if (fid != fid_old)
+ {
+ printf("%4d: %s\n", fid, file);
+ fid_old = fid;
+ pid_old = 0;
+ }
+ if (pid != pid_old)
+ {
+ printf("%4d: %s\n", pid, product);
+ pid_old = pid;
+ }
+ printf("%4d: %#B\n", id, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for directory '%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", this->dir);
+ }
+ }
+ else
+ {
+ e = this->db->query(this->db,
+ "SELECT h.id, h.hash, f.id, f.name, d.id, d.path, p.id, p.name "
+ "FROM file_hashes AS h "
+ "JOIN files AS f ON h.file = f.id "
+ "JOIN directories AS d ON f.dir = d.id "
+ "JOIN products AS p on h.product = p.id "
+ "WHERE h.algo = ? "
+ "ORDER BY d.path, f.name, p.name, h.hash",
+ DB_INT, this->algo, DB_INT, DB_BLOB, DB_INT, DB_TEXT,
+ DB_INT, DB_TEXT, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &hash, &fid, &file, &did, &dir, &pid,
+ &product))
+ {
+ if (did != did_old)
+ {
+ printf("%4d: %s\n", did, dir);
+ did_old = did;
+ }
+ if (fid != fid_old)
+ {
+ printf("%4d: %s\n", fid, file);
+ fid_old = fid;
+ pid_old = 0;
+ }
+ if (pid != pid_old)
+ {
+ printf("%4d: %s\n", pid, product);
+ pid_old = pid;
+ }
+ printf("%4d: %#B\n", id, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found\n", count, pts_meas_algorithm_names,
+ this->algo, (count == 1) ? "" : "s");
+ }
+ }
+}
+
+METHOD(attest_db_t, list_measurements, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ chunk_t hash, keyid;
+ pts_comp_func_name_t *cfn;
+ char *owner;
+ int seq_no, pcr, vid, name, qualifier;
+ int cid, cid_old = 0, kid, kid_old = 0, count = 0;
+
+ if (this->kid && this->cid)
+ {
+ e = this->db->query(this->db,
+ "SELECT ch.seq_no, ch.pcr, ch.hash, k.owner "
+ "FROM component_hashes AS ch "
+ "JOIN keys AS k ON k.id = ch.key "
+ "WHERE ch.algo = ? AND ch.key = ? AND ch.component = ? "
+ "ORDER BY seq_no",
+ DB_INT, this->algo, DB_UINT, this->kid, DB_UINT, this->cid,
+ DB_INT, DB_INT, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &seq_no, &pcr, &hash, &owner))
+ {
+ if (this->kid != kid_old)
+ {
+ printf("%4d: %#B '%s'\n", this->kid, &this->key, owner);
+ kid_old = this->kid;
+ }
+ printf("%7d %02d %#B\n", seq_no, pcr, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for component '%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", print_cfn(this->cfn));
+ }
+ }
+ else if (this->cid)
+ {
+ e = this->db->query(this->db,
+ "SELECT ch.seq_no, ch.pcr, ch.hash, k.id, k.keyid, k.owner "
+ "FROM component_hashes AS ch "
+ "JOIN keys AS k ON k.id = ch.key "
+ "WHERE ch.algo = ? AND ch.component = ? "
+ "ORDER BY keyid, seq_no",
+ DB_INT, this->algo, DB_UINT, this->cid,
+ DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &seq_no, &pcr, &hash, &kid, &keyid, &owner))
+ {
+ if (kid != kid_old)
+ {
+ printf("%4d: %#B '%s'\n", kid, &keyid, owner);
+ kid_old = kid;
+ }
+ printf("%7d %02d %#B\n", seq_no, pcr, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for component '%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", print_cfn(this->cfn));
+ }
+
+ }
+ else if (this->kid)
+ {
+ e = this->db->query(this->db,
+ "SELECT ch.seq_no, ch.pcr, ch.hash, "
+ "c.id, c.vendor_id, c.name, c.qualifier "
+ "FROM component_hashes AS ch "
+ "JOIN components AS c ON c.id = ch.component "
+ "WHERE ch.algo = ? AND ch.key = ? "
+ "ORDER BY vendor_id, name, qualifier, seq_no",
+ DB_INT, this->algo, DB_UINT, this->kid, DB_INT, DB_INT, DB_BLOB,
+ DB_INT, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ while (e->enumerate(e, &seq_no, &pcr, &hash, &cid, &vid, &name,
+ &qualifier))
+ {
+ if (cid != cid_old)
+ {
+ cfn = pts_comp_func_name_create(vid, name, qualifier);
+ printf("%4d: %s\n", cid, print_cfn(cfn));
+ cfn->destroy(cfn);
+ cid_old = cid;
+ }
+ printf("%5d %02d %#B\n", seq_no, pcr, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for key %#B '%s'\n", count,
+ pts_meas_algorithm_names, this->algo,
+ (count == 1) ? "" : "s", &this->key, this->owner);
+ }
+ }
+}
+
+METHOD(attest_db_t, list_sessions, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ chunk_t identity;
+ char *product, *device;
+ int session_id, conn_id, rec, device_len;
+ time_t created;
+ u_int t;
+
+ e = this->db->query(this->db,
+ "SELECT s.id, s.time, s.connection, s.rec, p.name, d.value, i.value "
+ "FROM sessions AS s "
+ "LEFT JOIN products AS p ON s.product = p.id "
+ "LEFT JOIN devices AS d ON s.device = d.id "
+ "LEFT JOIN identities AS i ON s.identity = i.id "
+ "ORDER BY s.time DESC",
+ DB_INT, DB_UINT, DB_INT, DB_INT, DB_TEXT, DB_TEXT, DB_BLOB);
+ if (e)
+ {
+ while (e->enumerate(e, &session_id, &t, &conn_id, &rec, &product,
+ &device, &identity))
+ {
+ created = t;
+ product = product ? product : "-";
+ device = strlen(device) ? device : "-";
+ device_len = min(strlen(device), DEVICE_MAX_LEN);
+ identity = identity.len ? identity : chunk_from_str("-");
+ printf("%4d: %T %2d %-20s %.*s%*s%.*s - %N\n", session_id, &created,
+ this->utc, conn_id, product, device_len, device,
+ DEVICE_MAX_LEN - device_len + 1, " ", (int)identity.len,
+ identity.ptr, TNC_IMV_Action_Recommendation_names, rec);
+ }
+ e->destroy(e);
+ }
+}
+
+/**
+ * Insert a file hash into the database
+ */
+static bool insert_file_hash(private_attest_db_t *this,
+ pts_meas_algorithms_t algo,
+ chunk_t measurement, int fid,
+ int *hashes_added, int *hashes_updated)
+{
+ enumerator_t *e;
+ chunk_t hash;
+ char *label;
+ bool insert = TRUE, update = FALSE;
+
+ label = "could not be created";
+
+ e = this->db->query(this->db,
+ "SELECT hash FROM file_hashes WHERE algo = ? "
+ "AND file = ? AND product = ? AND device = 0",
+ DB_INT, algo, DB_UINT, fid, DB_UINT, this->pid, DB_BLOB);
+
+ if (!e)
+ {
+ printf("file_hashes query failed\n");
+ return FALSE;
+ }
+
+ while (e->enumerate(e, &hash))
+ {
+ update = TRUE;
+
+ if (chunk_equals(measurement, hash))
+ {
+ label = "exists and equals";
+ insert = FALSE;
+ break;
+ }
+ }
+ e->destroy(e);
+
+ if (insert)
+ {
+ if (this->db->execute(this->db, NULL,
+ "INSERT INTO file_hashes "
+ "(file, product, device, algo, hash) "
+ "VALUES (?, ?, 0, ?, ?)",
+ DB_UINT, fid, DB_UINT, this->pid,
+ DB_INT, algo, DB_BLOB, measurement) != 1)
+ {
+ printf("file_hash insertion failed\n");
+ return FALSE;
+ }
+ if (update)
+ {
+ label = "updated";
+ (*hashes_updated)++;
+ }
+ else
+ {
+ label = "created";
+ (*hashes_added)++;
+ }
+ }
+ printf(" %#B - %s\n", &measurement, label);
+ return TRUE;
+}
+
+/**
+ * Add hash measurement for a single file or all files in a directory
+ */
+static bool add_hash(private_attest_db_t *this)
+{
+ char *pathname, *filename, *label;
+ const char *sep;
+ pts_file_meas_t *measurements;
+ chunk_t measurement;
+ hasher_t *hasher = NULL;
+ int fid, files_added = 0, hashes_added = 0, hashes_updated = 0;
+ enumerator_t *enumerator, *e;
+
+ if (!this->meas_dir)
+ {
+ this->meas_dir = strdup(this->dir);
+ }
+ sep = get_separator(this->meas_dir);
+
+ if (this->fid)
+ {
+ /* build pathname from directory path and relative filename */
+ if (asprintf(&pathname, "%s%s%s", this->meas_dir, sep, this->file) == -1)
+ {
+ return FALSE;
+ }
+ measurements = pts_file_meas_create_from_path(0, pathname, FALSE,
+ TRUE, this->algo);
+ free(pathname);
+ }
+ else
+ {
+ measurements = pts_file_meas_create_from_path(0, this->meas_dir, TRUE,
+ TRUE, this->algo);
+ }
+ if (!measurements)
+ {
+ printf("file measurement failed\n");
+ DESTROY_IF(hasher);
+ return FALSE;
+ }
+
+ enumerator = measurements->create_enumerator(measurements);
+ while (enumerator->enumerate(enumerator, &filename, &measurement))
+ {
+ if (this->fid)
+ {
+ /* a single file already exists */
+ filename = this->file;
+ fid = this->fid;
+ label = "exists";
+ }
+ else
+ {
+ /* retrieve or create filename */
+ label = "could not be created";
+
+ e = this->db->query(this->db,
+ "SELECT id FROM files WHERE name = ? AND dir = ?",
+ DB_TEXT, filename, DB_INT, this->did, DB_INT);
+ if (!e)
+ {
+ printf("files query failed\n");
+ break;
+ }
+ if (e->enumerate(e, &fid))
+ {
+ label = "exists";
+ }
+ else
+ {
+ if (this->db->execute(this->db, &fid,
+ "INSERT INTO files (name, dir) VALUES (?, ?)",
+ DB_TEXT, filename, DB_INT, this->did) == 1)
+ {
+ label = "created";
+ files_added++;
+ }
+ }
+ e->destroy(e);
+ }
+ printf("%4d: %s - %s\n", fid, filename, label);
+
+ /* compute file measurement hash */
+ if (!insert_file_hash(this, this->algo, measurement, fid,
+ &hashes_added, &hashes_updated))
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ printf("%d measurements, added %d new files, %d file hashes, "
+ "updated %d file hashes\n",
+ measurements->get_file_count(measurements),
+ files_added, hashes_added, hashes_updated);
+ measurements->destroy(measurements);
+
+ return TRUE;
+}
+
+METHOD(attest_db_t, add, bool,
+ private_attest_db_t *this)
+{
+ bool success = FALSE;
+
+ /* add directory or file hash measurement for a given product */
+ if (this->did && this->pid)
+ {
+ return add_hash(this);
+ }
+
+ /* insert package version */
+ if (this->version_set && this->gid && this->pid)
+ {
+ time_t t = time(NULL);
+ int security, blacklist;
+
+ security = this->package_state == OS_PACKAGE_STATE_SECURITY;
+ blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST;
+
+ success = this->db->execute(this->db, NULL,
+ "INSERT INTO versions "
+ "(package, product, release, security, blacklist, time) "
+ "VALUES (?, ?, ?, ?, ?, ?)",
+ DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT,
+ this->version, DB_INT, security, DB_INT, blacklist,
+ DB_INT, t) == 1;
+
+ printf("'%s' package %s (%s)%N %sinserted into database\n",
+ this->product, this->package, this->version,
+ os_package_state_names, this->package_state,
+ success ? "" : "could not be ");
+ }
+ return success;
+}
+
+METHOD(attest_db_t, delete, bool,
+ private_attest_db_t *this)
+{
+ bool success;
+ int id, count = 0;
+ char *name;
+ enumerator_t *e;
+
+ /* delete a file measurement hash for a given product */
+ if (this->algo && this->pid && this->fid)
+ {
+ success = this->db->execute(this->db, NULL,
+ "DELETE FROM file_hashes "
+ "WHERE algo = ? AND product = ? AND file = ?",
+ DB_UINT, this->algo, DB_UINT, this->pid,
+ DB_UINT, this->fid) > 0;
+
+ printf("%4d: %s%s%s\n", this->fid, this->dir, get_separator(this->dir),
+ this->file);
+ printf("%N value for product '%s' %sdeleted from database\n",
+ pts_meas_algorithm_names, this->algo, this->product,
+ success ? "" : "could not be ");
+
+ return success;
+ }
+
+ /* delete product/file entries */
+ if (this->pid && (this->fid || this->did))
+ {
+ success = this->db->execute(this->db, NULL,
+ "DELETE FROM product_file "
+ "WHERE product = ? AND file = ?",
+ DB_UINT, this->pid,
+ DB_UINT, this->fid ? this->fid : this->did) > 0;
+
+ printf("product/file pair (%d/%d) %sdeleted from database\n",
+ this->pid, this->fid ? this->fid : this->did,
+ success ? "" : "could not be ");
+
+ return success;
+ }
+
+ if (this->cid)
+ {
+ success = this->db->execute(this->db, NULL,
+ "DELETE FROM components WHERE id = ?",
+ DB_UINT, this->cid) > 0;
+
+ printf("component '%s' %sdeleted from database\n", print_cfn(this->cfn),
+ success ? "" : "could not be ");
+ return success;
+ }
+
+ if (this->fid)
+ {
+ success = this->db->execute(this->db, NULL,
+ "DELETE FROM files WHERE id = ?",
+ DB_UINT, this->fid) > 0;
+
+ printf("file '%s%s%s' %sdeleted from database\n", this->dir,
+ get_separator(this->dir), this->file,
+ success ? "" : "could not be ");
+ return success;
+ }
+
+ if (this->did)
+ {
+ e = this->db->query(this->db,
+ "SELECT id, name FROM files WHERE dir = ? ORDER BY name",
+ DB_INT, this->did, DB_INT, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &id, &name))
+ {
+ printf("%4d: %s\n", id, name);
+ count++;
+ }
+ e->destroy(e);
+
+ if (count)
+ {
+ printf("%d dependent file%s found, "
+ "directory '%s' could not deleted\n",
+ count, (count == 1) ? "" : "s", this->dir);
+ return FALSE;
+ }
+ }
+ success = this->db->execute(this->db, NULL,
+ "DELETE FROM directories WHERE id = ?",
+ DB_UINT, this->did) > 0;
+ printf("directory '%s' %sdeleted from database\n", this->dir,
+ success ? "" : "could not be ");
+ return success;
+ }
+
+ if (this->kid)
+ {
+ success = this->db->execute(this->db, NULL,
+ "DELETE FROM keys WHERE id = ?",
+ DB_UINT, this->kid) > 0;
+
+ printf("key %#B %sdeleted from database\n", &this->key,
+ success ? "" : "could not be ");
+ return success;
+ }
+ if (this->pid)
+ {
+ success = this->db->execute(this->db, NULL,
+ "DELETE FROM products WHERE id = ?",
+ DB_UINT, this->pid) > 0;
+
+ printf("product '%s' %sdeleted from database\n", this->product,
+ success ? "" : "could not be ");
+ return success;
+ }
+
+ printf("empty delete command\n");
+ return FALSE;
+}
+
+METHOD(attest_db_t, destroy, void,
+ private_attest_db_t *this)
+{
+ DESTROY_IF(this->db);
+ DESTROY_IF(this->cfn);
+ free(this->package);
+ free(this->product);
+ free(this->version);
+ free(this->file);
+ free(this->dir);
+ free(this->meas_dir);
+ free(this->owner);
+ free(this->key.ptr);
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+attest_db_t *attest_db_create(char *uri)
+{
+ private_attest_db_t *this;
+
+ INIT(this,
+ .public = {
+ .set_component = _set_component,
+ .set_cid = _set_cid,
+ .set_directory = _set_directory,
+ .set_did = _set_did,
+ .set_file = _set_file,
+ .set_fid = _set_fid,
+ .set_meas_directory = _set_meas_directory,
+ .set_key = _set_key,
+ .set_kid = _set_kid,
+ .set_package = _set_package,
+ .set_gid = _set_gid,
+ .set_product = _set_product,
+ .set_pid = _set_pid,
+ .set_version = _set_version,
+ .set_algo = _set_algo,
+ .set_relative = _set_relative,
+ .set_package_state = _set_package_state,
+ .set_sequence = _set_sequence,
+ .set_owner = _set_owner,
+ .set_utc = _set_utc,
+ .list_packages = _list_packages,
+ .list_products = _list_products,
+ .list_files = _list_files,
+ .list_directories = _list_directories,
+ .list_components = _list_components,
+ .list_devices = _list_devices,
+ .list_keys = _list_keys,
+ .list_hashes = _list_hashes,
+ .list_measurements = _list_measurements,
+ .list_sessions = _list_sessions,
+ .add = _add,
+ .delete = _delete,
+ .destroy = _destroy,
+ },
+ .db = lib->db->create(lib->db, uri),
+ );
+
+ if (!this->db)
+ {
+ fprintf(stderr, "opening database failed.\n");
+ destroy(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libimcv/plugins/imv_attestation/attest_db.h b/src/libimcv/plugins/imv_attestation/attest_db.h
new file mode 100644
index 0000000..ab3d046
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/attest_db.h
@@ -0,0 +1,267 @@
+/*
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup attest_db_t attest_db
+ * @{ @ingroup libimcv
+ */
+
+#ifndef ATTEST_DB_H_
+#define ATTEST_DB_H_
+
+#include <pts/pts_meas_algo.h>
+#include <os_info/os_info.h>
+#include <library.h>
+
+typedef struct attest_db_t attest_db_t;
+
+/**
+ * Attestation database object
+ */
+struct attest_db_t {
+
+ /**
+ * Set functional component to be queried
+ *
+ * @param comp functional component
+ * @param create if TRUE create database entry if it doesn't exist
+ * @return TRUE if successful
+ */
+ bool (*set_component)(attest_db_t *this, char *comp, bool create);
+
+ /**
+ * Set primary key of the functional component to be queried
+ *
+ * @param fid primary key of functional component
+ * @return TRUE if successful
+ */
+ bool (*set_cid)(attest_db_t *this, int fid);
+
+ /**
+ * Set directory to be queried
+ *
+ * @param dir directory
+ * @param create if TRUE create database entry if it doesn't exist
+ * @return TRUE if successful
+ */
+ bool (*set_directory)(attest_db_t *this, char *dir, bool create);
+
+ /**
+ * Set primary key of the directory to be queried
+ *
+ * @param did primary key of directory
+ * @return TRUE if successful
+ */
+ bool (*set_did)(attest_db_t *this, int did);
+
+ /**
+ * Set measurement file to be queried
+ *
+ * @param file measurement file
+ * @param create if TRUE create database entry if it doesn't exist
+ * @return TRUE if successful
+ */
+ bool (*set_file)(attest_db_t *this, char *file, bool create);
+
+ /**
+ * Set primary key of the measurement file to be queried
+ *
+ * @param fid primary key of measurement file
+ * @return TRUE if successful
+ */
+ bool (*set_fid)(attest_db_t *this, int fid);
+
+ /**
+ * Set path to directory where file[s] are to be measured
+ *
+ * @param meas_dir measurement directory
+ * @return TRUE if successful
+ */
+ bool (*set_meas_directory)(attest_db_t *this, char *dir);
+
+ /**
+ * Set functional component to be queried
+ *
+ * @param key AIK
+ * @param create if TRUE create database entry if it doesn't exist
+ * @return TRUE if successful
+ */
+ bool (*set_key)(attest_db_t *this, chunk_t key, bool create);
+
+ /**
+ * Set primary key of the AIK to be queried
+ *
+ * @param kid primary key of AIK
+ * @return TRUE if successful
+ */
+ bool (*set_kid)(attest_db_t *this, int kid);
+
+ /**
+ * Set software package to be queried
+ *
+ * @param product software package
+ * @param create if TRUE create database entry if it doesn't exist
+ * @return TRUE if successful
+ */
+ bool (*set_package)(attest_db_t *this, char *package, bool create);
+
+ /**
+ * Set primary key of the software package to be queried
+ *
+ * @param gid primary key of software package
+ * @return TRUE if successful
+ */
+ bool (*set_gid)(attest_db_t *this, int gid);
+
+ /**
+ * Set software product to be queried
+ *
+ * @param product software product
+ * @param create if TRUE create database entry if it doesn't exist
+ * @return TRUE if successful
+ */
+ bool (*set_product)(attest_db_t *this, char *product, bool create);
+
+ /**
+ * Set primary key of the software product to be queried
+ *
+ * @param pid primary key of software product
+ * @return TRUE if successful
+ */
+ bool (*set_pid)(attest_db_t *this, int pid);
+
+ /**
+ * Set software package version to be queried
+ *
+ * @param version software package version
+ * @return TRUE if successful
+ */
+ bool (*set_version)(attest_db_t *this, char *version);
+
+ /**
+ * Set measurement hash algorithm
+ *
+ * @param algo hash algorithm
+ */
+ void (*set_algo)(attest_db_t *this, pts_meas_algorithms_t algo);
+
+ /**
+ * Set that the IMA-specific SHA-1 template hash be computed
+ */
+ void (*set_ima)(attest_db_t *this);
+
+ /**
+ * Set that relative filenames are to be used
+ */
+ void (*set_relative)(attest_db_t *this);
+
+ /**
+ * Set the package security or blacklist state
+ */
+ void (*set_package_state)(attest_db_t *this, os_package_state_t package_state);
+
+ /**
+ * Set the sequence number
+ */
+ void (*set_sequence)(attest_db_t *this, int seq_no);
+
+ /**
+ * Set owner [user/host] of an AIK
+ *
+ * @param owner user/host name
+ * @return TRUE if successful
+ */
+ void (*set_owner)(attest_db_t *this, char *owner);
+
+ /**
+ * Display all dates in UTC
+ */
+ void (*set_utc)(attest_db_t *this);
+
+ /**
+ * List all packages stored in the database
+ */
+ void (*list_packages)(attest_db_t *this);
+
+ /**
+ * List all products stored in the database
+ */
+ void (*list_products)(attest_db_t *this);
+
+ /**
+ * List all directories stored in the database
+ */
+ void (*list_directories)(attest_db_t *this);
+
+ /**
+ * List selected files stored in the database
+ */
+ void (*list_files)(attest_db_t *this);
+
+ /**
+ * List all components stored in the database
+ */
+ void (*list_components)(attest_db_t *this);
+
+ /**
+ * List all devices stored in the database
+ */
+ void (*list_devices)(attest_db_t *this);
+
+ /**
+ * List all AIKs stored in the database
+ */
+ void (*list_keys)(attest_db_t *this);
+
+ /**
+ * List selected measurement hashes stored in the database
+ */
+ void (*list_hashes)(attest_db_t *this);
+
+ /**
+ * List selected component measurement stored in the database
+ */
+ void (*list_measurements)(attest_db_t *this);
+
+ /**
+ * List sessions stored in the database
+ */
+ void (*list_sessions)(attest_db_t *this);
+
+ /**
+ * Add an entry to the database
+ */
+ bool (*add)(attest_db_t *this);
+
+ /**
+ * Delete an entry from the database
+ */
+ bool (*delete)(attest_db_t *this);
+
+ /**
+ * Destroy attest_db_t object
+ */
+ void (*destroy)(attest_db_t *this);
+
+};
+
+/**
+ * Create an attest_db_t instance
+ *
+ * @param uri database URI
+ */
+attest_db_t* attest_db_create(char *uri);
+
+#endif /** ATTEST_DB_H_ @}*/
diff --git a/src/libpts/plugins/imv_attestation/attest_usage.c b/src/libimcv/plugins/imv_attestation/attest_usage.c
similarity index 100%
rename from src/libpts/plugins/imv_attestation/attest_usage.c
rename to src/libimcv/plugins/imv_attestation/attest_usage.c
diff --git a/src/libpts/plugins/imv_attestation/attest_usage.h b/src/libimcv/plugins/imv_attestation/attest_usage.h
similarity index 100%
rename from src/libpts/plugins/imv_attestation/attest_usage.h
rename to src/libimcv/plugins/imv_attestation/attest_usage.h
diff --git a/src/libimcv/plugins/imv_attestation/build-database.sh b/src/libimcv/plugins/imv_attestation/build-database.sh
new file mode 100755
index 0000000..ca2939b
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/build-database.sh
@@ -0,0 +1,84 @@
+#!/bin/sh
+
+p="Ubuntu 14.04 x86_64"
+a="x86_64-linux-gnu"
+k="3.13.0-37-generic"
+
+for hash in sha1 sha256
+do
+ ipsec attest --add --product "$p" --$hash --dir /sbin
+ ipsec attest --add --product "$p" --$hash --dir /usr/sbin
+ ipsec attest --add --product "$p" --$hash --dir /bin
+ ipsec attest --add --product "$p" --$hash --dir /usr/bin
+
+ ipsec attest --add --product "$p" --$hash --file /etc/init.d/rc
+ ipsec attest --add --product "$p" --$hash --file /etc/init.d/rcS
+ ipsec attest --add --product "$p" --$hash --dir /etc/network/if-pre-up.d
+ ipsec attest --add --product "$p" --$hash --dir /etc/network/if-up.d
+ ipsec attest --add --product "$p" --$hash --dir /etc/ppp/ip-down.d
+ ipsec attest --add --product "$p" --$hash --dir /etc/rcS.d
+ ipsec attest --add --product "$p" --$hash --dir /etc/rc2.d
+ ipsec attest --add --product "$p" --$hash --file /etc/rc.local
+ ipsec attest --add --product "$p" --$hash --dir /etc/resolvconf/update.d
+ ipsec attest --add --product "$p" --$hash --file /etc/resolvconf/update-libc.d/avahi-daemon
+ ipsec attest --add --product "$p" --$hash --dir /etc/update-motd.d
+
+ ipsec attest --add --product "$p" --$hash --dir /lib
+ ipsec attest --add --product "$p" --$hash --file /lib/crda/setregdomain
+ ipsec attest --add --product "$p" --$hash --dir /lib/ebtables
+ ipsec attest --add --product "$p" --$hash --file /lib/init/apparmor-profile-load
+ ipsec attest --add --product "$p" --$hash --file /lib/resolvconf/list-records
+ ipsec attest --add --product "$p" --$hash --dir /lib/ufw
+ ipsec attest --add --product "$p" --$hash --dir /lib/udev
+ ipsec attest --add --product "$p" --$hash --dir /lib/systemd
+ ipsec attest --add --product "$p" --$hash --dir /lib/xtables
+ ipsec attest --add --product "$p" --$hash --dir /lib/$a
+ ipsec attest --add --product "$p" --$hash --dir /lib/$a/plymouth
+ ipsec attest --add --product "$p" --$hash --dir /lib/$a/plymouth/renderers
+ ipsec attest --add --product "$p" --$hash --dir /lib/$a/security
+
+ ipsec attest --add --product "$p" --$hash --file /lib64/ld-linux-x86-64.so.2
+
+ for file in `find /usr/lib -name *.so`
+ do
+ ipsec attest --add --product "$p" --$hash --file $file
+ done
+
+ for file in `find /usr/lib -name *service`
+ do
+ ipsec attest --add --product "$p" --$hash --file $file
+ done
+
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/accountsservice
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/at-spi2-core
+ ipsec attest --add --product "$p" --$hash --file /usr/lib/avahi/avahi-daemon-check-dns.sh
+ ipsec attest --add --product "$p" --$hash --file /usr/lib/dbus-1.0/dbus-daemon-launch-helper
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/gvfs
+ ipsec attest --add --product "$p" --$hash --file /usr/lib/firefox/firefox
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/NetworkManager
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/pm-utils/power.d
+ ipsec attest --add --product "$p" --$hash --file /usr/lib/policykit-1/polkitd
+ ipsec attest --add --product "$p" --$hash --file /usr/lib/thunderbird/thunderbird
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/ubuntu-release-upgrader
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/update-notifier
+
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a
+ ipsec attest --add --product "$p" --$hash --file /usr/lib/$a/mesa/libGL.so.1.2.0
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a/samba
+ ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a/sasl2
+
+ ipsec attest --add --product "$p" --$hash --dir /usr/share/language-tools
+
+ ipsec attest --add --product "$p" --$hash --file /init \
+ --measdir /usr/share/initramfs-tools
+
+ ipsec attest --add --product "$p" --$hash --file /scripts/functions \
+ --measdir /usr/share/initramfs-tools/scripts
+
+ for file in `find /lib/modules/$k -name *.ko`
+ do
+ ipsec attest --add --product "$p" --$hash --file $file
+ done
+done
+
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c
similarity index 100%
rename from src/libpts/plugins/imv_attestation/imv_attestation.c
rename to src/libimcv/plugins/imv_attestation/imv_attestation.c
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c
new file mode 100644
index 0000000..8e37368
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c
@@ -0,0 +1,931 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
+#include "imv_attestation_agent.h"
+#include "imv_attestation_state.h"
+#include "imv_attestation_process.h"
+#include "imv_attestation_build.h"
+
+#include <imcv.h>
+#include <imv/imv_agent.h>
+#include <imv/imv_msg.h>
+#include <imv/imv_session.h>
+#include <imv/imv_os_info.h>
+#include <ietf/ietf_attr.h>
+#include <ietf/ietf_attr_attr_request.h>
+#include <ietf/ietf_attr_pa_tnc_error.h>
+#include <ietf/ietf_attr_product_info.h>
+#include <ietf/ietf_attr_string_version.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_device_id.h>
+#include <tcg/tcg_attr.h>
+#include <tcg/pts/tcg_pts_attr_meas_algo.h>
+#include <tcg/pts/tcg_pts_attr_proto_caps.h>
+#include <tcg/pts/tcg_pts_attr_req_file_meas.h>
+#include <tcg/pts/tcg_pts_attr_req_file_meta.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include <pts/pts.h>
+#include <pts/pts_database.h>
+#include <pts/pts_creds.h>
+#include <pts/components/ita/ita_comp_func_name.h>
+
+#include <tncif_pa_subtypes.h>
+
+#include <pen/pen.h>
+#include <utils/debug.h>
+#include <credentials/credential_manager.h>
+#include <collections/linked_list.h>
+
+#define FILE_MEAS_MAX_ATTR_SIZE 100000000
+
+typedef struct private_imv_attestation_agent_t private_imv_attestation_agent_t;
+
+/* Subscribed PA-TNC message subtypes */
+static pen_type_t msg_types[] = {
+ { PEN_TCG, PA_SUBTYPE_TCG_PTS },
+ { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM }
+};
+
+/**
+ * Private data of an imv_attestation_agent_t object.
+ */
+struct private_imv_attestation_agent_t {
+
+ /**
+ * Public members of imv_attestation_agent_t
+ */
+ imv_agent_if_t public;
+
+ /**
+ * IMV agent responsible for generic functions
+ */
+ imv_agent_t *agent;
+
+ /**
+ * Supported PTS measurement algorithms
+ */
+ pts_meas_algorithms_t supported_algorithms;
+
+ /**
+ * Supported PTS Diffie Hellman Groups
+ */
+ pts_dh_group_t supported_dh_groups;
+
+ /**
+ * PTS file measurement database
+ */
+ pts_database_t *pts_db;
+
+ /**
+ * PTS credentials
+ */
+ pts_creds_t *pts_creds;
+
+ /**
+ * PTS credential manager
+ */
+ credential_manager_t *pts_credmgr;
+
+};
+
+METHOD(imv_agent_if_t, bind_functions, TNC_Result,
+ private_imv_attestation_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
+{
+ return this->agent->bind_functions(this->agent, bind_function);
+}
+
+METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
+ private_imv_attestation_agent_t *this, TNC_ConnectionID id,
+ TNC_ConnectionState new_state)
+{
+ TNC_IMV_Action_Recommendation rec;
+ imv_state_t *state;
+ imv_session_t *session;
+
+ switch (new_state)
+ {
+ case TNC_CONNECTION_STATE_CREATE:
+ state = imv_attestation_state_create(id);
+ return this->agent->create_state(this->agent, state);
+ case TNC_CONNECTION_STATE_DELETE:
+ return this->agent->delete_state(this->agent, id);
+ case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
+ case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
+ case TNC_CONNECTION_STATE_ACCESS_NONE:
+ if (this->agent->get_state(this->agent, id, &state) && imcv_db)
+ {
+ session = state->get_session(state);
+
+ if (session->get_policy_started(session))
+ {
+ switch (new_state)
+ {
+ case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
+ rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
+ break;
+ case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
+ rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
+ break;
+ case TNC_CONNECTION_STATE_ACCESS_NONE:
+ default:
+ rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
+ }
+ imcv_db->add_recommendation(imcv_db, session, rec);
+ if (!imcv_db->policy_script(imcv_db, session, FALSE))
+ {
+ DBG1(DBG_IMV, "error in policy script stop");
+ }
+ }
+ }
+ /* fall through to default state */
+ default:
+ return this->agent->change_state(this->agent, id, new_state, NULL);
+ }
+}
+
+/**
+ * Process a received message
+ */
+static TNC_Result receive_msg(private_imv_attestation_agent_t *this,
+ imv_state_t *state, imv_msg_t *in_msg)
+{
+ imv_msg_t *out_msg;
+ imv_session_t *session;
+ imv_os_info_t *os_info;
+ enumerator_t *enumerator;
+ pa_tnc_attr_t *attr;
+ pen_type_t type;
+ TNC_Result result;
+ chunk_t os_name, os_version;
+ bool fatal_error = FALSE;
+
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+ out_msg->set_msg_type(out_msg, msg_types[0]);
+
+ /* parse received PA-TNC message and handle local and remote errors */
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ out_msg->destroy(out_msg);
+ return result;
+ }
+
+ session = state->get_session(state);
+ os_info = session->get_os_info(session);
+
+ /* analyze PA-TNC attributes */
+ enumerator = in_msg->create_attribute_enumerator(in_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ type = attr->get_type(attr);
+
+ if (type.vendor_id == PEN_IETF)
+ {
+ switch (type.type)
+ {
+ case IETF_ATTR_PA_TNC_ERROR:
+ {
+ ietf_attr_pa_tnc_error_t *error_attr;
+ pen_type_t error_code;
+ chunk_t msg_info;
+
+ error_attr = (ietf_attr_pa_tnc_error_t*)attr;
+ error_code = error_attr->get_error_code(error_attr);
+
+ if (error_code.vendor_id == PEN_TCG)
+ {
+ msg_info = error_attr->get_msg_info(error_attr);
+
+ DBG1(DBG_IMV, "received TCG-PTS error '%N'",
+ pts_error_code_names, error_code.type);
+ DBG1(DBG_IMV, "error information: %B", &msg_info);
+ fatal_error = TRUE;
+ }
+ break;
+ }
+ case IETF_ATTR_PRODUCT_INFORMATION:
+ {
+ ietf_attr_product_info_t *attr_cast;
+ pen_t vendor_id;
+
+ state->set_action_flags(state,
+ IMV_ATTESTATION_ATTR_PRODUCT_INFO);
+ attr_cast = (ietf_attr_product_info_t*)attr;
+ os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL);
+ os_info->set_name(os_info, os_name);
+
+ if (vendor_id != PEN_IETF)
+ {
+ DBG1(DBG_IMV, "operating system name is '%.*s' "
+ "from vendor %N", os_name.len, os_name.ptr,
+ pen_names, vendor_id);
+ }
+ else
+ {
+ DBG1(DBG_IMV, "operating system name is '%.*s'",
+ os_name.len, os_name.ptr);
+ }
+ break;
+
+ break;
+ }
+ case IETF_ATTR_STRING_VERSION:
+ {
+ ietf_attr_string_version_t *attr_cast;
+
+ state->set_action_flags(state,
+ IMV_ATTESTATION_ATTR_STRING_VERSION);
+ attr_cast = (ietf_attr_string_version_t*)attr;
+ os_version = attr_cast->get_version(attr_cast, NULL, NULL);
+ os_info->set_version(os_info, os_version);
+
+ if (os_version.len)
+ {
+ DBG1(DBG_IMV, "operating system version is '%.*s'",
+ os_version.len, os_version.ptr);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ else if (type.vendor_id == PEN_ITA)
+ {
+ switch (type.type)
+ {
+ case ITA_ATTR_DEVICE_ID:
+ {
+ chunk_t value;
+
+ state->set_action_flags(state,
+ IMV_ATTESTATION_ATTR_DEVICE_ID);
+
+ value = attr->get_value(attr);
+ DBG1(DBG_IMV, "device ID is %.*s", value.len, value.ptr);
+ session->set_device_id(session, value);
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ else if (type.vendor_id == PEN_TCG)
+ {
+ if (!imv_attestation_process(attr, out_msg, state,
+ this->supported_algorithms, this->supported_dh_groups,
+ this->pts_db, this->pts_credmgr))
+ {
+ result = TNC_RESULT_FATAL;
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (fatal_error || result != TNC_RESULT_SUCCESS)
+ {
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
+ TNC_IMV_EVALUATION_RESULT_ERROR);
+ result = out_msg->send_assessment(out_msg);
+ if (result == TNC_RESULT_SUCCESS)
+ {
+ result = this->agent->provide_recommendation(this->agent, state);
+ }
+ }
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
+METHOD(imv_agent_if_t, receive_message, TNC_Result,
+ private_imv_attestation_agent_t *this, TNC_ConnectionID id,
+ TNC_MessageType msg_type, chunk_t msg)
+{
+ imv_state_t *state;
+ imv_msg_t *in_msg;
+ TNC_Result result;
+
+ if (!this->agent->get_state(this->agent, id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg);
+ result = receive_msg(this, state, in_msg);
+ in_msg->destroy(in_msg);
+
+ return result;
+}
+
+METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
+ private_imv_attestation_agent_t *this, TNC_ConnectionID id,
+ TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
+ TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg)
+{
+ imv_state_t *state;
+ imv_msg_t *in_msg;
+ TNC_Result result;
+
+ if (!this->agent->get_state(this->agent, id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ in_msg = imv_msg_create_from_long_data(this->agent, state, id,
+ src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg);
+ result = receive_msg(this, state, in_msg);
+ in_msg->destroy(in_msg);
+
+ return result;
+}
+
+/**
+ * Build an IETF Attribute Request attribute for missing attributes
+ */
+static pa_tnc_attr_t* build_attr_request(uint32_t received)
+{
+ pa_tnc_attr_t *attr;
+ ietf_attr_attr_request_t *attr_cast;
+
+ attr = ietf_attr_attr_request_create(PEN_RESERVED, 0);
+ attr_cast = (ietf_attr_attr_request_t*)attr;
+
+ if (!(received & IMV_ATTESTATION_ATTR_PRODUCT_INFO) ||
+ !(received & IMV_ATTESTATION_ATTR_STRING_VERSION))
+ {
+ attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_PRODUCT_INFORMATION);
+ attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION);
+ }
+ if (!(received & IMV_ATTESTATION_ATTR_DEVICE_ID))
+ {
+ attr_cast->add(attr_cast, PEN_ITA, ITA_ATTR_DEVICE_ID);
+ }
+
+ return attr;
+}
+
+METHOD(imv_agent_if_t, batch_ending, TNC_Result,
+ private_imv_attestation_agent_t *this, TNC_ConnectionID id)
+{
+ imv_msg_t *out_msg;
+ imv_state_t *state;
+ imv_session_t *session;
+ imv_attestation_state_t *attestation_state;
+ imv_attestation_handshake_state_t handshake_state;
+ imv_workitem_t *workitem;
+ TNC_IMV_Action_Recommendation rec;
+ TNC_IMV_Evaluation_Result eval;
+ TNC_IMVID imv_id;
+ TNC_Result result = TNC_RESULT_SUCCESS;
+ pts_t *pts;
+ int pid;
+ uint32_t actions;
+ enumerator_t *enumerator;
+
+ if (!this->agent->get_state(this->agent, id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ attestation_state = (imv_attestation_state_t*)state;
+ pts = attestation_state->get_pts(attestation_state);
+ handshake_state = attestation_state->get_handshake_state(attestation_state);
+ actions = state->get_action_flags(state);
+ session = state->get_session(state);
+ imv_id = this->agent->get_id(this->agent);
+
+ /* exit if a recommendation has already been provided */
+ if (actions & IMV_ATTESTATION_REC)
+ {
+ return TNC_RESULT_SUCCESS;
+ }
+
+ /* send an IETF attribute request if no platform info was received */
+ if (!(actions & IMV_ATTESTATION_ATTR_REQ))
+ {
+ if ((actions & IMV_ATTESTATION_ATTR_MUST) != IMV_ATTESTATION_ATTR_MUST)
+ {
+ imv_msg_t *os_msg;
+
+ /* create attribute request for missing mandatory attributes */
+ os_msg = imv_msg_create(this->agent, state, id, imv_id,
+ TNC_IMCID_ANY, msg_types[1]);
+ os_msg->add_attribute(os_msg, build_attr_request(actions));
+ result = os_msg->send(os_msg, FALSE);
+ os_msg->destroy(os_msg);
+
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ return result;
+ }
+ }
+ state->set_action_flags(state, IMV_ATTESTATION_ATTR_REQ);
+ }
+
+ if (!session->get_policy_started(session) &&
+ (actions & IMV_ATTESTATION_ATTR_PRODUCT_INFO) &&
+ (actions & IMV_ATTESTATION_ATTR_STRING_VERSION) &&
+ (actions & IMV_ATTESTATION_ATTR_DEVICE_ID))
+ {
+ if (imcv_db)
+ {
+ /* start the policy script */
+ if (!imcv_db->policy_script(imcv_db, session, TRUE))
+ {
+ DBG1(DBG_IMV, "error in policy script start");
+ }
+ }
+ else
+ {
+ DBG2(DBG_IMV, "no workitems available - no evaluation possible");
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+ TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ session->set_policy_started(session, TRUE);
+ }
+ }
+
+ if (handshake_state == IMV_ATTESTATION_STATE_INIT)
+ {
+ size_t max_attr_size = FILE_MEAS_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ pa_tnc_attr_t *attr;
+ pts_proto_caps_flag_t flags;
+ char buf[BUF_LEN];
+
+ out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
+ msg_types[0]);
+
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Send Request Protocol Capabilities attribute */
+ flags = pts->get_proto_caps(pts);
+ attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Send Measurement Algorithms attribute */
+ attr = tcg_pts_attr_meas_algo_create(this->supported_algorithms, FALSE);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_DISCOVERY);
+
+ /* send these initial PTS attributes and exit */
+ result = out_msg->send(out_msg, FALSE);
+ out_msg->destroy(out_msg);
+
+ return result;
+ }
+
+ /* exit if we are not ready yet for PTS measurements */
+ if (!(actions & IMV_ATTESTATION_ALGO))
+ {
+ return TNC_RESULT_SUCCESS;
+ }
+
+ session->get_session_id(session, &pid, NULL);
+ pts->set_platform_id(pts, pid);
+
+ /* create an empty out message - we might need it */
+ out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
+ msg_types[0]);
+
+ /* establish the PTS measurements to be taken */
+ if (!(actions & IMV_ATTESTATION_FILE_MEAS))
+ {
+ bool is_dir, no_workitems = TRUE;
+ uint32_t delimiter = SOLIDUS_UTF;
+ uint16_t request_id;
+ pa_tnc_attr_t *attr;
+ char *pathname;
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_END);
+
+ enumerator = session->create_workitem_enumerator(session);
+ if (enumerator)
+ {
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY)
+ {
+ continue;
+ }
+
+ switch (workitem->get_type(workitem))
+ {
+ case IMV_WORKITEM_FILE_REF_MEAS:
+ case IMV_WORKITEM_FILE_MEAS:
+ case IMV_WORKITEM_FILE_META:
+ is_dir = FALSE;
+ break;
+ case IMV_WORKITEM_DIR_REF_MEAS:
+ case IMV_WORKITEM_DIR_MEAS:
+ case IMV_WORKITEM_DIR_META:
+ is_dir = TRUE;
+ break;
+ case IMV_WORKITEM_TPM_ATTEST:
+ {
+ pts_component_t *comp;
+ pts_comp_func_name_t *comp_name;
+ bool no_d_flag, no_t_flag;
+ char result_str[BUF_LEN];
+
+ workitem->set_imv_id(workitem, imv_id);
+ no_workitems = FALSE;
+ no_d_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D);
+ no_t_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T);
+ if (no_d_flag || no_t_flag)
+ {
+ snprintf(result_str, BUF_LEN, "%s%s%s",
+ (no_t_flag) ? "no TPM available" : "",
+ (no_t_flag && no_d_flag) ? ", " : "",
+ (no_d_flag) ? "no DH nonce negotiation" : "");
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ continue;
+ }
+
+ /* do TPM BIOS measurements */
+ if (strchr(workitem->get_arg_str(workitem), 'B'))
+ {
+ comp_name = pts_comp_func_name_create(PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_IMA,
+ PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_TRUSTED);
+ comp = attestation_state->create_component(
+ attestation_state, comp_name,
+ 0, this->pts_db);
+ if (!comp)
+ {
+ comp_name->log(comp_name, "unregistered ");
+ comp_name->destroy(comp_name);
+ }
+ }
+
+ /* do TPM IMA measurements */
+ if (strchr(workitem->get_arg_str(workitem), 'I'))
+ {
+ comp_name = pts_comp_func_name_create(PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_IMA,
+ PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_OS);
+ comp = attestation_state->create_component(
+ attestation_state, comp_name,
+ 0, this->pts_db);
+ if (!comp)
+ {
+ comp_name->log(comp_name, "unregistered ");
+ comp_name->destroy(comp_name);
+ }
+ }
+
+ /* do TPM TRUSTED BOOT measurements */
+ if (strchr(workitem->get_arg_str(workitem), 'T'))
+ {
+ comp_name = pts_comp_func_name_create(PEN_ITA,
+ PTS_ITA_COMP_FUNC_NAME_TBOOT,
+ PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_TRUSTED);
+ comp = attestation_state->create_component(
+ attestation_state, comp_name,
+ 0, this->pts_db);
+ if (!comp)
+ {
+ comp_name->log(comp_name, "unregistered ");
+ comp_name->destroy(comp_name);
+ }
+ }
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_NONCE_REQ);
+ continue;
+ }
+ default:
+ continue;
+ }
+
+ /* initiate file and directory measurements */
+ pathname = this->pts_db->get_pathname(this->pts_db, is_dir,
+ workitem->get_arg_int(workitem));
+ if (!pathname)
+ {
+ continue;
+ }
+ workitem->set_imv_id(workitem, imv_id);
+ no_workitems = FALSE;
+
+ if (workitem->get_type(workitem) == IMV_WORKITEM_FILE_META)
+ {
+ TNC_IMV_Action_Recommendation rec;
+ TNC_IMV_Evaluation_Result eval;
+ char result_str[BUF_LEN];
+
+ DBG2(DBG_IMV, "IMV %d requests metadata for %s '%s'",
+ imv_id, is_dir ? "directory" : "file", pathname);
+
+ /* currently just fire and forget metadata requests */
+ attr = tcg_pts_attr_req_file_meta_create(is_dir,
+ delimiter, pathname);
+ snprintf(result_str, BUF_LEN, "%s metadata requested",
+ is_dir ? "directory" : "file");
+ eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ }
+ else
+ {
+ /* use lower 16 bits of the workitem ID as request ID */
+ request_id = workitem->get_id(workitem) & 0xffff;
+
+ DBG2(DBG_IMV, "IMV %d requests measurement %d for %s '%s'",
+ imv_id, request_id, is_dir ? "directory" : "file",
+ pathname);
+ attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
+ delimiter, pathname);
+ }
+ free(pathname);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+ }
+ enumerator->destroy(enumerator);
+
+ /* sent all file and directory measurement and metadata requests */
+ state->set_action_flags(state, IMV_ATTESTATION_FILE_MEAS);
+
+ if (no_workitems)
+ {
+ DBG2(DBG_IMV, "IMV %d has no workitems - "
+ "no evaluation requested", imv_id);
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+ TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ }
+ }
+ }
+
+ /* check the IMV state for the next PA-TNC attributes to send */
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST)
+ {
+ if (!imv_attestation_build(out_msg, state,
+ this->supported_dh_groups, this->pts_db))
+ {
+ imv_reason_string_t *reason_string;
+ chunk_t result;
+ char *result_str;
+
+ reason_string = imv_reason_string_create("en", ", ");
+ attestation_state->add_comp_evid_reasons(attestation_state,
+ reason_string);
+ result = reason_string->get_encoding(reason_string);
+ result_str = strndup(result.ptr, result.len);
+ reason_string->destroy(reason_string);
+
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ }
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* finalized all workitems? */
+ if (session->get_policy_started(session) &&
+ session->get_workitem_count(session, imv_id) == 0 &&
+ attestation_state->get_handshake_state(attestation_state) ==
+ IMV_ATTESTATION_STATE_END)
+ {
+ result = out_msg->send_assessment(out_msg);
+ out_msg->destroy(out_msg);
+ state->set_action_flags(state, IMV_ATTESTATION_REC);
+
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ return result;
+ }
+ return this->agent->provide_recommendation(this->agent, state);
+ }
+
+ /* send non-empty PA-TNC message with excl flag not set */
+ if (out_msg->get_attribute_count(out_msg))
+ {
+ result = out_msg->send(out_msg, FALSE);
+ }
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
+METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
+ private_imv_attestation_agent_t *this, TNC_ConnectionID id)
+{
+ TNC_IMVID imv_id;
+ imv_state_t *state;
+ imv_attestation_state_t *attestation_state;
+ imv_session_t *session;
+
+ if (!this->agent->get_state(this->agent, id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ attestation_state = (imv_attestation_state_t*)state;
+ session = state->get_session(state);
+ imv_id = this->agent->get_id(this->agent);
+
+ if (imcv_db)
+ {
+ TNC_IMV_Evaluation_Result eval;
+ TNC_IMV_Action_Recommendation rec;
+ imv_workitem_t *workitem;
+ enumerator_t *enumerator;
+ int pending_file_meas = 0;
+ char *result_str;
+ chunk_t result_buf;
+ bio_writer_t *result;
+
+ enumerator = session->create_workitem_enumerator(session);
+ if (enumerator)
+ {
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_imv_id(workitem) != imv_id)
+ {
+ continue;
+ }
+ result = bio_writer_create(128);
+
+ switch (workitem->get_type(workitem))
+ {
+ case IMV_WORKITEM_FILE_REF_MEAS:
+ case IMV_WORKITEM_FILE_MEAS:
+ case IMV_WORKITEM_DIR_REF_MEAS:
+ case IMV_WORKITEM_DIR_MEAS:
+ result_str = "pending file measurements";
+ pending_file_meas++;
+ break;
+ case IMV_WORKITEM_TPM_ATTEST:
+ attestation_state->finalize_components(attestation_state,
+ result);
+ result->write_data(result,
+ chunk_from_str("; pending component evidence"));
+ result->write_uint8(result, '\0');
+ result_buf = result->get_buf(result);
+ result_str = result_buf.ptr;
+ break;
+ default:
+ result->destroy(result);
+ continue;
+ }
+ session->remove_workitem(session, enumerator);
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ result->destroy(result);
+ }
+ enumerator->destroy(enumerator);
+
+ if (pending_file_meas)
+ {
+ DBG1(DBG_IMV, "failure due to %d pending file measurements",
+ pending_file_meas);
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_FILE_MEAS_PEND);
+ }
+ }
+ }
+ return this->agent->provide_recommendation(this->agent, state);
+}
+
+METHOD(imv_agent_if_t, destroy, void,
+ private_imv_attestation_agent_t *this)
+{
+ if (this->pts_creds)
+ {
+ this->pts_credmgr->remove_set(this->pts_credmgr,
+ this->pts_creds->get_set(this->pts_creds));
+ this->pts_creds->destroy(this->pts_creds);
+ }
+ DESTROY_IF(this->pts_db);
+ DESTROY_IF(this->pts_credmgr);
+ DESTROY_IF(this->agent);
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id,
+ TNC_Version *actual_version)
+{
+ private_imv_attestation_agent_t *this;
+ imv_agent_t *agent;
+ char *hash_alg, *dh_group, *cadir;
+ bool mandatory_dh_groups;
+
+ agent = imv_agent_create(name, msg_types, countof(msg_types), id,
+ actual_version);
+ if (!agent)
+ {
+ return NULL;
+ }
+
+ hash_alg = lib->settings->get_str(lib->settings,
+ "%s.plugins.imv-attestation.hash_algorithm", "sha256", lib->ns);
+ dh_group = lib->settings->get_str(lib->settings,
+ "%s.plugins.imv-attestation.dh_group", "ecp256", lib->ns);
+ mandatory_dh_groups = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imv-attestation.mandatory_dh_groups", TRUE, lib->ns);
+ cadir = lib->settings->get_str(lib->settings,
+ "%s.plugins.imv-attestation.cadir", NULL, lib->ns);
+
+ INIT(this,
+ .public = {
+ .bind_functions = _bind_functions,
+ .notify_connection_change = _notify_connection_change,
+ .receive_message = _receive_message,
+ .receive_message_long = _receive_message_long,
+ .batch_ending = _batch_ending,
+ .solicit_recommendation = _solicit_recommendation,
+ .destroy = _destroy,
+ },
+ .agent = agent,
+ .supported_algorithms = PTS_MEAS_ALGO_NONE,
+ .supported_dh_groups = PTS_DH_GROUP_NONE,
+ .pts_credmgr = credential_manager_create(),
+ .pts_creds = pts_creds_create(cadir),
+ .pts_db = pts_database_create(imcv_db),
+ );
+
+ if (!pts_meas_algo_probe(&this->supported_algorithms) ||
+ !pts_dh_group_probe(&this->supported_dh_groups, mandatory_dh_groups) ||
+ !pts_meas_algo_update(hash_alg, &this->supported_algorithms) ||
+ !pts_dh_group_update(dh_group, &this->supported_dh_groups))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ if (this->pts_creds)
+ {
+ this->pts_credmgr->add_set(this->pts_credmgr,
+ this->pts_creds->get_set(this->pts_creds));
+ }
+
+ return &this->public;
+}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.h b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.h
similarity index 100%
rename from src/libpts/plugins/imv_attestation/imv_attestation_agent.h
rename to src/libimcv/plugins/imv_attestation/imv_attestation_agent.h
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_build.c b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
new file mode 100644
index 0000000..c39fe8d
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_build.c
@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_attestation_build.h"
+#include "imv_attestation_state.h"
+
+#include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
+#include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
+#include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
+#include <tcg/pts/tcg_pts_attr_get_aik.h>
+#include <tcg/pts/tcg_pts_attr_req_func_comp_evid.h>
+#include <tcg/pts/tcg_pts_attr_gen_attest_evid.h>
+
+#include <utils/debug.h>
+
+bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
+ pts_dh_group_t supported_dh_groups,
+ pts_database_t *pts_db)
+{
+ imv_attestation_state_t *attestation_state;
+ imv_attestation_handshake_state_t handshake_state;
+ pts_t *pts;
+ pa_tnc_attr_t *attr = NULL;
+
+ attestation_state = (imv_attestation_state_t*)state;
+ handshake_state = attestation_state->get_handshake_state(attestation_state);
+ pts = attestation_state->get_pts(attestation_state);
+
+ switch (handshake_state)
+ {
+ case IMV_ATTESTATION_STATE_NONCE_REQ:
+ {
+ int min_nonce_len;
+
+ /* Send DH nonce parameters request attribute */
+ min_nonce_len = lib->settings->get_int(lib->settings,
+ "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
+ attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
+ supported_dh_groups);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_TPM_INIT);
+ break;
+ }
+ case IMV_ATTESTATION_STATE_TPM_INIT:
+ {
+ pts_meas_algorithms_t selected_algorithm;
+ chunk_t initiator_value, initiator_nonce;
+
+ if (!(state->get_action_flags(state) & IMV_ATTESTATION_DH_NONCE))
+ {
+ break;
+ }
+
+ /* Send DH nonce finish attribute */
+ selected_algorithm = pts->get_meas_algorithm(pts);
+ pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
+ attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
+ initiator_value, initiator_nonce);
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Send Get TPM Version attribute */
+ attr = tcg_pts_attr_get_tpm_version_info_create();
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Send Get AIK attribute */
+ attr = tcg_pts_attr_get_aik_create();
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_COMP_EVID);
+ break;
+ }
+ case IMV_ATTESTATION_STATE_COMP_EVID:
+ {
+ tcg_pts_attr_req_func_comp_evid_t *attr_cast;
+ enumerator_t *enumerator;
+ pts_comp_func_name_t *name;
+ uint8_t flags;
+ uint32_t depth;
+ bool first_component = TRUE;
+
+ if (!(state->get_action_flags(state) & IMV_ATTESTATION_AIK))
+ {
+ break;
+ }
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_END);
+
+ if (!pts->get_aik_id(pts))
+ {
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
+ return FALSE;
+ }
+
+ enumerator = attestation_state->create_component_enumerator(
+ attestation_state);
+ while (enumerator->enumerate(enumerator, &flags, &depth, &name))
+ {
+ if (first_component)
+ {
+ attr = tcg_pts_attr_req_func_comp_evid_create();
+ attr->set_noskip_flag(attr, TRUE);
+ first_component = FALSE;
+ DBG2(DBG_IMV, "evidence request by");
+ }
+ name->log(name, " ");
+
+ /* TODO check flags against negotiated_caps */
+ attr_cast = (tcg_pts_attr_req_func_comp_evid_t *)attr;
+ attr_cast->add_component(attr_cast, flags, depth, name);
+ }
+ enumerator->destroy(enumerator);
+
+ if (attr)
+ {
+ /* Send Request Functional Component Evidence attribute */
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Send Generate Attestation Evidence attribute */
+ attr = tcg_pts_attr_gen_attest_evid_create();
+ attr->set_noskip_flag(attr, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_EVID_FINAL);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+
+ return TRUE;
+}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libimcv/plugins/imv_attestation/imv_attestation_build.h
similarity index 100%
rename from src/libpts/plugins/imv_attestation/imv_attestation_build.h
rename to src/libimcv/plugins/imv_attestation/imv_attestation_build.h
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
new file mode 100644
index 0000000..89a1f02
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c
@@ -0,0 +1,567 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
+#include "imv_attestation_process.h"
+
+#include <imcv.h>
+#include <ietf/ietf_attr_pa_tnc_error.h>
+
+#include <pts/pts.h>
+
+#include <tcg/pts/tcg_pts_attr_aik.h>
+#include <tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h>
+#include <tcg/pts/tcg_pts_attr_file_meas.h>
+#include <tcg/pts/tcg_pts_attr_meas_algo.h>
+#include <tcg/pts/tcg_pts_attr_proto_caps.h>
+#include <tcg/pts/tcg_pts_attr_simple_comp_evid.h>
+#include <tcg/pts/tcg_pts_attr_simple_evid_final.h>
+#include <tcg/pts/tcg_pts_attr_tpm_version_info.h>
+#include <tcg/pts/tcg_pts_attr_unix_file_meta.h>
+
+#include <utils/debug.h>
+#include <crypto/hashers/hasher.h>
+
+#include <inttypes.h>
+
+bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
+ imv_state_t *state,
+ pts_meas_algorithms_t supported_algorithms,
+ pts_dh_group_t supported_dh_groups,
+ pts_database_t *pts_db,
+ credential_manager_t *pts_credmgr)
+{
+ imv_session_t *session;
+ imv_attestation_state_t *attestation_state;
+ pen_type_t attr_type;
+ pts_t *pts;
+
+ session = state->get_session(state);
+ attestation_state = (imv_attestation_state_t*)state;
+ pts = attestation_state->get_pts(attestation_state);
+ attr_type = attr->get_type(attr);
+
+ switch (attr_type.type)
+ {
+ case TCG_PTS_PROTO_CAPS:
+ {
+ tcg_pts_attr_proto_caps_t *attr_cast;
+ pts_proto_caps_flag_t flags;
+
+ attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
+ flags = attr_cast->get_flags(attr_cast);
+ pts->set_proto_caps(pts, flags);
+ break;
+ }
+ case TCG_PTS_MEAS_ALGO_SELECTION:
+ {
+ tcg_pts_attr_meas_algo_t *attr_cast;
+ pts_meas_algorithms_t selected_algorithm;
+
+ attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
+ selected_algorithm = attr_cast->get_algorithms(attr_cast);
+ if (!(selected_algorithm & supported_algorithms))
+ {
+ DBG1(DBG_IMV, "PTS-IMC selected unsupported"
+ " measurement algorithm");
+ return FALSE;
+ }
+ pts->set_meas_algorithm(pts, selected_algorithm);
+ state->set_action_flags(state, IMV_ATTESTATION_ALGO);
+ break;
+ }
+ case TCG_PTS_DH_NONCE_PARAMS_RESP:
+ {
+ tcg_pts_attr_dh_nonce_params_resp_t *attr_cast;
+ int nonce_len, min_nonce_len;
+ pts_dh_group_t dh_group;
+ pts_meas_algorithms_t offered_algorithms, selected_algorithm;
+ chunk_t responder_value, responder_nonce;
+
+ attr_cast = (tcg_pts_attr_dh_nonce_params_resp_t*)attr;
+ responder_nonce = attr_cast->get_responder_nonce(attr_cast);
+
+ /* check compliance of responder nonce length */
+ min_nonce_len = lib->settings->get_int(lib->settings,
+ "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
+ nonce_len = responder_nonce.len;
+ if (nonce_len < PTS_MIN_NONCE_LEN ||
+ (min_nonce_len > 0 && nonce_len < min_nonce_len))
+ {
+ attr = pts_dh_nonce_error_create(
+ max(PTS_MIN_NONCE_LEN, min_nonce_len),
+ PTS_MAX_NONCE_LEN);
+ out_msg->add_attribute(out_msg, attr);
+ break;
+ }
+
+ dh_group = attr_cast->get_dh_group(attr_cast);
+ if (!(dh_group & supported_dh_groups))
+ {
+ DBG1(DBG_IMV, "PTS-IMC selected unsupported DH group");
+ return FALSE;
+ }
+
+ offered_algorithms = attr_cast->get_hash_algo_set(attr_cast);
+ selected_algorithm = pts_meas_algo_select(supported_algorithms,
+ offered_algorithms);
+ if (selected_algorithm == PTS_MEAS_ALGO_NONE)
+ {
+ attr = pts_hash_alg_error_create(supported_algorithms);
+ out_msg->add_attribute(out_msg, attr);
+ break;
+ }
+ pts->set_dh_hash_algorithm(pts, selected_algorithm);
+
+ if (!pts->create_dh_nonce(pts, dh_group, nonce_len))
+ {
+ return FALSE;
+ }
+
+ responder_value = attr_cast->get_responder_value(attr_cast);
+ pts->set_peer_public_value(pts, responder_value,
+ responder_nonce);
+
+ /* Calculate secret assessment value */
+ if (!pts->calculate_secret(pts))
+ {
+ return FALSE;
+ }
+ state->set_action_flags(state, IMV_ATTESTATION_DH_NONCE);
+ break;
+ }
+ case TCG_PTS_TPM_VERSION_INFO:
+ {
+ tcg_pts_attr_tpm_version_info_t *attr_cast;
+ chunk_t tpm_version_info;
+
+ attr_cast = (tcg_pts_attr_tpm_version_info_t*)attr;
+ tpm_version_info = attr_cast->get_tpm_version_info(attr_cast);
+ pts->set_tpm_version_info(pts, tpm_version_info);
+ break;
+ }
+ case TCG_PTS_AIK:
+ {
+ tcg_pts_attr_aik_t *attr_cast;
+ certificate_t *aik, *issuer;
+ public_key_t *public;
+ chunk_t keyid, keyid_hex, device_id;
+ int aik_id;
+ enumerator_t *e;
+ bool trusted = FALSE, trusted_chain = FALSE;
+
+ attr_cast = (tcg_pts_attr_aik_t*)attr;
+ aik = attr_cast->get_aik(attr_cast);
+ if (!aik)
+ {
+ DBG1(DBG_IMV, "AIK unavailable");
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
+ break;
+ }
+
+ /* check trust into public key as stored in the database */
+ public = aik->get_public_key(aik);
+ public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid);
+ DBG1(DBG_IMV, "verifying AIK with keyid %#B", &keyid);
+ keyid_hex = chunk_to_hex(keyid, NULL, FALSE);
+ if (session->get_device_id(session, &device_id) &&
+ chunk_equals(keyid_hex, device_id))
+ {
+ trusted = session->get_device_trust(session);
+ }
+ else
+ {
+ DBG1(DBG_IMV, "device ID unknown or different from AIK keyid");
+ }
+ DBG1(DBG_IMV, "AIK public key is %strusted", trusted ? "" : "not ");
+ public->destroy(public);
+ chunk_free(&keyid_hex);
+
+ if (aik->get_type(aik) == CERT_X509)
+ {
+
+ e = pts_credmgr->create_trusted_enumerator(pts_credmgr,
+ KEY_ANY, aik->get_issuer(aik), FALSE);
+ while (e->enumerate(e, &issuer))
+ {
+ if (aik->issued_by(aik, issuer, NULL))
+ {
+ trusted_chain = TRUE;
+ break;
+ }
+ }
+ e->destroy(e);
+ DBG1(DBG_IMV, "AIK certificate is %strusted",
+ trusted_chain ? "" : "not ");
+ if (!trusted || !trusted_chain)
+ {
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
+ break;
+ }
+ }
+ session->get_session_id(session, NULL, &aik_id);
+ pts->set_aik(pts, aik, aik_id);
+ state->set_action_flags(state, IMV_ATTESTATION_AIK);
+ break;
+ }
+ case TCG_PTS_FILE_MEAS:
+ {
+ TNC_IMV_Evaluation_Result eval;
+ TNC_IMV_Action_Recommendation rec;
+ tcg_pts_attr_file_meas_t *attr_cast;
+ uint16_t request_id;
+ int arg_int, file_count;
+ pts_meas_algorithms_t algo;
+ pts_file_meas_t *measurements;
+ imv_workitem_t *workitem, *found = NULL;
+ imv_workitem_type_t type;
+ char result_str[BUF_LEN];
+ bool is_dir, correct;
+ enumerator_t *enumerator;
+
+ eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ algo = pts->get_meas_algorithm(pts);
+ attr_cast = (tcg_pts_attr_file_meas_t*)attr;
+ measurements = attr_cast->get_measurements(attr_cast);
+ request_id = measurements->get_request_id(measurements);
+ file_count = measurements->get_file_count(measurements);
+
+ DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
+ request_id, file_count, (file_count == 1) ? "":"s");
+
+ if (request_id)
+ {
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ /* request ID consist of lower 16 bits of workitem ID */
+ if ((workitem->get_id(workitem) & 0xffff) == request_id)
+ {
+ found = workitem;
+ break;
+ }
+ }
+
+ if (!found)
+ {
+ DBG1(DBG_IMV, " no entry found for file measurement "
+ "request %d", request_id);
+ enumerator->destroy(enumerator);
+ break;
+ }
+ type = found->get_type(found);
+ arg_int = found->get_arg_int(found);
+
+ switch (type)
+ {
+ default:
+ case IMV_WORKITEM_FILE_REF_MEAS:
+ case IMV_WORKITEM_FILE_MEAS:
+ is_dir = FALSE;
+ break;
+ case IMV_WORKITEM_DIR_REF_MEAS:
+ case IMV_WORKITEM_DIR_MEAS:
+ is_dir = TRUE;
+ }
+
+ switch (type)
+ {
+ case IMV_WORKITEM_FILE_MEAS:
+ case IMV_WORKITEM_DIR_MEAS:
+ {
+ enumerator_t *e;
+
+ /* check hashes from database against measurements */
+ e = pts_db->create_file_hash_enumerator(pts_db,
+ pts->get_platform_id(pts),
+ algo, is_dir, arg_int);
+ if (!e)
+ {
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ break;
+ }
+ correct = measurements->verify(measurements, e, is_dir);
+ if (!correct)
+ {
+ attestation_state->set_measurement_error(
+ attestation_state,
+ IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL);
+ eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
+ }
+ e->destroy(e);
+
+ snprintf(result_str, BUF_LEN, "%s measurement%s correct",
+ is_dir ? "directory" : "file",
+ correct ? "" : " not");
+ break;
+ }
+ case IMV_WORKITEM_FILE_REF_MEAS:
+ case IMV_WORKITEM_DIR_REF_MEAS:
+ {
+ enumerator_t *e;
+ char *filename;
+ chunk_t measurement;
+
+ e = measurements->create_enumerator(measurements);
+ while (e->enumerate(e, &filename, &measurement))
+ {
+ if (pts_db->add_file_measurement(pts_db,
+ pts->get_platform_id(pts), algo, measurement,
+ filename, is_dir, arg_int) != SUCCESS)
+ {
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ }
+ }
+ e->destroy(e);
+ snprintf(result_str, BUF_LEN, "%s reference measurement "
+ "successful", is_dir ? "directory" : "file");
+ break;
+ }
+ default:
+ break;
+ }
+
+ session->remove_workitem(session, enumerator);
+ enumerator->destroy(enumerator);
+ rec = found->set_result(found, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, found);
+ found->destroy(found);
+ }
+ else
+ {
+ measurements->check(measurements, pts_db,
+ pts->get_platform_id(pts), algo);
+ }
+ break;
+ }
+ case TCG_PTS_UNIX_FILE_META:
+ {
+ tcg_pts_attr_file_meta_t *attr_cast;
+ int file_count;
+ pts_file_meta_t *metadata;
+ pts_file_metadata_t *entry;
+ time_t created, modified, accessed;
+ bool utc = FALSE;
+ enumerator_t *e;
+
+ attr_cast = (tcg_pts_attr_file_meta_t*)attr;
+ metadata = attr_cast->get_metadata(attr_cast);
+ file_count = metadata->get_file_count(metadata);
+
+ DBG1(DBG_IMV, "metadata request returned %d file%s:",
+ file_count, (file_count == 1) ? "":"s");
+
+ e = metadata->create_enumerator(metadata);
+ while (e->enumerate(e, &entry))
+ {
+ DBG1(DBG_IMV, " '%s' (%"PRIu64" bytes)"
+ " owner %"PRIu64", group %"PRIu64", type %N",
+ entry->filename, entry->filesize, entry->owner,
+ entry->group, pts_file_type_names, entry->type);
+
+ created = entry->created;
+ modified = entry->modified;
+ accessed = entry->accessed;
+
+ DBG1(DBG_IMV, " created %T, modified %T, accessed %T",
+ &created, utc, &modified, utc, &accessed, utc);
+ }
+ e->destroy(e);
+ break;
+ }
+ case TCG_PTS_SIMPLE_COMP_EVID:
+ {
+ tcg_pts_attr_simple_comp_evid_t *attr_cast;
+ pts_comp_func_name_t *name;
+ pts_comp_evidence_t *evidence;
+ pts_component_t *comp;
+ uint32_t depth;
+ status_t status;
+
+ attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
+ evidence = attr_cast->get_comp_evidence(attr_cast);
+ name = evidence->get_comp_func_name(evidence, &depth);
+
+ comp = attestation_state->get_component(attestation_state, name);
+ if (!comp)
+ {
+ DBG1(DBG_IMV, " no entry found for component evidence request");
+ break;
+ }
+ status = comp->verify(comp, name->get_qualifier(name), pts, evidence);
+ if (status == VERIFY_ERROR || status == FAILED)
+ {
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_COMP_EVID_FAIL);
+ name->log(name, " measurement mismatch for ");
+ }
+ break;
+ }
+ case TCG_PTS_SIMPLE_EVID_FINAL:
+ {
+ tcg_pts_attr_simple_evid_final_t *attr_cast;
+ uint8_t flags;
+ pts_meas_algorithms_t comp_hash_algorithm;
+ chunk_t pcr_comp, tpm_quote_sig, evid_sig;
+ chunk_t pcr_composite, quote_info, result_buf;
+ imv_workitem_t *workitem;
+ imv_reason_string_t *reason_string;
+ enumerator_t *enumerator;
+ bool use_quote2, use_ver_info;
+ bio_writer_t *result;
+
+ attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
+ flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm,
+ &pcr_comp, &tpm_quote_sig);
+
+ if (flags != PTS_SIMPLE_EVID_FINAL_NO)
+ {
+ use_quote2 = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 ||
+ flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER);
+ use_ver_info = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER);
+
+ /* Construct PCR Composite and TPM Quote Info structures */
+ if (!pts->get_quote_info(pts, use_quote2, use_ver_info,
+ comp_hash_algorithm, &pcr_composite, "e_info))
+ {
+ DBG1(DBG_IMV, "unable to construct TPM Quote Info");
+ return FALSE;
+ }
+
+ if (!chunk_equals(pcr_comp, pcr_composite))
+ {
+ DBG1(DBG_IMV, "received PCR Composite does not match "
+ "constructed one");
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
+ goto quote_error;
+ }
+ DBG2(DBG_IMV, "received PCR Composite matches constructed one");
+
+ if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
+ {
+ attestation_state->set_measurement_error(attestation_state,
+ IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
+ goto quote_error;
+ }
+ DBG2(DBG_IMV, "TPM Quote Info signature verification successful");
+
+quote_error:
+ free(pcr_composite.ptr);
+ free(quote_info.ptr);
+
+ /**
+ * Finalize any pending measurement registrations and check
+ * if all expected component measurements were received
+ */
+ result = bio_writer_create(128);
+ attestation_state->finalize_components(attestation_state,
+ result);
+
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST)
+ {
+ TNC_IMV_Action_Recommendation rec;
+ TNC_IMV_Evaluation_Result eval;
+ uint32_t error;
+
+ error = attestation_state->get_measurement_error(
+ attestation_state);
+ if (error & (IMV_ATTESTATION_ERROR_COMP_EVID_FAIL |
+ IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
+ IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
+ {
+ reason_string = imv_reason_string_create("en", ", ");
+ attestation_state->add_comp_evid_reasons(
+ attestation_state, reason_string);
+ result->write_data(result, chunk_from_str("; "));
+ result->write_data(result,
+ reason_string->get_encoding(reason_string));
+ reason_string->destroy(reason_string);
+ eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
+ }
+ else
+ {
+ eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ }
+ session->remove_workitem(session, enumerator);
+
+ result->write_uint8(result, '\0');
+ result_buf = result->get_buf(result);
+ rec = workitem->set_result(workitem, result_buf.ptr,
+ eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ attestation_state->set_handshake_state(attestation_state,
+ IMV_ATTESTATION_STATE_END);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ result->destroy(result);
+ }
+
+ if (attr_cast->get_evid_sig(attr_cast, &evid_sig))
+ {
+ /** TODO: What to do with Evidence Signature */
+ DBG1(DBG_IMV, "this version of the Attestation IMV can not "
+ "handle Evidence Signatures");
+ }
+ break;
+ }
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ case TCG_SEG_ATTR_SEG_ENV:
+ break;
+
+ /* TODO: Not implemented yet */
+ case TCG_PTS_INTEG_MEAS_LOG:
+ /* Attributes using XML */
+ case TCG_PTS_TEMPL_REF_MANI_SET_META:
+ case TCG_PTS_VERIFICATION_RESULT:
+ case TCG_PTS_INTEG_REPORT:
+ /* On Windows only*/
+ case TCG_PTS_WIN_FILE_META:
+ case TCG_PTS_REGISTRY_VALUE:
+ /* Received on IMC side only*/
+ case TCG_PTS_REQ_PROTO_CAPS:
+ case TCG_PTS_DH_NONCE_PARAMS_REQ:
+ case TCG_PTS_DH_NONCE_FINISH:
+ case TCG_PTS_MEAS_ALGO:
+ case TCG_PTS_GET_TPM_VERSION_INFO:
+ case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
+ case TCG_PTS_UPDATE_TEMPL_REF_MANI:
+ case TCG_PTS_GET_AIK:
+ case TCG_PTS_REQ_FUNC_COMP_EVID:
+ case TCG_PTS_GEN_ATTEST_EVID:
+ case TCG_PTS_REQ_FILE_META:
+ case TCG_PTS_REQ_FILE_MEAS:
+ case TCG_PTS_REQ_INTEG_MEAS_LOG:
+ default:
+ DBG1(DBG_IMV, "received unsupported attribute '%N/%N'",
+ pen_names, PEN_TCG, tcg_attr_names, attr_type.type);
+ break;
+ }
+ return TRUE;
+}
+
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.h b/src/libimcv/plugins/imv_attestation/imv_attestation_process.h
similarity index 100%
rename from src/libpts/plugins/imv_attestation/imv_attestation_process.h
rename to src/libimcv/plugins/imv_attestation/imv_attestation_process.h
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
new file mode 100644
index 0000000..1c3b91a
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
@@ -0,0 +1,560 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_attestation_state.h"
+
+#include <imcv.h>
+#include <imv/imv_lang_string.h>
+#include "imv/imv_reason_string.h"
+
+#include <tncif_policy.h>
+
+#include <collections/linked_list.h>
+#include <utils/debug.h>
+
+typedef struct private_imv_attestation_state_t private_imv_attestation_state_t;
+typedef struct file_meas_request_t file_meas_request_t;
+typedef struct func_comp_t func_comp_t;
+
+/**
+ * Private data of an imv_attestation_state_t object.
+ */
+struct private_imv_attestation_state_t {
+
+ /**
+ * Public members of imv_attestation_state_t
+ */
+ imv_attestation_state_t public;
+
+ /**
+ * TNCCS connection ID
+ */
+ TNC_ConnectionID connection_id;
+
+ /**
+ * TNCCS connection state
+ */
+ TNC_ConnectionState state;
+
+ /**
+ * Does the TNCCS connection support long message types?
+ */
+ bool has_long;
+
+ /**
+ * Does the TNCCS connection support exclusive delivery?
+ */
+ bool has_excl;
+
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ uint32_t max_msg_len;
+
+ /**
+ * Flags set for completed actions
+ */
+ uint32_t action_flags;
+
+ /**
+ * IMV database session associated with TNCCS connection
+ */
+ imv_session_t *session;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
+ * IMV Attestation handshake state
+ */
+ imv_attestation_handshake_state_t handshake_state;
+
+ /**
+ * IMV action recommendation
+ */
+ TNC_IMV_Action_Recommendation rec;
+
+ /**
+ * IMV evaluation result
+ */
+ TNC_IMV_Evaluation_Result eval;
+
+ /**
+ * List of Functional Components
+ */
+ linked_list_t *components;
+
+ /**
+ * PTS object
+ */
+ pts_t *pts;
+
+ /**
+ * Measurement error flags
+ */
+ uint32_t measurement_error;
+
+ /**
+ * TNC Reason String
+ */
+ imv_reason_string_t *reason_string;
+
+};
+
+/**
+ * PTS Functional Component entry
+ */
+struct func_comp_t {
+ pts_component_t *comp;
+ pts_comp_func_name_t* name;
+};
+
+/**
+ * Frees a func_comp_t object
+ */
+static void free_func_comp(func_comp_t *this)
+{
+ this->comp->destroy(this->comp);
+ this->name->destroy(this->name);
+ free(this);
+}
+
+/**
+ * Supported languages
+ */
+static char* languages[] = { "en", "de", "mn" };
+
+/**
+ * Table of reason strings
+ */
+static imv_lang_string_t reason_file_meas_fail[] = {
+ { "en", "Incorrect file measurement" },
+ { "de", "Falsche Dateimessung" },
+ { "mn", "Буруу байгаа файл" },
+ { NULL, NULL }
+};
+
+static imv_lang_string_t reason_file_meas_pend[] = {
+ { "en", "Pending file measurement" },
+ { "de", "Ausstehende Dateimessung" },
+ { "mn", "Xүлээгдэж байгаа файл" },
+ { NULL, NULL }
+};
+
+static imv_lang_string_t reason_no_trusted_aik[] = {
+ { "en", "No trusted AIK available" },
+ { "de", "Kein vetrauenswürdiger AIK verfügbar" },
+ { NULL, NULL }
+};
+
+static imv_lang_string_t reason_comp_evid_fail[] = {
+ { "en", "Incorrect component evidence" },
+ { "de", "Falsche Komponenten-Evidenz" },
+ { "mn", "Буруу компонент хэмжилт" },
+ { NULL, NULL }
+};
+
+static imv_lang_string_t reason_comp_evid_pend[] = {
+ { "en", "Pending component evidence" },
+ { "de", "Ausstehende Komponenten-Evidenz" },
+ { "mn", "Xүлээгдэж компонент хэмжилт" },
+ { NULL, NULL }
+};
+
+static imv_lang_string_t reason_tpm_quote_fail[] = {
+ { "en", "Invalid TPM Quote signature received" },
+ { "de", "Falsche TPM Quote Signature erhalten" },
+ { "mn", "Буруу TPM Quote гарын үсэг" },
+ { NULL, NULL }
+};
+
+METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
+ private_imv_attestation_state_t *this)
+{
+ return this->connection_id;
+}
+
+METHOD(imv_state_t, has_long, bool,
+ private_imv_attestation_state_t *this)
+{
+ return this->has_long;
+}
+
+METHOD(imv_state_t, has_excl, bool,
+ private_imv_attestation_state_t *this)
+{
+ return this->has_excl;
+}
+
+METHOD(imv_state_t, set_flags, void,
+ private_imv_attestation_state_t *this, bool has_long, bool has_excl)
+{
+ this->has_long = has_long;
+ this->has_excl = has_excl;
+}
+
+METHOD(imv_state_t, set_max_msg_len, void,
+ private_imv_attestation_state_t *this, uint32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imv_state_t, get_max_msg_len, uint32_t,
+ private_imv_attestation_state_t *this)
+{
+ return this->max_msg_len;
+}
+
+METHOD(imv_state_t, set_action_flags, void,
+ private_imv_attestation_state_t *this, uint32_t flags)
+{
+ this->action_flags |= flags;
+}
+
+METHOD(imv_state_t, get_action_flags, uint32_t,
+ private_imv_attestation_state_t *this)
+{
+ return this->action_flags;
+}
+
+METHOD(imv_state_t, set_session, void,
+ private_imv_attestation_state_t *this, imv_session_t *session)
+{
+ this->session = session;
+}
+
+METHOD(imv_state_t, get_session, imv_session_t*,
+ private_imv_attestation_state_t *this)
+{
+ return this->session;
+}
+
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_attestation_state_t *this)
+{
+ return this->contracts;
+}
+
+METHOD(imv_state_t, change_state, void,
+ private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
+{
+ this->state = new_state;
+}
+
+METHOD(imv_state_t, get_recommendation, void,
+ private_imv_attestation_state_t *this, TNC_IMV_Action_Recommendation *rec,
+ TNC_IMV_Evaluation_Result *eval)
+{
+ *rec = this->rec;
+ *eval = this->eval;
+}
+
+METHOD(imv_state_t, set_recommendation, void,
+ private_imv_attestation_state_t *this, TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval)
+{
+ this->rec = rec;
+ this->eval = eval;
+}
+
+METHOD(imv_state_t, update_recommendation, void,
+ private_imv_attestation_state_t *this, TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval)
+{
+ this->rec = tncif_policy_update_recommendation(this->rec, rec);
+ this->eval = tncif_policy_update_evaluation(this->eval, eval);
+}
+
+METHOD(imv_attestation_state_t, add_file_meas_reasons, void,
+ private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
+{
+ if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
+ {
+ reason_string->add_reason(reason_string, reason_file_meas_fail);
+ }
+ if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
+ {
+ reason_string->add_reason(reason_string, reason_file_meas_pend);
+ }
+}
+
+METHOD(imv_attestation_state_t, add_comp_evid_reasons, void,
+ private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
+{
+ if (this->measurement_error & IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK)
+ {
+ reason_string->add_reason(reason_string, reason_no_trusted_aik);
+ }
+ if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
+ {
+ reason_string->add_reason(reason_string, reason_comp_evid_fail);
+ }
+ if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
+ {
+ reason_string->add_reason(reason_string, reason_comp_evid_pend);
+ }
+ if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
+ {
+ reason_string->add_reason(reason_string, reason_tpm_quote_fail);
+ }
+}
+
+METHOD(imv_state_t, get_reason_string, bool,
+ private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+ chunk_t *reason_string, char **reason_language)
+{
+ *reason_language = imv_lang_string_select_lang(language_enumerator,
+ languages, countof(languages));
+
+ /* Instantiate a TNC Reason String object */
+ DESTROY_IF(this->reason_string);
+ this->reason_string = imv_reason_string_create(*reason_language, "\n");
+ add_file_meas_reasons(this, this->reason_string);
+ add_comp_evid_reasons(this, this->reason_string);
+ *reason_string = this->reason_string->get_encoding(this->reason_string);
+
+ return TRUE;
+}
+
+METHOD(imv_state_t, get_remediation_instructions, bool,
+ private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
+ chunk_t *string, char **lang_code, char **uri)
+{
+ return FALSE;
+}
+
+METHOD(imv_state_t, destroy, void,
+ private_imv_attestation_state_t *this)
+{
+ DESTROY_IF(this->session);
+ DESTROY_IF(this->reason_string);
+ this->components->destroy_function(this->components, (void *)free_func_comp);
+ this->pts->destroy(this->pts);
+ this->contracts->destroy(this->contracts);
+ free(this);
+}
+
+METHOD(imv_attestation_state_t, get_handshake_state,
+ imv_attestation_handshake_state_t, private_imv_attestation_state_t *this)
+{
+ return this->handshake_state;
+}
+
+METHOD(imv_attestation_state_t, set_handshake_state, void,
+ private_imv_attestation_state_t *this,
+ imv_attestation_handshake_state_t new_state)
+{
+ this->handshake_state = new_state;
+}
+
+METHOD(imv_attestation_state_t, get_pts, pts_t*,
+ private_imv_attestation_state_t *this)
+{
+ return this->pts;
+}
+
+METHOD(imv_attestation_state_t, create_component, pts_component_t*,
+ private_imv_attestation_state_t *this, pts_comp_func_name_t *name,
+ uint32_t depth, pts_database_t *pts_db)
+{
+ enumerator_t *enumerator;
+ func_comp_t *entry, *new_entry;
+ pts_component_t *component;
+ bool found = FALSE;
+
+ enumerator = this->components->create_enumerator(this->components);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (name->equals(name, entry->comp->get_comp_func_name(entry->comp)))
+ {
+ found = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (found)
+ {
+ if (name->equals(name, entry->name))
+ {
+ /* duplicate entry */
+ return NULL;
+ }
+ new_entry = malloc_thing(func_comp_t);
+ new_entry->name = name->clone(name);
+ new_entry->comp = entry->comp->get_ref(entry->comp);
+ this->components->insert_last(this->components, new_entry);
+ return entry->comp;
+ }
+ else
+ {
+ component = imcv_pts_components->create(imcv_pts_components,
+ name, depth, pts_db);
+ if (!component)
+ {
+ /* unsupported component */
+ return NULL;
+ }
+ new_entry = malloc_thing(func_comp_t);
+ new_entry->name = name->clone(name);
+ new_entry->comp = component;
+ this->components->insert_last(this->components, new_entry);
+ return component;
+ }
+}
+
+/**
+ * Enumerate file measurement entries
+ */
+static bool entry_filter(void *null, func_comp_t **entry, uint8_t *flags,
+ void *i2, uint32_t *depth,
+ void *i3, pts_comp_func_name_t **comp_name)
+{
+ pts_component_t *comp;
+ pts_comp_func_name_t *name;
+
+ comp = (*entry)->comp;
+ name = (*entry)->name;
+
+ *flags = comp->get_evidence_flags(comp);
+ *depth = comp->get_depth(comp);
+ *comp_name = name;
+
+ return TRUE;
+}
+
+METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*,
+ private_imv_attestation_state_t *this)
+{
+ return enumerator_create_filter(
+ this->components->create_enumerator(this->components),
+ (void*)entry_filter, NULL, NULL);
+}
+
+METHOD(imv_attestation_state_t, get_component, pts_component_t*,
+ private_imv_attestation_state_t *this, pts_comp_func_name_t *name)
+{
+ enumerator_t *enumerator;
+ func_comp_t *entry;
+ pts_component_t *found = NULL;
+
+ enumerator = this->components->create_enumerator(this->components);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (name->equals(name, entry->name))
+ {
+ found = entry->comp;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found;
+}
+
+METHOD(imv_attestation_state_t, get_measurement_error, uint32_t,
+ private_imv_attestation_state_t *this)
+{
+ return this->measurement_error;
+}
+
+METHOD(imv_attestation_state_t, set_measurement_error, void,
+ private_imv_attestation_state_t *this, uint32_t error)
+{
+ this->measurement_error |= error;
+}
+
+METHOD(imv_attestation_state_t, finalize_components, void,
+ private_imv_attestation_state_t *this, bio_writer_t *result)
+{
+ func_comp_t *entry;
+ bool first = TRUE;
+
+ while (this->components->remove_last(this->components,
+ (void**)&entry) == SUCCESS)
+ {
+ if (first)
+ {
+ first = FALSE;
+ }
+ else
+ {
+ result->write_data(result, chunk_from_str("; "));
+ }
+ if (!entry->comp->finalize(entry->comp,
+ entry->name->get_qualifier(entry->name),
+ result))
+ {
+ set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
+ }
+ free_func_comp(entry);
+ }
+}
+
+/**
+ * Described in header.
+ */
+imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
+{
+ private_imv_attestation_state_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .get_connection_id = _get_connection_id,
+ .has_long = _has_long,
+ .has_excl = _has_excl,
+ .set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
+ .set_action_flags = _set_action_flags,
+ .get_action_flags = _get_action_flags,
+ .set_session = _set_session,
+ .get_session = _get_session,
+ .get_contracts = _get_contracts,
+ .change_state = _change_state,
+ .get_recommendation = _get_recommendation,
+ .set_recommendation = _set_recommendation,
+ .update_recommendation = _update_recommendation,
+ .get_reason_string = _get_reason_string,
+ .get_remediation_instructions = _get_remediation_instructions,
+ .destroy = _destroy,
+ },
+ .get_handshake_state = _get_handshake_state,
+ .set_handshake_state = _set_handshake_state,
+ .get_pts = _get_pts,
+ .create_component = _create_component,
+ .create_component_enumerator = _create_component_enumerator,
+ .get_component = _get_component,
+ .finalize_components = _finalize_components,
+ .get_measurement_error = _get_measurement_error,
+ .set_measurement_error = _set_measurement_error,
+ .add_file_meas_reasons = _add_file_meas_reasons,
+ .add_comp_evid_reasons = _add_comp_evid_reasons,
+ },
+ .connection_id = connection_id,
+ .state = TNC_CONNECTION_STATE_CREATE,
+ .handshake_state = IMV_ATTESTATION_STATE_INIT,
+ .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
+ .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .contracts = seg_contract_manager_create(),
+ .components = linked_list_create(),
+ .pts = pts_create(FALSE),
+ );
+
+ return &this->public.interface;
+}
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.h b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h
new file mode 100644
index 0000000..39a8eee
--- /dev/null
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.h
@@ -0,0 +1,192 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_attestation imv_attestation
+ * @ingroup libimcv_plugins
+ *
+ * @defgroup imv_attestation_state_t imv_attestation_state
+ * @{ @ingroup imv_attestation
+ */
+
+#ifndef IMV_ATTESTATION_STATE_H_
+#define IMV_ATTESTATION_STATE_H_
+
+#include <imv/imv_state.h>
+#include <imv/imv_reason_string.h>
+#include <pts/pts.h>
+#include <pts/pts_database.h>
+#include <pts/components/pts_component.h>
+
+#include <library.h>
+#include <bio/bio_writer.h>
+
+typedef struct imv_attestation_state_t imv_attestation_state_t;
+typedef enum imv_attestation_flag_t imv_attestation_flag_t;
+typedef enum imv_attestation_handshake_state_t imv_attestation_handshake_state_t;
+typedef enum imv_meas_error_t imv_meas_error_t;
+
+/**
+ * IMV Attestation Flags set for completed actions
+ */
+enum imv_attestation_flag_t {
+ IMV_ATTESTATION_ATTR_PRODUCT_INFO = (1<<0),
+ IMV_ATTESTATION_ATTR_STRING_VERSION = (1<<1),
+ IMV_ATTESTATION_ATTR_DEVICE_ID = (1<<2),
+ IMV_ATTESTATION_ATTR_MUST = (1<<3)-1,
+ IMV_ATTESTATION_ATTR_REQ = (1<<3),
+ IMV_ATTESTATION_ALGO = (1<<4),
+ IMV_ATTESTATION_DH_NONCE = (1<<5),
+ IMV_ATTESTATION_AIK = (1<<6),
+ IMV_ATTESTATION_FILE_MEAS = (1<<7),
+ IMV_ATTESTATION_REC = (1<<8)
+};
+
+/**
+ * IMV Attestation Handshake States (state machine)
+ */
+enum imv_attestation_handshake_state_t {
+ IMV_ATTESTATION_STATE_INIT,
+ IMV_ATTESTATION_STATE_DISCOVERY,
+ IMV_ATTESTATION_STATE_NONCE_REQ,
+ IMV_ATTESTATION_STATE_TPM_INIT,
+ IMV_ATTESTATION_STATE_COMP_EVID,
+ IMV_ATTESTATION_STATE_EVID_FINAL,
+ IMV_ATTESTATION_STATE_END,
+};
+
+/**
+ * IMV Measurement Error Types
+ */
+enum imv_meas_error_t {
+ IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL = 1,
+ IMV_ATTESTATION_ERROR_FILE_MEAS_PEND = 2,
+ IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK = 4,
+ IMV_ATTESTATION_ERROR_COMP_EVID_FAIL = 8,
+ IMV_ATTESTATION_ERROR_COMP_EVID_PEND = 16,
+ IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 32
+};
+
+/**
+ * Internal state of an imv_attestation_t connection instance
+ */
+struct imv_attestation_state_t {
+
+ /**
+ * imv_state_t interface
+ */
+ imv_state_t interface;
+
+ /**
+ * Get state of the handshake
+ *
+ * @return the handshake state of IMV
+ */
+ imv_attestation_handshake_state_t (*get_handshake_state)(
+ imv_attestation_state_t *this);
+
+ /**
+ * Set state of the handshake
+ *
+ * @param new_state the handshake state of IMV
+ */
+ void (*set_handshake_state)(imv_attestation_state_t *this,
+ imv_attestation_handshake_state_t new_state);
+
+ /**
+ * Get the PTS object
+ *
+ * @return PTS object
+ */
+ pts_t* (*get_pts)(imv_attestation_state_t *this);
+
+ /**
+ * Create and add an entry to the list of Functional Components
+ *
+ * @param name Component Functional Name
+ * @param depth Sub-component Depth
+ * @param pts_db PTS measurement database
+ * @return created functional component instance or NULL
+ */
+ pts_component_t* (*create_component)(imv_attestation_state_t *this,
+ pts_comp_func_name_t *name,
+ uint32_t depth,
+ pts_database_t *pts_db);
+
+ /**
+ * Enumerate over all Functional Components
+ *
+ * @return Functional Component enumerator
+ */
+ enumerator_t* (*create_component_enumerator)(imv_attestation_state_t *this);
+
+ /**
+ * Get a Functional Component with a given name
+ *
+ * @param name Name of the requested Functional Component
+ * @return Functional Component if found, NULL otherwise
+ */
+ pts_component_t* (*get_component)(imv_attestation_state_t *this,
+ pts_comp_func_name_t *name);
+
+ /**
+ * Tell the Functional Components to finalize any measurement registrations
+ * and to check if all expected measurements were received
+ *
+ * @param result Writer appending component measurement results
+ */
+ void (*finalize_components)(imv_attestation_state_t *this,
+ bio_writer_t *result);
+
+ /**
+ * Indicates the types of measurement errors that occurred
+ *
+ * @return Measurement error flags
+ */
+ uint32_t (*get_measurement_error)(imv_attestation_state_t *this);
+
+ /**
+ * Call if a measurement error is encountered
+ *
+ * @param error Measurement error type
+ */
+ void (*set_measurement_error)(imv_attestation_state_t *this,
+ uint32_t error);
+
+ /**
+ * Returns a concatenation of File Measurement reason strings
+ *
+ * @param reason_string Concatenated reason strings
+ */
+ void (*add_file_meas_reasons)(imv_attestation_state_t *this,
+ imv_reason_string_t *reason_string);
+
+ /**
+ * Returns a concatenation of Component Evidence reason strings
+ *
+ * @param reason_string Concatenated reason strings
+ */
+ void (*add_comp_evid_reasons)(imv_attestation_state_t *this,
+ imv_reason_string_t *reason_string);
+};
+
+/**
+ * Create an imv_attestation_state_t instance
+ *
+ * @param id connection ID
+ */
+imv_state_t* imv_attestation_state_create(TNC_ConnectionID id);
+
+#endif /** IMV_ATTESTATION_STATE_H_ @}*/
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index cae6dbe..36e708f 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index ca8bac6..f0b1936 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -37,8 +37,9 @@
#include <ita/ita_attr.h>
#include <ita/ita_attr_get_settings.h>
#include <ita/ita_attr_settings.h>
-#include <ita/ita_attr_angel.h>
#include <ita/ita_attr_device_id.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
#include <tncif_names.h>
#include <tncif_pa_subtypes.h>
@@ -46,6 +47,8 @@
#include <pen/pen.h>
#include <utils/debug.h>
+#define INSTALLED_PACKAGES_MAX_ATTR_SIZE 100000000
+
typedef struct private_imv_os_agent_t private_imv_os_agent_t;
typedef enum imv_os_attr_t imv_os_attr_t;
@@ -166,20 +169,23 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
chunk_t os_name = chunk_empty;
chunk_t os_version = chunk_empty;
bool fatal_error = FALSE, assessment = FALSE;
+ uint16_t missing;
os_state = (imv_os_state_t*)state;
session = state->get_session(state);
os_info = session->get_os_info(session);
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg,out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imv_msg_create_as_reply(in_msg);
-
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
while (enumerator->enumerate(enumerator, &attr))
@@ -323,6 +329,9 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
TNC_IMV_EVALUATION_RESULT_ERROR);
assessment = TRUE;
}
+ missing = attr_cast->get_count(attr_cast);
+ os_state->set_missing(os_state, missing);
+ attr_cast->clear_packages(attr_cast);
break;
}
default:
@@ -369,12 +378,6 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
session->set_device_id(session, value);
break;
}
- case ITA_ATTR_START_ANGEL:
- os_state->set_angel_count(os_state, TRUE);
- break;
- case ITA_ATTR_STOP_ANGEL:
- os_state->set_angel_count(os_state, FALSE);
- break;
default:
break;
}
@@ -394,20 +397,20 @@ static TNC_Result receive_msg(private_imv_os_agent_t *this, imv_state_t *state,
{
os_state->set_handshake_state(os_state, IMV_OS_STATE_END);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
-
- /* send PA-TNC message with excl flag set */
- result = out_msg->send(out_msg, TRUE);
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
out_msg->destroy(out_msg);
return result;
- }
+}
METHOD(imv_agent_if_t, receive_message, TNC_Result,
private_imv_os_agent_t *this, TNC_ConnectionID id,
@@ -529,6 +532,30 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (handshake_state == IMV_OS_STATE_INIT)
{
+ size_t max_attr_size = INSTALLED_PACKAGES_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
if ((received & IMV_OS_ATTR_MUST) != IMV_OS_ATTR_MUST)
{
/* create attribute request for missing mandatory attributes */
@@ -671,7 +698,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
int count, count_update, count_blacklist, count_ok;
if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) ||
- os_state->get_angel_count(os_state) > 0)
+ os_state->get_missing(os_state) > 0)
{
continue;
}
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index dc8474a..ac826a7 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -76,6 +76,11 @@ struct private_imv_os_state_t {
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec;
@@ -136,9 +141,9 @@ struct private_imv_os_state_t {
u_int os_settings;
/**
- * Angel count
+ * Number of installed packages still missing
*/
- int angel_count;
+ uint16_t missing;
};
@@ -327,6 +332,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_os_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, get_recommendation, void,
private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec,
TNC_IMV_Evaluation_Result *eval)
@@ -461,6 +472,7 @@ METHOD(imv_state_t, destroy, void,
DESTROY_IF(this->session);
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
+ this->contracts->destroy(this->contracts);
this->update_packages->destroy_function(this->update_packages, free);
this->remove_packages->destroy_function(this->remove_packages, free);
free(this);
@@ -523,16 +535,16 @@ METHOD(imv_os_state_t, get_os_settings, u_int,
return this->os_settings;
}
-METHOD(imv_os_state_t, set_angel_count, void,
- private_imv_os_state_t *this, bool start)
+METHOD(imv_os_state_t, set_missing, void,
+ private_imv_os_state_t *this, uint16_t missing)
{
- this->angel_count += start ? 1 : -1;
+ this->missing = missing;
}
-METHOD(imv_os_state_t, get_angel_count, int,
+METHOD(imv_os_state_t, get_missing, uint16_t,
private_imv_os_state_t *this)
{
- return this->angel_count;
+ return this->missing;
}
METHOD(imv_os_state_t, add_bad_package, void,
@@ -571,6 +583,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session = _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -585,14 +598,15 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
.get_count = _get_count,
.set_os_settings = _set_os_settings,
.get_os_settings = _get_os_settings,
- .set_angel_count = _set_angel_count,
- .get_angel_count = _get_angel_count,
+ .set_missing = _set_missing,
+ .get_missing = _get_missing,
.add_bad_package = _add_bad_package,
},
.state = TNC_CONNECTION_STATE_CREATE,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.update_packages = linked_list_create(),
.remove_packages = linked_list_create(),
);
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.h b/src/libimcv/plugins/imv_os/imv_os_state.h
index 82ebb6c..aa9b640 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.h
+++ b/src/libimcv/plugins/imv_os/imv_os_state.h
@@ -114,18 +114,18 @@ struct imv_os_state_t {
u_int (*get_os_settings)(imv_os_state_t *this);
/**
- * Increase/Decrease the ITA Angel count
+ * Set number of installed packages still missing
*
- * @param start TRUE increases and FALSE decreases count by one
+ * @param missing Number of missing installed packages
*/
- void (*set_angel_count)(imv_os_state_t *this, bool start);
+ void (*set_missing)(imv_os_state_t *this, uint16_t missing);
/**
- * Get the ITA Angel count
+ * Get number of installed packages still missing
*
- * @return ITA Angel count
+ * @return Number of missing installed packages
*/
- int (*get_angel_count)(imv_os_state_t *this);
+ uint16_t (*get_missing)(imv_os_state_t *this);
/**
* Store a bad package that has to be updated or removed
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 18446e7..2677b33 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
index 85ef23b..cbabc80 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -94,10 +94,14 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this,
ietf_attr_port_filter_t *port_filter_attr;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
@@ -121,17 +125,20 @@ static TNC_Result receive_msg(private_imv_scanner_agent_t *this,
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
TNC_IMV_EVALUATION_RESULT_ERROR);
- out_msg = imv_msg_create_as_reply(in_msg);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
+ out_msg->destroy(out_msg);
- return TNC_RESULT_SUCCESS;
+ return result;
}
METHOD(imv_agent_if_t, receive_message, TNC_Result,
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 24a49a7..8f9593f 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -71,6 +71,11 @@ struct private_imv_scanner_state_t {
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec;
@@ -211,6 +216,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_scanner_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
{
@@ -299,6 +310,7 @@ METHOD(imv_state_t, destroy, void,
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+ this->contracts->destroy(this->contracts);
this->violating_ports->destroy_function(this->violating_ports, free);
free(this);
}
@@ -354,6 +366,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session= _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -372,6 +385,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.violating_ports = linked_list_create(),
);
diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am
new file mode 100644
index 0000000..3a63b67
--- /dev/null
+++ b/src/libimcv/plugins/imv_swid/Makefile.am
@@ -0,0 +1,21 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libimcv
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS) $(json_CFLAGS)
+
+imcv_LTLIBRARIES = imv-swid.la
+
+imv_swid_la_LIBADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(json_LIBS)
+
+imv_swid_la_SOURCES = \
+ imv_swid.c imv_swid_state.h imv_swid_state.c \
+ imv_swid_agent.h imv_swid_agent.c \
+ imv_swid_rest.h imv_swid_rest.c
+
+imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in
new file mode 100644
index 0000000..815722f
--- /dev/null
+++ b/src/libimcv/plugins/imv_swid/Makefile.in
@@ -0,0 +1,769 @@
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libimcv/plugins/imv_swid
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(imcvdir)"
+LTLIBRARIES = $(imcv_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(am__DEPENDENCIES_1)
+am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \
+ imv_swid_agent.lo imv_swid_rest.lo
+imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS)
+AM_V_lt = $(am__v_lt_ at AM_V@)
+am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+imv_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(imv_swid_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_ at AM_V@)
+am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_ at AM_V@)
+am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_ at AM_V@)
+am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_ at AM_V@)
+am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(imv_swid_la_SOURCES)
+DIST_SOURCES = $(imv_swid_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libimcv
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS) $(json_CFLAGS)
+
+imcv_LTLIBRARIES = imv-swid.la
+imv_swid_la_LIBADD = \
+ $(top_builddir)/src/libimcv/libimcv.la \
+ $(top_builddir)/src/libstrongswan/libstrongswan.la \
+ $(json_LIBS)
+
+imv_swid_la_SOURCES = \
+ imv_swid.c imv_swid_state.h imv_swid_state.c \
+ imv_swid_agent.h imv_swid_agent.c \
+ imv_swid_rest.h imv_swid_rest.c
+
+imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
+ }
+
+uninstall-imcvLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
+ done
+
+clean-imcvLTLIBRARIES:
+ -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
+ @list='$(imcv_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+imv-swid.la: $(imv_swid_la_OBJECTS) $(imv_swid_la_DEPENDENCIES) $(EXTRA_imv_swid_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(imv_swid_la_LINK) -rpath $(imcvdir) $(imv_swid_la_OBJECTS) $(imv_swid_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_swid.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_swid_agent.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_swid_rest.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_swid_state.Plo at am__quote@
+
+.c.o:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+ at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+ at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+ at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(imcvdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-imcvLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-imcvLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
+ ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am \
+ install-imcvLTLIBRARIES install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-imcvLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libpts/plugins/imv_swid/imv_swid.c b/src/libimcv/plugins/imv_swid/imv_swid.c
similarity index 100%
rename from src/libpts/plugins/imv_swid/imv_swid.c
rename to src/libimcv/plugins/imv_swid/imv_swid.c
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c
new file mode 100644
index 0000000..5bebf32
--- /dev/null
+++ b/src/libimcv/plugins/imv_swid/imv_swid_agent.c
@@ -0,0 +1,726 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "imv_swid_agent.h"
+#include "imv_swid_state.h"
+#include "imv_swid_rest.h"
+
+#include <imcv.h>
+#include <imv/imv_agent.h>
+#include <imv/imv_msg.h>
+#include <ietf/ietf_attr_pa_tnc_error.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/swid/tcg_swid_attr_req.h"
+#include "tcg/swid/tcg_swid_attr_tag_inv.h"
+#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
+#include "swid/swid_error.h"
+#include "swid/swid_inventory.h"
+
+#include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
+
+#include <pen/pen.h>
+#include <utils/debug.h>
+#include <bio/bio_reader.h>
+
+typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
+
+/* Subscribed PA-TNC message subtypes */
+static pen_type_t msg_types[] = {
+ { PEN_TCG, PA_SUBTYPE_TCG_SWID }
+};
+
+/**
+ * Flag set when corresponding attribute has been received
+ */
+enum imv_swid_attr_t {
+ IMV_SWID_ATTR_TAG_INV = (1<<0),
+ IMV_SWID_ATTR_TAG_ID_INV = (1<<1)
+};
+
+/**
+ * Private data of an imv_swid_agent_t object.
+ */
+struct private_imv_swid_agent_t {
+
+ /**
+ * Public members of imv_swid_agent_t
+ */
+ imv_agent_if_t public;
+
+ /**
+ * IMV agent responsible for generic functions
+ */
+ imv_agent_t *agent;
+
+ /**
+ * REST API to strongTNC manager
+ */
+ imv_swid_rest_t *rest_api;
+
+};
+
+METHOD(imv_agent_if_t, bind_functions, TNC_Result,
+ private_imv_swid_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
+{
+ return this->agent->bind_functions(this->agent, bind_function);
+}
+
+METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
+ private_imv_swid_agent_t *this, TNC_ConnectionID id,
+ TNC_ConnectionState new_state)
+{
+ imv_state_t *state;
+
+ switch (new_state)
+ {
+ case TNC_CONNECTION_STATE_CREATE:
+ state = imv_swid_state_create(id);
+ return this->agent->create_state(this->agent, state);
+ case TNC_CONNECTION_STATE_DELETE:
+ return this->agent->delete_state(this->agent, id);
+ default:
+ return this->agent->change_state(this->agent, id, new_state, NULL);
+ }
+}
+
+/**
+ * Process a received message
+ */
+static TNC_Result receive_msg(private_imv_swid_agent_t *this,
+ imv_state_t *state, imv_msg_t *in_msg)
+{
+ imv_swid_state_t *swid_state;
+ imv_msg_t *out_msg;
+ enumerator_t *enumerator;
+ pa_tnc_attr_t *attr;
+ TNC_Result result;
+ bool fatal_error = FALSE;
+
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
+ /* parse received PA-TNC message and handle local and remote errors */
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ out_msg->destroy(out_msg);
+ return result;
+ }
+
+ swid_state = (imv_swid_state_t*)state;
+
+ /* analyze PA-TNC attributes */
+ enumerator = in_msg->create_attribute_enumerator(in_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ uint32_t request_id = 0, last_eid, eid_epoch;
+ swid_inventory_t *inventory;
+ pen_type_t type;
+
+ type = attr->get_type(attr);
+
+ if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
+ {
+ ietf_attr_pa_tnc_error_t *error_attr;
+ pen_type_t error_code;
+ chunk_t msg_info, description;
+ bio_reader_t *reader;
+ uint32_t max_attr_size;
+ bool success;
+
+ error_attr = (ietf_attr_pa_tnc_error_t*)attr;
+ error_code = error_attr->get_error_code(error_attr);
+
+ if (error_code.vendor_id == PEN_TCG)
+ {
+ fatal_error = TRUE;
+ msg_info = error_attr->get_msg_info(error_attr);
+ reader = bio_reader_create(msg_info);
+ success = reader->read_uint32(reader, &request_id);
+
+ DBG1(DBG_IMV, "received TCG error '%N' for request %d",
+ swid_error_code_names, error_code.type, request_id);
+ if (!success)
+ {
+ reader->destroy(reader);
+ continue;
+ }
+ if (error_code.type == TCG_SWID_RESPONSE_TOO_LARGE)
+ {
+ if (!reader->read_uint32(reader, &max_attr_size))
+ {
+ reader->destroy(reader);
+ continue;
+ }
+ DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes",
+ max_attr_size);
+ }
+ description = reader->peek(reader);
+ if (description.len)
+ {
+ DBG1(DBG_IMV, " description: %.*s", description.len,
+ description.ptr);
+ }
+ reader->destroy(reader);
+ }
+ }
+ else if (type.vendor_id != PEN_TCG)
+ {
+ continue;
+ }
+
+ switch (type.type)
+ {
+ case TCG_SWID_TAG_ID_INVENTORY:
+ {
+ tcg_swid_attr_tag_id_inv_t *attr_cast;
+ uint32_t missing;
+ int tag_id_count;
+
+ state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV);
+
+ attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
+ request_id = attr_cast->get_request_id(attr_cast);
+ last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
+ inventory = attr_cast->get_inventory(attr_cast);
+ tag_id_count = inventory->get_count(inventory);
+ missing = attr_cast->get_tag_id_count(attr_cast);
+ swid_state->set_missing(swid_state, missing);
+
+ DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s "
+ "for request %d at eid %d of epoch 0x%08x, %d item%s to "
+ "follow", tag_id_count, (tag_id_count == 1) ? "" : "s",
+ request_id, last_eid, eid_epoch, missing,
+ (missing == 1) ? "" : "s");
+
+ if (request_id == swid_state->get_request_id(swid_state))
+ {
+ swid_state->set_swid_inventory(swid_state, inventory);
+ swid_state->set_count(swid_state, tag_id_count, 0);
+ }
+ else
+ {
+ DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory "
+ "with request ID %d", request_id);
+ }
+ attr_cast->clear_inventory(attr_cast);
+ break;
+ }
+ case TCG_SWID_TAG_INVENTORY:
+ {
+ tcg_swid_attr_tag_inv_t *attr_cast;
+ swid_tag_t *tag;
+ chunk_t tag_encoding;
+ json_object *jobj, *jarray, *jstring;
+ char *tag_str;
+ uint32_t missing;
+ int tag_count;
+ enumerator_t *e;
+
+ state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV);
+
+ attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
+ request_id = attr_cast->get_request_id(attr_cast);
+ last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
+ inventory = attr_cast->get_inventory(attr_cast);
+ tag_count = inventory->get_count(inventory);
+ missing = attr_cast->get_tag_count(attr_cast);
+ swid_state->set_missing(swid_state, missing);
+
+ DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for "
+ "request %d at eid %d of epoch 0x%08x, %d item%s to follow",
+ tag_count, (tag_count == 1) ? "" : "s", request_id,
+ last_eid, eid_epoch, missing, (missing == 1) ? "" : "s");
+
+ if (request_id == swid_state->get_request_id(swid_state))
+ {
+ swid_state->set_count(swid_state, 0, tag_count);
+
+ if (this->rest_api)
+ {
+ jobj = json_object_new_object();
+ jarray = json_object_new_array();
+ json_object_object_add(jobj, "data", jarray);
+
+ e = inventory->create_enumerator(inventory);
+ while (e->enumerate(e, &tag))
+ {
+ tag_encoding = tag->get_encoding(tag);
+ tag_str = strndup(tag_encoding.ptr, tag_encoding.len);
+ DBG3(DBG_IMV, "%s", tag_str);
+ jstring = json_object_new_string(tag_str);
+ json_object_array_add(jarray, jstring);
+ free(tag_str);
+ }
+ e->destroy(e);
+
+ if (this->rest_api->post(this->rest_api,
+ "swid/add-tags/", jobj, NULL) != SUCCESS)
+ {
+ DBG1(DBG_IMV, "error in REST API add-tags request");
+ }
+ json_object_put(jobj);
+ }
+ }
+ else
+ {
+ DBG1(DBG_IMV, "no workitem found for SWID tag inventory "
+ "with request ID %d", request_id);
+ }
+ attr_cast->clear_inventory(attr_cast);
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (fatal_error)
+ {
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
+ TNC_IMV_EVALUATION_RESULT_ERROR);
+ result = out_msg->send_assessment(out_msg);
+ if (result == TNC_RESULT_SUCCESS)
+ {
+ result = this->agent->provide_recommendation(this->agent, state);
+ }
+ }
+ else
+ {
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
+ }
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
+METHOD(imv_agent_if_t, receive_message, TNC_Result,
+ private_imv_swid_agent_t *this, TNC_ConnectionID id,
+ TNC_MessageType msg_type, chunk_t msg)
+{
+ imv_state_t *state;
+ imv_msg_t *in_msg;
+ TNC_Result result;
+
+ if (!this->agent->get_state(this->agent, id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg);
+ result = receive_msg(this, state, in_msg);
+ in_msg->destroy(in_msg);
+
+ return result;
+}
+
+METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
+ private_imv_swid_agent_t *this, TNC_ConnectionID id,
+ TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
+ TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg)
+{
+ imv_state_t *state;
+ imv_msg_t *in_msg;
+ TNC_Result result;
+
+ if (!this->agent->get_state(this->agent, id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ in_msg = imv_msg_create_from_long_data(this->agent, state, id,
+ src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg);
+ result = receive_msg(this, state, in_msg);
+ in_msg->destroy(in_msg);
+
+ return result;
+
+}
+
+METHOD(imv_agent_if_t, batch_ending, TNC_Result,
+ private_imv_swid_agent_t *this, TNC_ConnectionID id)
+{
+ imv_msg_t *out_msg;
+ imv_state_t *state;
+ imv_session_t *session;
+ imv_workitem_t *workitem;
+ imv_swid_state_t *swid_state;
+ imv_swid_handshake_state_t handshake_state;
+ pa_tnc_attr_t *attr;
+ TNC_IMVID imv_id;
+ TNC_Result result = TNC_RESULT_SUCCESS;
+ bool no_workitems = TRUE;
+ uint32_t request_id, received;
+ uint8_t flags;
+ enumerator_t *enumerator;
+
+ if (!this->agent->get_state(this->agent, id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ swid_state = (imv_swid_state_t*)state;
+ handshake_state = swid_state->get_handshake_state(swid_state);
+ session = state->get_session(state);
+ imv_id = this->agent->get_id(this->agent);
+
+ if (handshake_state == IMV_SWID_STATE_END)
+ {
+ return TNC_RESULT_SUCCESS;
+ }
+
+ /* Create an empty out message - we might need it */
+ out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
+ msg_types[0]);
+
+ if (!imcv_db)
+ {
+ DBG2(DBG_IMV, "no workitems available - no evaluation possible");
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+ TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ result = out_msg->send_assessment(out_msg);
+ out_msg->destroy(out_msg);
+ swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
+
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ return result;
+ }
+ return this->agent->provide_recommendation(this->agent, state);
+ }
+
+ /* Look for SWID tag workitem and create SWID tag request */
+ if (handshake_state == IMV_SWID_STATE_INIT &&
+ session->get_policy_started(session))
+ {
+ size_t max_attr_size = SWID_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+
+ enumerator = session->create_workitem_enumerator(session);
+ if (enumerator)
+ {
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY ||
+ workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS)
+ {
+ continue;
+ }
+
+ flags = TCG_SWID_ATTR_REQ_FLAG_NONE;
+ if (strchr(workitem->get_arg_str(workitem), 'R'))
+ {
+ flags |= TCG_SWID_ATTR_REQ_FLAG_R;
+ }
+ if (strchr(workitem->get_arg_str(workitem), 'S'))
+ {
+ flags |= TCG_SWID_ATTR_REQ_FLAG_S;
+ }
+ if (strchr(workitem->get_arg_str(workitem), 'C'))
+ {
+ flags |= TCG_SWID_ATTR_REQ_FLAG_C;
+ }
+
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Issue a SWID request */
+ request_id = workitem->get_id(workitem);
+ swid_state->set_request_id(swid_state, request_id);
+ attr = tcg_swid_attr_req_create(flags, request_id, 0);
+ out_msg->add_attribute(out_msg, attr);
+ workitem->set_imv_id(workitem, imv_id);
+ no_workitems = FALSE;
+ DBG2(DBG_IMV, "IMV %d issues SWID request %d",
+ imv_id, request_id);
+ break;
+ }
+ enumerator->destroy(enumerator);
+
+ if (no_workitems)
+ {
+ DBG2(DBG_IMV, "IMV %d has no workitems - "
+ "no evaluation requested", imv_id);
+ state->set_recommendation(state,
+ TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+ TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ }
+ handshake_state = IMV_SWID_STATE_WORKITEMS;
+ swid_state->set_handshake_state(swid_state, handshake_state);
+ }
+ }
+
+ received = state->get_action_flags(state);
+
+ if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
+ (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) &&
+ swid_state->get_missing(swid_state) == 0)
+ {
+ TNC_IMV_Evaluation_Result eval;
+ TNC_IMV_Action_Recommendation rec;
+ char result_str[BUF_LEN], *error_str = "", *command;
+ char *target, *separator;
+ int tag_id_count, tag_count, i;
+ chunk_t tag_creator, unique_sw_id;
+ json_object *jrequest, *jresponse, *jvalue;
+ tcg_swid_attr_req_t *cast_attr;
+ swid_tag_id_t *tag_id;
+ status_t status = SUCCESS;
+
+ if (this->rest_api && (received & IMV_SWID_ATTR_TAG_ID_INV))
+ {
+ if (asprintf(&command, "sessions/%d/swid-measurement/",
+ session->get_session_id(session, NULL, NULL)) < 0)
+ {
+ error_str = "allocation of command string failed";
+ status = FAILED;
+ }
+ else
+ {
+ jrequest = swid_state->get_swid_inventory(swid_state);
+ status = this->rest_api->post(this->rest_api, command,
+ jrequest, &jresponse);
+ if (status == FAILED)
+ {
+ error_str = "error in REST API swid-measurement request";
+ }
+ free(command);
+ }
+ }
+
+ switch (status)
+ {
+ case SUCCESS:
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
+ {
+ swid_state->get_count(swid_state, &tag_id_count,
+ &tag_count);
+ snprintf(result_str, BUF_LEN, "received inventory of "
+ "%d SWID tag ID%s and %d SWID tag%s",
+ tag_id_count, (tag_id_count == 1) ? "" : "s",
+ tag_count, (tag_count == 1) ? "" : "s");
+ session->remove_workitem(session, enumerator);
+
+ eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ break;
+ case NEED_MORE:
+ if (received & IMV_SWID_ATTR_TAG_INV)
+ {
+ error_str = "not all requested SWID tags were received";
+ status = FAILED;
+ json_object_put(jresponse);
+ break;
+ }
+ if (json_object_get_type(jresponse) != json_type_array)
+ {
+ error_str = "response was not a json_array";
+ status = FAILED;
+ json_object_put(jresponse);
+ break;
+ }
+
+ /* Create a TCG SWID Request attribute */
+ attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE,
+ swid_state->get_request_id(swid_state), 0);
+ tag_id_count = json_object_array_length(jresponse);
+ DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count,
+ (tag_id_count == 1) ? "" : "s");
+ swid_state->set_missing(swid_state, tag_id_count);
+
+ for (i = 0; i < tag_id_count; i++)
+ {
+ jvalue = json_object_array_get_idx(jresponse, i);
+ if (json_object_get_type(jvalue) != json_type_string)
+ {
+ error_str = "json_string element expected in json_array";
+ status = FAILED;
+ json_object_put(jresponse);
+ break;
+ }
+ target = (char*)json_object_get_string(jvalue);
+ DBG1(DBG_IMV, " %s", target);
+
+ /* Separate target into tag_creator and unique_sw_id */
+ separator = strchr(target, '_');
+ if (!separator)
+ {
+ error_str = "separation of regid from "
+ "unique software ID failed";
+ break;
+ }
+ tag_creator = chunk_create(target, separator - target);
+ separator++;
+ unique_sw_id = chunk_create(separator, strlen(target) -
+ tag_creator.len - 1);
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id,
+ chunk_empty);
+ cast_attr = (tcg_swid_attr_req_t*)attr;
+ cast_attr->add_target(cast_attr, tag_id);
+ }
+ json_object_put(jresponse);
+
+ out_msg->add_attribute(out_msg, attr);
+ break;
+ case FAILED:
+ default:
+ break;
+ }
+
+ if (status == FAILED)
+ {
+ enumerator = session->create_workitem_enumerator(session);
+ while (enumerator->enumerate(enumerator, &workitem))
+ {
+ if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
+ {
+ session->remove_workitem(session, enumerator);
+ eval = TNC_IMV_EVALUATION_RESULT_ERROR;
+ rec = workitem->set_result(workitem, error_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ }
+
+ /* finalized all workitems ? */
+ if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
+ session->get_workitem_count(session, imv_id) == 0)
+ {
+ result = out_msg->send_assessment(out_msg);
+ out_msg->destroy(out_msg);
+ swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
+
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ return result;
+ }
+ return this->agent->provide_recommendation(this->agent, state);
+ }
+
+ /* send non-empty PA-TNC message with excl flag not set */
+ if (out_msg->get_attribute_count(out_msg))
+ {
+ result = out_msg->send(out_msg, FALSE);
+ }
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
+METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
+ private_imv_swid_agent_t *this, TNC_ConnectionID id)
+{
+ imv_state_t *state;
+
+ if (!this->agent->get_state(this->agent, id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ return this->agent->provide_recommendation(this->agent, state);
+}
+
+METHOD(imv_agent_if_t, destroy, void,
+ private_imv_swid_agent_t *this)
+{
+ DESTROY_IF(this->rest_api);
+ this->agent->destroy(this->agent);
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
+ TNC_Version *actual_version)
+{
+ private_imv_swid_agent_t *this;
+ imv_agent_t *agent;
+ char *rest_api_uri;
+ u_int rest_api_timeout;
+
+ agent = imv_agent_create(name, msg_types, countof(msg_types), id,
+ actual_version);
+ if (!agent)
+ {
+ return NULL;
+ }
+ agent->add_non_fatal_attr_type(agent,
+ pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ));
+
+ INIT(this,
+ .public = {
+ .bind_functions = _bind_functions,
+ .notify_connection_change = _notify_connection_change,
+ .receive_message = _receive_message,
+ .receive_message_long = _receive_message_long,
+ .batch_ending = _batch_ending,
+ .solicit_recommendation = _solicit_recommendation,
+ .destroy = _destroy,
+ },
+ .agent = agent,
+ );
+
+ rest_api_uri = lib->settings->get_str(lib->settings,
+ "%s.plugins.imv-swid.rest_api_uri", NULL, lib->ns);
+ rest_api_timeout = lib->settings->get_int(lib->settings,
+ "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns);
+ if (rest_api_uri)
+ {
+ this->rest_api = imv_swid_rest_create(rest_api_uri, rest_api_timeout);
+ }
+
+ return &this->public;
+}
+
diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.h b/src/libimcv/plugins/imv_swid/imv_swid_agent.h
similarity index 100%
rename from src/libpts/plugins/imv_swid/imv_swid_agent.h
rename to src/libimcv/plugins/imv_swid/imv_swid_agent.h
diff --git a/src/libpts/plugins/imv_swid/imv_swid_rest.c b/src/libimcv/plugins/imv_swid/imv_swid_rest.c
similarity index 100%
rename from src/libpts/plugins/imv_swid/imv_swid_rest.c
rename to src/libimcv/plugins/imv_swid/imv_swid_rest.c
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_rest.h b/src/libimcv/plugins/imv_swid/imv_swid_rest.h
new file mode 100644
index 0000000..32392cb
--- /dev/null
+++ b/src/libimcv/plugins/imv_swid/imv_swid_rest.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_swid imv_swid
+ * @ingroup libimcv_plugins
+ *
+ * @defgroup imv_swid_rest_t imv_swid_rest
+ * @{ @ingroup imv_swid
+ */
+
+#ifndef IMV_SWID_REST_H_
+#define IMV_SWID_REST_H_
+
+#include <library.h>
+
+#include <json.h>
+
+typedef struct imv_swid_rest_t imv_swid_rest_t;
+
+/**
+ * Public REST interface
+ */
+struct imv_swid_rest_t {
+
+ /**
+ * Post a HTTP request including a JSON object
+ *
+ * @param jreq JSON object in HTTP request
+ * @param jresp JSON object in HTTP response if NEED_MORE
+ * @return Status (SUCCESS, NEED_MORE or FAILED)
+ */
+ status_t (*post)(imv_swid_rest_t *this, char *command, json_object *jreq,
+ json_object **jresp);
+
+ /**
+ * Destroy imv_swid_rest_t object
+ */
+ void (*destroy)(imv_swid_rest_t *this);
+
+};
+
+/**
+ * Create an imv_swid_rest_t instance
+ *
+ * @param uri REST URI (http://username:password@hostname[:port]/api/)
+ * @param timeout Timeout of the REST connection
+ */
+imv_swid_rest_t* imv_swid_rest_create(char *uri, u_int timeout);
+
+#endif /** IMV_SWID_REST_H_ @}*/
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c
new file mode 100644
index 0000000..04364b0
--- /dev/null
+++ b/src/libimcv/plugins/imv_swid/imv_swid_state.c
@@ -0,0 +1,402 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_swid_state.h"
+
+#include <imv/imv_lang_string.h>
+#include <imv/imv_reason_string.h>
+#include <imv/imv_remediation_string.h>
+#include <swid/swid_tag_id.h>
+
+#include <tncif_policy.h>
+
+#include <utils/lexparser.h>
+#include <utils/debug.h>
+
+typedef struct private_imv_swid_state_t private_imv_swid_state_t;
+
+/**
+ * Private data of an imv_swid_state_t object.
+ */
+struct private_imv_swid_state_t {
+
+ /**
+ * Public members of imv_swid_state_t
+ */
+ imv_swid_state_t public;
+
+ /**
+ * TNCCS connection ID
+ */
+ TNC_ConnectionID connection_id;
+
+ /**
+ * TNCCS connection state
+ */
+ TNC_ConnectionState state;
+
+ /**
+ * Does the TNCCS connection support long message types?
+ */
+ bool has_long;
+
+ /**
+ * Does the TNCCS connection support exclusive delivery?
+ */
+ bool has_excl;
+
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ uint32_t max_msg_len;
+
+ /**
+ * Flags set for completed actions
+ */
+ uint32_t action_flags;
+
+ /**
+ * IMV database session associated with TNCCS connection
+ */
+ imv_session_t *session;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
+ * IMV action recommendation
+ */
+ TNC_IMV_Action_Recommendation rec;
+
+ /**
+ * IMV evaluation result
+ */
+ TNC_IMV_Evaluation_Result eval;
+
+ /**
+ * IMV Scanner handshake state
+ */
+ imv_swid_handshake_state_t handshake_state;
+
+ /**
+ * TNC Reason String
+ */
+ imv_reason_string_t *reason_string;
+
+ /**
+ * IETF Remediation Instructions String
+ */
+ imv_remediation_string_t *remediation_string;
+
+ /**
+ * SWID Tag Request ID
+ */
+ uint32_t request_id;
+
+ /**
+ * Number of processed SWID Tag IDs
+ */
+ int tag_id_count;
+
+ /**
+ * Number of processed SWID Tags
+ */
+ int tag_count;
+
+ /**
+ * Number of missing SWID Tags or Tag IDs
+ */
+ uint32_t missing;
+
+ /**
+ * Top level JSON object
+ */
+ json_object *jobj;
+
+ /**
+ * JSON array containing an inventory of SWID Tag IDs
+ */
+ json_object *jarray;
+
+};
+
+METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
+ private_imv_swid_state_t *this)
+{
+ return this->connection_id;
+}
+
+METHOD(imv_state_t, has_long, bool,
+ private_imv_swid_state_t *this)
+{
+ return this->has_long;
+}
+
+METHOD(imv_state_t, has_excl, bool,
+ private_imv_swid_state_t *this)
+{
+ return this->has_excl;
+}
+
+METHOD(imv_state_t, set_flags, void,
+ private_imv_swid_state_t *this, bool has_long, bool has_excl)
+{
+ this->has_long = has_long;
+ this->has_excl = has_excl;
+}
+
+METHOD(imv_state_t, set_max_msg_len, void,
+ private_imv_swid_state_t *this, uint32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imv_state_t, get_max_msg_len, uint32_t,
+ private_imv_swid_state_t *this)
+{
+ return this->max_msg_len;
+}
+
+METHOD(imv_state_t, set_action_flags, void,
+ private_imv_swid_state_t *this, uint32_t flags)
+{
+ this->action_flags |= flags;
+}
+
+METHOD(imv_state_t, get_action_flags, uint32_t,
+ private_imv_swid_state_t *this)
+{
+ return this->action_flags;
+}
+
+METHOD(imv_state_t, set_session, void,
+ private_imv_swid_state_t *this, imv_session_t *session)
+{
+ this->session = session;
+}
+
+METHOD(imv_state_t, get_session, imv_session_t*,
+ private_imv_swid_state_t *this)
+{
+ return this->session;
+}
+
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_swid_state_t *this)
+{
+ return this->contracts;
+}
+
+METHOD(imv_state_t, change_state, void,
+ private_imv_swid_state_t *this, TNC_ConnectionState new_state)
+{
+ this->state = new_state;
+}
+
+METHOD(imv_state_t, get_recommendation, void,
+ private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation *rec,
+ TNC_IMV_Evaluation_Result *eval)
+{
+ *rec = this->rec;
+ *eval = this->eval;
+}
+
+METHOD(imv_state_t, set_recommendation, void,
+ private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval)
+{
+ this->rec = rec;
+ this->eval = eval;
+}
+
+METHOD(imv_state_t, update_recommendation, void,
+ private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec,
+ TNC_IMV_Evaluation_Result eval)
+{
+ this->rec = tncif_policy_update_recommendation(this->rec, rec);
+ this->eval = tncif_policy_update_evaluation(this->eval, eval);
+}
+
+METHOD(imv_state_t, get_reason_string, bool,
+ private_imv_swid_state_t *this, enumerator_t *language_enumerator,
+ chunk_t *reason_string, char **reason_language)
+{
+ return FALSE;
+}
+
+METHOD(imv_state_t, get_remediation_instructions, bool,
+ private_imv_swid_state_t *this, enumerator_t *language_enumerator,
+ chunk_t *string, char **lang_code, char **uri)
+{
+ return FALSE;
+}
+
+METHOD(imv_state_t, destroy, void,
+ private_imv_swid_state_t *this)
+{
+ json_object_put(this->jobj);
+ DESTROY_IF(this->session);
+ DESTROY_IF(this->reason_string);
+ DESTROY_IF(this->remediation_string);
+ this->contracts->destroy(this->contracts);
+ free(this);
+}
+
+METHOD(imv_swid_state_t, set_handshake_state, void,
+ private_imv_swid_state_t *this, imv_swid_handshake_state_t new_state)
+{
+ this->handshake_state = new_state;
+}
+
+METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t,
+ private_imv_swid_state_t *this)
+{
+ return this->handshake_state;
+}
+
+METHOD(imv_swid_state_t, set_request_id, void,
+ private_imv_swid_state_t *this, uint32_t request_id)
+{
+ this->request_id = request_id;
+}
+
+METHOD(imv_swid_state_t, get_request_id, uint32_t,
+ private_imv_swid_state_t *this)
+{
+ return this->request_id;
+}
+
+METHOD(imv_swid_state_t, set_swid_inventory, void,
+ private_imv_swid_state_t *this, swid_inventory_t *inventory)
+{
+ chunk_t tag_creator, unique_sw_id;
+ char software_id[256];
+ json_object *jstring;
+ swid_tag_id_t *tag_id;
+ enumerator_t *enumerator;
+
+ enumerator = inventory->create_enumerator(inventory);
+ while (enumerator->enumerate(enumerator, &tag_id))
+ {
+ /* Construct software ID from tag creator and unique software ID */
+ tag_creator = tag_id->get_tag_creator(tag_id);
+ unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
+ snprintf(software_id, 256, "%.*s_%.*s",
+ tag_creator.len, tag_creator.ptr,
+ unique_sw_id.len, unique_sw_id.ptr);
+ DBG3(DBG_IMV, " %s", software_id);
+
+ /* Add software ID to JSON array */
+ jstring = json_object_new_string(software_id);
+ json_object_array_add(this->jarray, jstring);
+ }
+ enumerator->destroy(enumerator);
+}
+
+METHOD(imv_swid_state_t, get_swid_inventory, json_object*,
+ private_imv_swid_state_t *this)
+{
+ return this->jobj;
+}
+
+METHOD(imv_swid_state_t, set_missing, void,
+ private_imv_swid_state_t *this, uint32_t count)
+{
+ this->missing = count;
+}
+
+METHOD(imv_swid_state_t, get_missing, uint32_t,
+ private_imv_swid_state_t *this)
+{
+ return this->missing;
+}
+
+METHOD(imv_swid_state_t, set_count, void,
+ private_imv_swid_state_t *this, int tag_id_count, int tag_count)
+{
+ this->tag_id_count += tag_id_count;
+ this->tag_count += tag_count;
+}
+
+METHOD(imv_swid_state_t, get_count, void,
+ private_imv_swid_state_t *this, int *tag_id_count, int *tag_count)
+{
+ if (tag_id_count)
+ {
+ *tag_id_count = this->tag_id_count;
+ }
+ if (tag_count)
+ {
+ *tag_count = this->tag_count;
+ }
+}
+
+/**
+ * Described in header.
+ */
+imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
+{
+ private_imv_swid_state_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .get_connection_id = _get_connection_id,
+ .has_long = _has_long,
+ .has_excl = _has_excl,
+ .set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
+ .set_action_flags = _set_action_flags,
+ .get_action_flags = _get_action_flags,
+ .set_session = _set_session,
+ .get_session= _get_session,
+ .get_contracts = _get_contracts,
+ .change_state = _change_state,
+ .get_recommendation = _get_recommendation,
+ .set_recommendation = _set_recommendation,
+ .update_recommendation = _update_recommendation,
+ .get_reason_string = _get_reason_string,
+ .get_remediation_instructions = _get_remediation_instructions,
+ .destroy = _destroy,
+ },
+ .set_handshake_state = _set_handshake_state,
+ .get_handshake_state = _get_handshake_state,
+ .set_request_id = _set_request_id,
+ .get_request_id = _get_request_id,
+ .set_swid_inventory = _set_swid_inventory,
+ .get_swid_inventory = _get_swid_inventory,
+ .set_missing = _set_missing,
+ .get_missing = _get_missing,
+ .set_count = _set_count,
+ .get_count = _get_count,
+ },
+ .state = TNC_CONNECTION_STATE_CREATE,
+ .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
+ .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
+ .jobj = json_object_new_object(),
+ .jarray = json_object_new_array(),
+ );
+
+ json_object_object_add(this->jobj, "data", this->jarray);
+
+ return &this->public.interface;
+}
+
+
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.h b/src/libimcv/plugins/imv_swid/imv_swid_state.h
new file mode 100644
index 0000000..af5d95c
--- /dev/null
+++ b/src/libimcv/plugins/imv_swid/imv_swid_state.h
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_swid imv_swid
+ * @ingroup libimcv_plugins
+ *
+ * @defgroup imv_swid_state_t imv_swid_state
+ * @{ @ingroup imv_swid
+ */
+
+#ifndef IMV_SWID_STATE_H_
+#define IMV_SWID_STATE_H_
+
+#include <imv/imv_state.h>
+#include <swid/swid_inventory.h>
+#include <library.h>
+
+#include <json.h>
+
+typedef struct imv_swid_state_t imv_swid_state_t;
+typedef enum imv_swid_handshake_state_t imv_swid_handshake_state_t;
+
+/**
+ * IMV OS Handshake States (state machine)
+ */
+enum imv_swid_handshake_state_t {
+ IMV_SWID_STATE_INIT,
+ IMV_SWID_STATE_WORKITEMS,
+ IMV_SWID_STATE_END
+};
+
+/**
+ * Internal state of an imv_swid_t connection instance
+ */
+struct imv_swid_state_t {
+
+ /**
+ * imv_state_t interface
+ */
+ imv_state_t interface;
+
+ /**
+ * Set state of the handshake
+ *
+ * @param new_state the handshake state of IMV
+ */
+ void (*set_handshake_state)(imv_swid_state_t *this,
+ imv_swid_handshake_state_t new_state);
+
+ /**
+ * Get state of the handshake
+ *
+ * @return the handshake state of IMV
+ */
+ imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
+
+ /**
+ * Set the SWID request ID
+ *
+ * @param request_id SWID request ID to be set
+ */
+ void (*set_request_id)(imv_swid_state_t *this, uint32_t request_id);
+
+ /**
+ * Get the SWID request ID
+ *
+ * @return SWID request ID
+ */
+ uint32_t (*get_request_id)(imv_swid_state_t *this);
+
+ /**
+ * Set or extend the SWID Tag ID inventory in the state
+ *
+ * @param inventory SWID Tags ID inventory to be added
+ */
+ void (*set_swid_inventory)(imv_swid_state_t *this, swid_inventory_t *inventory);
+
+ /**
+ * Get the encoding of the complete SWID Tag ID inventory
+ *
+ * @return SWID Tags ID inventory as a JSON array
+ */
+ json_object* (*get_swid_inventory)(imv_swid_state_t *this);
+
+ /**
+ * Set the number of still missing SWID Tags or Tag IDs
+ *
+ * @param count Number of missing SWID Tags or Tag IDs
+ */
+ void (*set_missing)(imv_swid_state_t *this, uint32_t count);
+
+ /**
+ * Get the number of still missing SWID Tags or Tag IDs
+ *
+ * @result Number of missing SWID Tags or Tag IDs
+ */
+ uint32_t (*get_missing)(imv_swid_state_t *this);
+
+ /**
+ * Set [or with multiple attributes increment] SWID Tag [ID] counters
+ *
+ * @param tag_id_count Number of received SWID Tag IDs
+ * @param tag_count Number of received SWID Tags
+ */
+ void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count);
+
+ /**
+ * Set [or with multiple attributes increment] SWID Tag [ID] counters
+ *
+ * @param tag_id_count Number of received SWID Tag IDs
+ * @param tag_count Number of received SWID Tags
+ */
+ void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count);
+};
+
+/**
+ * Create an imv_swid_state_t instance
+ *
+ * @param id connection ID
+ */
+imv_state_t* imv_swid_state_create(TNC_ConnectionID id);
+
+#endif /** IMV_SWID_STATE_H_ @}*/
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index 5ac6a8f..66da75a 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.c b/src/libimcv/plugins/imv_test/imv_test_agent.c
index 4263000..5e4b486 100644
--- a/src/libimcv/plugins/imv_test/imv_test_agent.c
+++ b/src/libimcv/plugins/imv_test/imv_test_agent.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -94,10 +94,14 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
int rounds;
bool fatal_error = FALSE, received_command = FALSE, retry = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imv_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
@@ -172,14 +176,12 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
state->set_recommendation(state,
TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
TNC_IMV_EVALUATION_RESULT_ERROR);
- out_msg = imv_msg_create_as_reply(in_msg);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
+ return result;
}
/* request a handshake retry ? */
@@ -195,7 +197,6 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
/* repeat the measurement ? */
if (test_state->another_round(test_state, in_msg->get_src_id(in_msg)))
{
- out_msg = imv_msg_create_as_reply(in_msg);
attr = ita_attr_command_create("repeat");
out_msg->add_attribute(out_msg, attr);
@@ -208,19 +209,20 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state
if (received_command)
{
- out_msg = imv_msg_create_as_reply(in_msg);
result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
+ if (result == TNC_RESULT_SUCCESS)
{
- return result;
+ result = this->agent->provide_recommendation(this->agent, state);
}
- return this->agent->provide_recommendation(this->agent, state);
}
else
{
- return TNC_RESULT_SUCCESS;
+ /* send PA-TNC message with the EXCL flag set */
+ result = out_msg->send(out_msg, TRUE);
}
+ out_msg->destroy(out_msg);
+
+ return result;
}
METHOD(imv_agent_if_t, receive_message, TNC_Result,
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index 3564456..c20d00b 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2013 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -66,6 +66,11 @@ struct private_imv_test_state_t {
imv_session_t *session;
/**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
+ /**
* IMV action recommendation
*/
TNC_IMV_Action_Recommendation rec;
@@ -162,6 +167,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_test_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_test_state_t *this, TNC_ConnectionState new_state)
{
@@ -220,6 +231,7 @@ METHOD(imv_state_t, destroy, void,
{
DESTROY_IF(this->session);
DESTROY_IF(this->reason_string);
+ this->contracts->destroy(this->contracts);
this->imcs->destroy_function(this->imcs, free);
free(this);
}
@@ -307,6 +319,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
.get_max_msg_len = _get_max_msg_len,
.set_session = _set_session,
.get_session = _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
@@ -323,6 +336,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.imcs = linked_list_create(),
);
diff --git a/src/libpts/pts/components/ita/ita_comp_func_name.c b/src/libimcv/pts/components/ita/ita_comp_func_name.c
similarity index 100%
rename from src/libpts/pts/components/ita/ita_comp_func_name.c
rename to src/libimcv/pts/components/ita/ita_comp_func_name.c
diff --git a/src/libpts/pts/components/ita/ita_comp_func_name.h b/src/libimcv/pts/components/ita/ita_comp_func_name.h
similarity index 100%
rename from src/libpts/pts/components/ita/ita_comp_func_name.h
rename to src/libimcv/pts/components/ita/ita_comp_func_name.h
diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.c b/src/libimcv/pts/components/ita/ita_comp_ima.c
new file mode 100644
index 0000000..3f92b04
--- /dev/null
+++ b/src/libimcv/pts/components/ita/ita_comp_ima.c
@@ -0,0 +1,914 @@
+/*
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ita_comp_ima.h"
+#include "ita_comp_func_name.h"
+
+#include "imcv.h"
+#include "pts/pts_pcr.h"
+#include "pts/pts_ima_bios_list.h"
+#include "pts/pts_ima_event_list.h"
+#include "pts/components/pts_component.h"
+
+#include <utils/debug.h>
+#include <crypto/hashers/hasher.h>
+#include <pen/pen.h>
+
+#define SECURITY_DIR "/sys/kernel/security/"
+#define IMA_BIOS_MEASUREMENTS SECURITY_DIR "tpm0/binary_bios_measurements"
+#define IMA_RUNTIME_MEASUREMENTS SECURITY_DIR "ima/binary_runtime_measurements"
+#define IMA_FILENAME_LEN_MAX 255
+
+typedef struct pts_ita_comp_ima_t pts_ita_comp_ima_t;
+typedef enum ima_state_t ima_state_t;
+
+enum ima_state_t {
+ IMA_STATE_INIT,
+ IMA_STATE_BIOS,
+ IMA_STATE_BOOT_AGGREGATE,
+ IMA_STATE_RUNTIME,
+ IMA_STATE_END
+};
+
+/**
+ * Private data of a pts_ita_comp_ima_t object.
+ *
+ */
+struct pts_ita_comp_ima_t {
+
+ /**
+ * Public pts_component_t interface.
+ */
+ pts_component_t public;
+
+ /**
+ * Component Functional Name
+ */
+ pts_comp_func_name_t *name;
+
+ /**
+ * Sub-component depth
+ */
+ uint32_t depth;
+
+ /**
+ * PTS measurement database
+ */
+ pts_database_t *pts_db;
+
+ /**
+ * Primary key for AIK database entry
+ */
+ int aik_id;
+
+ /**
+ * Primary key for IMA BIOS Component Functional Name database entry
+ */
+ int bios_cid;
+
+ /**
+ * Primary key for IMA Runtime Component Functional Name database entry
+ */
+ int ima_cid;
+
+ /**
+ * Component is registering IMA BIOS measurements
+ */
+ bool is_bios_registering;
+
+ /**
+ * Component is registering IMA boot aggregate measurement
+ */
+ bool is_ima_registering;
+
+ /**
+ * Measurement sequence number
+ */
+ int seq_no;
+
+ /**
+ * Expected IMA BIOS measurement count
+ */
+ int bios_count;
+
+ /**
+ * IMA BIOS measurements
+ */
+ pts_ima_bios_list_t *bios_list;
+
+ /**
+ * IMA runtime file measurements
+ */
+ pts_ima_event_list_t *ima_list;
+
+ /**
+ * Whether to send pcr_before and pcr_after info
+ */
+ bool pcr_info;
+
+ /**
+ * Creation time of measurement
+ */
+ time_t creation_time;
+
+ /**
+ * IMA state machine
+ */
+ ima_state_t state;
+
+ /**
+ * Total number of component measurements
+ */
+ int count;
+
+ /**
+ * Number of successful component measurements
+ */
+ int count_ok;
+
+ /**
+ * Number of unknown component measurements
+ */
+ int count_unknown;
+
+ /**
+ * Number of differing component measurements
+ */
+ int count_differ;
+
+ /**
+ * Number of failed component measurements
+ */
+ int count_failed;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+
+};
+
+/**
+ * Extend measurement into PCR and create evidence
+ */
+static pts_comp_evidence_t* extend_pcr(pts_ita_comp_ima_t* this,
+ uint8_t qualifier, pts_pcr_t *pcrs,
+ uint32_t pcr, chunk_t measurement)
+{
+ size_t pcr_len;
+ pts_pcr_transform_t pcr_transform;
+ pts_meas_algorithms_t hash_algo;
+ pts_comp_func_name_t *name;
+ pts_comp_evidence_t *evidence;
+ chunk_t pcr_before = chunk_empty, pcr_after = chunk_empty;
+
+ hash_algo = PTS_MEAS_ALGO_SHA1;
+ pcr_len = HASH_SIZE_SHA1;
+ pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
+
+ if (this->pcr_info)
+ {
+ pcr_before = chunk_clone(pcrs->get(pcrs, pcr));
+ }
+ pcr_after = pcrs->extend(pcrs, pcr, measurement);
+ if (!pcr_after.ptr)
+ {
+ free(pcr_before.ptr);
+ return NULL;
+ }
+ name = this->name->clone(this->name);
+ name->set_qualifier(name, qualifier);
+ evidence = pts_comp_evidence_create(name, this->depth, pcr, hash_algo,
+ pcr_transform, this->creation_time, measurement);
+ if (this->pcr_info)
+ {
+ pcr_after =chunk_clone(pcrs->get(pcrs, pcr));
+ evidence->set_pcr_info(evidence, pcr_before, pcr_after);
+ }
+ return evidence;
+}
+
+/**
+ * Generate an IMA or IMA-NG hash from an event digest and event name
+ *
+ * @param digest event digest
+ * @param ima_algo hash algorithm string ("sha1:", "sha256:", etc.)
+ * @param ima_name event name
+ * @param little_endian endianness of client platform
+ * @param algo hash algorithm used by TPM
+ * @param hash_buf hash value to be compared with TPM measurement
+ */
+static bool ima_hash(chunk_t digest, char *ima_algo, char *ima_name,
+ bool little_endian, pts_meas_algorithms_t algo,
+ char *hash_buf)
+{
+ hash_algorithm_t hash_alg;
+ hasher_t *hasher;
+ bool success;
+
+ hash_alg = pts_meas_algo_to_hash(algo);
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+ if (!hasher)
+ {
+ DBG1(DBG_PTS, "%N hasher could not be created",
+ hash_algorithm_short_names, hash_alg);
+ return FALSE;
+ }
+
+ if (ima_algo)
+ {
+ uint32_t d_len, n_len;
+ chunk_t algo_name, event_name, digest_len, name_len;
+
+ /* IMA-NG hash */
+ algo_name = chunk_create(ima_algo, strlen(ima_algo) + 1);
+ event_name = chunk_create(ima_name, strlen(ima_name) + 1);
+
+ d_len = algo_name.len + digest.len;
+ digest_len = chunk_create((uint8_t*)&d_len, sizeof(d_len));
+ /* TODO handle endianness of both client and server platforms */
+
+ n_len = event_name.len;
+ name_len = chunk_create((uint8_t*)&n_len, sizeof(n_len));
+ /* TODO handle endianness of both client and server platforms */
+
+ success = hasher->get_hash(hasher, digest_len, NULL) &&
+ hasher->get_hash(hasher, algo_name, NULL) &&
+ hasher->get_hash(hasher, digest, NULL) &&
+ hasher->get_hash(hasher, name_len, NULL) &&
+ hasher->get_hash(hasher, event_name, hash_buf);
+ }
+ else
+ {
+ u_char filename_buffer[IMA_FILENAME_LEN_MAX + 1];
+ chunk_t file_name;
+
+ /* IMA legacy hash */
+ memset(filename_buffer, 0, sizeof(filename_buffer));
+ strncpy(filename_buffer, ima_name, IMA_FILENAME_LEN_MAX);
+ file_name = chunk_create (filename_buffer, sizeof(filename_buffer));
+
+ success = hasher->get_hash(hasher, digest, NULL) &&
+ hasher->get_hash(hasher, file_name, hash_buf);
+ }
+ hasher->destroy(hasher);
+
+ return success;
+}
+
+/**
+ * Compute and check boot aggregate value by hashing PCR0 to PCR7
+ */
+static bool check_boot_aggregate(pts_pcr_t *pcrs, chunk_t measurement,
+ char *algo)
+{
+ u_char pcr_buffer[HASH_SIZE_SHA1];
+ chunk_t boot_aggregate;
+ hasher_t *hasher;
+ uint32_t i;
+ bool success, pcr_ok = TRUE;
+
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher)
+ {
+ DBG1(DBG_PTS, "%N hasher could not be created",
+ hash_algorithm_short_names, HASH_SHA1);
+ return FALSE;
+ }
+ for (i = 0; i < 8 && pcr_ok; i++)
+ {
+ pcr_ok = hasher->get_hash(hasher, pcrs->get(pcrs, i), NULL);
+ }
+ if (pcr_ok)
+ {
+ pcr_ok = hasher->get_hash(hasher, chunk_empty, pcr_buffer);
+ }
+ hasher->destroy(hasher);
+
+ if (pcr_ok)
+ {
+ boot_aggregate = chunk_create(pcr_buffer, sizeof(pcr_buffer));
+
+ /* TODO handle endianness of client platform */
+ pcr_ok = ima_hash(boot_aggregate, algo, "boot_aggregate",
+ TRUE, PTS_MEAS_ALGO_SHA1, pcr_buffer);
+ }
+ if (pcr_ok)
+ {
+ success = chunk_equals(boot_aggregate, measurement);
+ DBG1(DBG_PTS, "boot aggregate value is %scorrect",
+ success ? "":"in");
+ return success;
+ }
+ else
+ {
+ DBG1(DBG_PTS, "failed to compute boot aggregate value");
+ return FALSE;
+ }
+}
+
+METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
+ pts_ita_comp_ima_t *this)
+{
+ return this->name;
+}
+
+METHOD(pts_component_t, get_evidence_flags, uint8_t,
+ pts_ita_comp_ima_t *this)
+{
+ return PTS_REQ_FUNC_COMP_EVID_PCR;
+}
+
+METHOD(pts_component_t, get_depth, uint32_t,
+ pts_ita_comp_ima_t *this)
+{
+ return this->depth;
+}
+
+METHOD(pts_component_t, measure, status_t,
+ pts_ita_comp_ima_t *this, uint8_t qualifier, pts_t *pts,
+ pts_comp_evidence_t **evidence)
+{
+ pts_pcr_t *pcrs;
+ pts_comp_evidence_t *evid = NULL;
+ size_t algo_len, name_len;
+ chunk_t measurement;
+ char *uri, *algo, *name;
+ uint32_t pcr;
+ status_t status;
+
+ pcrs = pts->get_pcrs(pts);
+
+ if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_TRUSTED))
+ {
+ switch (this->state)
+ {
+ case IMA_STATE_INIT:
+ this->bios_list = pts_ima_bios_list_create(
+ IMA_BIOS_MEASUREMENTS);
+ if (!this->bios_list)
+ {
+ return FAILED;
+ }
+ this->creation_time = this->bios_list->get_time(this->bios_list);
+ this->bios_count = this->bios_list->get_count(this->bios_list);
+ this->state = IMA_STATE_BIOS;
+ /* fall through to next state */
+ case IMA_STATE_BIOS:
+ status = this->bios_list->get_next(this->bios_list, &pcr,
+ &measurement);
+ if (status != SUCCESS)
+ {
+ DBG1(DBG_PTS, "could not retrieve bios measurement entry");
+ return status;
+ }
+ evid = extend_pcr(this, qualifier, pcrs, pcr, measurement);
+
+ this->state = this->bios_list->get_count(this->bios_list) ?
+ IMA_STATE_BIOS : IMA_STATE_INIT;
+ break;
+ default:
+ return FAILED;
+ }
+ }
+ else if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_OS))
+ {
+ switch (this->state)
+ {
+ case IMA_STATE_INIT:
+ this->ima_list = pts_ima_event_list_create(
+ IMA_RUNTIME_MEASUREMENTS);
+ if (!this->ima_list)
+ {
+ return FAILED;
+ }
+ this->creation_time = this->ima_list->get_time(this->ima_list);
+ this->count = this->ima_list->get_count(this->ima_list);
+ this->state = IMA_STATE_BOOT_AGGREGATE;
+ /* fall through to next state */
+ case IMA_STATE_BOOT_AGGREGATE:
+ case IMA_STATE_RUNTIME:
+ status = this->ima_list->get_next(this->ima_list, &measurement,
+ &algo, &name);
+ if (status != SUCCESS)
+ {
+ DBG1(DBG_PTS, "could not retrieve ima measurement entry");
+ return status;
+ }
+ if (this->state == IMA_STATE_BOOT_AGGREGATE && this->bios_count)
+ {
+ if (!check_boot_aggregate(pcrs, measurement, algo))
+ {
+ return FAILED;
+ }
+ }
+ evid = extend_pcr(this, qualifier, pcrs, IMA_PCR,
+ measurement);
+ if (evid)
+ {
+ if (algo)
+ {
+ algo_len = strlen(algo);
+ name_len = strlen(name);
+ uri = malloc(algo_len + name_len + 1);
+ memcpy(uri, algo, algo_len);
+ strcpy(uri + algo_len, name);
+ }
+ else
+ {
+ uri = strdup(name);
+ }
+ evid->set_validation(evid, PTS_COMP_EVID_VALIDATION_PASSED,
+ uri);
+ free(uri);
+ }
+ free(name);
+ free(algo);
+
+ this->state = this->ima_list->get_count(this->ima_list) ?
+ IMA_STATE_RUNTIME : IMA_STATE_END;
+ break;
+ default:
+ return FAILED;
+ }
+ }
+ else
+ {
+ DBG1(DBG_PTS, "unsupported functional component name qualifier");
+ return FAILED;
+ }
+
+ *evidence = evid;
+ if (!evid)
+ {
+ return FAILED;
+ }
+
+ return (this->state == IMA_STATE_INIT || this->state == IMA_STATE_END) ?
+ SUCCESS : NEED_MORE;
+}
+
+/**
+ * Parse a validation URI of the form <hash algorithm>:<event name>
+ * into its components
+ */
+static pts_meas_algorithms_t parse_validation_uri(pts_comp_evidence_t *evidence,
+ char **ima_name, char **ima_algo, char *algo_buf)
+{
+ pts_meas_algorithms_t hash_algo;
+ char *uri, *pos, *algo, *name;
+
+ evidence->get_validation(evidence, &uri);
+
+ /* IMA-NG format? */
+ pos = strchr(uri, ':');
+ if (pos && (pos - uri + 1) < IMA_ALGO_LEN_MAX)
+ {
+ memset(algo_buf, '\0', IMA_ALGO_LEN_MAX);
+ memcpy(algo_buf, uri, pos - uri + 1);
+ algo = algo_buf;
+ name = pos + 1;
+
+ if (streq(algo, "sha1:") || streq(algo, ":"))
+ {
+ hash_algo = PTS_MEAS_ALGO_SHA1;
+ }
+ else if (streq(algo, "sha256:"))
+ {
+ hash_algo = PTS_MEAS_ALGO_SHA256;
+ }
+ else if (streq(algo, "sha384:"))
+ {
+ hash_algo = PTS_MEAS_ALGO_SHA384;
+ }
+ else
+ {
+ hash_algo = PTS_MEAS_ALGO_NONE;
+ }
+ }
+ else
+ {
+ algo = NULL;
+ name = uri;
+ hash_algo = PTS_MEAS_ALGO_SHA1;
+ }
+
+ if (ima_name)
+ {
+ *ima_name = name;
+ }
+ if (ima_algo)
+ {
+ *ima_algo = algo;
+ }
+
+ return hash_algo;
+}
+
+METHOD(pts_component_t, verify, status_t,
+ pts_ita_comp_ima_t *this, uint8_t qualifier, pts_t *pts,
+ pts_comp_evidence_t *evidence)
+{
+ bool has_pcr_info;
+ uint32_t pcr;
+ pts_meas_algorithms_t algo;
+ pts_pcr_transform_t transform;
+ pts_pcr_t *pcrs;
+ time_t creation_time;
+ chunk_t measurement, pcr_before, pcr_after;
+ status_t status = NOT_FOUND;
+
+ this->aik_id = pts->get_aik_id(pts);
+ pcrs = pts->get_pcrs(pts);
+ measurement = evidence->get_measurement(evidence, &pcr, &algo, &transform,
+ &creation_time);
+
+ if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_TRUSTED))
+ {
+ switch (this->state)
+ {
+ case IMA_STATE_INIT:
+ this->name->set_qualifier(this->name, qualifier);
+ status = this->pts_db->get_comp_measurement_count(this->pts_db,
+ this->name, this->aik_id, algo,
+ &this->bios_cid, &this->bios_count);
+ this->name->set_qualifier(this->name, PTS_QUALIFIER_UNKNOWN);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+
+ if (this->bios_count)
+ {
+ DBG1(DBG_PTS, "checking %d BIOS evidence measurements",
+ this->bios_count);
+ }
+ else
+ {
+ DBG1(DBG_PTS, "registering BIOS evidence measurements");
+ this->is_bios_registering = TRUE;
+ }
+
+ this->state = IMA_STATE_BIOS;
+ /* fall through to next state */
+ case IMA_STATE_BIOS:
+ if (this->is_bios_registering)
+ {
+ status = this->pts_db->insert_comp_measurement(this->pts_db,
+ measurement, this->bios_cid, this->aik_id,
+ ++this->seq_no, pcr, algo);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ this->bios_count = this->seq_no + 1;
+ }
+ else
+ {
+ status = this->pts_db->check_comp_measurement(this->pts_db,
+ measurement, this->bios_cid, this->aik_id,
+ ++this->seq_no, pcr, algo);
+ if (status == FAILED)
+ {
+ return status;
+ }
+ }
+ break;
+ default:
+ return FAILED;
+ }
+ }
+ else if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_OS))
+ {
+ int ima_count;
+ char *ima_algo, *ima_name;
+ char algo_buf[IMA_ALGO_LEN_MAX];
+ pts_meas_algorithms_t hash_algo;
+
+ hash_algo = parse_validation_uri(evidence, &ima_name, &ima_algo,
+ algo_buf);
+
+ switch (this->state)
+ {
+ case IMA_STATE_BIOS:
+ this->state = IMA_STATE_RUNTIME;
+
+ if (!streq(ima_name, "boot_aggregate"))
+ {
+ DBG1(DBG_PTS, "ima: name must be 'boot_aggregate' "
+ "but is '%s'", ima_name);
+ return FAILED;
+ }
+ if (hash_algo != PTS_MEAS_ALGO_SHA1)
+ {
+ DBG1(DBG_PTS, "ima: boot_aggregate algorithm must be %N "
+ "but is %N",
+ pts_meas_algorithm_names, PTS_MEAS_ALGO_SHA1,
+ pts_meas_algorithm_names, hash_algo);
+ return FAILED;
+ }
+ if (!check_boot_aggregate(pcrs, measurement, ima_algo))
+ {
+ return FAILED;
+ }
+ this->state = IMA_STATE_INIT;
+ /* fall through to next state */
+ case IMA_STATE_INIT:
+ this->name->set_qualifier(this->name, qualifier);
+ status = this->pts_db->get_comp_measurement_count(this->pts_db,
+ this->name, this->aik_id, algo,
+ &this->ima_cid, &ima_count);
+ this->name->set_qualifier(this->name, PTS_QUALIFIER_UNKNOWN);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+
+ if (ima_count)
+ {
+ DBG1(DBG_PTS, "checking boot aggregate evidence "
+ "measurement");
+ status = this->pts_db->check_comp_measurement(this->pts_db,
+ measurement, this->ima_cid,
+ this->aik_id, 1, pcr, algo);
+ }
+ else
+ {
+ DBG1(DBG_PTS, "registering boot aggregate evidence "
+ "measurement");
+ this->is_ima_registering = TRUE;
+ status = this->pts_db->insert_comp_measurement(this->pts_db,
+ measurement, this->ima_cid,
+ this->aik_id, 1, pcr, algo);
+ }
+ this->state = IMA_STATE_RUNTIME;
+
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ break;
+ case IMA_STATE_RUNTIME:
+ {
+ uint8_t hash_buf[HASH_SIZE_SHA512];
+ chunk_t digest, hash;
+ enumerator_t *e;
+
+ this->count++;
+ if (evidence->get_validation(evidence, NULL) !=
+ PTS_COMP_EVID_VALIDATION_PASSED)
+ {
+ DBG1(DBG_PTS, "evidence validation failed");
+ this->count_failed++;
+ return FAILED;
+ }
+ hash = chunk_create(hash_buf, pts_meas_algo_hash_size(algo));
+
+ e = this->pts_db->create_file_meas_enumerator(this->pts_db,
+ pts->get_platform_id(pts),
+ hash_algo, ima_name);
+ if (e)
+ {
+ while (e->enumerate(e, &digest))
+ {
+ if (!ima_hash(digest, ima_algo, ima_name,
+ FALSE, algo, hash_buf))
+ {
+ status = FAILED;
+ break;
+ }
+ if (chunk_equals(measurement, hash))
+ {
+ status = SUCCESS;
+ break;
+ }
+ else
+ {
+ status = VERIFY_ERROR;
+ }
+ }
+ e->destroy(e);
+ }
+ else
+ {
+ status = FAILED;
+ }
+
+ switch (status)
+ {
+ case SUCCESS:
+ DBG3(DBG_PTS, "%#B for '%s' is ok",
+ &measurement, ima_name);
+ this->count_ok++;
+ break;
+ case NOT_FOUND:
+ DBG2(DBG_PTS, "%#B for '%s' not found",
+ &measurement, ima_name);
+ this->count_unknown++;
+ break;
+ case VERIFY_ERROR:
+ DBG1(DBG_PTS, "%#B for '%s' differs",
+ &measurement, ima_name);
+ this->count_differ++;
+ break;
+ case FAILED:
+ default:
+ DBG1(DBG_PTS, "%#B for '%s' failed",
+ &measurement, ima_name);
+ this->count_failed++;
+ }
+ break;
+ }
+ default:
+ return FAILED;
+ }
+ }
+ else
+ {
+ DBG1(DBG_PTS, "unsupported functional component name qualifier");
+ return FAILED;
+ }
+
+ has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
+ if (has_pcr_info)
+ {
+ if (!chunk_equals(pcr_before, pcrs->get(pcrs, pcr)))
+ {
+ DBG1(DBG_PTS, "PCR %2u: pcr_before is not equal to register value",
+ pcr);
+ }
+ if (pcrs->set(pcrs, pcr, pcr_after))
+ {
+ return status;
+ }
+ }
+ else
+ {
+ pcr_after = pcrs->extend(pcrs, pcr, measurement);
+ if (pcr_after.ptr)
+ {
+ return status;
+ }
+ }
+ return FAILED;
+}
+
+METHOD(pts_component_t, finalize, bool,
+ pts_ita_comp_ima_t *this, uint8_t qualifier, bio_writer_t *result)
+{
+ char result_buf[BUF_LEN];
+ char *pos = result_buf;
+ size_t len = BUF_LEN;
+ int written;
+ bool success = TRUE;
+
+ this->name->set_qualifier(this->name, qualifier);
+
+ if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_TRUSTED))
+ {
+ /* finalize BIOS measurements */
+ if (this->is_bios_registering)
+ {
+ /* close registration */
+ this->is_bios_registering = FALSE;
+
+ snprintf(pos, len, "registered %d BIOS evidence measurements",
+ this->seq_no);
+ }
+ else if (this->seq_no < this->bios_count)
+ {
+ snprintf(pos, len, "%d of %d BIOS evidence measurements missing",
+ this->bios_count - this->seq_no, this->bios_count);
+ success = FALSE;
+ }
+ else
+ {
+ snprintf(pos, len, "%d BIOS evidence measurements are ok",
+ this->bios_count);
+ }
+ }
+ else if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_OS))
+ {
+ /* finalize IMA file measurements */
+ if (this->is_ima_registering)
+ {
+ /* close registration */
+ this->is_ima_registering = FALSE;
+
+ written = snprintf(pos, len, "registered IMA boot aggregate "
+ "evidence measurement; ");
+ pos += written;
+ len -= written;
+ }
+ if (this->count)
+ {
+ snprintf(pos, len, "processed %d IMA file evidence measurements: "
+ "%d ok, %d unknown, %d differ, %d failed",
+ this->count, this->count_ok, this->count_unknown,
+ this->count_differ, this->count_failed);
+ }
+ else
+ {
+ snprintf(pos, len, "no IMA file evidence measurements");
+ success = FALSE;
+ }
+ }
+ else
+ {
+ snprintf(pos, len, "unsupported functional component name qualifier");
+ success = FALSE;
+ }
+ this->name->set_qualifier(this->name, PTS_QUALIFIER_UNKNOWN);
+
+ DBG1(DBG_PTS, "%s", result_buf);
+ result->write_data(result, chunk_from_str(result_buf));
+
+ return success;
+}
+
+METHOD(pts_component_t, get_ref, pts_component_t*,
+ pts_ita_comp_ima_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public;
+}
+
+METHOD(pts_component_t, destroy, void,
+ pts_ita_comp_ima_t *this)
+{
+ int count;
+
+ if (ref_put(&this->ref))
+ {
+
+ if (this->is_bios_registering)
+ {
+ count = this->pts_db->delete_comp_measurements(this->pts_db,
+ this->bios_cid, this->aik_id);
+ DBG1(DBG_PTS, "deleted %d registered BIOS evidence measurements",
+ count);
+ }
+ if (this->is_ima_registering)
+ {
+ count = this->pts_db->delete_comp_measurements(this->pts_db,
+ this->ima_cid, this->aik_id);
+ DBG1(DBG_PTS, "deleted registered boot aggregate evidence "
+ "measurement");
+ }
+ DESTROY_IF(this->bios_list);
+ DESTROY_IF(this->ima_list);
+ this->name->destroy(this->name);
+
+ free(this);
+ }
+}
+
+/**
+ * See header
+ */
+pts_component_t *pts_ita_comp_ima_create(uint32_t depth,
+ pts_database_t *pts_db)
+{
+ pts_ita_comp_ima_t *this;
+
+ INIT(this,
+ .public = {
+ .get_comp_func_name = _get_comp_func_name,
+ .get_evidence_flags = _get_evidence_flags,
+ .get_depth = _get_depth,
+ .measure = _measure,
+ .verify = _verify,
+ .finalize = _finalize,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_IMA,
+ PTS_QUALIFIER_UNKNOWN),
+ .depth = depth,
+ .pts_db = pts_db,
+ .pcr_info = lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-attestation.pcr_info", FALSE, lib->ns),
+ .ref = 1,
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libpts/pts/components/ita/ita_comp_ima.h b/src/libimcv/pts/components/ita/ita_comp_ima.h
similarity index 100%
rename from src/libpts/pts/components/ita/ita_comp_ima.h
rename to src/libimcv/pts/components/ita/ita_comp_ima.h
diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.c b/src/libimcv/pts/components/ita/ita_comp_tboot.c
new file mode 100644
index 0000000..273c18f
--- /dev/null
+++ b/src/libimcv/pts/components/ita/ita_comp_tboot.c
@@ -0,0 +1,362 @@
+/*
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ita_comp_tboot.h"
+#include "ita_comp_func_name.h"
+
+#include "imcv.h"
+#include "pts/components/pts_component.h"
+
+#include <utils/debug.h>
+#include <pen/pen.h>
+
+typedef struct pts_ita_comp_tboot_t pts_ita_comp_tboot_t;
+
+/**
+ * Private data of a pts_ita_comp_tboot_t object.
+ *
+ */
+struct pts_ita_comp_tboot_t {
+
+ /**
+ * Public pts_component_t interface.
+ */
+ pts_component_t public;
+
+ /**
+ * Component Functional Name
+ */
+ pts_comp_func_name_t *name;
+
+ /**
+ * Sub-component depth
+ */
+ u_int32_t depth;
+
+ /**
+ * PTS measurement database
+ */
+ pts_database_t *pts_db;
+
+ /**
+ * Primary key for AIK database entry
+ */
+ int aik_id;
+
+ /**
+ * Primary key for Component Functional Name database entry
+ */
+ int cid;
+
+ /**
+ * Primary key for AIK database entry
+ */
+ int kid;
+
+ /**
+ * Component is registering measurements
+ */
+ bool is_registering;
+
+ /**
+ * Time of TBOOT measurement
+ */
+ time_t measurement_time;
+
+ /**
+ * Expected measurement count
+ */
+ int count;
+
+ /**
+ * Measurement sequence number
+ */
+ int seq_no;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+
+};
+
+METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
+ pts_ita_comp_tboot_t *this)
+{
+ return this->name;
+}
+
+METHOD(pts_component_t, get_evidence_flags, u_int8_t,
+ pts_ita_comp_tboot_t *this)
+{
+ return PTS_REQ_FUNC_COMP_EVID_PCR;
+}
+
+METHOD(pts_component_t, get_depth, u_int32_t,
+ pts_ita_comp_tboot_t *this)
+{
+ return this->depth;
+}
+
+METHOD(pts_component_t, measure, status_t,
+ pts_ita_comp_tboot_t *this, u_int8_t qualifier, pts_t *pts,
+ pts_comp_evidence_t **evidence)
+
+{
+ size_t pcr_len;
+ pts_pcr_t *pcrs;
+ pts_pcr_transform_t pcr_transform;
+ pts_meas_algorithms_t hash_algo;
+ pts_comp_evidence_t *evid;
+ char *meas_hex, *pcr_before_hex, *pcr_after_hex;
+ chunk_t measurement, pcr_before, pcr_after;
+ u_int32_t extended_pcr;
+
+ switch (this->seq_no++)
+ {
+ case 0:
+ /* dummy data since currently the TBOOT log is not retrieved */
+ time(&this->measurement_time);
+ meas_hex = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-attestation.pcr17_meas", NULL, lib->ns);
+ pcr_before_hex = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-attestation.pcr17_before", NULL, lib->ns);
+ pcr_after_hex = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-attestation.pcr17_after", NULL, lib->ns);
+ extended_pcr = PCR_TBOOT_POLICY;
+ break;
+ case 1:
+ /* dummy data since currently the TBOOT log is not retrieved */
+ meas_hex = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-attestation.pcr18_meas", NULL, lib->ns);
+ pcr_before_hex = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-attestation.pcr18_before", NULL, lib->ns);
+ pcr_after_hex = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-attestation.pcr18_after", NULL, lib->ns);
+ extended_pcr = PCR_TBOOT_MLE;
+ break;
+ default:
+ return FAILED;
+ }
+
+ if (meas_hex == NULL || pcr_before_hex == NULL || pcr_after_hex == NULL)
+ {
+ return FAILED;
+ }
+
+ hash_algo = PTS_MEAS_ALGO_SHA1;
+ pcr_len = HASH_SIZE_SHA1;
+ pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
+
+ /* get and check the measurement data */
+ measurement = chunk_from_hex(
+ chunk_create(meas_hex, strlen(meas_hex)), NULL);
+ pcr_before = chunk_from_hex(
+ chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL);
+ pcr_after = chunk_from_hex(
+ chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL);
+ if (pcr_before.len != pcr_len || pcr_after.len != pcr_len ||
+ measurement.len != pcr_len)
+ {
+ DBG1(DBG_PTS, "TBOOT measurement or PCR data have the wrong size");
+ free(measurement.ptr);
+ free(pcr_before.ptr);
+ free(pcr_after.ptr);
+ return FAILED;
+ }
+
+ pcrs = pts->get_pcrs(pts);
+ pcrs->set(pcrs, extended_pcr, pcr_after);
+ evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
+ this->depth, extended_pcr, hash_algo, pcr_transform,
+ this->measurement_time, measurement);
+ evid->set_pcr_info(evid, pcr_before, pcr_after);
+
+ return (this->seq_no < 2) ? NEED_MORE : SUCCESS;
+}
+
+METHOD(pts_component_t, verify, status_t,
+ pts_ita_comp_tboot_t *this, u_int8_t qualifier,pts_t *pts,
+ pts_comp_evidence_t *evidence)
+{
+ bool has_pcr_info;
+ u_int32_t extended_pcr, vid, name;
+ enum_name_t *names;
+ pts_meas_algorithms_t algo;
+ pts_pcr_transform_t transform;
+ pts_pcr_t *pcrs;
+ time_t measurement_time;
+ chunk_t measurement, pcr_before, pcr_after;
+ status_t status;
+
+ this->aik_id = pts->get_aik_id(pts);
+ pcrs = pts->get_pcrs(pts);
+ measurement = evidence->get_measurement(evidence, &extended_pcr,
+ &algo, &transform, &measurement_time);
+
+ status = this->pts_db->get_comp_measurement_count(this->pts_db,
+ this->name, this->aik_id, algo,
+ &this->cid, &this->count);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ vid = this->name->get_vendor_id(this->name);
+ name = this->name->get_name(this->name);
+ names = imcv_pts_components->get_comp_func_names(imcv_pts_components, vid);
+
+ if (this->count)
+ {
+ DBG1(DBG_PTS, "checking %d %N '%N' functional component evidence "
+ "measurements", this->count, pen_names, vid, names, name);
+ }
+ else
+ {
+ DBG1(DBG_PTS, "registering %N '%N' functional component evidence "
+ "measurements", pen_names, vid, names, name);
+ this->is_registering = TRUE;
+ }
+
+ if (this->is_registering)
+ {
+ status = this->pts_db->insert_comp_measurement(this->pts_db,
+ measurement, this->cid, this->aik_id,
+ ++this->seq_no, extended_pcr, algo);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ this->count = this->seq_no + 1;
+ }
+ else
+ {
+ status = this->pts_db->check_comp_measurement(this->pts_db,
+ measurement, this->cid, this->kid,
+ ++this->seq_no, extended_pcr, algo);
+ if (status != SUCCESS)
+ {
+ return status;
+ }
+ }
+
+ has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
+ if (has_pcr_info)
+ {
+ if (!chunk_equals(pcr_before, pcrs->get(pcrs, extended_pcr)))
+ {
+ DBG1(DBG_PTS, "PCR %2u: pcr_before is not equal to register value",
+ extended_pcr);
+ }
+ if (pcrs->set(pcrs, extended_pcr, pcr_after))
+ {
+ return SUCCESS;
+ }
+ }
+
+ return SUCCESS;
+}
+
+METHOD(pts_component_t, finalize, bool,
+ pts_ita_comp_tboot_t *this, u_int8_t qualifier, bio_writer_t *result)
+{
+ char result_buf[BUF_LEN];
+
+ if (this->is_registering)
+ {
+ /* close registration */
+ this->is_registering = FALSE;
+
+ snprintf(result_buf, BUF_LEN, "registered %d evidence measurements",
+ this->seq_no);
+ }
+ else if (this->seq_no < this->count)
+ {
+ snprintf(result_buf, BUF_LEN, "%d of %d evidence measurements "
+ "missing", this->count - this->seq_no, this->count);
+ return FALSE;
+ }
+ else
+ {
+ snprintf(result_buf, BUF_LEN, "%d evidence measurements are ok",
+ this->count);
+ }
+ DBG1(DBG_PTS, "%s", result_buf);
+ result->write_data(result, chunk_from_str(result_buf));
+
+ return TRUE;
+}
+
+METHOD(pts_component_t, get_ref, pts_component_t*,
+ pts_ita_comp_tboot_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public;
+}
+
+METHOD(pts_component_t, destroy, void,
+ pts_ita_comp_tboot_t *this)
+{
+ int count;
+ u_int32_t vid, name;
+ enum_name_t *names;
+
+ if (ref_put(&this->ref))
+ {
+ if (this->is_registering)
+ {
+ count = this->pts_db->delete_comp_measurements(this->pts_db,
+ this->cid, this->aik_id);
+ vid = this->name->get_vendor_id(this->name);
+ name = this->name->get_name(this->name);
+ names = imcv_pts_components->get_comp_func_names(imcv_pts_components,
+ vid);
+ DBG1(DBG_PTS, "deleted %d registered %N '%N' functional component "
+ "evidence measurements", count, pen_names, vid, names, name);
+ }
+ this->name->destroy(this->name);
+ free(this);
+ }
+}
+
+/**
+ * See header
+ */
+pts_component_t *pts_ita_comp_tboot_create(u_int32_t depth,
+ pts_database_t *pts_db)
+{
+ pts_ita_comp_tboot_t *this;
+
+ INIT(this,
+ .public = {
+ .get_comp_func_name = _get_comp_func_name,
+ .get_evidence_flags = _get_evidence_flags,
+ .get_depth = _get_depth,
+ .measure = _measure,
+ .verify = _verify,
+ .finalize = _finalize,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TBOOT,
+ PTS_ITA_QUALIFIER_FLAG_KERNEL |
+ PTS_ITA_QUALIFIER_TYPE_TRUSTED),
+ .depth = depth,
+ .pts_db = pts_db,
+ .ref = 1,
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.h b/src/libimcv/pts/components/ita/ita_comp_tboot.h
similarity index 100%
rename from src/libpts/pts/components/ita/ita_comp_tboot.h
rename to src/libimcv/pts/components/ita/ita_comp_tboot.h
diff --git a/src/libpts/pts/components/ita/ita_comp_tgrub.c b/src/libimcv/pts/components/ita/ita_comp_tgrub.c
similarity index 100%
rename from src/libpts/pts/components/ita/ita_comp_tgrub.c
rename to src/libimcv/pts/components/ita/ita_comp_tgrub.c
diff --git a/src/libpts/pts/components/ita/ita_comp_tgrub.h b/src/libimcv/pts/components/ita/ita_comp_tgrub.h
similarity index 100%
rename from src/libpts/pts/components/ita/ita_comp_tgrub.h
rename to src/libimcv/pts/components/ita/ita_comp_tgrub.h
diff --git a/src/libpts/pts/components/pts_comp_evidence.c b/src/libimcv/pts/components/pts_comp_evidence.c
similarity index 100%
rename from src/libpts/pts/components/pts_comp_evidence.c
rename to src/libimcv/pts/components/pts_comp_evidence.c
diff --git a/src/libpts/pts/components/pts_comp_evidence.h b/src/libimcv/pts/components/pts_comp_evidence.h
similarity index 100%
rename from src/libpts/pts/components/pts_comp_evidence.h
rename to src/libimcv/pts/components/pts_comp_evidence.h
diff --git a/src/libimcv/pts/components/pts_comp_func_name.c b/src/libimcv/pts/components/pts_comp_func_name.c
new file mode 100644
index 0000000..e12522e
--- /dev/null
+++ b/src/libimcv/pts/components/pts_comp_func_name.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (C) 2011-2014 Andreas Steffen
+ *
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "imcv.h"
+#include "pts/components/pts_comp_func_name.h"
+
+#include <utils/debug.h>
+
+typedef struct private_pts_comp_func_name_t private_pts_comp_func_name_t;
+
+/**
+ * Private data of a pts_comp_func_name_t object.
+ *
+ */
+struct private_pts_comp_func_name_t {
+
+ /**
+ * Public pts_comp_func_name_t interface.
+ */
+ pts_comp_func_name_t public;
+
+ /**
+ * PTS Component Functional Name Vendor ID
+ */
+ u_int32_t vid;
+
+ /**
+ * PTS Component Functional Name
+ */
+ u_int32_t name;
+
+ /**
+ * PTS Component Functional Name Qualifier
+ */
+ u_int8_t qualifier;
+
+};
+
+METHOD(pts_comp_func_name_t, get_vendor_id, u_int32_t,
+ private_pts_comp_func_name_t *this)
+{
+ return this->vid;
+}
+
+METHOD(pts_comp_func_name_t, get_name, u_int32_t,
+ private_pts_comp_func_name_t *this)
+{
+ return this->name;
+}
+
+METHOD(pts_comp_func_name_t, get_qualifier, u_int8_t,
+ private_pts_comp_func_name_t *this)
+{
+ return this->qualifier;
+}
+
+METHOD(pts_comp_func_name_t, set_qualifier, void,
+ private_pts_comp_func_name_t *this, u_int8_t qualifier)
+{
+ this->qualifier = qualifier;
+}
+
+static bool equals(private_pts_comp_func_name_t *this,
+ private_pts_comp_func_name_t *other)
+{
+ if (this->vid != other->vid || this->name != other->name)
+ {
+ return FALSE;
+ }
+ if (this->qualifier == PTS_QUALIFIER_UNKNOWN ||
+ other->qualifier == PTS_QUALIFIER_UNKNOWN)
+ {
+ return TRUE;
+ }
+ /* TODO handle qualifier wildcards */
+
+ return this->qualifier == other->qualifier;
+}
+
+METHOD(pts_comp_func_name_t, clone_, pts_comp_func_name_t*,
+ private_pts_comp_func_name_t *this)
+{
+ private_pts_comp_func_name_t *clone;
+
+ clone = malloc_thing(private_pts_comp_func_name_t);
+ memcpy(clone, this, sizeof(private_pts_comp_func_name_t));
+
+ return &clone->public;
+}
+
+METHOD(pts_comp_func_name_t, log_, void,
+ private_pts_comp_func_name_t *this, char *label)
+{
+ enum_name_t *names, *types;
+ char flags[8];
+ int type;
+
+ names = imcv_pts_components->get_comp_func_names(imcv_pts_components,
+ this->vid);
+ types = imcv_pts_components->get_qualifier_type_names(imcv_pts_components,
+ this->vid);
+ type = imcv_pts_components->get_qualifier(imcv_pts_components,
+ &this->public, flags);
+
+ if (names && types)
+ {
+ DBG2(DBG_PTS, "%s%N functional component '%N' [%s] '%N'",
+ label, pen_names, this->vid, names, this->name, flags, types, type);
+ }
+ else
+ {
+ DBG2(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x",
+ label, this->vid, this->name, this->qualifier);
+ }
+}
+
+METHOD(pts_comp_func_name_t, destroy, void,
+ private_pts_comp_func_name_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name,
+ u_int8_t qualifier)
+{
+ private_pts_comp_func_name_t *this;
+
+ INIT(this,
+ .public = {
+ .get_vendor_id = _get_vendor_id,
+ .get_name = _get_name,
+ .get_qualifier = _get_qualifier,
+ .set_qualifier = _set_qualifier,
+ .equals = (bool(*)(pts_comp_func_name_t*,pts_comp_func_name_t*))equals,
+ .clone = _clone_,
+ .log = _log_,
+ .destroy = _destroy,
+ },
+ .vid = vid,
+ .name = name,
+ .qualifier = qualifier,
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libpts/pts/components/pts_comp_func_name.h b/src/libimcv/pts/components/pts_comp_func_name.h
similarity index 100%
rename from src/libpts/pts/components/pts_comp_func_name.h
rename to src/libimcv/pts/components/pts_comp_func_name.h
diff --git a/src/libpts/pts/components/pts_component.h b/src/libimcv/pts/components/pts_component.h
similarity index 100%
rename from src/libpts/pts/components/pts_component.h
rename to src/libimcv/pts/components/pts_component.h
diff --git a/src/libpts/pts/components/pts_component_manager.c b/src/libimcv/pts/components/pts_component_manager.c
similarity index 100%
rename from src/libpts/pts/components/pts_component_manager.c
rename to src/libimcv/pts/components/pts_component_manager.c
diff --git a/src/libpts/pts/components/pts_component_manager.h b/src/libimcv/pts/components/pts_component_manager.h
similarity index 100%
rename from src/libpts/pts/components/pts_component_manager.h
rename to src/libimcv/pts/components/pts_component_manager.h
diff --git a/src/libpts/pts/components/tcg/tcg_comp_func_name.c b/src/libimcv/pts/components/tcg/tcg_comp_func_name.c
similarity index 100%
rename from src/libpts/pts/components/tcg/tcg_comp_func_name.c
rename to src/libimcv/pts/components/tcg/tcg_comp_func_name.c
diff --git a/src/libpts/pts/components/tcg/tcg_comp_func_name.h b/src/libimcv/pts/components/tcg/tcg_comp_func_name.h
similarity index 100%
rename from src/libpts/pts/components/tcg/tcg_comp_func_name.h
rename to src/libimcv/pts/components/tcg/tcg_comp_func_name.h
diff --git a/src/libpts/pts/pts.c b/src/libimcv/pts/pts.c
similarity index 100%
rename from src/libpts/pts/pts.c
rename to src/libimcv/pts/pts.c
diff --git a/src/libimcv/pts/pts.h b/src/libimcv/pts/pts.h
new file mode 100644
index 0000000..be32a34
--- /dev/null
+++ b/src/libimcv/pts/pts.h
@@ -0,0 +1,315 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2012-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pts pts
+ * @{ @ingroup libimcv
+ */
+
+#ifndef PTS_H_
+#define PTS_H_
+
+typedef struct pts_t pts_t;
+
+#include "pts_error.h"
+#include "pts_proto_caps.h"
+#include "pts_meas_algo.h"
+#include "pts_file_meas.h"
+#include "pts_file_meta.h"
+#include "pts_dh_group.h"
+#include "pts_pcr.h"
+#include "pts_req_func_comp_evid.h"
+#include "pts_simple_evid_final.h"
+#include "components/pts_comp_func_name.h"
+
+#include <library.h>
+#include <collections/linked_list.h>
+
+/**
+ * UTF-8 encoding of the character used to delimiter the filename
+ */
+#define SOLIDUS_UTF 0x2F
+#define REVERSE_SOLIDUS_UTF 0x5C
+
+/**
+ * PCR indices used for measurements of various functional components
+ */
+#define PCR_BIOS 0
+#define PCR_PLATFORM_EXT 1
+#define PCR_MOTHERBOARD 1
+#define PCR_OPTION_ROMS 2
+#define PCR_IPL 4
+
+#define PCR_TBOOT_POLICY 17
+#define PCR_TBOOT_MLE 18
+
+#define PCR_TGRUB_MBR_STAGE1 4
+#define PCR_TGRUB_STAGE2_PART1 8
+#define PCR_TGRUB_STAGE2_PART2 9
+#define PCR_TGRUB_CMD_LINE_ARGS 12
+#define PCR_TGRUB_CHECKFILE 13
+#define PCR_TGRUB_LOADED_FILES 14
+
+#define PCR_DEBUG 16
+
+/**
+ * Length of the generated nonce used for calculation of shared secret
+ */
+#define ASSESSMENT_SECRET_LEN 20
+
+/**
+ * Length of the TPM_QUOTE_INFO structure, TPM Spec 1.2
+ */
+#define TPM_QUOTE_INFO_LEN 48
+
+/**
+ * Hashing algorithm used by tboot and trustedGRUB
+ */
+#define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
+
+/**
+ * Class implementing the TCG Platform Trust Service (PTS)
+ *
+ */
+struct pts_t {
+
+ /**
+ * Get PTS Protocol Capabilities
+ *
+ * @return Protocol capabilities flags
+ */
+ pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
+
+ /**
+ * Set PTS Protocol Capabilities
+ *
+ * @param flags Protocol capabilities flags
+ */
+ void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
+
+ /**
+ * Get PTS Measurement Algorithm
+ *
+ * @return PTS measurement algorithm
+ */
+ pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
+
+ /**
+ * Set PTS Measurement Algorithm
+ *
+ * @param algorithm PTS measurement algorithm
+ */
+ void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
+
+ /**
+ * Get DH Hash Algorithm
+ *
+ * @return DH hash algorithm
+ */
+ pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
+
+ /**
+ * Set DH Hash Algorithm
+ *
+ * @param algorithm DH hash algorithm
+ */
+ void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
+
+ /**
+ * Create PTS Diffie-Hellman object and nonce
+ *
+ * @param group PTS DH group
+ * @param nonce_len Nonce length
+ * @return TRUE if creation was successful
+ *
+ */
+ bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
+
+ /**
+ * Get my Diffie-Hellman public value
+ *
+ * @param value My public DH value
+ * @param nonce My DH nonce
+ */
+ void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
+
+ /**
+ * Set peer Diffie.Hellman public value
+ *
+ * @param value Peer public DH value
+ * @param nonce Peer DH nonce
+ */
+ void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
+
+ /**
+ * Calculates assessment secret to be used for TPM Quote as ExternalData
+ *
+ * @return TRUE unless both DH public values
+ * and nonces are set
+ */
+ bool (*calculate_secret) (pts_t *this);
+
+ /**
+ * Get primary key of platform entry in database
+ *
+ * @return Platform and OS info
+ */
+ int (*get_platform_id)(pts_t *this);
+
+ /**
+ * Set primary key of platform entry in database
+ *
+ * @param pid Primary key of platform entry in database
+ */
+ void (*set_platform_id)(pts_t *this, int pid);
+
+ /**
+ * Get TPM 1.2 Version Info
+ *
+ * @param info chunk containing a TPM_CAP_VERSION_INFO struct
+ * @return TRUE if TPM Version Info available
+ */
+ bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
+
+ /**
+ * Set TPM 1.2 Version Info
+ *
+ * @param info chunk containing a TPM_CAP_VERSION_INFO struct
+ */
+ void (*set_tpm_version_info)(pts_t *this, chunk_t info);
+
+ /**
+ * Get Attestation Identity Certificate or Public Key
+ *
+ * @return AIK Certificate or Public Key
+ */
+ certificate_t* (*get_aik)(pts_t *this);
+
+ /**
+ * Set Attestation Identity Certificate or Public Key
+ *
+ * @param aik AIK Certificate or Public Key
+ * @param aik_id Primary key referencing AIK in database
+ */
+ void (*set_aik)(pts_t *this, certificate_t *aik, int aik_id);
+
+ /**
+ * Get primary key referencing AIK in database
+ *
+ * @return Primary key referencing AIK in database
+ */
+ int (*get_aik_id)(pts_t *this);
+
+ /**
+ * Check whether path is valid file/directory on filesystem
+ *
+ * @param path Absolute path
+ * @param error_code Output variable for PTS error code
+ * @return TRUE if path is valid or file/directory
+ * doesn't exist or path is invalid
+ * FALSE if local error occurred within stat function
+ */
+ bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
+
+ /**
+ * Obtain file metadata
+ *
+ * @param pathname Absolute pathname of file/directory
+ * @param is_dir TRUE if directory contents are requested
+ * @return PTS File Metadata or NULL if FAILED
+ */
+ pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir);
+
+ /**
+ * Reads given PCR value and returns it
+ * Expects owner secret to be WELL_KNOWN_SECRET
+ *
+ * @param pcr_num Number of PCR to read
+ * @param pcr_value Chunk to save pcr read output
+ * @return NULL in case of TSS error, PCR value otherwise
+ */
+ bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
+
+ /**
+ * Extends given PCR with given value
+ * Expects owner secret to be WELL_KNOWN_SECRET
+ *
+ * @param pcr_num Number of PCR to extend
+ * @param input Value to extend
+ * @param output Chunk to save PCR value after extension
+ * @return FALSE in case of TSS error, TRUE otherwise
+ */
+ bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
+ chunk_t *output);
+
+ /**
+ * Quote over PCR's
+ * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
+ *
+ * @param use_quote2 Version of the Quote function to be used
+ * @param pcr_comp Chunk to save PCR composite structure
+ * @param quote_sig Chunk to save quote operation output
+ * without external data (anti-replay protection)
+ * @return FALSE in case of TSS error, TRUE otherwise
+ */
+ bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
+ chunk_t *quote_sig);
+
+ /**
+ * Get the shadow PCR set
+ *
+ * @return shadow PCR set
+ */
+ pts_pcr_t* (*get_pcrs)(pts_t *this);
+
+ /**
+ * Constructs and returns TPM Quote Info structure expected from IMC
+ *
+ * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
+ * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2
+ * @param comp_hash_algo Composite Hash Algorithm
+ * @param pcr_comp Output variable to store PCR Composite
+ * @param quote_info Output variable to store TPM Quote Info
+ * @return FALSE in case of any error, TRUE otherwise
+ */
+ bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
+ pts_meas_algorithms_t comp_hash_algo,
+ chunk_t *pcr_comp, chunk_t *quote_info);
+
+ /**
+ * Constructs and returns PCR Quote Digest structure expected from IMC
+ *
+ * @param data Calculated TPM Quote Digest
+ * @param signature TPM Quote Signature received from IMC
+ * @return FALSE if signature is not verified
+ */
+ bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
+
+ /**
+ * Destroys a pts_t object.
+ */
+ void (*destroy)(pts_t *this);
+
+};
+
+/**
+ * Creates an pts_t object
+ *
+ * @param is_imc TRUE if running on an IMC
+ */
+pts_t* pts_create(bool is_imc);
+
+#endif /** PTS_H_ @}*/
diff --git a/src/libpts/pts/pts_creds.c b/src/libimcv/pts/pts_creds.c
similarity index 100%
rename from src/libpts/pts/pts_creds.c
rename to src/libimcv/pts/pts_creds.c
diff --git a/src/libpts/pts/pts_creds.h b/src/libimcv/pts/pts_creds.h
similarity index 100%
rename from src/libpts/pts/pts_creds.h
rename to src/libimcv/pts/pts_creds.h
diff --git a/src/libpts/pts/pts_database.c b/src/libimcv/pts/pts_database.c
similarity index 100%
rename from src/libpts/pts/pts_database.c
rename to src/libimcv/pts/pts_database.c
diff --git a/src/libpts/pts/pts_database.h b/src/libimcv/pts/pts_database.h
similarity index 100%
rename from src/libpts/pts/pts_database.h
rename to src/libimcv/pts/pts_database.h
diff --git a/src/libpts/pts/pts_dh_group.c b/src/libimcv/pts/pts_dh_group.c
similarity index 100%
rename from src/libpts/pts/pts_dh_group.c
rename to src/libimcv/pts/pts_dh_group.c
diff --git a/src/libpts/pts/pts_dh_group.h b/src/libimcv/pts/pts_dh_group.h
similarity index 100%
rename from src/libpts/pts/pts_dh_group.h
rename to src/libimcv/pts/pts_dh_group.h
diff --git a/src/libpts/pts/pts_error.c b/src/libimcv/pts/pts_error.c
similarity index 100%
rename from src/libpts/pts/pts_error.c
rename to src/libimcv/pts/pts_error.c
diff --git a/src/libpts/pts/pts_error.h b/src/libimcv/pts/pts_error.h
similarity index 100%
rename from src/libpts/pts/pts_error.h
rename to src/libimcv/pts/pts_error.h
diff --git a/src/libpts/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c
similarity index 100%
rename from src/libpts/pts/pts_file_meas.c
rename to src/libimcv/pts/pts_file_meas.c
diff --git a/src/libpts/pts/pts_file_meas.h b/src/libimcv/pts/pts_file_meas.h
similarity index 100%
rename from src/libpts/pts/pts_file_meas.h
rename to src/libimcv/pts/pts_file_meas.h
diff --git a/src/libpts/pts/pts_file_meta.c b/src/libimcv/pts/pts_file_meta.c
similarity index 100%
rename from src/libpts/pts/pts_file_meta.c
rename to src/libimcv/pts/pts_file_meta.c
diff --git a/src/libpts/pts/pts_file_meta.h b/src/libimcv/pts/pts_file_meta.h
similarity index 100%
rename from src/libpts/pts/pts_file_meta.h
rename to src/libimcv/pts/pts_file_meta.h
diff --git a/src/libpts/pts/pts_file_type.c b/src/libimcv/pts/pts_file_type.c
similarity index 100%
rename from src/libpts/pts/pts_file_type.c
rename to src/libimcv/pts/pts_file_type.c
diff --git a/src/libpts/pts/pts_file_type.h b/src/libimcv/pts/pts_file_type.h
similarity index 100%
rename from src/libpts/pts/pts_file_type.h
rename to src/libimcv/pts/pts_file_type.h
diff --git a/src/libpts/pts/pts_ima_bios_list.c b/src/libimcv/pts/pts_ima_bios_list.c
similarity index 100%
rename from src/libpts/pts/pts_ima_bios_list.c
rename to src/libimcv/pts/pts_ima_bios_list.c
diff --git a/src/libpts/pts/pts_ima_bios_list.h b/src/libimcv/pts/pts_ima_bios_list.h
similarity index 100%
rename from src/libpts/pts/pts_ima_bios_list.h
rename to src/libimcv/pts/pts_ima_bios_list.h
diff --git a/src/libpts/pts/pts_ima_event_list.c b/src/libimcv/pts/pts_ima_event_list.c
similarity index 100%
rename from src/libpts/pts/pts_ima_event_list.c
rename to src/libimcv/pts/pts_ima_event_list.c
diff --git a/src/libpts/pts/pts_ima_event_list.h b/src/libimcv/pts/pts_ima_event_list.h
similarity index 100%
rename from src/libpts/pts/pts_ima_event_list.h
rename to src/libimcv/pts/pts_ima_event_list.h
diff --git a/src/libpts/pts/pts_meas_algo.c b/src/libimcv/pts/pts_meas_algo.c
similarity index 100%
rename from src/libpts/pts/pts_meas_algo.c
rename to src/libimcv/pts/pts_meas_algo.c
diff --git a/src/libpts/pts/pts_meas_algo.h b/src/libimcv/pts/pts_meas_algo.h
similarity index 100%
rename from src/libpts/pts/pts_meas_algo.h
rename to src/libimcv/pts/pts_meas_algo.h
diff --git a/src/libpts/pts/pts_pcr.c b/src/libimcv/pts/pts_pcr.c
similarity index 100%
rename from src/libpts/pts/pts_pcr.c
rename to src/libimcv/pts/pts_pcr.c
diff --git a/src/libpts/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h
similarity index 100%
rename from src/libpts/pts/pts_pcr.h
rename to src/libimcv/pts/pts_pcr.h
diff --git a/src/libpts/pts/pts_proto_caps.h b/src/libimcv/pts/pts_proto_caps.h
similarity index 100%
rename from src/libpts/pts/pts_proto_caps.h
rename to src/libimcv/pts/pts_proto_caps.h
diff --git a/src/libpts/pts/pts_req_func_comp_evid.h b/src/libimcv/pts/pts_req_func_comp_evid.h
similarity index 100%
rename from src/libpts/pts/pts_req_func_comp_evid.h
rename to src/libimcv/pts/pts_req_func_comp_evid.h
diff --git a/src/libpts/pts/pts_simple_evid_final.h b/src/libimcv/pts/pts_simple_evid_final.h
similarity index 100%
rename from src/libpts/pts/pts_simple_evid_final.h
rename to src/libimcv/pts/pts_simple_evid_final.h
diff --git a/src/libimcv/seg/seg_contract.c b/src/libimcv/seg/seg_contract.c
new file mode 100644
index 0000000..7db702a
--- /dev/null
+++ b/src/libimcv/seg/seg_contract.c
@@ -0,0 +1,479 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_contract.h"
+#include "seg_env.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+
+#include <utils/debug.h>
+#include <bio/bio_writer.h>
+
+#include <tncif_pa_subtypes.h>
+
+typedef struct private_seg_contract_t private_seg_contract_t;
+
+/**
+ * Private data of a seg_contract_t object.
+ */
+struct private_seg_contract_t {
+
+ /**
+ * Public seg_contract_t interface.
+ */
+ seg_contract_t public;
+
+ /**
+ * PA-TNC message type
+ */
+ pen_type_t msg_type;
+
+ /**
+ * Maximum PA-TNC attribute size
+ */
+ uint32_t max_attr_size;
+
+ /**
+ * Maximum PA-TNC attribute segment size
+ */
+ uint32_t max_seg_size;
+
+ /**
+ * Maximum PA-TNC attribute segment size
+ */
+ uint32_t last_base_attr_id;
+
+ /**
+ * List of attribute segment envelopes
+ */
+
+ linked_list_t *seg_envs;
+
+ /**
+ * Is this a null contract?
+ */
+ bool is_null;
+
+ /**
+ * Contract role
+ */
+ bool is_issuer;
+
+ /**
+ * Issuer ID (either IMV or IMC ID)
+ */
+ TNC_UInt32 issuer_id;
+
+ /**
+ * Responder ID (either IMC or IMV ID)
+ */
+ TNC_UInt32 responder_id;
+
+ /**
+ * IMC/IMV role
+ */
+ bool is_imc;
+
+};
+
+METHOD(seg_contract_t, get_msg_type, pen_type_t,
+ private_seg_contract_t *this)
+{
+ return this->msg_type;
+}
+
+METHOD(seg_contract_t, set_max_size, void,
+ private_seg_contract_t *this, uint32_t max_attr_size, uint32_t max_seg_size)
+{
+ this->max_attr_size = max_attr_size;
+ this->max_seg_size = max_seg_size;
+ this->is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE &&
+ max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE;
+}
+
+METHOD(seg_contract_t, get_max_size, void,
+ private_seg_contract_t *this, uint32_t *max_attr_size, uint32_t *max_seg_size)
+{
+ if (max_attr_size)
+ {
+ *max_attr_size = this->max_attr_size;
+ }
+ if (max_seg_size)
+ {
+ *max_seg_size = this->max_seg_size;
+ }
+}
+
+METHOD(seg_contract_t, check_size, bool,
+ private_seg_contract_t *this, pa_tnc_attr_t *attr, bool *oversize)
+{
+ chunk_t attr_value;
+ size_t attr_len;
+
+ *oversize = FALSE;
+
+ if (this->is_null)
+ {
+ /* null segmentation contract */
+ return FALSE;
+ }
+ attr->build(attr);
+ attr_value = attr->get_value(attr);
+ attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
+
+ if (attr_len > this->max_attr_size)
+ {
+ /* oversize attribute */
+ *oversize = TRUE;
+ return FALSE;
+ }
+ if (this->max_seg_size == SEG_CONTRACT_NO_FRAGMENTATION)
+ {
+ /* no fragmentation wanted */
+ return FALSE;
+ }
+ return attr_value.len > this->max_seg_size + TCG_SEG_ATTR_SEG_ENV_HEADER;
+}
+
+METHOD(seg_contract_t, first_segment, pa_tnc_attr_t*,
+ private_seg_contract_t *this, pa_tnc_attr_t *attr)
+{
+ seg_env_t *seg_env;
+
+ seg_env = seg_env_create(++this->last_base_attr_id, attr,
+ this->max_seg_size);
+ if (!seg_env)
+ {
+ return NULL;
+ }
+ this->seg_envs->insert_last(this->seg_envs, seg_env);
+
+ return seg_env->first_segment(seg_env);
+}
+
+METHOD(seg_contract_t, next_segment, pa_tnc_attr_t*,
+ private_seg_contract_t *this, uint32_t base_attr_id)
+{
+ pa_tnc_attr_t *seg_env_attr = NULL;
+ seg_env_t *seg_env;
+ bool last_segment = FALSE;
+ enumerator_t *enumerator;
+
+ enumerator = this->seg_envs->create_enumerator(this->seg_envs);
+ while (enumerator->enumerate(enumerator, &seg_env))
+ {
+ if (seg_env->get_base_attr_id(seg_env) == base_attr_id)
+ {
+ seg_env_attr = seg_env->next_segment(seg_env, &last_segment);
+ if (!seg_env_attr)
+ {
+ break;
+ }
+ if (last_segment)
+ {
+ this->seg_envs->remove_at(this->seg_envs, enumerator);
+ seg_env->destroy(seg_env);
+ }
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return seg_env_attr;
+}
+
+METHOD(seg_contract_t, add_segment, pa_tnc_attr_t*,
+ private_seg_contract_t *this, pa_tnc_attr_t *attr, pa_tnc_attr_t **error,
+ bool *more)
+{
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ seg_env_t *current, *seg_env = NULL;
+ pa_tnc_attr_t *base_attr;
+ pen_type_t error_code;
+ uint32_t base_attr_id;
+ uint8_t flags;
+ chunk_t segment_data, msg_info;
+ enumerator_t *enumerator;
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+ segment_data = seg_env_attr->get_segment(seg_env_attr, &flags);
+ *more = flags & SEG_ENV_FLAG_MORE;
+ *error = NULL;
+
+ enumerator = this->seg_envs->create_enumerator(this->seg_envs);
+ while (enumerator->enumerate(enumerator, ¤t))
+ {
+ if (current->get_base_attr_id(current) == base_attr_id)
+ {
+ seg_env = current;
+ this->seg_envs->remove_at(this->seg_envs, enumerator);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (flags & SEG_ENV_FLAG_START)
+ {
+ if (seg_env)
+ {
+ DBG1(DBG_TNC, "base attribute ID %d is already in use",
+ base_attr_id);
+ this->seg_envs->insert_last(this->seg_envs, seg_env);
+ return NULL;
+ }
+ DBG2(DBG_TNC, "received first segment for base attribute ID %d "
+ "(%d bytes)", base_attr_id, segment_data.len);
+ seg_env = seg_env_create_from_data(base_attr_id, segment_data,
+ this->max_seg_size, error);
+ if (!seg_env)
+ {
+ return NULL;
+ }
+ }
+ else
+ {
+ if (!seg_env)
+ {
+ DBG1(DBG_TNC, "base attribute ID %d not found", base_attr_id);
+ return NULL;
+ }
+ DBG2(DBG_TNC, "received %s segment for base attribute ID %d "
+ "(%d bytes)", (*more) ? "next" : "last", base_attr_id,
+ segment_data.len);
+ if (!seg_env->add_segment(seg_env, segment_data, error))
+ {
+ seg_env->destroy(seg_env);
+ return NULL;
+ }
+ }
+ base_attr = seg_env->get_base_attr(seg_env);
+
+ if (*more)
+ {
+ /* reinsert into list since more segments are to come */
+ this->seg_envs->insert_last(this->seg_envs, seg_env);
+ }
+ else
+ {
+ /* added the last segment */
+ if (!base_attr)
+ {
+ /* base attribute waits for more data */
+ DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
+ msg_info = seg_env->get_base_attr_info(seg_env);
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, PA_TNC_ATTR_INFO_SIZE);
+ }
+ seg_env->destroy(seg_env);
+ }
+ return base_attr;
+}
+
+METHOD(seg_contract_t, is_issuer, bool,
+ private_seg_contract_t *this)
+{
+ return this->is_issuer;
+}
+
+METHOD(seg_contract_t, is_null, bool,
+ private_seg_contract_t *this)
+{
+ return this->is_null;
+}
+
+METHOD(seg_contract_t, set_responder, void,
+ private_seg_contract_t *this, TNC_UInt32 responder_id)
+{
+ this->responder_id = responder_id;
+}
+
+METHOD(seg_contract_t, get_responder, TNC_UInt32,
+ private_seg_contract_t *this)
+{
+ return this->responder_id;
+}
+
+METHOD(seg_contract_t, get_issuer, TNC_UInt32,
+ private_seg_contract_t *this)
+{
+ return this->issuer_id;
+}
+
+METHOD(seg_contract_t, clone_, seg_contract_t*,
+ private_seg_contract_t *this)
+{
+ private_seg_contract_t *clone;
+
+ clone = malloc_thing(private_seg_contract_t);
+ memcpy(clone, this, sizeof(private_seg_contract_t));
+ clone->seg_envs = linked_list_create();
+
+ return &clone->public;
+}
+
+METHOD(seg_contract_t, get_info_string, void,
+ private_seg_contract_t *this, char *buf, size_t len, bool request)
+{
+ enum_name_t *pa_subtype_names;
+ uint32_t msg_vid, msg_subtype;
+ char *pos = buf;
+ int written;
+
+ /* nul-terminate the string buffer */
+ buf[--len] = '\0';
+
+ if (this->is_issuer && request)
+ {
+ written = snprintf(pos, len, "%s %d requests",
+ this->is_imc ? "IMC" : "IMV", this->issuer_id);
+ }
+ else
+ {
+ written = snprintf(pos, len, "%s %d received",
+ this->is_imc ? "IMC" : "IMV",
+ this->is_issuer ? this->issuer_id :
+ this->responder_id);
+ }
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ written = snprintf(pos, len, " a %ssegmentation contract%s ",
+ this->is_null ? "null" : "", request ?
+ (this->is_issuer ? "" : " request") : " response");
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if ((!this->is_issuer && this->issuer_id != TNC_IMVID_ANY) ||
+ ( this->is_issuer && this->responder_id != TNC_IMVID_ANY))
+ {
+ written = snprintf(pos, len, "from %s %d ",
+ this->is_imc ? "IMV" : "IMC",
+ this->is_issuer ? this->responder_id :
+ this->issuer_id);
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+ }
+
+ msg_vid = this->msg_type.vendor_id;
+ msg_subtype = this->msg_type.type;
+ pa_subtype_names = get_pa_subtype_names(msg_vid);
+ if (pa_subtype_names)
+ {
+ written = snprintf(pos, len, "for PA message type '%N/%N' "
+ "0x%06x/0x%08x", pen_names, msg_vid,
+ pa_subtype_names, msg_subtype, msg_vid,
+ msg_subtype);
+ }
+ else
+ {
+ written = snprintf(pos, len, "for PA message type '%N' "
+ "0x%06x/0x%08x", pen_names, msg_vid,
+ msg_vid, msg_subtype);
+ }
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if (!this->is_null)
+ {
+ written = snprintf(pos, len, "\n maximum attribute size of %u bytes "
+ "with ", this->max_attr_size);
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if (this->max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE)
+ {
+ written = snprintf(pos, len, "no segmentation");
+ }
+ else
+ {
+ written = snprintf(pos, len, "maximum segment size of %u bytes",
+ this->max_seg_size);
+ }
+ }
+}
+
+METHOD(seg_contract_t, destroy, void,
+ private_seg_contract_t *this)
+{
+ this->seg_envs->destroy_offset(this->seg_envs, offsetof(seg_env_t, destroy));
+ free(this);
+}
+
+/**
+ * See header
+ */
+seg_contract_t *seg_contract_create(pen_type_t msg_type,
+ uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool is_issuer, TNC_UInt32 issuer_id,
+ bool is_imc)
+{
+ private_seg_contract_t *this;
+
+ INIT(this,
+ .public = {
+ .get_msg_type = _get_msg_type,
+ .set_max_size = _set_max_size,
+ .get_max_size = _get_max_size,
+ .check_size = _check_size,
+ .first_segment = _first_segment,
+ .next_segment = _next_segment,
+ .add_segment = _add_segment,
+ .is_issuer = _is_issuer,
+ .is_null = _is_null,
+ .set_responder = _set_responder,
+ .get_responder = _get_responder,
+ .get_issuer = _get_issuer,
+ .clone = _clone_,
+ .get_info_string = _get_info_string,
+ .destroy = _destroy,
+ },
+ .msg_type = msg_type,
+ .max_attr_size = max_attr_size,
+ .max_seg_size = max_seg_size,
+ .seg_envs = linked_list_create(),
+ .is_issuer = is_issuer,
+ .issuer_id = issuer_id,
+ .responder_id = is_imc ? TNC_IMVID_ANY : TNC_IMCID_ANY,
+ .is_imc = is_imc,
+ .is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE &&
+ max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE,
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libimcv/seg/seg_contract.h b/src/libimcv/seg/seg_contract.h
new file mode 100644
index 0000000..23676a9
--- /dev/null
+++ b/src/libimcv/seg/seg_contract.h
@@ -0,0 +1,180 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_contract seg_contract
+ * @{ @ingroup libimcv_seg
+ */
+
+#ifndef SEG_CONTRACT_H_
+#define SEG_CONTRACT_H_
+
+typedef struct seg_contract_t seg_contract_t;
+
+#include "pa_tnc/pa_tnc_attr.h"
+
+#include <library.h>
+#include <pen/pen.h>
+
+#include <tncif.h>
+
+#define SEG_CONTRACT_MAX_SIZE_VALUE 0xffffffff
+#define SEG_CONTRACT_NO_FRAGMENTATION SEG_CONTRACT_MAX_SIZE_VALUE
+
+/**
+ * Interface for a PA-TNC attribute segmentation contract
+ *
+ */
+struct seg_contract_t {
+
+ /**
+ * Get the PA-TNC message type.
+ *
+ * @return PA-TNC Message type
+ */
+ pen_type_t (*get_msg_type)(seg_contract_t *this);
+
+ /**
+ * Set maximum PA-TNC attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ */
+ void (*set_max_size)(seg_contract_t *this, uint32_t max_attr_size,
+ uint32_t max_seg_size);
+
+ /**
+ * Get maximum PA-TNC attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ */
+ void (*get_max_size)(seg_contract_t *this, uint32_t *max_attr_size,
+ uint32_t *max_seg_size);
+
+ /**
+ * Check if a PA-TNC attribute must be segmented or is oversized
+ *
+ * @param attr PA-TNC attribute to be checked
+ * @param oversize PA-TNC attribute is larger than maximum size
+ * @return TRUE if PA-TNC attribute must be segmented
+ */
+ bool (*check_size)(seg_contract_t *this, pa_tnc_attr_t *attr,
+ bool *oversize);
+
+ /**
+ * Generate first segment of a PA-TNC attribute according to the contract
+ *
+ * @param attr PA-TNC attribute to be segmented
+ * @return First segment envelope attribute
+ */
+ pa_tnc_attr_t* (*first_segment)(seg_contract_t *this, pa_tnc_attr_t *attr);
+
+ /**
+ * Generate next segment of a PA-TNC attribute according to the contract
+ *
+ * @param base_attr_id Base Attribute ID
+ * @return Next segment envelope attribute
+ */
+ pa_tnc_attr_t* (*next_segment)(seg_contract_t *this, uint32_t base_attr_id);
+
+ /**
+ * Add an attribute segments until the PA-TNC attribute is reconstructed
+ *
+ * @param attr Segment envelope attribute
+ * @param error Error attribute if an error occurred or NULL
+ * @param more Need more segments
+ * @return Completed PA-TNC attribute or NULL
+ */
+ pa_tnc_attr_t* (*add_segment)(seg_contract_t *this,
+ pa_tnc_attr_t *attr, pa_tnc_attr_t **error,
+ bool *more);
+
+ /**
+ * Get contract role
+ *
+ * @return TRUE: contracting party (issuer),
+ * FALSE: contracted party
+ */
+ bool (*is_issuer)(seg_contract_t *this);
+
+ /**
+ * Is this a null contract ?
+ *
+ * @return TRUE if null contract
+ */
+ bool (*is_null)(seg_contract_t *this);
+
+ /**
+ * Set the responder ID
+ *
+ * @param responder IMC or IMV ID of responder
+ */
+ void (*set_responder)(seg_contract_t *this, TNC_UInt32 responder);
+
+ /**
+ * Get the responder ID
+ *
+ * @return IMC or IMV ID of responder
+ */
+ TNC_UInt32 (*get_responder)(seg_contract_t *this);
+
+ /**
+ * Get the issuer ID
+ *
+ * @return IMC or IMV ID of issuer
+ */
+ TNC_UInt32 (*get_issuer)(seg_contract_t *this);
+
+ /**
+ * Clone a contract
+ *
+ * @return Cloned contract
+ */
+ seg_contract_t* (*clone)(seg_contract_t *this);
+
+ /**
+ * Get an info string about the contract
+ *
+ * @param buf String buffer of at least size len
+ * @param len Size of string buffer
+ * @param request TRUE if contract request, FALSE if response
+ */
+ void (*get_info_string)(seg_contract_t *this, char *buf, size_t len,
+ bool request);
+
+ /**
+ * Destroys a seg_contract_t object.
+ */
+ void (*destroy)(seg_contract_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segmentation contract
+ *
+ * @param msg_type PA-TNC message type
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ * @param is_issuer TRUE if issuer of the contract
+ * @param issuer_id IMC or IMV ID of issuer
+ * @param is_imc TRUE if IMC, FALSE if IMV
+ */
+seg_contract_t* seg_contract_create(pen_type_t msg_type,
+ uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool is_issuer, TNC_UInt32 issuer_id,
+ bool is_imc);
+
+#endif /** SEG_CONTRACT_H_ @}*/
diff --git a/src/libimcv/seg/seg_contract_manager.c b/src/libimcv/seg/seg_contract_manager.c
new file mode 100644
index 0000000..604c511
--- /dev/null
+++ b/src/libimcv/seg/seg_contract_manager.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_contract_manager.h"
+
+typedef struct private_seg_contract_manager_t private_seg_contract_manager_t;
+
+/**
+ * Private data of a seg_contract_manager_t object.
+ *
+ */
+struct private_seg_contract_manager_t {
+
+ /**
+ * Public seg_contract_manager_t interface.
+ */
+ seg_contract_manager_t public;
+
+ /**
+ * List of PA-TNC segmentation contracts
+ */
+ linked_list_t *contracts;
+
+};
+
+METHOD(seg_contract_manager_t, add_contract, void,
+ private_seg_contract_manager_t *this, seg_contract_t *contract)
+{
+ this->contracts->insert_last(this->contracts, contract);
+}
+
+METHOD(seg_contract_manager_t, get_contract, seg_contract_t*,
+ private_seg_contract_manager_t *this, pen_type_t msg_type, bool is_issuer,
+ TNC_UInt32 id)
+{
+ enumerator_t *enumerator;
+ seg_contract_t *contract, *found = NULL;
+
+ enumerator = this->contracts->create_enumerator(this->contracts);
+ while (enumerator->enumerate(enumerator, &contract))
+ {
+ if (contract->is_issuer(contract) == is_issuer &&
+ pen_type_equals(contract->get_msg_type(contract), msg_type) &&
+ id == (is_issuer ? contract->get_responder(contract) :
+ contract->get_issuer(contract)))
+ {
+ found = contract;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return found;
+}
+
+METHOD(seg_contract_manager_t, destroy, void,
+ private_seg_contract_manager_t *this)
+{
+ this->contracts->destroy_offset(this->contracts,
+ offsetof(seg_contract_t, destroy));
+ free(this);
+}
+
+/**
+ * See header
+ */
+seg_contract_manager_t *seg_contract_manager_create(void)
+{
+ private_seg_contract_manager_t *this;
+
+ INIT(this,
+ .public = {
+ .add_contract = _add_contract,
+ .get_contract = _get_contract,
+ .destroy = _destroy,
+ },
+ .contracts = linked_list_create(),
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libimcv/seg/seg_contract_manager.h b/src/libimcv/seg/seg_contract_manager.h
new file mode 100644
index 0000000..fa9d23c
--- /dev/null
+++ b/src/libimcv/seg/seg_contract_manager.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_contract_manager seg_contract_manager
+ * @{ @ingroup libimcv_seg
+ */
+
+#ifndef SEG_CONTRACT_MANAGER_H_
+#define SEG_CONTRACT_MANAGER_H_
+
+typedef struct seg_contract_manager_t seg_contract_manager_t;
+
+#include "seg_contract.h"
+
+/**
+ * Interface for a PA-TNC attribute segmentation contract manager
+ *
+ */
+struct seg_contract_manager_t {
+
+ /**
+ * Add segmentation contract
+ *
+ * @param contract Segmentation contract to be added
+ */
+ void (*add_contract)(seg_contract_manager_t *this, seg_contract_t *contract);
+
+ /**
+ * Get segmentation contract
+ *
+ * @param msg_type PA-TNC message type governed by contract
+ * @param is_issuer If TRUE get only issuer contracts
+ * @param id Match either issuer or responder ID
+ */
+ seg_contract_t* (*get_contract)(seg_contract_manager_t *this,
+ pen_type_t msg_type, bool is_issuer,
+ TNC_UInt32 id);
+
+ /**
+ * Destroys a seg_contract_manager_t object.
+ */
+ void (*destroy)(seg_contract_manager_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segmentation contract manager
+ */
+seg_contract_manager_t* seg_contract_manager_create();
+
+#endif /** SEG_CONTRACT_MANAGER_H_ @}*/
diff --git a/src/libimcv/seg/seg_env.c b/src/libimcv/seg/seg_env.c
new file mode 100644
index 0000000..c47ce29
--- /dev/null
+++ b/src/libimcv/seg/seg_env.c
@@ -0,0 +1,306 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_env.h"
+
+#include "imcv.h"
+#include "pa_tnc/pa_tnc_msg.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+
+#include <utils/debug.h>
+#include <bio/bio_reader.h>
+#include <bio/bio_writer.h>
+
+#define BASE_ATTR_ID_PREFIX 0xFF
+
+typedef struct private_seg_env_t private_seg_env_t;
+
+/**
+ * Private data of a seg_env_t object.
+ */
+struct private_seg_env_t {
+
+ /**
+ * Public seg_env_t interface.
+ */
+ seg_env_t public;
+
+ /**
+ * Base Attribute ID
+ */
+ uint32_t base_attr_id;
+
+ /**
+ * Base Attribute
+ */
+ pa_tnc_attr_t *base_attr;
+
+ /**
+ * Base Attribute Info to be used for PA-TNC error messages
+ */
+ u_char base_attr_info[8];
+
+ /**
+ * Base Attribute needs more segment data
+ */
+ bool need_more;
+
+ /**
+ * Pointer to remaining attribute data to be sent
+ */
+ chunk_t data;
+
+ /**
+ * Maximum PA-TNC attribute segment size
+ */
+ uint32_t max_seg_size;
+
+};
+
+METHOD(seg_env_t, get_base_attr_id, uint32_t,
+ private_seg_env_t *this)
+{
+ return this->base_attr_id;
+}
+
+METHOD(seg_env_t, get_base_attr, pa_tnc_attr_t*,
+ private_seg_env_t *this)
+{
+ return this->need_more ? NULL : this->base_attr->get_ref(this->base_attr);
+}
+
+METHOD(seg_env_t, get_base_attr_info, chunk_t,
+ private_seg_env_t *this)
+{
+ return chunk_create(this->base_attr_info, 8);
+}
+
+METHOD(seg_env_t, first_segment, pa_tnc_attr_t*,
+ private_seg_env_t *this)
+{
+ pa_tnc_attr_t *seg_env_attr;
+ bio_writer_t *writer;
+ pen_type_t type;
+ chunk_t segment_data, value;
+ uint8_t flags, seg_env_flags;
+
+ /* get components of base attribute header and data */
+ flags = this->base_attr->get_noskip_flag(this->base_attr) ?
+ PA_TNC_ATTR_FLAG_NOSKIP : PA_TNC_ATTR_FLAG_NONE;
+ type = this->base_attr->get_type(this->base_attr);
+
+ /* attribute data going into the first segment */
+ segment_data = this->data;
+ segment_data.len = this->max_seg_size - PA_TNC_ATTR_HEADER_SIZE;
+
+ /* build encoding of the base attribute header and first segment data */
+ writer = bio_writer_create(this->max_seg_size);
+ writer->write_uint8 (writer, flags);
+ writer->write_uint24(writer, type.vendor_id);
+ writer->write_uint32(writer, type.type);
+ writer->write_uint32(writer, PA_TNC_ATTR_HEADER_SIZE + this->data.len);
+ writer->write_data (writer, segment_data);
+ value = writer->extract_buf(writer);
+ writer->destroy(writer);
+ this->data = chunk_skip(this->data, segment_data.len);
+
+ DBG2(DBG_TNC, "creating first segment for base attribute ID %d (%d bytes)",
+ this->base_attr_id, this->max_seg_size);
+
+ seg_env_flags = SEG_ENV_FLAG_START | SEG_ENV_FLAG_MORE;
+ seg_env_attr = tcg_seg_attr_seg_env_create(value, seg_env_flags,
+ this->base_attr_id);
+ chunk_free(&value);
+
+ return seg_env_attr;
+}
+
+METHOD(seg_env_t, next_segment, pa_tnc_attr_t*,
+ private_seg_env_t *this, bool *last)
+{
+ pa_tnc_attr_t *seg_env_attr;
+ chunk_t segment_data;
+ uint8_t seg_env_flags;
+ bool is_last_segment;
+
+ if (this->data.len == 0)
+ {
+ /* no more attribute data to segment available */
+ return NULL;
+ }
+
+ /* attribute data going into the next segment */
+ segment_data = this->data;
+ segment_data.len = min(this->max_seg_size, this->data.len);
+ this->data = chunk_skip(this->data, segment_data.len);
+
+ is_last_segment = (this->data.len == 0);
+ if (last)
+ {
+ *last = is_last_segment;
+ }
+ DBG2(DBG_TNC, "creating %s segment for base attribute ID %d (%d bytes)",
+ is_last_segment ? "last" : "next", this->base_attr_id,
+ segment_data.len);
+
+ seg_env_flags = is_last_segment ? SEG_ENV_FLAG_NONE : SEG_ENV_FLAG_MORE;
+ seg_env_attr = tcg_seg_attr_seg_env_create(segment_data, seg_env_flags,
+ this->base_attr_id);
+
+ return seg_env_attr;
+}
+
+METHOD(seg_env_t, add_segment, bool,
+ private_seg_env_t *this, chunk_t segment, pa_tnc_attr_t **error)
+{
+ pen_type_t type, error_code;
+ uint32_t attr_offset;
+ chunk_t msg_info;
+ status_t status;
+
+ this->base_attr->add_segment(this->base_attr, segment);
+ status = this->base_attr->process(this->base_attr, &attr_offset);
+
+ if (status != SUCCESS && status != NEED_MORE)
+ {
+ type = this->base_attr->get_type(this->base_attr);
+ if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
+ {
+ /* error while processing a PA-TNC error attribute - abort */
+ return FALSE;
+ }
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
+ msg_info = get_base_attr_info(this);
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, PA_TNC_ATTR_HEADER_SIZE + attr_offset);
+ return FALSE;
+ }
+ this->need_more = (status == NEED_MORE);
+
+ return TRUE;
+}
+
+METHOD(seg_env_t, destroy, void,
+ private_seg_env_t *this)
+{
+ DESTROY_IF(this->base_attr);
+ free(this);
+}
+
+/**
+ * See header
+ */
+seg_env_t *seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr,
+ uint32_t max_seg_size)
+{
+ private_seg_env_t *this;
+ chunk_t value;
+
+ base_attr->build(base_attr);
+ value = base_attr->get_value(base_attr);
+
+ /**
+ * The PA-TNC attribute header must not be segmented and
+ * there must be at least a first and one next segment
+ */
+ if (max_seg_size < PA_TNC_ATTR_HEADER_SIZE ||
+ max_seg_size >= PA_TNC_ATTR_HEADER_SIZE + value.len)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_base_attr_id = _get_base_attr_id,
+ .get_base_attr = _get_base_attr,
+ .get_base_attr_info = _get_base_attr_info,
+ .first_segment = _first_segment,
+ .next_segment = _next_segment,
+ .add_segment = _add_segment,
+ .destroy = _destroy,
+ },
+ .base_attr_id = base_attr_id,
+ .base_attr = base_attr->get_ref(base_attr),
+ .max_seg_size = max_seg_size,
+ .data = base_attr->get_value(base_attr),
+ );
+
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+seg_env_t *seg_env_create_from_data(uint32_t base_attr_id, chunk_t data,
+ uint32_t max_seg_size, pa_tnc_attr_t** error)
+{
+ private_seg_env_t *this;
+ pen_type_t type, error_code;
+ bio_reader_t *reader;
+ chunk_t msg_info;
+ uint32_t offset = 0, attr_offset;
+ status_t status;
+
+ INIT(this,
+ .public = {
+ .get_base_attr_id = _get_base_attr_id,
+ .get_base_attr = _get_base_attr,
+ .get_base_attr_info = _get_base_attr_info,
+ .first_segment = _first_segment,
+ .next_segment = _next_segment,
+ .add_segment = _add_segment,
+ .destroy = _destroy,
+ },
+ .base_attr_id = base_attr_id,
+ .max_seg_size = max_seg_size,
+ );
+
+ /* create info field to be used by PA-TNC error messages */
+ memset(this->base_attr_info, 0xff, 4);
+ htoun32(this->base_attr_info + 4, base_attr_id);
+ msg_info = get_base_attr_info(this);
+
+ /* extract from base attribute segment from data */
+ reader = bio_reader_create(data);
+ this->base_attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes,
+ reader, TRUE, &offset, msg_info, error);
+ reader->destroy(reader);
+
+ if (!this->base_attr)
+ {
+ destroy(this);
+ return NULL;
+ }
+ status = this->base_attr->process(this->base_attr, &attr_offset);
+
+ if (status != SUCCESS && status != NEED_MORE)
+ {
+ type = this->base_attr->get_type(this->base_attr);
+ if (!(type.vendor_id == PEN_IETF &&
+ type.type == IETF_ATTR_PA_TNC_ERROR))
+ {
+ error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
+ *error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
+ msg_info, PA_TNC_ATTR_HEADER_SIZE + attr_offset);
+ }
+ destroy(this);
+ return NULL;
+ }
+ this->need_more = (status == NEED_MORE);
+
+ return &this->public;
+}
+
diff --git a/src/libimcv/seg/seg_env.h b/src/libimcv/seg/seg_env.h
new file mode 100644
index 0000000..08d33d7
--- /dev/null
+++ b/src/libimcv/seg/seg_env.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_env seg_env
+ * @{ @ingroup libimcv_seg
+ */
+
+#ifndef SEG_ENV_H_
+#define SEG_ENV_H_
+
+typedef struct seg_env_t seg_env_t;
+typedef enum seg_env_flags_t seg_env_flags_t;
+
+#include <library.h>
+
+#include <pa_tnc/pa_tnc_attr.h>
+
+/**
+ * Segment Envelope flags
+ */
+enum seg_env_flags_t {
+ SEG_ENV_FLAG_NONE = 0,
+ SEG_ENV_FLAG_MORE = (1<<7),
+ SEG_ENV_FLAG_START = (1<<6)
+};
+
+/**
+ * Interface for a PA-TNC attribute segment envelope object
+ */
+struct seg_env_t {
+
+ /**
+ * Get Base Attribute ID
+ *
+ * @return Base Attribute ID
+ */
+ uint32_t (*get_base_attr_id)(seg_env_t *this);
+
+ /**
+ * Get Base Attribute if it contains processed [incremental] data
+ *
+ * @return Base Attribute (must be destroyed) or NULL
+ */
+ pa_tnc_attr_t* (*get_base_attr)(seg_env_t *this);
+
+ /**
+ * Base Attribute Info to be used by PA-TNC error messages
+ *
+ * @return Message info string
+ */
+ chunk_t (*get_base_attr_info)(seg_env_t *this);
+
+ /**
+ * Generate the first segment envelope of the base attribute
+ *
+ * @return First attribute segment envelope
+ */
+ pa_tnc_attr_t* (*first_segment)(seg_env_t *this);
+
+ /**
+ * Generate the next segment envelope of the base attribute
+ *
+ * @param last TRUE if last segment
+ * @return Next attribute segment envelope
+ */
+ pa_tnc_attr_t* (*next_segment)(seg_env_t *this, bool *last);
+
+ /**
+ * Generate the first segment envelope of the base attribute
+ *
+ * @param segment Attribute segment to be added
+ * @param error Error attribute if a parsing error occurred
+ * return TRUE if segment was successfully added
+ */
+ bool (*add_segment)(seg_env_t *this, chunk_t segment,
+ pa_tnc_attr_t** error);
+
+ /**
+ * Destroys a seg_env_t object.
+ */
+ void (*destroy)(seg_env_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segment envelope object
+ *
+ * @param base_attr_id Base Attribute ID
+ * @param base_attr Base Attribute to be segmented
+ * @param max_seg_size Maximum segment size
+ */
+seg_env_t* seg_env_create(uint32_t base_attr_id, pa_tnc_attr_t *base_attr,
+ uint32_t max_seg_size);
+
+/**
+ * Create a PA-TNC attribute segment envelope object
+ *
+ * @param base_attr_id Base Attribute ID
+ * @param data First attribute segment
+ * @param max_seg_size Maximum segment size
+ * @param error Error attribute if a parsing error occurred
+ */
+seg_env_t* seg_env_create_from_data(uint32_t base_attr_id, chunk_t data,
+ uint32_t max_seg_size,
+ pa_tnc_attr_t** error);
+
+#endif /** SEG_ENV_H_ @}*/
diff --git a/src/libimcv/suites/test_imcv_seg.c b/src/libimcv/suites/test_imcv_seg.c
new file mode 100644
index 0000000..469b111
--- /dev/null
+++ b/src/libimcv/suites/test_imcv_seg.c
@@ -0,0 +1,738 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <imcv.h>
+#include <pa_tnc/pa_tnc_attr.h>
+#include <seg/seg_env.h>
+#include <seg/seg_contract.h>
+#include <seg/seg_contract_manager.h>
+#include <ietf/ietf_attr_pa_tnc_error.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_command.h>
+#include <ita/ita_attr_dummy.h>
+#include <tcg/seg/tcg_seg_attr_seg_env.h>
+
+#include <tncif_pa_subtypes.h>
+
+static struct {
+ uint32_t max_seg_size, next_segs, last_seg_size;
+} seg_env_tests[] = {
+ { 0, 0, 0 },
+ { 11, 0, 0 },
+ { 12, 3, 12 },
+ { 13, 3, 9 },
+ { 15, 3, 3 },
+ { 16, 2, 16 },
+ { 17, 2, 14 },
+ { 23, 2, 2 },
+ { 24, 1, 24 },
+ { 25, 1, 23 },
+ { 47, 1, 1 },
+ { 48, 0, 0 },
+};
+
+static char command[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static uint32_t id = 0x123456;
+
+START_TEST(test_imcv_seg_env)
+{
+ pa_tnc_attr_t *attr, *attr1, *base_attr, *base_attr1, *error;
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ ita_attr_command_t *ita_attr;
+ seg_env_t *seg_env, *seg_env1;
+ pen_type_t type;
+ uint32_t base_attr_id, max_seg_size, last_seg_size, seg_size, offset;
+ uint8_t flags;
+ bool last, last_seg;
+ chunk_t value, segment, seg;
+ int n;
+
+ libimcv_init(FALSE);
+ max_seg_size = seg_env_tests[_i].max_seg_size;
+ last_seg_size = seg_env_tests[_i].last_seg_size;
+ base_attr = ita_attr_command_create(command);
+ base_attr->build(base_attr);
+
+ seg_env = seg_env_create(id, base_attr, max_seg_size);
+ if (seg_env_tests[_i].next_segs == 0)
+ {
+ ck_assert(seg_env == NULL);
+ }
+ else
+ {
+ ck_assert(seg_env->get_base_attr_id(seg_env) == id);
+ base_attr1 = seg_env->get_base_attr(seg_env);
+ ck_assert(base_attr == base_attr1);
+ base_attr1->destroy(base_attr1);
+
+ for (n = 0; n <= seg_env_tests[_i].next_segs; n++)
+ {
+ last_seg = (n == seg_env_tests[_i].next_segs);
+ seg_size = (last_seg) ? last_seg_size : max_seg_size;
+ if (n == 0)
+ {
+ /* create first segment */
+ attr = seg_env->first_segment(seg_env);
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ segment = seg_env_attr->get_segment(seg_env_attr, &flags);
+ if (max_seg_size > 12)
+ {
+ seg = chunk_create(command, seg_size - 12);
+ ck_assert(chunk_equals(seg, chunk_skip(segment, 12)));
+ }
+ ck_assert(flags == (SEG_ENV_FLAG_MORE | SEG_ENV_FLAG_START));
+ }
+ else
+ {
+ /* create next segments */
+ attr = seg_env->next_segment(seg_env, &last);
+ ck_assert(last == last_seg);
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ segment = seg_env_attr->get_segment(seg_env_attr, &flags);
+ seg = chunk_create(command + n * max_seg_size - 12, seg_size);
+ ck_assert(chunk_equals(seg, segment));
+ ck_assert(flags == last_seg ? SEG_ENV_FLAG_NONE :
+ SEG_ENV_FLAG_MORE);
+ }
+
+ /* check built segment envelope attribute */
+ value = attr->get_value(attr);
+ ck_assert(value.len == 4 + seg_size);
+ ck_assert(segment.len == seg_size);
+ ck_assert(seg_env_attr->get_base_attr_id(seg_env_attr) == id);
+
+ /* create parse segment envelope attribute from data */
+ attr1 = tcg_seg_attr_seg_env_create_from_data(value.len, value);
+ ck_assert(attr1->process(attr1, &offset) == SUCCESS);
+ attr->destroy(attr);
+
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr1;
+ segment = seg_env_attr->get_segment(seg_env_attr, &flags);
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+ ck_assert(base_attr_id == id);
+
+ /* create and update seg_env object on the receiving side */
+ if (n == 0)
+ {
+ ck_assert(flags == (SEG_ENV_FLAG_MORE | SEG_ENV_FLAG_START));
+ seg_env1 = seg_env_create_from_data(base_attr_id, segment,
+ max_seg_size, &error);
+ }
+ else
+ {
+ ck_assert(flags == last_seg ? SEG_ENV_FLAG_NONE :
+ SEG_ENV_FLAG_MORE);
+ seg_env1->add_segment(seg_env1, segment, &error);
+ }
+ attr1->destroy(attr1);
+ }
+
+ /* check reconstructed base attribute */
+ base_attr1 = seg_env1->get_base_attr(seg_env1);
+ ck_assert(base_attr1);
+ type = base_attr1->get_type(base_attr1);
+ ck_assert(type.vendor_id == PEN_ITA);
+ ck_assert(type.type == ITA_ATTR_COMMAND);
+ ita_attr = (ita_attr_command_t*)base_attr1;
+ ck_assert(streq(ita_attr->get_command(ita_attr), command));
+
+ seg_env->destroy(seg_env);
+ seg_env1->destroy(seg_env1);
+ base_attr1->destroy(base_attr1);
+ }
+ base_attr->destroy(base_attr);
+ libimcv_deinit();
+}
+END_TEST
+
+START_TEST(test_imcv_seg_env_special)
+{
+ pa_tnc_attr_t *attr, *attr1, *base_attr;
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ pen_type_t type;
+ seg_env_t *seg_env;
+ chunk_t segment, value;
+ uint32_t max_seg_size = 47;
+ uint32_t last_seg_size = 1;
+ uint32_t offset = 12;
+
+ base_attr = ita_attr_command_create(command);
+ base_attr->build(base_attr);
+
+ /* set noskip flag in base attribute */
+ base_attr->set_noskip_flag(base_attr, TRUE);
+
+ seg_env = seg_env_create(id, base_attr, max_seg_size);
+ attr = seg_env->first_segment(seg_env);
+ attr->destroy(attr);
+
+ /* don't return last segment indicator */
+ attr = seg_env->next_segment(seg_env, NULL);
+
+ /* build attribute */
+ attr->build(attr);
+
+ /* don't return flags */
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ segment = seg_env_attr->get_segment(seg_env_attr, NULL);
+ ck_assert(segment.len == last_seg_size);
+
+ /* get segment envelope attribute reference and destroy it */
+ attr1 = attr->get_ref(attr);
+ attr1->destroy(attr1);
+
+ /* check some standard methods */
+ type = attr->get_type(attr);
+ ck_assert(type.vendor_id == PEN_TCG);
+ ck_assert(type.type == TCG_SEG_ATTR_SEG_ENV);
+ ck_assert(attr->get_noskip_flag(attr) == FALSE);
+ attr->set_noskip_flag(attr, TRUE);
+ ck_assert(attr->get_noskip_flag(attr) == TRUE);
+
+ /* request next segment which does not exist */
+ ck_assert(seg_env->next_segment(seg_env, NULL) == NULL);
+
+ /* create and parse a too short segment envelope attribute */
+ attr1 = tcg_seg_attr_seg_env_create_from_data(0, chunk_empty);
+ ck_assert(attr1->process(attr1, &offset) == FAILED);
+ ck_assert(offset == 0);
+ attr1->destroy(attr1);
+
+ /* create and parse correct segment envelope attribute */
+ value = attr->get_value(attr);
+ attr1 = tcg_seg_attr_seg_env_create_from_data(value.len, value);
+ ck_assert(attr1->process(attr1, &offset) == SUCCESS);
+ type = attr1->get_type(attr1);
+ ck_assert(type.vendor_id == PEN_TCG);
+ ck_assert(type.type == TCG_SEG_ATTR_SEG_ENV);
+ attr1->destroy(attr1);
+
+ /* cleanup */
+ attr->destroy(attr);
+ seg_env->destroy(seg_env);
+ base_attr->destroy(base_attr);
+}
+END_TEST
+
+static struct {
+ pa_tnc_error_code_t error_code;
+ chunk_t segment;
+} env_invalid_tests[] = {
+ { PA_ERROR_INVALID_PARAMETER, { NULL, 0 } },
+ { PA_ERROR_INVALID_PARAMETER, chunk_from_chars(
+ 0x00, 0xff, 0xff, 0xf0, 0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x0a)
+ },
+ { PA_ERROR_INVALID_PARAMETER, chunk_from_chars(
+ 0x00, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_INVALID_PARAMETER, chunk_from_chars(
+ 0x00, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, chunk_from_chars(
+ 0x80, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_RESERVED, chunk_from_chars(
+ 0x00, 0x00, 0x90, 0x2a, 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_RESERVED, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x0c)
+ },
+ { PA_ERROR_INVALID_PARAMETER, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x0c)
+ }
+};
+
+START_TEST(test_imcv_seg_env_invalid)
+{
+ seg_env_t *seg_env;
+ pen_type_t error_code;
+ pa_tnc_attr_t*error;
+ ietf_attr_pa_tnc_error_t *error_attr;
+
+ libimcv_init(FALSE);
+ seg_env = seg_env_create_from_data(id, env_invalid_tests[_i].segment, 20,
+ &error);
+ ck_assert(seg_env == NULL);
+ if (env_invalid_tests[_i].error_code == PA_ERROR_RESERVED)
+ {
+ ck_assert(error == NULL);
+ }
+ else
+ {
+ ck_assert(error);
+ error->build(error);
+ error_attr = (ietf_attr_pa_tnc_error_t*)error;
+ error_code = error_attr->get_error_code(error_attr);
+ ck_assert(error_code.vendor_id == PEN_IETF);
+ ck_assert(error_code.type == env_invalid_tests[_i].error_code);
+ error->destroy(error);
+ }
+ libimcv_deinit();
+}
+END_TEST
+
+START_TEST(test_imcv_seg_contract)
+{
+ seg_contract_t *contract_i, *contract_r;
+ tcg_seg_attr_seg_env_t *seg_env_attr;
+ ita_attr_command_t *ita_attr;
+ pa_tnc_attr_t *attr, *base_attr_i, *base_attr_r, *error;
+ pen_type_t type, msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST };
+ uint32_t max_seg_size, max_attr_size = 1000, issuer_id = 1;
+ uint32_t base_attr_id;
+ bool more;
+
+ libimcv_init(FALSE);
+ max_seg_size = seg_env_tests[_i].max_seg_size;
+ base_attr_r = ita_attr_command_create(command);
+ base_attr_r->build(base_attr_r);
+ contract_i = seg_contract_create(msg_type, max_attr_size, max_seg_size,
+ TRUE, issuer_id, FALSE);
+ contract_r = seg_contract_create(msg_type, max_attr_size, max_seg_size,
+ FALSE, issuer_id, TRUE);
+ attr = contract_r->first_segment(contract_r, base_attr_r);
+
+ if (seg_env_tests[_i].next_segs == 0)
+ {
+ ck_assert(attr == NULL);
+ }
+ else
+ {
+ ck_assert(attr);
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+ ck_assert(base_attr_id == 1);
+ base_attr_i = contract_i->add_segment(contract_i, attr, &error, &more);
+ ck_assert(base_attr_i == NULL);
+ attr->destroy(attr);
+ ck_assert(more);
+ while (more)
+ {
+ attr = contract_r->next_segment(contract_r, base_attr_id);
+ ck_assert(attr);
+ seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+ base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+ ck_assert(base_attr_id == 1);
+ base_attr_i = contract_i->add_segment(contract_i, attr, &error,
+ &more);
+ attr->destroy(attr);
+ }
+ ck_assert(base_attr_i);
+ ck_assert(error == NULL);
+ type = base_attr_i->get_type(base_attr_i);
+ ck_assert(pen_type_equals(type, base_attr_r->get_type(base_attr_r)));
+ ita_attr = (ita_attr_command_t*)base_attr_i;
+ ck_assert(streq(ita_attr->get_command(ita_attr), command));
+ base_attr_i->destroy(base_attr_i);
+ }
+ contract_i->destroy(contract_i);
+ contract_r->destroy(contract_r);
+ base_attr_r->destroy(base_attr_r);
+ libimcv_deinit();
+}
+END_TEST
+
+START_TEST(test_imcv_seg_contract_special)
+{
+ seg_contract_t *contract_i, *contract_r;
+ tcg_seg_attr_seg_env_t *seg_env_attr1, *seg_env_attr2;
+ ita_attr_command_t *ita_attr;
+ pa_tnc_attr_t *base_attr1_i, *base_attr2_i, *base_attr1_r, *base_attr2_r;
+ pa_tnc_attr_t *attr1_f, *attr2_f, *attr1_n, *attr2_n, *attr3, *error;
+ pen_type_t type, msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST };
+ uint32_t max_seg_size, max_attr_size, issuer_id = 1;
+ uint32_t base_attr1_id, base_attr2_id;
+ char info[512];
+ bool oversize, more;
+
+ libimcv_init(FALSE);
+
+ /* create two base attributes to be segmented */
+ base_attr1_r = ita_attr_command_create(command);
+ base_attr2_r = ita_attr_dummy_create(129);
+ base_attr1_r->build(base_attr1_r);
+ base_attr2_r->build(base_attr2_r);
+
+ /* create an issuer contract*/
+ contract_i = seg_contract_create(msg_type, 1000, 47,
+ TRUE, issuer_id, FALSE);
+ ck_assert(pen_type_equals(contract_i->get_msg_type(contract_i), msg_type));
+ ck_assert(contract_i->is_issuer(contract_i));
+ ck_assert(!contract_i->is_null(contract_i));
+
+ /* set null contract */
+ contract_i->set_max_size(contract_i, SEG_CONTRACT_MAX_SIZE_VALUE,
+ SEG_CONTRACT_MAX_SIZE_VALUE);
+ ck_assert(contract_i->is_null(contract_i));
+
+ /* set and get maximum attribute and segment sizes */
+ contract_i->set_max_size(contract_i, 1000, 47);
+ contract_i->get_max_size(contract_i, NULL, NULL);
+ contract_i->get_max_size(contract_i, &max_attr_size, &max_seg_size);
+ contract_i->get_info_string(contract_i, info, sizeof(info), TRUE);
+ ck_assert(max_attr_size == 1000 && max_seg_size == 47);
+ ck_assert(!contract_i->is_null(contract_i));
+
+ /* create a null responder contract*/
+ contract_r = seg_contract_create(msg_type, SEG_CONTRACT_MAX_SIZE_VALUE,
+ SEG_CONTRACT_MAX_SIZE_VALUE,
+ FALSE, issuer_id, TRUE);
+ ck_assert(!contract_r->is_issuer(contract_r));
+ ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(!oversize);
+
+ /* allow no fragmentation */
+ contract_r->set_max_size(contract_r, 1000, SEG_CONTRACT_MAX_SIZE_VALUE);
+ ck_assert(!contract_r->is_null(contract_r));
+ ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(!oversize);
+
+ /* no maximum size limit and no fragmentation needed */
+ contract_r->set_max_size(contract_r, SEG_CONTRACT_MAX_SIZE_VALUE, 141);
+ ck_assert(!contract_r->is_null(contract_r));
+ ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(!oversize);
+
+ /* oversize base attribute */
+ contract_r->set_max_size(contract_r, 140, 47);
+ ck_assert(!contract_r->is_null(contract_r));
+ ck_assert(!contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(oversize);
+
+ /* set final maximum attribute and segment sizes */
+ contract_r->set_max_size(contract_r, 141, 47);
+ contract_r->get_info_string(contract_r, info, sizeof(info), TRUE);
+ ck_assert(contract_r->check_size(contract_r, base_attr2_r, &oversize));
+ ck_assert(!oversize);
+
+ /* get first segment of each base attribute */
+ attr1_f = contract_r->first_segment(contract_r, base_attr1_r);
+ attr2_f = contract_r->first_segment(contract_r, base_attr2_r);
+ ck_assert(attr1_f);
+ ck_assert(attr2_f);
+ seg_env_attr1 = (tcg_seg_attr_seg_env_t*)attr1_f;
+ seg_env_attr2 = (tcg_seg_attr_seg_env_t*)attr2_f;
+ base_attr1_id = seg_env_attr1->get_base_attr_id(seg_env_attr1);
+ base_attr2_id = seg_env_attr2->get_base_attr_id(seg_env_attr2);
+ ck_assert(base_attr1_id == 1);
+ ck_assert(base_attr2_id == 2);
+
+ /* get second segment of each base attribute */
+ attr1_n = contract_r->next_segment(contract_r, 1);
+ attr2_n = contract_r->next_segment(contract_r, 2);
+ ck_assert(attr1_n);
+ ck_assert(attr2_n);
+
+ /* process first segment of first base attribute */
+ base_attr1_i = contract_i->add_segment(contract_i, attr1_f, &error, &more);
+ ck_assert(base_attr1_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* reapply first segment of first base attribute */
+ base_attr1_i = contract_i->add_segment(contract_i, attr1_f, &error, &more);
+ ck_assert(base_attr1_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* process stray second segment of second attribute */
+ base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more);
+ ck_assert(base_attr2_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* process first segment of second base attribute */
+ base_attr2_i = contract_i->add_segment(contract_i, attr2_f, &error, &more);
+ ck_assert(base_attr2_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* try to get a segment of a non-existing base-attribute */
+ attr3 = contract_r->next_segment(contract_r, 3);
+ ck_assert(attr3 == NULL);
+
+ /* process second segment of first base attribute */
+ base_attr1_i = contract_i->add_segment(contract_i, attr1_n, &error, &more);
+ ck_assert(base_attr1_i);
+ ck_assert(error == NULL);
+ ck_assert(!more);
+
+ /* process second segment of second base attribute */
+ base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more);
+ ck_assert(base_attr2_i == NULL);
+ ck_assert(error == NULL);
+ ck_assert(more);
+
+ /* destroy first and second segments */
+ attr1_f->destroy(attr1_f);
+ attr2_f->destroy(attr2_f);
+ attr1_n->destroy(attr1_n);
+ attr2_n->destroy(attr2_n);
+
+ /* request surplus segment of first base attribute */
+ attr1_n = contract_r->next_segment(contract_r, 1);
+ ck_assert(attr1_n == NULL);
+
+ /* get last segment of second base attribute */
+ attr2_n = contract_r->next_segment(contract_r, 2);
+ ck_assert(attr2_n);
+
+ /* process last segment of second base attribute */
+ base_attr2_i = contract_i->add_segment(contract_i, attr2_n, &error, &more);
+ attr2_n->destroy(attr2_n);
+ ck_assert(base_attr2_i);
+ ck_assert(error == NULL);
+ ck_assert(!more);
+
+ /* request surplus segment of second base attribute */
+ attr2_n = contract_r->next_segment(contract_r, 2);
+ ck_assert(attr2_n == NULL);
+
+ /* compare original with reconstructed base attributes */
+ type = base_attr1_i->get_type(base_attr1_i);
+ ck_assert(pen_type_equals(type, base_attr1_r->get_type(base_attr1_r)));
+ ita_attr = (ita_attr_command_t*)base_attr1_i;
+ ck_assert(streq(ita_attr->get_command(ita_attr), command));
+
+ type = base_attr2_i->get_type(base_attr2_i);
+ ck_assert(pen_type_equals(type, base_attr2_r->get_type(base_attr2_r)));
+ ck_assert(chunk_equals(base_attr2_i->get_value(base_attr2_i),
+ base_attr2_r->get_value(base_attr2_r)));
+
+ /* cleanup */
+ base_attr1_r->destroy(base_attr1_r);
+ base_attr2_r->destroy(base_attr2_r);
+ base_attr1_i->destroy(base_attr1_i);
+ base_attr2_i->destroy(base_attr2_i);
+ contract_i->destroy(contract_i);
+ contract_r->destroy(contract_r);
+ libimcv_deinit();
+}
+END_TEST
+
+static struct {
+ bool err_f;
+ chunk_t frag_f;
+ bool err_n;
+ bool base_attr;
+ chunk_t frag_n;
+} contract_invalid_tests[] = {
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x01, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x0d),
+ FALSE, TRUE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x01, 0x01 )
+ },
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x02, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x0e),
+ TRUE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x02, 0x01 )
+ },
+ { TRUE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x03, 0x00, 0x00, 0x55, 0x97, 0x00, 0x00, 0x00, 0x23,
+ 0x00, 0x00, 0x00, 0x0d),
+ FALSE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x03, 0x01 )
+ },
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
+ 0x00, 0x00, 0x00, 0x14),
+ FALSE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 )
+ },
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x05, 0x00, 0x00, 0x90, 0x2a, 0x00, 0x00, 0x00, 0x03,
+ 0x00, 0x00, 0x00, 0x0f),
+ TRUE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x05, 0x00, 0x02, 0x01 )
+ },
+ { FALSE, chunk_from_chars(
+ 0xc0, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+ 0x00, 0x00, 0x00, 0x11),
+ TRUE, FALSE, chunk_from_chars(
+ 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0xff )
+ }
+};
+
+START_TEST(test_imcv_seg_contract_invalid)
+{
+ uint32_t max_seg_size = 12, max_attr_size = 100, issuer_id = 1;
+ pen_type_t msg_type = { PEN_ITA, PA_SUBTYPE_ITA_TEST };
+ pa_tnc_attr_t *attr_f, *attr_n, *base_attr, *error;
+ chunk_t value_f, value_n;
+ seg_contract_t *contract;
+ uint32_t offset;
+ bool more;
+
+ libimcv_init(FALSE);
+ value_f = contract_invalid_tests[_i].frag_f;
+ value_n = contract_invalid_tests[_i].frag_n;
+ attr_f = tcg_seg_attr_seg_env_create_from_data(value_f.len, value_f);
+ attr_n = tcg_seg_attr_seg_env_create_from_data(value_n.len, value_n);
+ ck_assert(attr_f->process(attr_f, &offset) == SUCCESS);
+ ck_assert(attr_n->process(attr_n, &offset) == SUCCESS);
+
+ contract = seg_contract_create(msg_type, max_attr_size, max_seg_size,
+ TRUE, issuer_id, FALSE);
+ base_attr = contract->add_segment(contract, attr_f, &error, &more);
+ ck_assert(base_attr == NULL);
+
+ if (contract_invalid_tests[_i].err_f)
+ {
+ ck_assert(error);
+ error->destroy(error);
+ }
+ else
+ {
+ ck_assert(error == NULL);
+ ck_assert(more);
+ base_attr = contract->add_segment(contract, attr_n, &error, &more);
+ if (contract_invalid_tests[_i].err_n)
+ {
+ ck_assert(error);
+ error->destroy(error);
+ }
+ else
+ {
+ ck_assert(error == NULL);
+ }
+ if (contract_invalid_tests[_i].base_attr)
+ {
+ ck_assert(base_attr);
+ base_attr->destroy(base_attr);
+ }
+ }
+
+ /* cleanup */
+ attr_f->destroy(attr_f);
+ attr_n->destroy(attr_n);
+ contract->destroy(contract);
+ libimcv_deinit();
+}
+END_TEST
+
+START_TEST(test_imcv_seg_contract_mgr)
+{
+ char buf[BUF_LEN];
+ uint32_t max_seg_size = 12, max_attr_size = 100;
+ pen_type_t msg_type1 = { PEN_ITA, PA_SUBTYPE_ITA_TEST };
+ pen_type_t msg_type2 = { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM };
+ seg_contract_manager_t *contracts;
+ seg_contract_t *cx, *c1, *c2, *c3, *c4;
+
+ contracts = seg_contract_manager_create();
+
+ /* add contract template as issuer */
+ c1 = seg_contract_create(msg_type1, max_attr_size, max_seg_size,
+ TRUE, 1, FALSE);
+ c1->get_info_string(c1, buf, BUF_LEN, TRUE);
+
+ contracts->add_contract(contracts, c1);
+
+ /* received contract request for msg_type1 as responder */
+ cx = contracts->get_contract(contracts, msg_type1, FALSE, 2);
+ ck_assert(cx == NULL);
+
+ /* add directed contract as responder */
+ c2 = seg_contract_create(msg_type1, max_attr_size, max_seg_size,
+ FALSE, 2, FALSE);
+ c2->set_responder(c2, 1);
+ c2->get_info_string(c2, buf, BUF_LEN, TRUE);
+ contracts->add_contract(contracts, c2);
+
+ /* retrieve this contract */
+ cx = contracts->get_contract(contracts, msg_type1, FALSE, 2);
+ ck_assert(cx == c2);
+
+ /* received directed contract response as issuer */
+ cx = contracts->get_contract(contracts, msg_type1, TRUE, 3);
+ ck_assert(cx == NULL);
+
+ /* get contract template */
+ cx = contracts->get_contract(contracts, msg_type1, TRUE, TNC_IMCID_ANY);
+ ck_assert(cx == c1);
+
+ /* clone the contract template and as it as a directed contract */
+ c3 = cx->clone(cx);
+ c3->set_responder(c3, 3);
+ c3->get_info_string(c3, buf, BUF_LEN, FALSE);
+ contracts->add_contract(contracts, c3);
+
+ /* retrieve this contract */
+ cx = contracts->get_contract(contracts, msg_type1, TRUE, 3);
+ ck_assert(cx == c3);
+
+ /* received contract request for msg_type2 as responder */
+ cx = contracts->get_contract(contracts, msg_type2, FALSE, 2);
+ ck_assert(cx == NULL);
+
+ /* add directed contract as responder */
+ c4 = seg_contract_create(msg_type2, max_attr_size, max_seg_size,
+ FALSE, 2, FALSE);
+ c4->set_responder(c4, 1);
+ contracts->add_contract(contracts, c4);
+
+ /* retrieve this contract */
+ cx = contracts->get_contract(contracts, msg_type2, FALSE, 2);
+ ck_assert(cx == c4);
+
+ contracts->destroy(contracts);
+}
+END_TEST
+
+Suite *imcv_seg_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("imcv_seg");
+
+ tc = tcase_create("env");
+ tcase_add_loop_test(tc, test_imcv_seg_env, 0, countof(seg_env_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("env_special");
+ tcase_add_test(tc, test_imcv_seg_env_special);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("env_invalid");
+ tcase_add_loop_test(tc, test_imcv_seg_env_invalid, 0,
+ countof(env_invalid_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("contract");
+ tcase_add_loop_test(tc, test_imcv_seg_contract, 0, countof(seg_env_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("contract_special");
+ tcase_add_test(tc, test_imcv_seg_contract_special);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("contract_invalid");
+ tcase_add_loop_test(tc, test_imcv_seg_contract_invalid, 0,
+ countof(contract_invalid_tests));
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("contract_mgr");
+ tcase_add_test(tc, test_imcv_seg_contract_mgr);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libpts/swid/swid_error.c b/src/libimcv/swid/swid_error.c
similarity index 100%
rename from src/libpts/swid/swid_error.c
rename to src/libimcv/swid/swid_error.c
diff --git a/src/libimcv/swid/swid_error.h b/src/libimcv/swid/swid_error.h
new file mode 100644
index 0000000..b459ba6
--- /dev/null
+++ b/src/libimcv/swid/swid_error.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup swid_error swid_error
+ * @{ @ingroup libimcv_swid
+ */
+
+#ifndef SWID_ERROR_H_
+#define SWID_ERROR_H_
+
+typedef enum swid_error_code_t swid_error_code_t;
+
+#include "pa_tnc/pa_tnc_attr.h"
+
+#include <library.h>
+
+
+/**
+ * SWID Error Codes
+ * see section 3.14.2 of PTS Protocol: Binding to TNC IF-M Specification
+ */
+enum swid_error_code_t {
+ TCG_SWID_ERROR = 0x20,
+ TCG_SWID_SUBSCRIPTION_DENIED = 0x21,
+ TCG_SWID_RESPONSE_TOO_LARGE = 0x22
+};
+
+/**
+ * enum name for swid_error_code_t.
+ */
+extern enum_name_t *swid_error_code_names;
+
+/**
+ * Creates a SWID Error Attribute
+ * see section 4.12 of TNC SWID Message and Attributes for IF-M
+ *
+ * @param code SWID error code
+ * @param request SWID request ID
+ * @param max_attr_size Maximum IF-M attribute size (if applicable)
+ * @param description Optional description string or NULL
+ */
+pa_tnc_attr_t* swid_error_create(swid_error_code_t code, u_int32_t request,
+ u_int32_t max_attr_size, char *description);
+
+#endif /** SWID_ERROR_H_ @}*/
diff --git a/src/libimcv/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c
new file mode 100644
index 0000000..a492869
--- /dev/null
+++ b/src/libimcv/swid/swid_inventory.c
@@ -0,0 +1,454 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "swid_inventory.h"
+#include "swid_tag.h"
+#include "swid_tag_id.h"
+
+#include <collections/linked_list.h>
+#include <bio/bio_writer.h>
+#include <utils/debug.h>
+
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <libgen.h>
+#include <errno.h>
+
+typedef struct private_swid_inventory_t private_swid_inventory_t;
+
+/**
+ * Private data of a swid_inventory_t object.
+ *
+ */
+struct private_swid_inventory_t {
+
+ /**
+ * Public swid_inventory_t interface.
+ */
+ swid_inventory_t public;
+
+ /**
+ * Full SWID tags or just SWID tag IDs
+ */
+ bool full_tags;
+
+ /**
+ * List of SWID tags or tag IDs
+ */
+ linked_list_t *list;
+};
+
+/**
+ * Read SWID tags issued by the swid_generator tool
+ */
+static status_t read_swid_tags(private_swid_inventory_t *this, FILE *file)
+{
+ swid_tag_t *tag;
+ bio_writer_t *writer;
+ chunk_t tag_encoding, tag_file_path = chunk_empty;
+ bool more_tags = TRUE, last_newline;
+ char line[8192];
+ size_t len;
+
+ while (more_tags)
+ {
+ last_newline = TRUE;
+ writer = bio_writer_create(512);
+ while (TRUE)
+ {
+ if (!fgets(line, sizeof(line), file))
+ {
+ more_tags = FALSE;
+ break;
+ }
+ len = strlen(line);
+
+ if (last_newline && line[0] == '\n')
+ {
+ break;
+ }
+ else
+ {
+ last_newline = (line[len-1] == '\n');
+ writer->write_data(writer, chunk_create(line, len));
+ }
+ }
+
+ tag_encoding = writer->get_buf(writer);
+
+ if (tag_encoding.len > 1)
+ {
+ /* remove trailing newline if present */
+ if (tag_encoding.ptr[tag_encoding.len - 1] == '\n')
+ {
+ tag_encoding.len--;
+ }
+ DBG3(DBG_IMC, " %.*s", tag_encoding.len, tag_encoding.ptr);
+
+ tag = swid_tag_create(tag_encoding, tag_file_path);
+ this->list->insert_last(this->list, tag);
+ }
+ writer->destroy(writer);
+ }
+
+ return SUCCESS;
+}
+
+/**
+ * Read SWID tag or software IDs issued by the swid_generator tool
+ */
+static status_t read_swid_tag_ids(private_swid_inventory_t *this, FILE *file)
+{
+ swid_tag_id_t *tag_id;
+ chunk_t tag_creator, unique_sw_id, tag_file_path = chunk_empty;
+ char line[BUF_LEN];
+
+ while (TRUE)
+ {
+ char *separator;
+ size_t len;
+
+ if (!fgets(line, sizeof(line), file))
+ {
+ return SUCCESS;
+ }
+ len = strlen(line);
+
+ /* remove trailing newline if present */
+ if (len > 0 && line[len - 1] == '\n')
+ {
+ len--;
+ }
+ DBG3(DBG_IMC, " %.*s", len, line);
+
+ separator = strchr(line, '_');
+ if (!separator)
+ {
+ DBG1(DBG_IMC, "separation of regid from unique software ID failed");
+ return FAILED;
+ }
+ tag_creator = chunk_create(line, separator - line);
+ separator++;
+
+ unique_sw_id = chunk_create(separator, len - (separator - line));
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
+ this->list->insert_last(this->list, tag_id);
+ }
+}
+
+static status_t generate_tags(private_swid_inventory_t *this, char *generator,
+ swid_inventory_t *targets, bool pretty, bool full)
+{
+ FILE *file;
+ char command[BUF_LEN];
+ char doc_separator[] = "'\n\n'";
+
+ status_t status = SUCCESS;
+
+ if (targets->get_count(targets) == 0)
+ {
+ /* Assemble the SWID generator command */
+ if (this->full_tags)
+ {
+ snprintf(command, BUF_LEN, "%s swid --doc-separator %s%s%s",
+ generator, doc_separator, pretty ? " --pretty" : "",
+ full ? " --full" : "");
+ }
+ else
+ {
+ snprintf(command, BUF_LEN, "%s software-id", generator);
+ }
+
+ /* Open a pipe stream for reading the SWID generator output */
+ file = popen(command, "r");
+ if (!file)
+ {
+ DBG1(DBG_IMC, "failed to run swid_generator command");
+ return NOT_SUPPORTED;
+ }
+
+ if (this->full_tags)
+ {
+ DBG2(DBG_IMC, "SWID tag generation by package manager");
+ status = read_swid_tags(this, file);
+ }
+ else
+ {
+ DBG2(DBG_IMC, "SWID tag ID generation by package manager");
+ status = read_swid_tag_ids(this, file);
+ }
+ pclose(file);
+ }
+ else if (this->full_tags)
+ {
+ swid_tag_id_t *tag_id;
+ enumerator_t *enumerator;
+
+ enumerator = targets->create_enumerator(targets);
+ while (enumerator->enumerate(enumerator, &tag_id))
+ {
+ char software_id[BUF_LEN];
+ chunk_t tag_creator, unique_sw_id;
+
+ tag_creator = tag_id->get_tag_creator(tag_id);
+ unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
+ snprintf(software_id, BUF_LEN, "%.*s_%.*s",
+ tag_creator.len, tag_creator.ptr,
+ unique_sw_id.len, unique_sw_id.ptr);
+
+ /* Assemble the SWID generator command */
+ snprintf(command, BUF_LEN, "%s swid --software-id %s%s%s",
+ generator, software_id, pretty ? " --pretty" : "",
+ full ? " --full" : "");
+
+ /* Open a pipe stream for reading the SWID generator output */
+ file = popen(command, "r");
+ if (!file)
+ {
+ DBG1(DBG_IMC, "failed to run swid_generator command");
+ return NOT_SUPPORTED;
+ }
+ status = read_swid_tags(this, file);
+ pclose(file);
+
+ if (status != SUCCESS)
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+
+ return status;
+}
+
+static bool collect_tags(private_swid_inventory_t *this, char *pathname,
+ swid_inventory_t *targets)
+{
+ char *rel_name, *abs_name;
+ struct stat st;
+ bool success = FALSE;
+ enumerator_t *enumerator;
+
+ enumerator = enumerator_create_directory(pathname);
+ if (!enumerator)
+ {
+ DBG1(DBG_IMC, "directory '%s' can not be opened, %s",
+ pathname, strerror(errno));
+ return FALSE;
+ }
+ DBG2(DBG_IMC, "entering %s", pathname);
+
+ while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st))
+ {
+ char * start, *stop;
+ chunk_t tag_creator;
+ chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty;
+
+ if (!strstr(rel_name, "regid."))
+ {
+ continue;
+ }
+ if (S_ISDIR(st.st_mode))
+ {
+ /* In case of a targeted request */
+ if (targets->get_count(targets))
+ {
+ enumerator_t *target_enumerator;
+ swid_tag_id_t *tag_id;
+ bool match = FALSE;
+
+ target_enumerator = targets->create_enumerator(targets);
+ while (target_enumerator->enumerate(target_enumerator, &tag_id))
+ {
+ if (chunk_equals(tag_id->get_tag_creator(tag_id),
+ chunk_from_str(rel_name)))
+ {
+ match = TRUE;
+ break;
+ }
+ }
+ target_enumerator->destroy(target_enumerator);
+
+ if (!match)
+ {
+ continue;
+ }
+ }
+
+ if (!collect_tags(this, abs_name, targets))
+ {
+ goto end;
+ }
+ continue;
+ }
+
+ /* parse the regid filename into its components */
+ start = rel_name;
+ stop = strchr(start, '_');
+ if (!stop)
+ {
+ DBG1(DBG_IMC, " %s", rel_name);
+ DBG1(DBG_IMC, " '_' separator not found");
+ goto end;
+ }
+ tag_creator = chunk_create(start, stop-start);
+ start = stop + 1;
+
+ stop = strstr(start, ".swidtag");
+ if (!stop)
+ {
+ DBG1(DBG_IMC, " %s", rel_name);
+ DBG1(DBG_IMC, " swidtag postfix not found");
+ goto end;
+ }
+ unique_sw_id = chunk_create(start, stop-start);
+ tag_file_path = chunk_from_str(abs_name);
+
+ /* In case of a targeted request */
+ if (targets->get_count(targets))
+ {
+ chunk_t target_unique_sw_id, target_tag_creator;
+ enumerator_t *target_enumerator;
+ swid_tag_id_t *tag_id;
+ bool match = FALSE;
+
+ target_enumerator = targets->create_enumerator(targets);
+ while (target_enumerator->enumerate(target_enumerator, &tag_id))
+ {
+ target_unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
+ target_tag_creator = tag_id->get_tag_creator(tag_id);
+
+ if (chunk_equals(target_unique_sw_id, unique_sw_id) &&
+ chunk_equals(target_tag_creator, tag_creator))
+ {
+ match = TRUE;
+ break;
+ }
+ }
+ target_enumerator->destroy(target_enumerator);
+
+ if (!match)
+ {
+ continue;
+ }
+ }
+ DBG2(DBG_IMC, " %s", rel_name);
+
+ if (this->full_tags)
+ {
+ swid_tag_t *tag;
+ chunk_t *xml_tag;
+
+ xml_tag = chunk_map(abs_name, FALSE);
+ if (!xml_tag)
+ {
+ DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name,
+ strerror(errno));
+ goto end;
+ }
+
+ tag = swid_tag_create(*xml_tag, tag_file_path);
+ this->list->insert_last(this->list, tag);
+ chunk_unmap(xml_tag);
+ }
+ else
+ {
+ swid_tag_id_t *tag_id;
+
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
+ this->list->insert_last(this->list, tag_id);
+ }
+ }
+ success = TRUE;
+
+end:
+ enumerator->destroy(enumerator);
+ DBG2(DBG_IMC, "leaving %s", pathname);
+
+ return success;
+}
+
+METHOD(swid_inventory_t, collect, bool,
+ private_swid_inventory_t *this, char *directory, char *generator,
+ swid_inventory_t *targets, bool pretty, bool full)
+{
+ /**
+ * Tags are generated by a package manager
+ */
+ generate_tags(this, generator, targets, pretty, full);
+
+ /**
+ * Collect swidtag files by iteratively entering all directories in
+ * the tree under the "directory" path.
+ */
+ return collect_tags(this, directory, targets);
+}
+
+METHOD(swid_inventory_t, add, void,
+ private_swid_inventory_t *this, void *item)
+{
+ this->list->insert_last(this->list, item);
+}
+
+METHOD(swid_inventory_t, get_count, int,
+ private_swid_inventory_t *this)
+{
+ return this->list->get_count(this->list);
+}
+
+METHOD(swid_inventory_t, create_enumerator, enumerator_t*,
+ private_swid_inventory_t *this)
+{
+ return this->list->create_enumerator(this->list);
+}
+
+METHOD(swid_inventory_t, destroy, void,
+ private_swid_inventory_t *this)
+{
+ if (this->full_tags)
+ {
+ this->list->destroy_offset(this->list, offsetof(swid_tag_t, destroy));
+ }
+ else
+ {
+ this->list->destroy_offset(this->list, offsetof(swid_tag_id_t, destroy));
+ }
+ free(this);
+}
+
+/**
+ * See header
+ */
+swid_inventory_t *swid_inventory_create(bool full_tags)
+{
+ private_swid_inventory_t *this;
+
+ INIT(this,
+ .public = {
+ .collect = _collect,
+ .add = _add,
+ .get_count = _get_count,
+ .create_enumerator = _create_enumerator,
+ .destroy = _destroy,
+ },
+ .full_tags = full_tags,
+ .list = linked_list_create(),
+ );
+
+ return &this->public;
+}
diff --git a/src/libimcv/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h
new file mode 100644
index 0000000..0402907
--- /dev/null
+++ b/src/libimcv/swid/swid_inventory.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup swid_inventory swid_inventory
+ * @{ @ingroup libimcv_swid
+ */
+
+#ifndef SWID_INVENTORY_H_
+#define SWID_INVENTORY_H_
+
+#include <library.h>
+
+/* Maximum size of a SWID Tag Inventory: 100 MB */
+#define SWID_MAX_ATTR_SIZE 100000000
+
+typedef struct swid_inventory_t swid_inventory_t;
+
+/**
+ * Class managing SWID tag inventory
+ */
+struct swid_inventory_t {
+
+ /**
+ * Collect the SWID tags stored on the endpoint
+ *
+ * @param directory SWID directory path
+ * @param generator Path to SWID generator
+ * @param targets List of target tag IDs
+ * @param pretty Generate indented XML SWID tags
+ * @param full Include file information in SWID tags
+ * @return TRUE if successful
+ */
+ bool (*collect)(swid_inventory_t *this, char *directory, char *generator,
+ swid_inventory_t *targets, bool pretty, bool full);
+
+ /**
+ * Collect the SWID tags stored on the endpoint
+ *
+ * @param item SWID tag or tag ID to be added
+ */
+ void (*add)(swid_inventory_t *this, void *item);
+
+ /**
+ * Get the number of collected SWID tags
+ *
+ * @return Number of collected SWID tags
+ */
+ int (*get_count)(swid_inventory_t *this);
+
+ /**
+ * Create a SWID tag inventory enumerator
+ *
+ * @return Enumerator returning either tag ID or full tag
+ */
+ enumerator_t* (*create_enumerator)(swid_inventory_t *this);
+
+ /**
+ * Destroys a swid_inventory_t object.
+ */
+ void (*destroy)(swid_inventory_t *this);
+
+};
+
+/**
+ * Creates a swid_inventory_t object
+ *
+ * @param full_tags TRUE if full tags, FALSE if tag IDs only
+ */
+swid_inventory_t* swid_inventory_create(bool full_tags);
+
+#endif /** SWID_INVENTORY_H_ @}*/
diff --git a/src/libimcv/swid/swid_tag.c b/src/libimcv/swid/swid_tag.c
new file mode 100644
index 0000000..c77c757
--- /dev/null
+++ b/src/libimcv/swid/swid_tag.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "swid_tag.h"
+
+typedef struct private_swid_tag_t private_swid_tag_t;
+
+/**
+ * Private data of a swid_tag_t object.
+ *
+ */
+struct private_swid_tag_t {
+
+ /**
+ * Public swid_tag_t interface.
+ */
+ swid_tag_t public;
+
+ /**
+ * UTF-8 XML encoding of SWID tag
+ */
+ chunk_t encoding;
+
+ /**
+ * Optional Tag Identifier Instance ID
+ */
+ chunk_t instance_id;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(swid_tag_t, get_encoding, chunk_t,
+ private_swid_tag_t *this)
+{
+ return this->encoding;
+}
+
+METHOD(swid_tag_t, get_instance_id, chunk_t,
+ private_swid_tag_t *this)
+{
+ return this->instance_id;
+}
+
+METHOD(swid_tag_t, get_ref, swid_tag_t*,
+ private_swid_tag_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public;
+}
+
+METHOD(swid_tag_t, destroy, void,
+ private_swid_tag_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->encoding.ptr);
+ free(this->instance_id.ptr);
+ free(this);
+ }
+}
+
+/**
+ * See header
+ */
+swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t instance_id)
+{
+ private_swid_tag_t *this;
+
+ INIT(this,
+ .public = {
+ .get_encoding = _get_encoding,
+ .get_instance_id = _get_instance_id,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .encoding = chunk_clone(encoding),
+ .ref = 1,
+ );
+
+ if (instance_id.len > 0)
+ {
+ this->instance_id = chunk_clone(instance_id);
+ }
+
+ return &this->public;
+}
+
diff --git a/src/libimcv/swid/swid_tag.h b/src/libimcv/swid/swid_tag.h
new file mode 100644
index 0000000..22c14b1
--- /dev/null
+++ b/src/libimcv/swid/swid_tag.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup swid_tag swid_tag
+ * @{ @ingroup libimcv_swid
+ */
+
+#ifndef SWID_TAG_H_
+#define SWID_TAG_H_
+
+#include <library.h>
+
+typedef struct swid_tag_t swid_tag_t;
+
+
+/**
+ * Class storing a SWID Tag
+ */
+struct swid_tag_t {
+
+ /**
+ * Get UTF-8 XML encoding of SWID tag
+ *
+ * @return XML encoding of SWID tag
+ */
+ chunk_t (*get_encoding)(swid_tag_t *this);
+
+ /**
+ * Get the optional Tag Identifier Instance ID
+ *
+ * @return Optional Tag Identifier Instance ID
+ */
+ chunk_t (*get_instance_id)(swid_tag_t *this);
+
+ /**
+ * Get a new reference to the swid_tag object
+ *
+ * @return this, with an increased refcount
+ */
+ swid_tag_t* (*get_ref)(swid_tag_t *this);
+
+ /**
+ * Destroys a swid_tag_t object.
+ */
+ void (*destroy)(swid_tag_t *this);
+
+};
+
+/**
+ * Creates a swid_tag_t object
+ *
+ * @param encoding XML encoding of SWID tag
+ * @param instance_id Tag Identifier Instance ID or empty chunk
+ */
+swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t instance_id);
+
+#endif /** SWID_TAG_H_ @}*/
diff --git a/src/libimcv/swid/swid_tag_id.c b/src/libimcv/swid/swid_tag_id.c
new file mode 100644
index 0000000..2dc6e31
--- /dev/null
+++ b/src/libimcv/swid/swid_tag_id.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "swid_tag_id.h"
+
+typedef struct private_swid_tag_id_t private_swid_tag_id_t;
+
+/**
+ * Private data of a swid_tag_id_t object.
+ *
+ */
+struct private_swid_tag_id_t {
+
+ /**
+ * Public swid_tag_id_t interface.
+ */
+ swid_tag_id_t public;
+
+ /**
+ * Tag Creator
+ */
+ chunk_t tag_creator;
+
+ /**
+ * Unique Software ID
+ */
+ chunk_t unique_sw_id;
+
+ /**
+ * Optional Tag Identifier Instance ID
+ */
+ chunk_t instance_id;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
+ private_swid_tag_id_t *this)
+{
+ return this->tag_creator;
+}
+
+METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
+ private_swid_tag_id_t *this, chunk_t *instance_id)
+{
+ if (instance_id)
+ {
+ *instance_id = this->instance_id;
+ }
+ return this->unique_sw_id;
+}
+
+METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*,
+ private_swid_tag_id_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public;
+}
+
+METHOD(swid_tag_id_t, destroy, void,
+ private_swid_tag_id_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->tag_creator.ptr);
+ free(this->unique_sw_id.ptr);
+ free(this->instance_id.ptr);
+ free(this);
+ }
+}
+
+/**
+ * See header
+ */
+swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
+ chunk_t instance_id)
+{
+ private_swid_tag_id_t *this;
+
+ INIT(this,
+ .public = {
+ .get_tag_creator = _get_tag_creator,
+ .get_unique_sw_id = _get_unique_sw_id,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .tag_creator = chunk_clone(tag_creator),
+ .unique_sw_id = chunk_clone(unique_sw_id),
+ .ref = 1,
+ );
+
+ if (instance_id.len > 0)
+ {
+ this->instance_id = chunk_clone(instance_id);
+ }
+
+ return &this->public;
+}
+
diff --git a/src/libimcv/swid/swid_tag_id.h b/src/libimcv/swid/swid_tag_id.h
new file mode 100644
index 0000000..a2be290
--- /dev/null
+++ b/src/libimcv/swid/swid_tag_id.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup swid_tag_id swid_tag_id
+ * @{ @ingroup libimcv_swid
+ */
+
+#ifndef SWID_TAG_ID_H_
+#define SWID_TAG_ID_H_
+
+#include <library.h>
+
+typedef struct swid_tag_id_t swid_tag_id_t;
+
+
+/**
+ * Class storing a SWID Tag ID
+ */
+struct swid_tag_id_t {
+
+ /**
+ * Get the Tag Creator
+ *
+ * @return Tag Creator
+ */
+ chunk_t (*get_tag_creator)(swid_tag_id_t *this);
+
+ /**
+ * Get the Unique Software ID and optional Tag File Path
+ *
+ * @param instance_id Optional Tag Identifier Instance ID
+ * @return Unique Software ID
+ */
+ chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *instance_id);
+
+ /**
+ * Get a new reference to the swid_tag_id object
+ *
+ * @return this, with an increased refcount
+ */
+ swid_tag_id_t* (*get_ref)(swid_tag_id_t *this);
+
+ /**
+ * Destroys a swid_tag_id_t object.
+ */
+ void (*destroy)(swid_tag_id_t *this);
+
+};
+
+/**
+ * Creates a swid_tag_id_t object
+ *
+ * @param tag_creator Tag Creator
+ * @param unique_sw_id Unique Software ID
+ * @param instance_id Tag Identifier Instance ID or empty chunk
+ */
+swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
+ chunk_t instance_id);
+
+#endif /** SWID_TAG_ID_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c
new file mode 100644
index 0000000..194cf1b
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_aik.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_aik_t private_tcg_pts_attr_aik_t;
+
+/**
+ * Attestation Identity Key
+ * see section 3.13 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | Attestation Identity Key (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Attestation Identity Key (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PTS_AIK_SIZE 4
+#define PTS_AIK_FLAGS_NONE 0
+#define PTS_AIK_FLAGS_NAKED_KEY (1<<7)
+/**
+ * Private data of an tcg_pts_attr_aik_t object.
+ */
+struct private_tcg_pts_attr_aik_t {
+
+ /**
+ * Public members of tcg_pts_attr_aik_t
+ */
+ tcg_pts_attr_aik_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * AIK Certificate or Public Key
+ */
+ certificate_t *aik;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_aik_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_aik_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_aik_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_aik_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_aik_t *this)
+{
+ bio_writer_t *writer;
+ u_int8_t flags = PTS_AIK_FLAGS_NONE;
+ cred_encoding_type_t encoding_type = CERT_ASN1_DER;
+ chunk_t aik_blob;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ if (this->aik->get_type(this->aik) == CERT_TRUSTED_PUBKEY)
+ {
+ flags |= PTS_AIK_FLAGS_NAKED_KEY;
+ encoding_type = PUBKEY_SPKI_ASN1_DER;
+ }
+ if (!this->aik->get_encoding(this->aik, encoding_type, &aik_blob))
+ {
+ DBG1(DBG_TNC, "encoding of Attestation Identity Key failed");
+ aik_blob = chunk_empty;
+ }
+ writer = bio_writer_create(PTS_AIK_SIZE);
+ writer->write_uint8(writer, flags);
+ writer->write_data (writer, aik_blob);
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+ free(aik_blob.ptr);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_aik_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int8_t flags;
+ certificate_type_t type;
+ chunk_t aik_blob;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_AIK_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Attestation Identity Key");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8(reader, &flags);
+ reader->read_data (reader, reader->remaining(reader), &aik_blob);
+
+ type = (flags & PTS_AIK_FLAGS_NAKED_KEY) ? CERT_TRUSTED_PUBKEY : CERT_X509;
+
+ this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
+ BUILD_BLOB_PEM, aik_blob, BUILD_END);
+ reader->destroy(reader);
+
+ if (!this->aik)
+ {
+ DBG1(DBG_TNC, "parsing of Attestation Identity Key failed");
+ *offset = 0;
+ return FAILED;
+ }
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_aik_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_aik_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_aik_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ DESTROY_IF(this->aik);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_aik_t, get_aik, certificate_t*,
+ private_tcg_pts_attr_aik_t *this)
+{
+ return this->aik;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_aik_create(certificate_t *aik)
+{
+ private_tcg_pts_attr_aik_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_aik = _get_aik,
+ },
+ .type = { PEN_TCG, TCG_PTS_AIK },
+ .aik = aik->get_ref(aik),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(size_t length, chunk_t data)
+{
+ private_tcg_pts_attr_aik_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_aik = _get_aik,
+ },
+ .type = { PEN_TCG, TCG_PTS_AIK },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_aik.h b/src/libimcv/tcg/pts/tcg_pts_attr_aik.h
new file mode 100644
index 0000000..b524ff3
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_aik tcg_pts_attr_aik
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_AIK_H_
+#define TCG_PTS_ATTR_AIK_H_
+
+typedef struct tcg_pts_attr_aik_t tcg_pts_attr_aik_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+#include <credentials/certificates/certificate.h>
+
+/**
+ * Class implementing the TCG PTS Attestation Identity Key attribute
+ *
+ */
+struct tcg_pts_attr_aik_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get AIK
+ *
+ * @return AIK Certificate or Public Key
+ */
+ certificate_t* (*get_aik)(tcg_pts_attr_aik_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_aik_t object
+ *
+ * @param aik Attestation Identity Key
+ */
+pa_tnc_attr_t* tcg_pts_attr_aik_create(certificate_t *aik);
+
+/**
+ * Creates an tcg_pts_attr_aik_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_aik_create_from_data(size_t length, chunk_t value);
+
+#endif /** TCG_PTS_ATTR_AIK_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
new file mode 100644
index 0000000..2a15068
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
@@ -0,0 +1,287 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_dh_nonce_finish.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_dh_nonce_finish_t
+ private_tcg_pts_attr_dh_nonce_finish_t;
+
+/**
+ * PTS DH Nonce Finish
+ * see section 3.8.3 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved | Nonce Len | Selected Hash Algorithm |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | D-H Initiator Public Value ... |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | D-H Initiator Nonce ... |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define PTS_DH_NONCE_FINISH_SIZE 12
+#define PTS_DH_NONCE_FINISH_RESERVED 0x00
+
+/**
+ * Private data of an tcg_pts_attr_dh_nonce_finish_t object.
+ */
+struct private_tcg_pts_attr_dh_nonce_finish_t {
+
+ /**
+ * Public members of tcg_pts_attr_dh_nonce_finish_t
+ */
+ tcg_pts_attr_dh_nonce_finish_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Selected Hashing Algorithm
+ */
+ pts_meas_algorithms_t hash_algo;
+
+ /**
+ * DH Initiator Public Value
+ */
+ chunk_t initiator_value;
+
+ /**
+ * DH Initiator Nonce
+ */
+ chunk_t initiator_nonce;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_dh_nonce_finish_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_DH_NONCE_FINISH_SIZE);
+ writer->write_uint8 (writer, PTS_DH_NONCE_FINISH_RESERVED);
+ writer->write_uint8 (writer, this->initiator_nonce.len);
+ writer->write_uint16(writer, this->hash_algo);
+ writer->write_data (writer, this->initiator_value);
+ writer->write_data (writer, this->initiator_nonce);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_dh_nonce_finish_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int8_t reserved, nonce_len;
+ u_int16_t hash_algo;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_DH_NONCE_FINISH_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Finish");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint8 (reader, &nonce_len);
+ reader->read_uint16(reader, &hash_algo);
+ reader->read_data(reader, reader->remaining(reader) - nonce_len,
+ &this->initiator_value);
+ reader->read_data(reader, nonce_len, &this->initiator_nonce);
+ this->hash_algo = hash_algo;
+ this->initiator_value = chunk_clone(this->initiator_value);
+ this->initiator_nonce = chunk_clone(this->initiator_nonce);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_dh_nonce_finish_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this->initiator_value.ptr);
+ free(this->initiator_nonce.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_dh_nonce_finish_t, get_hash_algo, pts_meas_algorithms_t,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ return this->hash_algo;
+}
+
+METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_value, chunk_t,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ return this->initiator_value;
+}
+
+METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_nonce, chunk_t,
+ private_tcg_pts_attr_dh_nonce_finish_t *this)
+{
+ return this->initiator_nonce;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(
+ pts_meas_algorithms_t hash_algo,
+ chunk_t initiator_value,
+ chunk_t initiator_nonce)
+{
+ private_tcg_pts_attr_dh_nonce_finish_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_hash_algo = _get_hash_algo,
+ .get_initiator_nonce = _get_initiator_nonce,
+ .get_initiator_value = _get_initiator_value,
+ },
+ .type = { PEN_TCG, TCG_PTS_DH_NONCE_FINISH },
+ .hash_algo = hash_algo,
+ .initiator_value = initiator_value,
+ .initiator_nonce = chunk_clone(initiator_nonce),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(size_t length,
+ chunk_t value)
+{
+ private_tcg_pts_attr_dh_nonce_finish_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_hash_algo = _get_hash_algo,
+ .get_initiator_nonce = _get_initiator_nonce,
+ .get_initiator_value = _get_initiator_value,
+ },
+ .type = { PEN_TCG, TCG_PTS_DH_NONCE_FINISH },
+ .length = length,
+ .value = chunk_clone(value),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
new file mode 100644
index 0000000..78b5025
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_dh_nonce_finish tcg_pts_attr_dh_nonce_finish
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_DH_NONCE_FINISH_H_
+#define TCG_PTS_ATTR_DH_NONCE_FINISH_H_
+
+typedef struct tcg_pts_attr_dh_nonce_finish_t tcg_pts_attr_dh_nonce_finish_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+#include "pts/pts_meas_algo.h"
+
+/**
+ * Class implementing the TCG PTS DH Nonce Finish Attribute
+ */
+struct tcg_pts_attr_dh_nonce_finish_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get nonce length
+ *
+ * @return Length of nonce
+ */
+ u_int8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_finish_t *this);
+
+ /**
+ * Get selected hash algorithm
+ *
+ * @return Selected hash algorithm
+ */
+ pts_meas_algorithms_t (*get_hash_algo)(tcg_pts_attr_dh_nonce_finish_t *this);
+
+ /**
+ * Get DH Initiator Public Value
+ *
+ * @return DH Initiator Public Value
+ */
+ chunk_t (*get_initiator_value)(tcg_pts_attr_dh_nonce_finish_t *this);
+
+ /**
+ * Get DH Initiator Nonce
+ *
+ * @return DH Initiator Nonce
+ */
+ chunk_t (*get_initiator_nonce)(tcg_pts_attr_dh_nonce_finish_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_dh_nonce_finish_t object
+ *
+ * @param hash_algo Selected hash algorithm
+ * @param initiator_value DH Initiator Public Value
+ * @param initiator_nonce DH Initiator Nonce
+ */
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create(
+ pts_meas_algorithms_t hash_algo,
+ chunk_t initiator_value,
+ chunk_t initiator_nonce);
+
+/**
+ * Creates an tcg_pts_attr_dh_nonce_finish_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_DH_NONCE_FINISH_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
new file mode 100644
index 0000000..0349ce5
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_dh_nonce_params_req.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_dh_nonce_params_req_t
+ private_tcg_pts_attr_dh_nonce_params_req_t;
+
+/**
+ * PTS DH Nonce Parameters Request
+ * see section 3.8.1 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved | Min. Nonce Len | D-H Group Set |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define PTS_DH_NONCE_PARAMS_REQ_SIZE 4
+#define PTS_DH_NONCE_PARAMS_REQ_RESERVED 0x00
+
+/**
+ * Private data of an tcg_pts_attr_dh_nonce_params_req_t object.
+ */
+struct private_tcg_pts_attr_dh_nonce_params_req_t {
+
+ /**
+ * Public members of tcg_pts_attr_dh_nonce_params_req_t
+ */
+ tcg_pts_attr_dh_nonce_params_req_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Minimum acceptable length of nonce
+ */
+ u_int8_t min_nonce_len;
+
+ /**
+ * Diffie Hellman group set
+ */
+ pts_dh_group_t dh_groups;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_DH_NONCE_PARAMS_REQ_SIZE);
+ writer->write_uint8 (writer, PTS_DH_NONCE_PARAMS_REQ_RESERVED);
+ writer->write_uint8 (writer, this->min_nonce_len);
+ writer->write_uint16(writer, this->dh_groups);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int8_t reserved;
+ u_int16_t dh_groups;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_DH_NONCE_PARAMS_REQ_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Parameters Request");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8(reader, &reserved);
+ reader->read_uint8(reader, &this->min_nonce_len);
+ reader->read_uint16(reader, &dh_groups);
+ this->dh_groups = dh_groups;
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_min_nonce_len, u_int8_t,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this)
+{
+ return this->min_nonce_len;
+}
+
+METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_dh_groups, pts_dh_group_t,
+ private_tcg_pts_attr_dh_nonce_params_req_t *this)
+{
+ return this->dh_groups;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
+ pts_dh_group_t dh_groups)
+{
+ private_tcg_pts_attr_dh_nonce_params_req_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_min_nonce_len = _get_min_nonce_len,
+ .get_dh_groups = _get_dh_groups,
+ },
+ .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_REQ },
+ .min_nonce_len = min_nonce_len,
+ .dh_groups = dh_groups,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(size_t length,
+ chunk_t value)
+{
+ private_tcg_pts_attr_dh_nonce_params_req_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_min_nonce_len = _get_min_nonce_len,
+ .get_dh_groups = _get_dh_groups,
+ },
+ .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_REQ },
+ .length = length,
+ .value = chunk_clone(value),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
new file mode 100644
index 0000000..4396bf6
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_dh_nonce_params_req tcg_pts_attr_dh_nonce_params_req
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_
+#define TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_
+
+typedef struct tcg_pts_attr_dh_nonce_params_req_t
+ tcg_pts_attr_dh_nonce_params_req_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+#include "pts/pts_dh_group.h"
+
+/**
+ * Class implementing the TCG PTS DH Nonce Parameters Request Attribute
+ */
+struct tcg_pts_attr_dh_nonce_params_req_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get Minimum nonce length
+ *
+ * @return Minimum acceptable length of nonce
+ */
+ u_int8_t (*get_min_nonce_len)(tcg_pts_attr_dh_nonce_params_req_t *this);
+
+ /**
+ * Get supported Diffie Hellman Groups
+ *
+ * @return Supported Diffie Hellman Groups
+ */
+ pts_dh_group_t (*get_dh_groups)(tcg_pts_attr_dh_nonce_params_req_t *this);
+};
+
+/**
+ * Creates an tcg_pts_attr_dh_nonce_params_req_t object
+ *
+ * @param min_nonce_len Minimum acceptable length of nonce
+ * @param dh_groups Initiator's supported DH groups
+ */
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
+ pts_dh_group_t dh_groups);
+
+/**
+ * Creates an tcg_pts_attr_dh_nonce_params_req_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
new file mode 100644
index 0000000..fa1dbdd
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
@@ -0,0 +1,306 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_dh_nonce_params_resp.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_dh_nonce_params_resp_t
+ private_tcg_pts_attr_dh_nonce_params_resp_t;
+
+/**
+ * PTS DH Nonce Parameters Response
+ * see section 3.8.2 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved | Nonce Len |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Selected D-H Group | Hash Algorithm Set |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | D-H Responder Nonce ... |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | D-H Responder Public Value ... |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define PTS_DH_NONCE_PARAMS_RESP_SIZE 16
+#define PTS_DH_NONCE_PARAMS_RESP_RESERVED 0x0000
+
+/**
+ * Private data of an tcg_pts_attr_dh_nonce_params_resp_t object.
+ */
+struct private_tcg_pts_attr_dh_nonce_params_resp_t {
+
+ /**
+ * Public members of tcg_pts_attr_dh_nonce_params_resp_t
+ */
+ tcg_pts_attr_dh_nonce_params_resp_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Selected Diffie Hellman group
+ */
+ pts_dh_group_t dh_group;
+
+ /**
+ * Supported Hashing Algorithms
+ */
+ pts_meas_algorithms_t hash_algo_set;
+
+ /**
+ * DH Responder Nonce
+ */
+ chunk_t responder_nonce;
+
+ /**
+ * DH Responder Public Value
+ */
+ chunk_t responder_value;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_DH_NONCE_PARAMS_RESP_SIZE);
+ writer->write_uint24(writer, PTS_DH_NONCE_PARAMS_RESP_RESERVED);
+ writer->write_uint8 (writer, this->responder_nonce.len);
+ writer->write_uint16(writer, this->dh_group);
+ writer->write_uint16(writer, this->hash_algo_set);
+ writer->write_data (writer, this->responder_nonce);
+ writer->write_data (writer, this->responder_value);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int32_t reserved;
+ u_int8_t nonce_len;
+ u_int16_t dh_group, hash_algo_set;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_DH_NONCE_PARAMS_RESP_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Parameters Response");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint24(reader, &reserved);
+ reader->read_uint8 (reader, &nonce_len);
+ reader->read_uint16(reader, &dh_group);
+ reader->read_uint16(reader, &hash_algo_set);
+ reader->read_data(reader, nonce_len, &this->responder_nonce);
+ reader->read_data(reader, reader->remaining(reader), &this->responder_value);
+ this->dh_group = dh_group;
+ this->hash_algo_set = hash_algo_set;
+ this->responder_nonce = chunk_clone(this->responder_nonce);
+ this->responder_value = chunk_clone(this->responder_value);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this->responder_nonce.ptr);
+ free(this->responder_value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_dh_group, pts_dh_group_t,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ return this->dh_group;
+}
+
+METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_hash_algo_set,
+ pts_meas_algorithms_t, private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ return this->hash_algo_set;
+}
+
+METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_nonce, chunk_t,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ return this->responder_nonce;
+}
+
+METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_value, chunk_t,
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this)
+{
+ return this->responder_value;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
+ pts_meas_algorithms_t hash_algo_set,
+ chunk_t responder_nonce,
+ chunk_t responder_value)
+{
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_dh_group = _get_dh_group,
+ .get_hash_algo_set = _get_hash_algo_set,
+ .get_responder_nonce = _get_responder_nonce,
+ .get_responder_value = _get_responder_value,
+ },
+ .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_RESP },
+ .dh_group = dh_group,
+ .hash_algo_set = hash_algo_set,
+ .responder_nonce = chunk_clone(responder_nonce),
+ .responder_value = responder_value,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(size_t length,
+ chunk_t value)
+{
+ private_tcg_pts_attr_dh_nonce_params_resp_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_dh_group = _get_dh_group,
+ .get_hash_algo_set = _get_hash_algo_set,
+ .get_responder_nonce = _get_responder_nonce,
+ .get_responder_value = _get_responder_value,
+ },
+ .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_RESP },
+ .length = length,
+ .value = chunk_clone(value),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h
new file mode 100644
index 0000000..b548a81
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_dh_nonce_params_resp tcg_pts_attr_dh_nonce_params_resp
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_DH_NONCE_PARAMS_RESP_H_
+#define TCG_PTS_ATTR_DH_NONCE_PARAMS_RESP_H_
+
+typedef struct tcg_pts_attr_dh_nonce_params_resp_t
+ tcg_pts_attr_dh_nonce_params_resp_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+#include "pts/pts_dh_group.h"
+#include "pts/pts_meas_algo.h"
+
+/**
+ * Class implementing the TCG PTS DH Nonce Parameters Response Attribute
+ */
+struct tcg_pts_attr_dh_nonce_params_resp_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get selected Diffie Hellman Group
+ *
+ * @return Selected Diffie Hellman Group
+ */
+ pts_dh_group_t (*get_dh_group)(tcg_pts_attr_dh_nonce_params_resp_t *this);
+
+ /**
+ * Get supported hash algorithms
+ *
+ * @return Hash algorithm set
+ */
+ pts_meas_algorithms_t (*get_hash_algo_set)(
+ tcg_pts_attr_dh_nonce_params_resp_t *this);
+
+ /**
+ * Get DH Responder Nonce
+ *
+ * @return DH Responder Nonce
+ */
+ chunk_t (*get_responder_nonce)(tcg_pts_attr_dh_nonce_params_resp_t *this);
+
+ /**
+ * Get DH Responder Public Value
+ *
+ * @return DH Responder Public Value
+ */
+ chunk_t (*get_responder_value)(tcg_pts_attr_dh_nonce_params_resp_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_dh_nonce_params_resp_t object
+ *
+ * @param dh_group Selected DH group
+ * @param hash_algo_set Set of supported hash algorithms
+ * @param responder_nonce DH Responder Nonce
+ * @param responder_value DH Responder Public value
+ */
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
+ pts_meas_algorithms_t hash_algo_set,
+ chunk_t responder_nonce,
+ chunk_t responder_value);
+
+/**
+ * Creates an tcg_pts_attr_dh_nonce_params_resp_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_DH_NONCE_PARAMS_RESP_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
new file mode 100644
index 0000000..5b4cc27
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c
@@ -0,0 +1,356 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_file_meas.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <collections/linked_list.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_file_meas_t private_tcg_pts_attr_file_meas_t;
+
+/**
+ * File Measurement
+ * see section 3.19.2 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Number of Files included |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Number of Files included |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Request ID | Measurement Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Measurement #1 (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Filename Length | Filename (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Filename (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Measurement #2 (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Filename Length | Filename (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Filename (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ...........................
+ */
+
+#define PTS_FILE_MEAS_SIZE 12
+
+/**
+ * Private data of an tcg_pts_attr_file_meas_t object.
+ */
+struct private_tcg_pts_attr_file_meas_t {
+
+ /**
+ * Public members of tcg_pts_attr_file_meas_t
+ */
+ tcg_pts_attr_file_meas_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Offset up to which attribute value has been processed
+ */
+ size_t offset;
+
+ /**
+ * Current position of attribute value pointer
+ */
+ chunk_t value;
+
+ /**
+ * Contains complete attribute or current segment
+ */
+ chunk_t segment;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Request ID
+ */
+ uint16_t request_id;
+
+ /**
+ * Measurement Length
+ */
+ uint16_t meas_len;
+
+ /**
+ * Number of Files in attribute
+ */
+ uint64_t count;
+
+ /**
+ * PTS File Measurements
+ */
+ pts_file_meas_t *measurements;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_file_meas_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_file_meas_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_file_meas_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_file_meas_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_file_meas_t *this)
+{
+ bio_writer_t *writer;
+ enumerator_t *enumerator;
+ u_int64_t count;
+ u_int16_t request_id;
+ char *filename;
+ chunk_t measurement;
+ bool first = TRUE;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ count = this->measurements->get_file_count(this->measurements);
+ request_id = this->measurements->get_request_id(this->measurements);
+
+ writer = bio_writer_create(PTS_FILE_MEAS_SIZE);
+ writer->write_uint64(writer, count);
+ writer->write_uint16(writer, request_id);
+
+ enumerator = this->measurements->create_enumerator(this->measurements);
+ while (enumerator->enumerate(enumerator, &filename, &measurement))
+ {
+ if (first)
+ {
+ writer->write_uint16(writer, measurement.len);
+ first = FALSE;
+ }
+ writer->write_data (writer, measurement);
+ writer->write_data16(writer, chunk_create(filename, strlen(filename)));
+ }
+ enumerator->destroy(enumerator);
+
+ if (first)
+ {
+ /* no attached measurements */
+ writer->write_uint16(writer, 0);
+ }
+
+ this->value = writer->extract_buf(writer);
+ this->segment = this->value;
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_file_meas_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ chunk_t measurement, filename;
+ status_t status = NEED_MORE;
+ char buf[BUF_LEN];
+ size_t len;
+
+ if (this->offset == 0)
+ {
+ if (this->length < PTS_FILE_MEAS_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ return FAILED;
+ }
+ if (this->value.len < PTS_FILE_MEAS_SIZE)
+ {
+ return NEED_MORE;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint64(reader, &this->count);
+ reader->read_uint16(reader, &this->request_id);
+ reader->read_uint16(reader, &this->meas_len);
+ this->offset = PTS_FILE_MEAS_SIZE;
+ this->value = reader->peek(reader);
+ reader->destroy(reader);
+ }
+
+ this->measurements = pts_file_meas_create(this->request_id);
+ reader = bio_reader_create(this->value);
+
+ while (this->count)
+ {
+ if (!reader->read_data(reader, this->meas_len, &measurement) ||
+ !reader->read_data16(reader, &filename))
+ {
+ goto end;
+ }
+ this->offset += this->value.len - reader->remaining(reader);
+ this->value = reader->peek(reader);
+
+ len = min(filename.len, BUF_LEN-1);
+ memcpy(buf, filename.ptr, len);
+ buf[len] = '\0';
+ this->measurements->add(this->measurements, buf, measurement);
+ this->count--;
+ }
+
+ if (this->length != this->offset)
+ {
+ DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ status = FAILED;
+ }
+ status = SUCCESS;
+
+end:
+ reader->destroy(reader);
+ return status;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_file_meas_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("cc", this->value, segment);
+ chunk_free(&this->segment);
+ this->segment = this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_file_meas_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_file_meas_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ DESTROY_IF(this->measurements);
+ free(this->segment.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_file_meas_t, get_measurements, pts_file_meas_t*,
+ private_tcg_pts_attr_file_meas_t *this)
+{
+ return this->measurements;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements)
+{
+ private_tcg_pts_attr_file_meas_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_measurements = _get_measurements,
+ },
+ .type = { PEN_TCG, TCG_PTS_FILE_MEAS },
+ .request_id = measurements->get_request_id(measurements),
+ .count = measurements->get_file_count(measurements),
+ .measurements = measurements,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_file_meas_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_file_meas_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_measurements = _get_measurements,
+ },
+ .type = { PEN_TCG, TCG_PTS_FILE_MEAS },
+ .length = length,
+ .segment = chunk_clone(data),
+ .ref = 1,
+ );
+
+ /* received either complete attribute value or first segment */
+ this->value = this->segment;
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h
new file mode 100644
index 0000000..d399fec
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_file_meas tcg_pts_attr_file_meas
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_FILE_MEAS_H_
+#define TCG_PTS_ATTR_FILE_MEAS_H_
+
+typedef struct tcg_pts_attr_file_meas_t tcg_pts_attr_file_meas_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+#include "pts/pts.h"
+#include "pts/pts_file_meas.h"
+
+/**
+ * Class implementing the TCG PTS File Measurement attribute
+ *
+ */
+struct tcg_pts_attr_file_meas_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get PTS File Measurements
+ *
+ * @return PTS File Measurements
+ */
+ pts_file_meas_t* (*get_measurements)(tcg_pts_attr_file_meas_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_file_meas_t object
+ *
+ * @param measurements PTS File Measurements
+ */
+pa_tnc_attr_t* tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements);
+
+/**
+ * Creates an tcg_pts_attr_file_meas_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_file_meas_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_FILE_MEAS_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c
new file mode 100644
index 0000000..b7b4d7e
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_gen_attest_evid.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_gen_attest_evid_t
+ private_tcg_pts_attr_gen_attest_evid_t;
+
+/**
+ * Generate Attestation Evidence
+ * see section 3.14.2 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define PTS_GEN_ATTEST_EVID_SIZE 4
+#define PTS_GEN_ATTEST_EVID_RESERVED 0x00
+
+/**
+ * Private data of an tcg_pts_attr_gen_attest_evid_t object.
+ */
+struct private_tcg_pts_attr_gen_attest_evid_t {
+
+ /**
+ * Public members of tcg_pts_attr_gen_attest_evid_t
+ */
+ tcg_pts_attr_gen_attest_evid_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_gen_attest_evid_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_gen_attest_evid_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_gen_attest_evid_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_gen_attest_evid_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_gen_attest_evid_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_GEN_ATTEST_EVID_SIZE);
+ writer->write_uint32 (writer, PTS_GEN_ATTEST_EVID_RESERVED);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_gen_attest_evid_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int32_t reserved;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_GEN_ATTEST_EVID_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Generate Attestation Evidence");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint32 (reader, &reserved);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_gen_attest_evid_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_gen_attest_evid_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_gen_attest_evid_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create()
+{
+ private_tcg_pts_attr_gen_attest_evid_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .type = { PEN_TCG, TCG_PTS_GEN_ATTEST_EVID },
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_gen_attest_evid_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .type = { PEN_TCG, TCG_PTS_GEN_ATTEST_EVID },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h
new file mode 100644
index 0000000..971abd2
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_gen_attest_evid tcg_pts_attr_gen_attest_evid
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_GEN_ATTEST_EVID_H_
+#define TCG_PTS_ATTR_GEN_ATTEST_EVID_H_
+
+typedef struct tcg_pts_attr_gen_attest_evid_t tcg_pts_attr_gen_attest_evid_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS Generate Attestation Evidence Attribute
+ *
+ */
+struct tcg_pts_attr_gen_attest_evid_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+};
+
+/**
+ * Creates an tcg_pts_attr_gen_attest_evid_t object
+ */
+pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create();
+
+/**
+ * Creates an tcg_pts_attr_gen_attest_evid_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_GEN_ATTEST_EVID_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c
new file mode 100644
index 0000000..8fda2b1
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c
@@ -0,0 +1,222 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_get_aik.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_get_aik_t private_tcg_pts_attr_get_aik_t;
+
+/**
+ * Get Attestation Identity Key
+ * see section 3.12 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PTS_GET_AIK_SIZE 4
+#define PTS_GET_AIK_RESERVED 0x00000000
+
+/**
+ * Private data of an tcg_pts_attr_get_aik_t object.
+ */
+struct private_tcg_pts_attr_get_aik_t {
+
+ /**
+ * Public members of tcg_pts_attr_get_aik_t
+ */
+ tcg_pts_attr_get_aik_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_get_aik_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_get_aik_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_get_aik_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_get_aik_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_get_aik_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_GET_AIK_SIZE);
+ writer->write_uint32 (writer, PTS_GET_AIK_RESERVED);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_get_aik_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_get_aik_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int32_t reserved;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_GET_AIK_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Get AIK");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint32 (reader, &reserved);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_get_aik_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_get_aik_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_get_aik_create()
+{
+ private_tcg_pts_attr_get_aik_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .type = { PEN_TCG, TCG_PTS_GET_AIK },
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_get_aik_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_get_aik_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .type = { PEN_TCG, TCG_PTS_GET_AIK },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h
new file mode 100644
index 0000000..923fd03
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_get_aik tcg_pts_attr_get_aik
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_GET_AIK_H_
+#define TCG_PTS_ATTR_GET_AIK_H_
+
+typedef struct tcg_pts_attr_get_aik_t tcg_pts_attr_get_aik_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS Get Attestation Identity Key Attribute
+ *
+ */
+struct tcg_pts_attr_get_aik_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+};
+
+/**
+ * Creates an tcg_pts_attr_get_aik_t object
+ */
+pa_tnc_attr_t* tcg_pts_attr_get_aik_create();
+
+/**
+ * Creates an tcg_pts_attr_get_aik_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_get_aik_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_GET_AIK_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
new file mode 100644
index 0000000..a4c9dba
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_get_tpm_version_info.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_get_tpm_version_info_t
+ private_tcg_pts_attr_get_tpm_version_info_t;
+
+/**
+ * Get TPM Version Information
+ * see section 3.10 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define PTS_GET_TPM_VER_INFO_SIZE 4
+#define PTS_GET_TPM_VER_INFO_RESERVED 0x00
+
+/**
+ * Private data of an tcg_pts_attr_get_tpm_version_info_t object.
+ */
+struct private_tcg_pts_attr_get_tpm_version_info_t {
+
+ /**
+ * Public members of tcg_pts_attr_get_tpm_version_info_t
+ */
+ tcg_pts_attr_get_tpm_version_info_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_get_tpm_version_info_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_get_tpm_version_info_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_get_tpm_version_info_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_get_tpm_version_info_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_get_tpm_version_info_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_GET_TPM_VER_INFO_SIZE);
+ writer->write_uint32 (writer, PTS_GET_TPM_VER_INFO_RESERVED);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_get_tpm_version_info_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int32_t reserved;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_GET_TPM_VER_INFO_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Get TPM Version Information");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint32 (reader, &reserved);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_get_tpm_version_info_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_get_tpm_version_info_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_get_tpm_version_info_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create()
+{
+ private_tcg_pts_attr_get_tpm_version_info_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .type = { PEN_TCG, TCG_PTS_GET_TPM_VERSION_INFO },
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_get_tpm_version_info_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .type = { PEN_TCG, TCG_PTS_GET_TPM_VERSION_INFO },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.h b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.h
new file mode 100644
index 0000000..19fb5a4
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_get_tpm_version_info tcg_pts_attr_get_tpm_version_info
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_GET_TPM_VERSION_INFO_H_
+#define TCG_PTS_ATTR_GET_TPM_VERSION_INFO_H_
+
+typedef struct tcg_pts_attr_get_tpm_version_info_t
+ tcg_pts_attr_get_tpm_version_info_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS Get TPM Version Info Attribute
+ *
+ */
+struct tcg_pts_attr_get_tpm_version_info_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+};
+
+/**
+ * Creates an tcg_pts_attr_get_tpm_version_info_t object
+ */
+pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create();
+
+/**
+ * Creates an tcg_pts_attr_get_tpm_version_info_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_GET_TPM_VERSION_INFO_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c
new file mode 100644
index 0000000..8b0502a
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c
@@ -0,0 +1,243 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_meas_algo.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_meas_algo_t private_tcg_pts_attr_meas_algo_t;
+
+/**
+ * PTS Measurement Algorithm
+ * see section 3.9.1 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved | Hash Algorithm Set |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define PTS_MEAS_ALGO_SIZE 4
+#define PTS_MEAS_ALGO_RESERVED 0x0000
+
+/**
+ * Private data of an tcg_pts_attr_meas_algo_t object.
+ */
+struct private_tcg_pts_attr_meas_algo_t {
+
+ /**
+ * Public members of tcg_pts_attr_meas_algo_t
+ */
+ tcg_pts_attr_meas_algo_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Set of algorithms
+ */
+ pts_meas_algorithms_t algorithms;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_meas_algo_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_meas_algo_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_meas_algo_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_meas_algo_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_meas_algo_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_MEAS_ALGO_SIZE);
+ writer->write_uint16(writer, PTS_MEAS_ALGO_RESERVED);
+ writer->write_uint16(writer, this->algorithms);
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_meas_algo_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int16_t reserved, algorithms;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_MEAS_ALGO_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Measurement Algorithm");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint16(reader, &reserved);
+ reader->read_uint16(reader, &algorithms);
+ this->algorithms = algorithms;
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_meas_algo_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_meas_algo_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_meas_algo_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_meas_algo_t, get_algorithms, pts_meas_algorithms_t,
+ private_tcg_pts_attr_meas_algo_t *this)
+{
+ return this->algorithms;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms,
+ bool selection)
+{
+ private_tcg_pts_attr_meas_algo_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_algorithms = _get_algorithms,
+ },
+ .type = { PEN_TCG,
+ selection ? TCG_PTS_MEAS_ALGO_SELECTION : TCG_PTS_MEAS_ALGO },
+ .algorithms = algorithms,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(size_t length,
+ chunk_t data,
+ bool selection)
+{
+ private_tcg_pts_attr_meas_algo_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_algorithms = _get_algorithms,
+ },
+ .type = { PEN_TCG,
+ selection ? TCG_PTS_MEAS_ALGO_SELECTION : TCG_PTS_MEAS_ALGO },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h
new file mode 100644
index 0000000..bc15a9b
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_meas_algo tcg_pts_attr_meas_algo
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_MEAS_ALGO_H_
+#define TCG_PTS_ATTR_MEAS_ALGO_H_
+
+typedef struct tcg_pts_attr_meas_algo_t tcg_pts_attr_meas_algo_t;
+
+#include "tcg/tcg_attr.h"
+#include "pts/pts_meas_algo.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG Measurement Algorithm Attribute
+ *
+ */
+struct tcg_pts_attr_meas_algo_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get PTS Measurement Algorithm Set
+ *
+ * @return set of algorithms
+ */
+ pts_meas_algorithms_t (*get_algorithms)(tcg_pts_attr_meas_algo_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_meas_algo_t object
+ *
+ * @param algorithms set of algorithms
+ * @param selection TRUE if a selection
+ */
+pa_tnc_attr_t* tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms,
+ bool selection);
+
+/**
+ * Creates an tcg_pts_attr_meas_algo_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ * @param selection TRUE if a selection
+ */
+pa_tnc_attr_t* tcg_pts_attr_meas_algo_create_from_data(size_t length,
+ chunk_t value,
+ bool selection);
+
+#endif /** TCG_PTS_ATTR_MEAS_ALGO_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c
new file mode 100644
index 0000000..0a562c0
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_proto_caps.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_proto_caps_t private_tcg_pts_attr_proto_caps_t;
+
+/**
+ * PTS Protocol Capabilities
+ * see section 3.7 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved |C|V|D|T|X|
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define PTS_PROTO_CAPS_SIZE 4
+#define PTS_PROTO_CAPS_RESERVED 0x0000
+
+/**
+ * Private data of an tcg_pts_attr_proto_caps_t object.
+ */
+struct private_tcg_pts_attr_proto_caps_t {
+
+ /**
+ * Public members of tcg_pts_attr_proto_caps_t
+ */
+ tcg_pts_attr_proto_caps_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Set of flags
+ */
+ pts_proto_caps_flag_t flags;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_proto_caps_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_proto_caps_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_proto_caps_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_proto_caps_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_proto_caps_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_PROTO_CAPS_SIZE);
+ writer->write_uint16(writer, PTS_PROTO_CAPS_RESERVED);
+ writer->write_uint16(writer, this->flags);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_proto_caps_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int16_t reserved, flags;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_PROTO_CAPS_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Protocol Capabilities");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint16(reader, &reserved);
+ reader->read_uint16(reader, &flags);
+ this->flags = flags;
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_proto_caps_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_proto_caps_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_proto_caps_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_proto_caps_t, get_flags, pts_proto_caps_flag_t,
+ private_tcg_pts_attr_proto_caps_t *this)
+{
+ return this->flags;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags,
+ bool request)
+{
+ private_tcg_pts_attr_proto_caps_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_flags = _get_flags,
+ },
+ .type = { PEN_TCG,
+ request ? TCG_PTS_REQ_PROTO_CAPS : TCG_PTS_PROTO_CAPS },
+ .flags = flags,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(size_t length,
+ chunk_t data,
+ bool request)
+{
+ private_tcg_pts_attr_proto_caps_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_flags = _get_flags,
+ },
+ .type = { PEN_TCG,
+ request ? TCG_PTS_REQ_PROTO_CAPS : TCG_PTS_PROTO_CAPS },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h
new file mode 100644
index 0000000..11ed228
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_proto_caps tcg_pts_attr_proto_caps
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_PROTO_CAPS_H_
+#define TCG_PTS_ATTR_PROTO_CAPS_H_
+
+typedef struct tcg_pts_attr_proto_caps_t tcg_pts_attr_proto_caps_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+#include "pts/pts_proto_caps.h"
+
+/**
+ * Class implementing the TCG PTS Protocol Capabilities Attribute
+ */
+struct tcg_pts_attr_proto_caps_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get PTS procol capabilities flags
+ *
+ * @return set of flags
+ */
+ pts_proto_caps_flag_t (*get_flags)(tcg_pts_attr_proto_caps_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_proto_caps_t object
+ *
+ * @param flags set of flags
+ * @param request TRUE for a PTS protocol capabilities request
+ */
+pa_tnc_attr_t* tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags,
+ bool request);
+
+/**
+ * Creates an tcg_pts_attr_proto_caps_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ * @param request TRUE for a PTS protocol capabilities request
+ */
+pa_tnc_attr_t* tcg_pts_attr_proto_caps_create_from_data(size_t length,
+ chunk_t value,
+ bool request);
+
+#endif /** TCG_PTS_ATTR_PROTO_CAPS_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c
new file mode 100644
index 0000000..a3c3ce5
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c
@@ -0,0 +1,314 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
+#include "tcg_pts_attr_req_file_meas.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_req_file_meas_t private_tcg_pts_attr_req_file_meas_t;
+
+/**
+ * Request File Measurement
+ * see section 3.19.1 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | Reserved | Request ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Delimiter |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Fully Qualified File Pathname (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PTS_REQ_FILE_MEAS_SIZE 8
+#define PTS_REQ_FILE_MEAS_RESERVED 0x00
+#define PTS_REQ_FILE_MEAS_NO_FLAGS 0x00
+
+#define DIRECTORY_CONTENTS_FLAG (1<<7)
+
+/**
+ * Private data of an tcg_pts_attr_req_file_meas_t object.
+ */
+struct private_tcg_pts_attr_req_file_meas_t {
+
+ /**
+ * Public members of tcg_pts_attr_req_file_meas_t
+ */
+ tcg_pts_attr_req_file_meas_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Directory Contents flag
+ */
+ bool directory_flag;
+
+ /**
+ * Request ID
+ */
+ u_int16_t request_id;
+
+ /**
+ * UTF8 Encoding of Delimiter Character
+ */
+ u_int32_t delimiter;
+
+ /**
+ * Fully Qualified File Pathname
+ */
+ char *pathname;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_req_file_meas_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ u_int8_t flags = PTS_REQ_FILE_MEAS_NO_FLAGS;
+ chunk_t pathname;
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ if (this->directory_flag)
+ {
+ flags |= DIRECTORY_CONTENTS_FLAG;
+ }
+ pathname = chunk_create(this->pathname, strlen(this->pathname));
+
+ writer = bio_writer_create(PTS_REQ_FILE_MEAS_SIZE);
+ writer->write_uint8 (writer, flags);
+ writer->write_uint8 (writer, PTS_REQ_FILE_MEAS_RESERVED);
+ writer->write_uint16(writer, this->request_id);
+ writer->write_uint32(writer, this->delimiter);
+ writer->write_data (writer, pathname);
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_req_file_meas_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int8_t flags;
+ u_int8_t reserved;
+ chunk_t pathname;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_REQ_FILE_MEAS_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Request File Measurement");
+ return FAILED;
+ }
+
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &flags);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint16(reader, &this->request_id);
+ reader->read_uint32(reader, &this->delimiter);
+ reader->read_data (reader, reader->remaining(reader), &pathname);
+
+ this->directory_flag = (flags & DIRECTORY_CONTENTS_FLAG) !=
+ PTS_REQ_FILE_MEAS_NO_FLAGS;
+ this->pathname = strndup(pathname.ptr, pathname.len);
+
+ reader->destroy(reader);
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_req_file_meas_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->pathname);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_req_file_meas_t, get_directory_flag, bool,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ return this->directory_flag;
+}
+
+METHOD(tcg_pts_attr_req_file_meas_t, get_request_id, u_int16_t,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ return this->request_id;
+}
+
+METHOD(tcg_pts_attr_req_file_meas_t, get_delimiter, u_int32_t,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ return this->delimiter;
+}
+
+METHOD(tcg_pts_attr_req_file_meas_t, get_pathname, char*,
+ private_tcg_pts_attr_req_file_meas_t *this)
+{
+ return this->pathname;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag,
+ u_int16_t request_id,
+ u_int32_t delimiter,
+ char *pathname)
+{
+ private_tcg_pts_attr_req_file_meas_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_directory_flag = _get_directory_flag,
+ .get_request_id = _get_request_id,
+ .get_delimiter = _get_delimiter,
+ .get_pathname = _get_pathname,
+ },
+ .type = { PEN_TCG, TCG_PTS_REQ_FILE_MEAS },
+ .directory_flag = directory_flag,
+ .request_id = request_id,
+ .delimiter = delimiter,
+ .pathname = strdup(pathname),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_req_file_meas_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_directory_flag = _get_directory_flag,
+ .get_request_id = _get_request_id,
+ .get_delimiter = _get_delimiter,
+ .get_pathname = _get_pathname,
+ },
+ .type = { PEN_TCG, TCG_PTS_REQ_FILE_MEAS },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h
new file mode 100644
index 0000000..20a54df
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_req_file_meas tcg_pts_attr_req_file_meas
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_REQ_FILE_MEAS_H_
+#define TCG_PTS_ATTR_REQ_FILE_MEAS_H_
+
+typedef struct tcg_pts_attr_req_file_meas_t tcg_pts_attr_req_file_meas_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS Request File Measurement attribute
+ *
+ */
+struct tcg_pts_attr_req_file_meas_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get flag for PTS Request File Measurement
+ *
+ * @return Directory Contents flag
+ */
+ bool (*get_directory_flag)(tcg_pts_attr_req_file_meas_t *this);
+
+ /**
+ * Get Request ID
+ *
+ * @return Request ID
+ */
+ u_int16_t (*get_request_id)(tcg_pts_attr_req_file_meas_t *this);
+
+ /**
+ * Get Delimiter
+ *
+ * @return UTF-8 encoding of a Delimiter Character
+ */
+ u_int32_t (*get_delimiter)(tcg_pts_attr_req_file_meas_t *this);
+
+ /**
+ * Get Fully Qualified File Pathname
+ *
+ * @return Pathname
+ */
+ char* (*get_pathname)(tcg_pts_attr_req_file_meas_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_req_file_meas_t object
+ *
+ * @param directory_flag Directory Contents Flag
+ * @param request_id Request ID
+ * @param delimiter Delimiter Character
+ * @param pathname File Pathname
+ */
+pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create(bool directory_flag,
+ u_int16_t request_id,
+ u_int32_t delimiter,
+ char *pathname);
+
+/**
+ * Creates an tcg_pts_attr_req_file_meas_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_REQ_FILE_MEAS_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
new file mode 100644
index 0000000..f6befa8
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
@@ -0,0 +1,296 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
+#include "tcg_pts_attr_req_file_meta.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_req_file_meta_t private_tcg_pts_attr_req_file_meta_t;
+
+/**
+ * Request File Metadata
+ * see section 3.17.1 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | Delimiter | Reserved |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Fully Qualified File Pathname (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PTS_REQ_FILE_META_SIZE 4
+#define PTS_REQ_FILE_META_RESERVED 0x00
+#define PTS_REQ_FILE_META_NO_FLAGS 0x00
+
+#define DIRECTORY_CONTENTS_FLAG (1<<7)
+
+/**
+ * Private data of an tcg_pts_attr_req_file_meta_t object.
+ */
+struct private_tcg_pts_attr_req_file_meta_t {
+
+ /**
+ * Public members of tcg_pts_attr_req_file_meta_t
+ */
+ tcg_pts_attr_req_file_meta_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Directory Contents flag
+ */
+ bool directory_flag;
+
+ /**
+ * UTF8 Encoding of Delimiter Character
+ */
+ u_int8_t delimiter;
+
+ /**
+ * Fully Qualified File Pathname
+ */
+ char *pathname;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_req_file_meta_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ u_int8_t flags = PTS_REQ_FILE_META_NO_FLAGS;
+ chunk_t pathname;
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ if (this->directory_flag)
+ {
+ flags |= DIRECTORY_CONTENTS_FLAG;
+ }
+ pathname = chunk_create(this->pathname, strlen(this->pathname));
+
+ writer = bio_writer_create(PTS_REQ_FILE_META_SIZE);
+ writer->write_uint8 (writer, flags);
+ writer->write_uint8 (writer, this->delimiter);
+ writer->write_uint16(writer, PTS_REQ_FILE_META_RESERVED);
+
+ writer->write_data (writer, pathname);
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_req_file_meta_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int8_t flags;
+ u_int16_t reserved;
+ chunk_t pathname;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_REQ_FILE_META_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Request File Metadata");
+ }
+
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &flags);
+ reader->read_uint8 (reader, &this->delimiter);
+ reader->read_uint16(reader, &reserved);
+
+ reader->read_data (reader, reader->remaining(reader), &pathname);
+
+ this->directory_flag = (flags & DIRECTORY_CONTENTS_FLAG) !=
+ PTS_REQ_FILE_META_NO_FLAGS;
+ this->pathname = strndup(pathname.ptr, pathname.len);
+
+ reader->destroy(reader);
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_req_file_meta_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->pathname);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_req_file_meta_t, get_directory_flag, bool,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ return this->directory_flag;
+}
+
+METHOD(tcg_pts_attr_req_file_meta_t, get_delimiter, u_int8_t,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ return this->delimiter;
+}
+
+METHOD(tcg_pts_attr_req_file_meta_t, get_pathname, char*,
+ private_tcg_pts_attr_req_file_meta_t *this)
+{
+ return this->pathname;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag,
+ u_int8_t delimiter,
+ char *pathname)
+{
+ private_tcg_pts_attr_req_file_meta_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_directory_flag = _get_directory_flag,
+ .get_delimiter = _get_delimiter,
+ .get_pathname = _get_pathname,
+ },
+ .type = { PEN_TCG, TCG_PTS_REQ_FILE_META },
+ .directory_flag = directory_flag,
+ .delimiter = delimiter,
+ .pathname = strdup(pathname),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_req_file_meta_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_directory_flag = _get_directory_flag,
+ .get_delimiter = _get_delimiter,
+ .get_pathname = _get_pathname,
+ },
+ .type = { PEN_TCG, TCG_PTS_REQ_FILE_META },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h
new file mode 100644
index 0000000..c2f1cca
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_req_file_meta tcg_pts_attr_req_file_meta
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_REQ_FILE_META_H_
+#define TCG_PTS_ATTR_REQ_FILE_META_H_
+
+typedef struct tcg_pts_attr_req_file_meta_t tcg_pts_attr_req_file_meta_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS Request File Metadata attribute
+ *
+ */
+struct tcg_pts_attr_req_file_meta_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get directory flag for PTS Request File Metadata
+ *
+ * @return Directory Contents flag
+ */
+ bool (*get_directory_flag)(tcg_pts_attr_req_file_meta_t *this);
+
+ /**
+ * Get Delimiter
+ *
+ * @return UTF-8 encoding of a Delimiter Character
+ */
+ u_int8_t (*get_delimiter)(tcg_pts_attr_req_file_meta_t *this);
+
+ /**
+ * Get Fully Qualified File Pathname
+ *
+ * @return Pathname
+ */
+ char* (*get_pathname)(tcg_pts_attr_req_file_meta_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_req_file_meta_t object
+ *
+ * @param directory_flag Directory Contents Flag
+ * @param delimiter Delimiter Character
+ * @param pathname File Pathname
+ */
+pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create(bool directory_flag,
+ u_int8_t delimiter,
+ char *pathname);
+
+/**
+ * Creates an tcg_pts_attr_req_file_meta_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_REQ_FILE_META_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
new file mode 100644
index 0000000..0389110
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
@@ -0,0 +1,389 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_req_func_comp_evid.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <collections/linked_list.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_req_func_comp_evid_t private_tcg_pts_attr_req_func_comp_evid_t;
+
+/**
+ * Request Functional Component Evidence
+ * see section 3.14.1 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | Sub-component Depth (for Component #1) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Component Functional Name #1 |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Component Functional Name #1 |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | ........ |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | Sub-component Depth (for Component #N) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Component Functional Name #N |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Component Functional Name #N |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Component Functional Name Structure
+ * (see section 5.1 of PTS Protocol: Binding to TNC IF-M Specification)
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Component Functional Name Vendor ID |Fam| Qualifier |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Component Functional Name |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PTS_REQ_FUNC_COMP_EVID_SIZE 12
+#define PTS_REQ_FUNC_COMP_FAMILY_MASK 0xC0
+
+/**
+ * Private data of an tcg_pts_attr_req_func_comp_evid_t object.
+ */
+struct private_tcg_pts_attr_req_func_comp_evid_t {
+
+ /**
+ * Public members of tcg_pts_attr_req_func_comp_evid_t
+ */
+ tcg_pts_attr_req_func_comp_evid_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * List of Functional Components
+ */
+ linked_list_t *list;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+typedef struct entry_t entry_t;
+
+/**
+ * Functional component entry
+ */
+struct entry_t {
+ u_int8_t flags;
+ u_int32_t depth;
+ pts_comp_func_name_t *name;
+};
+
+/**
+ * Enumerate functional component entries
+ */
+static bool entry_filter(void *null, entry_t **entry, u_int8_t *flags,
+ void *i2, u_int32_t *depth, void *i3,
+ pts_comp_func_name_t **name)
+{
+ *flags = (*entry)->flags;
+ *depth = (*entry)->depth;
+ *name = (*entry)->name;
+
+ return TRUE;
+}
+
+/**
+ * Free an entry_t object
+ */
+static void free_entry(entry_t *this)
+{
+ if (this)
+ {
+ this->name->destroy(this->name);
+ free(this);
+ }
+}
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_req_func_comp_evid_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_req_func_comp_evid_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_req_func_comp_evid_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_req_func_comp_evid_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_req_func_comp_evid_t *this)
+{
+ bio_writer_t *writer;
+ enumerator_t *enumerator;
+ entry_t *entry;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_REQ_FUNC_COMP_EVID_SIZE);
+
+ enumerator = this->list->create_enumerator(this->list);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ writer->write_uint8 (writer, entry->flags);
+ writer->write_uint24(writer, entry->depth);
+ writer->write_uint24(writer, entry->name->get_vendor_id(entry->name));
+ writer->write_uint8 (writer, entry->name->get_qualifier(entry->name));
+ writer->write_uint32(writer, entry->name->get_name(entry->name));
+ }
+ enumerator->destroy(enumerator);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_req_func_comp_evid_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int32_t depth, vendor_id, name;
+ u_int8_t flags, fam_and_qualifier, qualifier;
+ status_t status = FAILED;
+ entry_t *entry = NULL;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_REQ_FUNC_COMP_EVID_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Request Functional "
+ "Component Evidence");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+
+ while (reader->remaining(reader))
+ {
+ if (!reader->read_uint8(reader, &flags))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
+ "Component Evidence Flags");
+ goto end;
+ }
+ if (!reader->read_uint24(reader, &depth))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
+ "Component Evidence Sub Component Depth");
+ goto end;
+ }
+ if (!reader->read_uint24(reader, &vendor_id))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
+ "Component Evidence Component Name Vendor ID");
+ goto end;
+ }
+ if (!reader->read_uint8(reader, &fam_and_qualifier))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
+ "Component Evidence Family and Qualifier");
+ goto end;
+ }
+ if (fam_and_qualifier & PTS_REQ_FUNC_COMP_FAMILY_MASK)
+ {
+ DBG1(DBG_TNC, "the Functional Name Encoding Family "
+ "is not Binary Enumeration");
+ goto end;
+ }
+ if (!reader->read_uint32(reader, &name))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
+ "Component Evidence Component Functional Name");
+ goto end;
+ }
+ qualifier = fam_and_qualifier & ~PTS_REQ_FUNC_COMP_FAMILY_MASK;
+
+ entry = malloc_thing(entry_t);
+ entry->flags = flags;
+ entry->depth = depth;
+ entry->name = pts_comp_func_name_create(vendor_id, name, qualifier);
+
+ this->list->insert_last(this->list, entry);
+ }
+ status = SUCCESS;
+
+end:
+ reader->destroy(reader);
+ return status;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_req_func_comp_evid_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_req_func_comp_evid_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_req_func_comp_evid_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ this->list->destroy_function(this->list, (void *)free_entry);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_req_func_comp_evid_t, add_component, void,
+ private_tcg_pts_attr_req_func_comp_evid_t *this, u_int8_t flags,
+ u_int32_t depth, pts_comp_func_name_t *name)
+{
+ entry_t *entry;
+
+ entry = malloc_thing(entry_t);
+ entry->flags = flags;
+ entry->depth = depth;
+ entry->name = name->clone(name);
+ this->list->insert_last(this->list, entry);
+}
+
+METHOD(tcg_pts_attr_req_func_comp_evid_t, get_count, int,
+ private_tcg_pts_attr_req_func_comp_evid_t *this)
+{
+ return this->list->get_count(this->list);
+}
+
+METHOD(tcg_pts_attr_req_func_comp_evid_t, create_enumerator, enumerator_t*,
+ private_tcg_pts_attr_req_func_comp_evid_t *this)
+{
+ return enumerator_create_filter(this->list->create_enumerator(this->list),
+ (void*)entry_filter, NULL, NULL);
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create(void)
+{
+ private_tcg_pts_attr_req_func_comp_evid_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .add_component = _add_component,
+ .get_count = _get_count,
+ .create_enumerator = _create_enumerator,
+ },
+ .type = { PEN_TCG, TCG_PTS_REQ_FUNC_COMP_EVID },
+ .list = linked_list_create(),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_req_func_comp_evid_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .add_component = _add_component,
+ .get_count = _get_count,
+ .create_enumerator = _create_enumerator,
+ },
+ .type = { PEN_TCG, TCG_PTS_REQ_FUNC_COMP_EVID },
+ .length = length,
+ .list = linked_list_create(),
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
new file mode 100644
index 0000000..2f8657e
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_req_func_comp_evid tcg_pts_attr_req_func_comp_evid
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_REQ_FUNC_COMP_EVID_H_
+#define TCG_PTS_ATTR_REQ_FUNC_COMP_EVID_H_
+
+typedef struct tcg_pts_attr_req_func_comp_evid_t tcg_pts_attr_req_func_comp_evid_t;
+
+#include "tcg/tcg_attr.h"
+#include "pts/components/pts_comp_func_name.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS Request Functional Component Evidence attribute
+ *
+ */
+struct tcg_pts_attr_req_func_comp_evid_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Add a component to the Functional Component Evidence Request
+ *
+ * @param flags Component Evidence Request Flags
+ * @param depth Sub-component Depth
+ * @param name Functional Component Name
+ */
+ void (*add_component)(tcg_pts_attr_req_func_comp_evid_t *this,
+ u_int8_t flags, u_int32_t depth,
+ pts_comp_func_name_t *name);
+
+ /**
+ * Returns the number of Functional Component entries
+ *
+ * @return Number of entries
+ */
+ int (*get_count)(tcg_pts_attr_req_func_comp_evid_t *this);
+
+ /**
+ * Enumerator over Functional Component entries
+ *
+ * @return Entry enumerator
+ */
+ enumerator_t* (*create_enumerator)(tcg_pts_attr_req_func_comp_evid_t *this);
+
+};
+
+/**
+ * Creates a tcg_pts_attr_req_func_comp_evid_t object
+ */
+pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create(void);
+
+/**
+ * Creates a tcg_pts_attr_req_func_comp_evid_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_REQ_FUNC_COMP_EVID_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
new file mode 100644
index 0000000..d94ee89
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
@@ -0,0 +1,532 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_simple_comp_evid.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+#include <time.h>
+
+typedef struct private_tcg_pts_attr_simple_comp_evid_t private_tcg_pts_attr_simple_comp_evid_t;
+
+/**
+ * Simple Component Evidence
+ * see section 3.15.1 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | Sub-Component Depth |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Specific Functional Component |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Specific Functional Component |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Measure. Type | Extended into PCR |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Hash Algorithm | PCR Transform | Reserved |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Measurement Date/Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Measurement Date/Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Measurement Date/Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Measurement Date/Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Measurement Date/Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Optional Policy URI Length | Opt. Verification Policy URI ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional Verification Policy URI ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Optional PCR Length | Optional PCR Before Value ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional PCR Before Value (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional PCR After Value (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Component Measurement (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Specific Functional Component -> Component Functional Name Structure
+ * see section 5.1 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Component Functional Name Vendor ID |Fam| Qualifier |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Component Functional Name |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define PTS_SIMPLE_COMP_EVID_SIZE 40
+#define PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE 20
+#define PTS_SIMPLE_COMP_EVID_RESERVED 0x00
+#define PTS_SIMPLE_COMP_EVID_FAMILY_MASK 0xC0
+#define PTS_SIMPLE_COMP_EVID_VALIDATION_MASK 0x60
+#define PTS_SIMPLE_COMP_EVID_MEAS_TYPE (1<<7)
+#define PTS_SIMPLE_COMP_EVID_FLAG_PCR (1<<7)
+
+static char *utc_undefined_time_str = "0000-00-00T00:00:00Z";
+
+/**
+ * Private data of an tcg_pts_attr_simple_comp_evid_t object.
+ */
+struct private_tcg_pts_attr_simple_comp_evid_t {
+
+ /**
+ * Public members of tcg_pts_attr_simple_comp_evid_t
+ */
+ tcg_pts_attr_simple_comp_evid_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * PTS Component Evidence
+ */
+ pts_comp_evidence_t *evidence;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_simple_comp_evid_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_simple_comp_evid_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_simple_comp_evid_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_simple_comp_evid_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+/**
+ * Convert time_t to Simple Component Evidence UTS string format
+ */
+void measurement_time_to_utc(time_t measurement_time, chunk_t *utc_time)
+{
+ struct tm t;
+
+ if (measurement_time == UNDEFINED_TIME)
+ {
+ utc_time->ptr = utc_undefined_time_str;
+ }
+ else
+ {
+ gmtime_r(&measurement_time, &t);
+ sprintf(utc_time->ptr, "%04d-%02d-%02dT%02d:%02d:%02dZ",
+ t.tm_year + 1900, t.tm_mon + 1, t.tm_mday,
+ t.tm_hour, t.tm_min, t.tm_sec);
+ }
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_simple_comp_evid_t *this)
+{
+ bio_writer_t *writer;
+ bool has_pcr_info;
+ char utc_time_buf[25], *policy_uri;
+ u_int8_t flags;
+ u_int16_t len;
+ u_int32_t depth, extended_pcr;
+ pts_comp_func_name_t *name;
+ pts_meas_algorithms_t hash_algorithm;
+ pts_pcr_transform_t transform;
+ pts_comp_evid_validation_t validation;
+ time_t measurement_time;
+ chunk_t measurement, utc_time, pcr_before, pcr_after;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+
+ /* Extract parameters from comp_evidence_t object */
+ name = this->evidence->get_comp_func_name(this->evidence,
+ &depth);
+ measurement = this->evidence->get_measurement(this->evidence,
+ &extended_pcr, &hash_algorithm, &transform,
+ &measurement_time);
+ has_pcr_info = this->evidence->get_pcr_info(this->evidence,
+ &pcr_before, &pcr_after);
+ validation = this->evidence->get_validation(this->evidence,
+ &policy_uri);
+
+ /* Determine the flags to set*/
+ flags = validation;
+ if (has_pcr_info)
+ {
+ flags |= PTS_SIMPLE_COMP_EVID_FLAG_PCR;
+ }
+
+ utc_time = chunk_create(utc_time_buf, PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE);
+ measurement_time_to_utc(measurement_time, &utc_time);
+
+ writer = bio_writer_create(PTS_SIMPLE_COMP_EVID_SIZE);
+
+ writer->write_uint8 (writer, flags);
+ writer->write_uint24(writer, depth);
+ writer->write_uint24(writer, name->get_vendor_id(name));
+ writer->write_uint8 (writer, name->get_qualifier(name));
+ writer->write_uint32(writer, name->get_name(name));
+ writer->write_uint8 (writer, PTS_SIMPLE_COMP_EVID_MEAS_TYPE);
+ writer->write_uint24(writer, extended_pcr);
+ writer->write_uint16(writer, hash_algorithm);
+ writer->write_uint8 (writer, transform);
+ writer->write_uint8 (writer, PTS_SIMPLE_COMP_EVID_RESERVED);
+ writer->write_data (writer, utc_time);
+
+ /* Optional fields */
+ if (validation == PTS_COMP_EVID_VALIDATION_FAILED ||
+ validation == PTS_COMP_EVID_VALIDATION_PASSED)
+ {
+ len = strlen(policy_uri);
+ writer->write_uint16(writer, len);
+ writer->write_data (writer, chunk_create(policy_uri, len));
+ }
+ if (has_pcr_info)
+ {
+ writer->write_uint16(writer, pcr_before.len);
+ writer->write_data (writer, pcr_before);
+ writer->write_data (writer, pcr_after);
+ }
+
+ writer->write_data(writer, measurement);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
+static const int tm_leap_1970 = 477;
+
+/**
+ * Convert Simple Component Evidence UTS string format to time_t
+ */
+bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time)
+{
+ int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs;
+ int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
+
+ if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len))
+ {
+ *measurement_time = 0;
+ return TRUE;
+ }
+ if (sscanf(utc_time.ptr, "%4d-%2d-%2dT%2d:%2d:%2dZ",
+ &tm_year, &tm_mon, &tm_day, &tm_hour, &tm_min, &tm_sec) != 6)
+ {
+ return FALSE;
+ }
+
+ /* representation of months as 0..11 */
+ tm_mon--;
+
+ /* representation of days as 0..30 */
+ tm_day--;
+
+ /* number of leap years between last year and 1970? */
+ tm_leap_4 = (tm_year - 1) / 4;
+ tm_leap_100 = tm_leap_4 / 25;
+ tm_leap_400 = tm_leap_100 / 4;
+ tm_leap = tm_leap_4 - tm_leap_100 + tm_leap_400 - tm_leap_1970;
+
+ /* if date later then February, is the current year a leap year? */
+ if (tm_mon > 1 && (tm_year % 4 == 0) &&
+ (tm_year % 100 != 0 || tm_year % 400 == 0))
+ {
+ tm_leap++;
+ }
+ tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
+ tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec;
+
+ *measurement_time = tm_secs;
+ return TRUE;
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_simple_comp_evid_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ pts_comp_func_name_t *name;
+ u_int8_t flags, fam_and_qualifier, qualifier, reserved;
+ u_int8_t measurement_type, transform, validation;
+ u_int16_t hash_algorithm, len;
+ u_int32_t depth, vendor_id, comp_name, extended_pcr;
+ chunk_t measurement, utc_time, policy_uri, pcr_before, pcr_after;
+ time_t measurement_time;
+ bool has_pcr_info = FALSE, has_validation = FALSE;
+ status_t status = FAILED;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Simple Component Evidence");
+ }
+ reader = bio_reader_create(this->value);
+
+ reader->read_uint8 (reader, &flags);
+ reader->read_uint24(reader, &depth);
+ reader->read_uint24(reader, &vendor_id);
+ reader->read_uint8 (reader, &fam_and_qualifier);
+ reader->read_uint32(reader, &comp_name);
+ reader->read_uint8 (reader, &measurement_type);
+ reader->read_uint24(reader, &extended_pcr);
+ reader->read_uint16(reader, &hash_algorithm);
+ reader->read_uint8 (reader, &transform);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_data (reader, PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE, &utc_time);
+
+ if (measurement_type != PTS_SIMPLE_COMP_EVID_MEAS_TYPE)
+ {
+ DBG1(DBG_TNC, "unsupported Measurement Type in "
+ "Simple Component Evidence");
+ *offset = 12;
+ reader->destroy(reader);
+ return FAILED;
+ }
+ if (!measurement_time_from_utc(&measurement_time, utc_time))
+ {
+ DBG1(DBG_TNC, "invalid Measurement Time field in "
+ "Simple Component Evidence");
+ *offset = 20;
+ reader->destroy(reader);
+ return FAILED;
+ }
+ validation = flags & PTS_SIMPLE_COMP_EVID_VALIDATION_MASK;
+ qualifier = fam_and_qualifier & ~PTS_SIMPLE_COMP_EVID_FAMILY_MASK;
+
+ /* Is optional Policy URI field included? */
+ if (validation == PTS_COMP_EVID_VALIDATION_FAILED ||
+ validation == PTS_COMP_EVID_VALIDATION_PASSED)
+ {
+ if (!reader->read_uint16(reader, &len))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+ "Verification Policy URI Length");
+ goto end;
+ }
+ if (!reader->read_data(reader, len, &policy_uri))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+ "Verification Policy URI");
+ goto end;
+ }
+ has_validation = TRUE;
+ }
+
+ /* Are optional PCR value fields included? */
+ if (flags & PTS_SIMPLE_COMP_EVID_FLAG_PCR)
+ {
+ if (!reader->read_uint16(reader, &len))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+ "PCR Value length");
+ goto end;
+ }
+ if (!reader->read_data(reader, len, &pcr_before))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+ "PCR Before Value");
+ goto end;
+ }
+ if (!reader->read_data(reader, len, &pcr_after))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
+ "PCR After Value");
+ goto end;
+ }
+ has_pcr_info = TRUE;
+ }
+
+ /* Measurement field comes at the very end */
+ reader->read_data(reader,reader->remaining(reader), &measurement);
+ reader->destroy(reader);
+
+ /* Create Component Functional Name object */
+ name = pts_comp_func_name_create(vendor_id, comp_name, qualifier);
+
+ /* Create Component Evidence object */
+ measurement = chunk_clone(measurement);
+ this->evidence = pts_comp_evidence_create(name, depth, extended_pcr,
+ hash_algorithm, transform,
+ measurement_time, measurement);
+
+ /* Add options */
+ if (has_validation)
+ {
+ char buf[BUF_LEN];
+ size_t len;
+
+ len = min(policy_uri.len, BUF_LEN-1);
+ memcpy(buf, policy_uri.ptr, len);
+ buf[len] = '\0';
+ this->evidence->set_validation(this->evidence, validation, buf);
+ }
+ if (has_pcr_info)
+ {
+ pcr_before = chunk_clone(pcr_before);
+ pcr_after = chunk_clone(pcr_after);
+ this->evidence->set_pcr_info(this->evidence, pcr_before, pcr_after);
+ }
+
+ return SUCCESS;
+
+end:
+ reader->destroy(reader);
+ return status;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_simple_comp_evid_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_simple_comp_evid_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_simple_comp_evid_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ DESTROY_IF(this->evidence);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_evidence, pts_comp_evidence_t*,
+ private_tcg_pts_attr_simple_comp_evid_t *this)
+{
+ return this->evidence;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid)
+{
+ private_tcg_pts_attr_simple_comp_evid_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_comp_evidence = _get_comp_evidence,
+ },
+ .type = { PEN_TCG, TCG_PTS_SIMPLE_COMP_EVID },
+ .evidence = evid,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_simple_comp_evid_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_comp_evidence = _get_comp_evidence,
+ },
+ .type = { PEN_TCG, TCG_PTS_SIMPLE_COMP_EVID },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.h
new file mode 100644
index 0000000..c08adb8
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_simple_comp_evid tcg_pts_attr_simple_comp_evid
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_
+#define TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_
+
+typedef struct tcg_pts_attr_simple_comp_evid_t tcg_pts_attr_simple_comp_evid_t;
+
+#include "tcg/tcg_attr.h"
+#include "pts/components/pts_comp_evidence.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS Simple Component Evidence attribute
+ *
+ */
+struct tcg_pts_attr_simple_comp_evid_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get Component Evidence
+ *
+ * @return Component Evidence
+ */
+ pts_comp_evidence_t* (*get_comp_evidence)(tcg_pts_attr_simple_comp_evid_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_simple_comp_evid_t object
+ *
+ * @param evid Component Evidence
+ */
+pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid);
+
+/**
+ * Creates an tcg_pts_attr_simple_comp_evid_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
new file mode 100644
index 0000000..cfeaec6
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
@@ -0,0 +1,405 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_simple_evid_final.h"
+#include "pts/pts_simple_evid_final.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_simple_evid_final_t;
+
+/**
+ * Simple Evidence Final
+ * see section 3.15.2 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | Reserved | Optional Composite Hash Alg |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Optional TPM PCR Composite Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional TPM PCR Composite (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Optional TPM Quote Signature Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional TPM Quote Signature (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Optional Evidence Signature (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PTS_SIMPLE_EVID_FINAL_SIZE 2
+#define PTS_SIMPLE_EVID_FINAL_RESERVED 0x00
+#define PTS_SIMPLE_EVID_FINAL_FLAG_MASK 0xC0
+/**
+ * Private data of an tcg_pts_attr_simple_evid_final_t object.
+ */
+struct private_tcg_pts_attr_simple_evid_final_t {
+
+ /**
+ * Public members of tcg_pts_attr_simple_evid_final_t
+ */
+ tcg_pts_attr_simple_evid_final_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Set of flags for Simple Evidence Final
+ */
+ u_int8_t flags;
+
+ /**
+ * Optional Composite Hash Algorithm
+ */
+ pts_meas_algorithms_t comp_hash_algorithm;
+
+ /**
+ * Optional TPM PCR Composite
+ */
+ chunk_t pcr_comp;
+
+ /**
+ * Optional TPM Quote Signature
+ */
+ chunk_t tpm_quote_sig;
+
+ /**
+ * Is Evidence Signature included?
+ */
+ bool has_evid_sig;
+
+ /**
+ * Optional Evidence Signature
+ */
+ chunk_t evid_sig;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_simple_evid_final_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_simple_evid_final_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_simple_evid_final_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_simple_evid_final_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_simple_evid_final_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_simple_evid_final_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_simple_evid_final_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this->pcr_comp.ptr);
+ free(this->tpm_quote_sig.ptr);
+ free(this->evid_sig.ptr);
+ free(this);
+ }
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_simple_evid_final_t *this)
+{
+ bio_writer_t *writer;
+ u_int8_t flags;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ flags = this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK;
+
+ if (this->has_evid_sig)
+ {
+ flags |= PTS_SIMPLE_EVID_FINAL_EVID_SIG;
+ }
+
+ writer = bio_writer_create(PTS_SIMPLE_EVID_FINAL_SIZE);
+ writer->write_uint8 (writer, flags);
+ writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED);
+
+ /** Optional Composite Hash Algorithm field is always present
+ * Field has value of all zeroes if not used.
+ * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
+ */
+ writer->write_uint16(writer, this->comp_hash_algorithm);
+
+ /* Optional fields */
+ if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
+ {
+ writer->write_uint32 (writer, this->pcr_comp.len);
+ writer->write_data (writer, this->pcr_comp);
+
+ writer->write_uint32 (writer, this->tpm_quote_sig.len);
+ writer->write_data (writer, this->tpm_quote_sig);
+ }
+
+ if (this->has_evid_sig)
+ {
+ writer->write_data (writer, this->evid_sig);
+ }
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_simple_evid_final_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int8_t flags, reserved;
+ u_int16_t algorithm;
+ u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len;
+ status_t status = FAILED;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for Simple Evidence Final");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+
+ reader->read_uint8(reader, &flags);
+ reader->read_uint8(reader, &reserved);
+
+ this->flags = flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK;
+
+ this->has_evid_sig = (flags & PTS_SIMPLE_EVID_FINAL_EVID_SIG) != 0;
+
+ /** Optional Composite Hash Algorithm field is always present
+ * Field has value of all zeroes if not used.
+ * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
+ */
+
+ reader->read_uint16(reader, &algorithm);
+ this->comp_hash_algorithm = algorithm;
+
+ /* Optional Composite Hash Algorithm and TPM PCR Composite fields */
+ if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
+ {
+ if (!reader->read_uint32(reader, &pcr_comp_len))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+ "PCR Composite Length");
+ goto end;
+ }
+ if (!reader->read_data(reader, pcr_comp_len, &this->pcr_comp))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+ "PCR Composite");
+ goto end;
+ }
+ this->pcr_comp = chunk_clone(this->pcr_comp);
+
+ if (!reader->read_uint32(reader, &tpm_quote_sig_len))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+ "TPM Quote Singature Length");
+ goto end;
+ }
+ if (!reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
+ "TPM Quote Singature");
+ goto end;
+ }
+ this->tpm_quote_sig = chunk_clone(this->tpm_quote_sig);
+ }
+
+ /* Optional Evidence Signature field */
+ if (this->has_evid_sig)
+ {
+ evid_sig_len = reader->remaining(reader);
+ reader->read_data(reader, evid_sig_len, &this->evid_sig);
+ this->evid_sig = chunk_clone(this->evid_sig);
+ }
+
+ reader->destroy(reader);
+ return SUCCESS;
+
+end:
+ reader->destroy(reader);
+ return status;
+}
+
+METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, u_int8_t,
+ private_tcg_pts_attr_simple_evid_final_t *this,
+ pts_meas_algorithms_t *comp_hash_algo, chunk_t *pcr_comp, chunk_t *tpm_quote_sig)
+{
+ if (comp_hash_algo)
+ {
+ *comp_hash_algo = this->comp_hash_algorithm;
+ }
+ if (pcr_comp)
+ {
+ *pcr_comp = this->pcr_comp;
+ }
+ if (tpm_quote_sig)
+ {
+ *tpm_quote_sig = this->tpm_quote_sig;
+ }
+ return this->flags;
+}
+
+METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool,
+ private_tcg_pts_attr_simple_evid_final_t *this, chunk_t *evid_sig)
+{
+ if (evid_sig)
+ {
+ *evid_sig = this->evid_sig;
+ }
+ return this->has_evid_sig;
+}
+
+METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void,
+ private_tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig)
+{
+ this->evid_sig = evid_sig;
+ this->has_evid_sig = TRUE;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
+ pts_meas_algorithms_t comp_hash_algorithm,
+ chunk_t pcr_comp, chunk_t tpm_quote_sig)
+{
+ private_tcg_pts_attr_simple_evid_final_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_quote_info = _get_quote_info,
+ .get_evid_sig = _get_evid_sig,
+ .set_evid_sig = _set_evid_sig,
+ },
+ .type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL },
+ .flags = flags,
+ .comp_hash_algorithm = comp_hash_algorithm,
+ .pcr_comp = pcr_comp,
+ .tpm_quote_sig = tpm_quote_sig,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_simple_evid_final_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_quote_info = _get_quote_info,
+ .get_evid_sig = _get_evid_sig,
+ .set_evid_sig = _set_evid_sig,
+ },
+ .type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h
new file mode 100644
index 0000000..8343b5b
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_simple_evid_final tcg_pts_attr_simple_evid_final
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_
+#define TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_
+
+typedef struct tcg_pts_attr_simple_evid_final_t tcg_pts_attr_simple_evid_final_t;
+
+#include "tcg/tcg_attr.h"
+#include "tcg_pts_attr_meas_algo.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS Simple Evidence Final attribute
+ *
+ */
+struct tcg_pts_attr_simple_evid_final_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get Optional PCR Composite and TPM Quote Signature
+ *
+ * @param comp_hash_algo Optional Composite Hash Algorithm
+ * @param pcr_comp Optional PCR Composite
+ * @param tpm_quote sig Optional TPM Quote Signature
+ * @return PTS_SIMPLE_EVID_FINAL flags
+ */
+ u_int8_t (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this,
+ pts_meas_algorithms_t *comp_hash_algo,
+ chunk_t *pcr_comp, chunk_t *tpm_quote_sig);
+
+ /**
+ * Get Optional Evidence Signature
+ *
+ * @param evid_sig Optional Evidence Signature
+ * @return TRUE if Evidence Signature is available
+ */
+ bool (*get_evid_sig)(tcg_pts_attr_simple_evid_final_t *this,
+ chunk_t *evid_sig);
+
+ /**
+ * Set Optional Evidence Signature
+ *
+ * @param vid_sig Optional Evidence Signature
+ */
+ void (*set_evid_sig)(tcg_pts_attr_simple_evid_final_t *this,
+ chunk_t evid_sig);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_simple_evid_final_t object
+ *
+ * @param flags Set of flags
+ * @param comp_hash_algorithm Composite Hash Algorithm
+ * @param pcr_comp Optional TPM PCR Composite
+ * @param tpm_quote_sign Optional TPM Quote Signature
+ */
+pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create(
+ u_int8_t flags,
+ pts_meas_algorithms_t comp_hash_algorithm,
+ chunk_t pcr_comp,
+ chunk_t tpm_quote_sign);
+
+/**
+ * Creates an tcg_pts_attr_simple_evid_final_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c
new file mode 100644
index 0000000..db877e9
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c
@@ -0,0 +1,248 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_pts_attr_tpm_version_info.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_tpm_version_info_t private_tcg_pts_attr_tpm_version_info_t;
+
+/**
+ * TPM Version Information
+ * see section 3.11 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | TPM Version Information (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ * see TPM Structure Specification Part 2, section 21.6: TPM_CAP_VERSION_INFO
+ */
+
+#define PTS_TPM_VER_INFO_SIZE 4
+
+/**
+ * Private data of an tcg_pts_attr_tpm_version_info_t object.
+ */
+struct private_tcg_pts_attr_tpm_version_info_t {
+
+ /**
+ * Public members of tcg_pts_attr_tpm_version_info_t
+ */
+ tcg_pts_attr_tpm_version_info_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * TPM Version Information
+ */
+ chunk_t tpm_version_info;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_tpm_version_info_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_tpm_version_info_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_tpm_version_info_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_tpm_version_info_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_tpm_version_info_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(PTS_TPM_VER_INFO_SIZE);
+ writer->write_data(writer, this->tpm_version_info);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_tpm_version_info_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_TPM_VER_INFO_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for TPM Version Information");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_data (reader, this->value.len, &this->tpm_version_info);
+ this->tpm_version_info = chunk_clone(this->tpm_version_info);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_tpm_version_info_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_tpm_version_info_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_tpm_version_info_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this->tpm_version_info.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_tpm_version_info_t, get_tpm_version_info, chunk_t,
+ private_tcg_pts_attr_tpm_version_info_t *this)
+{
+ return this->tpm_version_info;
+}
+
+METHOD(tcg_pts_attr_tpm_version_info_t, set_tpm_version_info, void,
+ private_tcg_pts_attr_tpm_version_info_t *this,
+ chunk_t tpm_version_info)
+{
+ this->tpm_version_info = tpm_version_info;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info)
+{
+ private_tcg_pts_attr_tpm_version_info_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_tpm_version_info = _get_tpm_version_info,
+ .set_tpm_version_info = _set_tpm_version_info,
+ },
+ .type = { PEN_TCG, TCG_PTS_TPM_VERSION_INFO },
+ .tpm_version_info = chunk_clone(tpm_version_info),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_tpm_version_info_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_tpm_version_info = _get_tpm_version_info,
+ .set_tpm_version_info = _set_tpm_version_info,
+ },
+ .type = { PEN_TCG, TCG_PTS_TPM_VERSION_INFO },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.h b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.h
new file mode 100644
index 0000000..d87d72b
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_tpm_version_info tcg_pts_attr_tpm_version_info
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_TPM_VERSION_INFO_H_
+#define TCG_PTS_ATTR_TPM_VERSION_INFO_H_
+
+typedef struct tcg_pts_attr_tpm_version_info_t tcg_pts_attr_tpm_version_info_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG PTS TPM Version Info Attribute
+ *
+ */
+struct tcg_pts_attr_tpm_version_info_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get TPM Version Info
+ *
+ * @return TPM version info
+ */
+ chunk_t (*get_tpm_version_info)(tcg_pts_attr_tpm_version_info_t *this);
+
+ /**
+ * Set TPM Version Info
+ *
+ * @param tpm_version_info TPM version info
+ */
+ void (*set_tpm_version_info)(tcg_pts_attr_tpm_version_info_t *this,
+ chunk_t tpm_version_info);
+};
+
+/**
+ * Creates an tcg_pts_attr_tpm_version_info_t object
+ *
+ * @param tpm_version_info TPM version info
+ */
+pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info);
+
+/**
+ * Creates an tcg_pts_attr_tpm_version_info_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_TPM_VERSION_INFO_H_ @}*/
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c
new file mode 100644
index 0000000..7c176fd
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE /* for stdndup() */
+#include <string.h>
+
+#include "tcg_pts_attr_unix_file_meta.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <collections/linked_list.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_pts_attr_file_meta_t private_tcg_pts_attr_file_meta_t;
+
+/**
+ * Unix-Style File Metadata
+ * see section 3.17.3 of PTS Protocol: Binding to TNC IF-M Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Number of Files included |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Number of Files included |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File metadata Length | Type | Reserved |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File Size |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File Size |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File Create Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File Create Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Last Modify Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Last Modify Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Last Access Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Last Access Time |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File Owner ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File Owner ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File Group ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | File Group ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ~ Filename (Variable Length) ~
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * ...........................
+ */
+
+#define PTS_FILE_META_SIZE 8
+#define PTS_FILE_MEAS_RESERVED 0x00
+#define PTS_FILE_METADATA_SIZE 52
+
+/**
+ * Private data of an tcg_pts_attr_file_meta_t object.
+ */
+struct private_tcg_pts_attr_file_meta_t {
+
+ /**
+ * Public members of tcg_pts_attr_file_meta_t
+ */
+ tcg_pts_attr_file_meta_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * PTS File Metadata
+ */
+ pts_file_meta_t *metadata;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_pts_attr_file_meta_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_pts_attr_file_meta_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_pts_attr_file_meta_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_pts_attr_file_meta_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_pts_attr_file_meta_t *this)
+{
+ bio_writer_t *writer;
+ enumerator_t *enumerator;
+ pts_file_metadata_t *entry;
+ u_int64_t number_of_files;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ number_of_files = this->metadata->get_file_count(this->metadata);
+ writer = bio_writer_create(PTS_FILE_META_SIZE);
+
+ writer->write_uint64(writer, number_of_files);
+
+ enumerator = this->metadata->create_enumerator(this->metadata);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ writer->write_uint16(writer, PTS_FILE_METADATA_SIZE +
+ strlen(entry->filename));
+ writer->write_uint8 (writer, entry->type);
+ writer->write_uint8 (writer, PTS_FILE_MEAS_RESERVED);
+ writer->write_uint64(writer, entry->filesize);
+ writer->write_uint64(writer, entry->created);
+ writer->write_uint64(writer, entry->modified);
+ writer->write_uint64(writer, entry->accessed);
+ writer->write_uint64(writer, entry->owner);
+ writer->write_uint64(writer, entry->group);
+ writer->write_data (writer, chunk_create(entry->filename,
+ strlen(entry->filename)));
+ }
+ enumerator->destroy(enumerator);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_pts_attr_file_meta_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ pts_file_metadata_t *entry;
+ u_int8_t type, reserved;
+ u_int16_t len;
+ u_int64_t number_of_files, filesize, created, modified, accessed;
+ u_int64_t owner, group;
+ chunk_t filename;
+ status_t status = FAILED;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < PTS_FILE_META_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS Unix-Style file metadata header");
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint64(reader, &number_of_files);
+
+ this->metadata = pts_file_meta_create();
+
+ while (number_of_files--)
+ {
+ if (!reader->read_uint16(reader, &len))
+ {
+ DBG1(DBG_TNC, "insufficient data for PTS file metadata length");
+ goto end;
+ }
+ if (!reader->read_uint8(reader, &type))
+ {
+ DBG1(DBG_TNC, "insufficient data for file type");
+ goto end;
+ }
+ if (!reader->read_uint8(reader, &reserved))
+ {
+ DBG1(DBG_TNC, "insufficient data for reserved field");
+ goto end;
+ }
+ if (!reader->read_uint64(reader, &filesize))
+ {
+ DBG1(DBG_TNC, "insufficient data for file size");
+ goto end;
+ }
+ if (!reader->read_uint64(reader, &created))
+ {
+ DBG1(DBG_TNC, "insufficient data for file create time");
+ goto end;
+ }
+ if (!reader->read_uint64(reader, &modified))
+ {
+ DBG1(DBG_TNC, "insufficient data for last modify time");
+ goto end;
+ }
+ if (!reader->read_uint64(reader, &accessed))
+ {
+ DBG1(DBG_TNC, "insufficient data for last access time");
+ goto end;
+ }
+ if (!reader->read_uint64(reader, &owner))
+ {
+ DBG1(DBG_TNC, "insufficient data for owner id");
+ goto end;
+ }
+ if (!reader->read_uint64(reader, &group))
+ {
+ DBG1(DBG_TNC, "insufficient data for group id");
+ goto end;
+ }
+ if (!reader->read_data(reader, len - PTS_FILE_METADATA_SIZE, &filename))
+ {
+ DBG1(DBG_TNC, "insufficient data for filename");
+ goto end;
+ }
+
+ entry = malloc_thing(pts_file_metadata_t);
+ entry->type = type;
+ entry->filesize = filesize;
+ entry->created = created;
+ entry->modified = modified;
+ entry->accessed = accessed;
+ entry->owner = owner;
+ entry->group = group;
+ entry->filename = strndup(filename.ptr, filename.len);
+
+ this->metadata->add(this->metadata, entry);
+ }
+ status = SUCCESS;
+
+end:
+ reader->destroy(reader);
+ return status;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_pts_attr_file_meta_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_pts_attr_file_meta_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_pts_attr_file_meta_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ DESTROY_IF(this->metadata);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_pts_attr_file_meta_t, get_metadata, pts_file_meta_t*,
+ private_tcg_pts_attr_file_meta_t *this)
+{
+ return this->metadata;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata)
+{
+ private_tcg_pts_attr_file_meta_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_metadata = _get_metadata,
+ },
+ .type = { PEN_TCG, TCG_PTS_UNIX_FILE_META },
+ .metadata = metadata,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_pts_attr_file_meta_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_metadata = _get_metadata,
+ },
+ .type = { PEN_TCG, TCG_PTS_UNIX_FILE_META },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h
new file mode 100644
index 0000000..d08261c
--- /dev/null
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2011 Sansar Choinyambuu
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_pts_attr_unix_file_meta tcg_pts_attr_unix_file_meta
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_PTS_ATTR_UNIX_FILE_META_H_
+#define TCG_PTS_ATTR_UNIX_FILE_META_H_
+
+typedef struct tcg_pts_attr_file_meta_t tcg_pts_attr_file_meta_t;
+
+#include "tcg/tcg_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+#include "pts/pts.h"
+#include "pts/pts_file_meta.h"
+
+/**
+ * Class implementing the TCG PTS File Measurement attribute
+ *
+ */
+struct tcg_pts_attr_file_meta_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get PTS File Metadata
+ *
+ * @return PTS File Metadata
+ */
+ pts_file_meta_t* (*get_metadata)(tcg_pts_attr_file_meta_t *this);
+
+};
+
+/**
+ * Creates an tcg_pts_attr_file_meta_t object
+ *
+ * @param metadata PTS File Metadata
+ */
+pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata);
+
+/**
+ * Creates an tcg_pts_attr_file_meta_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_PTS_ATTR_UNIX_FILE_META_H_ @}*/
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c
new file mode 100644
index 0000000..010eaf8
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c
@@ -0,0 +1,254 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_seg_attr_max_size.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_seg_attr_max_size_t private_tcg_seg_attr_max_size_t;
+
+/**
+ * Maximum Attribute Size Request/Response
+ * see TCG IF-M Segmentation Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Max Attribute Size |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Max Segment Size |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of an tcg_seg_attr_max_size_t object.
+ */
+struct private_tcg_seg_attr_max_size_t {
+
+ /**
+ * Public members of tcg_seg_attr_max_size_t
+ */
+ tcg_seg_attr_max_size_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Maximum IF-M attribute size in octets
+ */
+ uint32_t max_attr_size;
+
+ /**
+ * Maximum IF-M attribute segment size in octets
+ */
+ uint32_t max_seg_size;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_seg_attr_max_size_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(TCG_SEG_ATTR_MAX_SIZE_SIZE);
+ writer->write_uint32(writer, this->max_attr_size);
+ writer->write_uint32(writer, this->max_seg_size);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_seg_attr_max_size_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < TCG_SEG_ATTR_MAX_SIZE_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names,
+ this->type.type);
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint32(reader, &this->max_attr_size);
+ reader->read_uint32(reader, &this->max_seg_size);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_seg_attr_max_size_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_seg_attr_max_size_t, get_attr_size, void,
+ private_tcg_seg_attr_max_size_t *this, uint32_t *max_attr_size,
+ uint32_t *max_seg_size)
+{
+ if (max_attr_size)
+ {
+ *max_attr_size = this->max_attr_size;
+ }
+ if (max_seg_size)
+ {
+ *max_seg_size = this->max_seg_size;
+ }
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool request)
+{
+ private_tcg_seg_attr_max_size_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_attr_size = _get_attr_size,
+ },
+ .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ :
+ TCG_SEG_MAX_ATTR_SIZE_RESP },
+ .max_attr_size = max_attr_size,
+ .max_seg_size = max_seg_size,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_seg_attr_max_size_create_from_data(size_t length,
+ chunk_t data,
+ bool request)
+{
+ private_tcg_seg_attr_max_size_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_attr_size = _get_attr_size,
+ },
+ .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ :
+ TCG_SEG_MAX_ATTR_SIZE_RESP },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h
new file mode 100644
index 0000000..72660ac
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_max_size tcg_seg_attr_max_size
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_MAX_SIZE_H_
+#define TCG_SEG_ATTR_MAX_SIZE_H_
+
+typedef struct tcg_seg_attr_max_size_t tcg_seg_attr_max_size_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_MAX_SIZE_SIZE 8
+
+/**
+ * Class implementing the TCG Segmentation Maximum Attribute Size Attribute
+ */
+struct tcg_seg_attr_max_size_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get maximum IF-M attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum IF-M attribute size in octets
+ * @param max_seg_size Maximum IF-M attribute segment size in octets
+ */
+ void (*get_attr_size)(tcg_seg_attr_max_size_t *this,
+ uint32_t *max_attr_size, uint32_t *max_seg_size);
+
+};
+
+/**
+ * Creates an tcg_seg_attr_max_size_t object
+ *
+ * @param max_attr_size Maximum IF-M attribute size in octets
+ * @param max_seg_size Maximum IF-M attribute segment size in octets
+ * @param request TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool request);
+
+/**
+ * Creates an tcg_seg_attr_max_size_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ * @param request TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create_from_data(size_t length,
+ chunk_t value,
+ bool request);
+
+#endif /** TCG_SEG_ATTR_MAX_SIZE_H_ @}*/
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c
new file mode 100644
index 0000000..995f64c
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_seg_attr_next_seg.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_seg_attr_next_seg_t private_tcg_seg_attr_next_seg_t;
+
+typedef enum {
+ NEXT_SEG_FLAG_NONE = 0,
+ NEXT_SEG_FLAG_CANCEL = 1
+} next_seg_flags_t;
+
+/**
+ * Next Segment
+ * see TCG IF-M Segmentation Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |C| Reserved | Base Attribute ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of an tcg_seg_attr_next_seg_t object.
+ */
+struct private_tcg_seg_attr_next_seg_t {
+
+ /**
+ * Public members of tcg_seg_attr_next_seg_t
+ */
+ tcg_seg_attr_next_seg_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Cancel flag
+ */
+ bool cancel_flag;
+
+ /**
+ * Base Attribute ID
+ */
+ uint32_t base_attr_id;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_seg_attr_next_seg_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(TCG_SEG_ATTR_NEXT_SEG_SIZE);
+ writer->write_uint8 (writer, this->cancel_flag ? NEXT_SEG_FLAG_CANCEL :
+ NEXT_SEG_FLAG_NONE);
+ writer->write_uint24(writer, this->base_attr_id);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_seg_attr_next_seg_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ uint8_t flags;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ DBG1(DBG_TNC, "segmentation not allowed for %N", tcg_attr_names,
+ this->type.type);
+ return FAILED;
+ }
+ if (this->value.len < TCG_SEG_ATTR_NEXT_SEG_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names,
+ this->type.type);
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &flags);
+ reader->read_uint24(reader, &this->base_attr_id);
+ reader->destroy(reader);
+
+ this->cancel_flag = (flags & NEXT_SEG_FLAG_CANCEL);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_seg_attr_next_seg_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_seg_attr_next_seg_t, get_base_attr_id, uint32_t,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->base_attr_id;
+}
+
+METHOD(tcg_seg_attr_next_seg_t, get_cancel_flag, bool,
+ private_tcg_seg_attr_next_seg_t *this)
+{
+ return this->cancel_flag;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t* tcg_seg_attr_next_seg_create(uint32_t base_attr_id, bool cancel)
+{
+ private_tcg_seg_attr_next_seg_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_base_attr_id = _get_base_attr_id,
+ .get_cancel_flag = _get_cancel_flag,
+ },
+ .type = { PEN_TCG, TCG_SEG_NEXT_SEG_REQ },
+ .base_attr_id = base_attr_id,
+ .cancel_flag = cancel,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_seg_attr_next_seg_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_seg_attr_next_seg_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_base_attr_id = _get_base_attr_id,
+ .get_cancel_flag = _get_cancel_flag,
+ },
+ .type = { PEN_TCG, TCG_SEG_NEXT_SEG_REQ },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h
new file mode 100644
index 0000000..49a4d36
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_next_seg tcg_seg_attr_next_seg
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_NEXT_SEG_H_
+#define TCG_SEG_ATTR_NEXT_SEG_H_
+
+typedef struct tcg_seg_attr_next_seg_t tcg_seg_attr_next_seg_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_NEXT_SEG_SIZE 4
+
+/**
+ * Class implementing the TCG Segmentation Next Segment Attribute
+ */
+struct tcg_seg_attr_next_seg_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get Base Attribute ID
+ *
+ * @return Base Attribute ID
+ */
+ uint32_t (*get_base_attr_id)(tcg_seg_attr_next_seg_t *this);
+
+ /**
+ * Get the Cancel flag
+ *
+ * @return Cancel flag
+ */
+ bool (*get_cancel_flag)(tcg_seg_attr_next_seg_t *this);
+
+};
+
+/**
+ * Creates an tcg_seg_attr_next_seg_t object
+ *
+ * @param base_attr_id Base Attribute ID
+ * @param cancel If TRUE set Cancel flag
+ */
+pa_tnc_attr_t* tcg_seg_attr_next_seg_create(uint32_t base_attr_id, bool cancel);
+
+/**
+ * Creates an tcg_seg_attr_next_seg_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_seg_attr_next_seg_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_SEG_ATTR_NEXT_SEG_H_ @}*/
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c
new file mode 100644
index 0000000..4f76753
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c
@@ -0,0 +1,257 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_seg_attr_seg_env.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_seg_attr_seg_env_t private_tcg_seg_attr_seg_env_t;
+
+/**
+ * Attribute Segment Envelope
+ * see TCG IF-M Segmentation Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |M|S| Reserved | Base Attribute ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Segment Value (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of an tcg_seg_attr_seg_env_t object.
+ */
+struct private_tcg_seg_attr_seg_env_t {
+
+ /**
+ * Public members of tcg_seg_attr_seg_env_t
+ */
+ tcg_seg_attr_seg_env_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * PA-TNC segmentation flags
+ */
+ uint8_t flags;
+
+ /**
+ * Base Attribute ID
+ */
+ uint32_t base_attr_id;
+
+ /**
+ * Attribute value
+ */
+ chunk_t segment;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_seg_attr_seg_env_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ /* constructor already allocated and built value */
+ this->length = this->value.len;
+ return;
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_seg_attr_seg_env_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ DBG1(DBG_TNC, "segmentation not allowed for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ return FAILED;
+ }
+ if (this->value.len < TCG_SEG_ATTR_SEG_ENV_HEADER)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &this->flags);
+ reader->read_uint24(reader, &this->base_attr_id);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_seg_attr_seg_env_t *this, chunk_t segment)
+{
+ /* no segments are expected */
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_seg_attr_seg_env_t, get_segment, chunk_t,
+ private_tcg_seg_attr_seg_env_t *this, uint8_t *flags)
+{
+ if (flags)
+ {
+ *flags = this->flags;
+ }
+ return chunk_skip(this->value, TCG_SEG_ATTR_SEG_ENV_HEADER);
+}
+
+METHOD(tcg_seg_attr_seg_env_t, get_base_attr_id, uint32_t,
+ private_tcg_seg_attr_seg_env_t *this)
+{
+ return this->base_attr_id;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags,
+ uint32_t base_attr_id)
+{
+ private_tcg_seg_attr_seg_env_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_base_attr_id = _get_base_attr_id,
+ .get_segment = _get_segment,
+ },
+ .type = { PEN_TCG, TCG_SEG_ATTR_SEG_ENV },
+ .flags = flags,
+ .base_attr_id = base_attr_id,
+ .value = chunk_alloc(TCG_SEG_ATTR_SEG_ENV_HEADER + segment.len),
+ .ref = 1,
+ );
+
+ htoun32(this->value.ptr, base_attr_id);
+ *this->value.ptr = flags;
+ memcpy(this->value.ptr + TCG_SEG_ATTR_SEG_ENV_HEADER,
+ segment.ptr, segment.len);
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_seg_attr_seg_env_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_seg_attr_seg_env_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_base_attr_id = _get_base_attr_id,
+ .get_segment = _get_segment,
+ },
+ .type = { PEN_TCG, TCG_SEG_ATTR_SEG_ENV },
+ .length = length,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h
new file mode 100644
index 0000000..a8b3d7c
--- /dev/null
+++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_seg_env tcg_seg_attr_seg_env
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_SEG_ENV_H_
+#define TCG_SEG_ATTR_SEG_ENV_H_
+
+typedef struct tcg_seg_attr_seg_env_t tcg_seg_attr_seg_env_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_SEG_ENV_HEADER 4
+
+/**
+ * Class implementing the TCG Segmentation Envelope Attribute
+ */
+struct tcg_seg_attr_seg_env_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get enveloped attribute segment
+ *
+ * @param flags Segmentation flags
+ * @return Segment
+ */
+ chunk_t (*get_segment)(tcg_seg_attr_seg_env_t *this, uint8_t *flags);
+
+ /**
+ * Get Base Attribute ID
+ *
+ * @return Base Attribute ID
+ */
+ uint32_t (*get_base_attr_id)(tcg_seg_attr_seg_env_t *this);
+
+};
+
+/**
+ * Creates an tcg_seg_attr_seg_env_t object
+ *
+ * @param segment Attribute segment
+ * @param flags Segmentation flags
+ * @param base_attr_id Base Attribute ID
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags,
+ uint32_t base_attr_id);
+
+/**
+ * Creates an tcg_seg_attr_seg_env_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_SEG_ATTR_SEG_ENV_H_ @}*/
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c
new file mode 100644
index 0000000..5612427
--- /dev/null
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.c
@@ -0,0 +1,349 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_swid_attr_req.h"
+
+#include "swid/swid_tag_id.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+#include <collections/linked_list.h>
+
+typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t;
+
+/**
+ * SWID Request
+ * see section 4.7 of TCG TNC SWID Message and Attributes for IF-M
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |R|S|C| Reserved| Tag ID Count |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Request ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Earliest EID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Tag Creator Length | Tag Creator (variable length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Unique Software ID Length |Unique Software ID (var length)|
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define SWID_REQ_RESERVED_MASK 0xE0
+
+/**
+ * Private data of an tcg_swid_attr_req_t object.
+ */
+struct private_tcg_swid_attr_req_t {
+
+ /**
+ * Public members of tcg_swid_attr_req_t
+ */
+ tcg_swid_attr_req_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+
+ /**
+ * Attribute value or segment
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * SWID request flags
+ */
+ u_int8_t flags;
+
+ /**
+ * Request ID
+ */
+ u_int32_t request_id;
+
+ /**
+ * Earliest EID
+ */
+ u_int32_t earliest_eid;
+
+ /**
+ * List of Target Tag Identifiers
+ */
+ swid_inventory_t *targets;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_swid_attr_req_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_swid_attr_req_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_swid_attr_req_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_swid_attr_req_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_swid_attr_req_t *this)
+{
+ bio_writer_t *writer;
+ chunk_t tag_creator, unique_sw_id;
+ swid_tag_id_t *tag_id;
+ enumerator_t *enumerator;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+
+ writer = bio_writer_create(TCG_SWID_REQ_MIN_SIZE);
+ writer->write_uint8 (writer, this->flags);
+ writer->write_uint24(writer, this->targets->get_count(this->targets));
+ writer->write_uint32(writer, this->request_id);
+ writer->write_uint32(writer, this->earliest_eid);
+
+ enumerator = this->targets->create_enumerator(this->targets);
+ while (enumerator->enumerate(enumerator, &tag_id))
+ {
+ tag_creator = tag_id->get_tag_creator(tag_id);
+ unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
+ writer->write_data16(writer, tag_creator);
+ writer->write_data16(writer, unique_sw_id);
+ }
+ enumerator->destroy(enumerator);
+
+ this->value = writer->extract_buf(writer);
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_swid_attr_req_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int32_t tag_id_count;
+ chunk_t tag_creator, unique_sw_id;
+ swid_tag_id_t *tag_id;
+
+ *offset = 0;
+
+ if (this->value.len < this->length)
+ {
+ return NEED_MORE;
+ }
+ if (this->value.len < TCG_SWID_REQ_MIN_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for SWID Request");
+ return FAILED;
+ }
+
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &this->flags);
+ reader->read_uint24(reader, &tag_id_count);
+ reader->read_uint32(reader, &this->request_id);
+ reader->read_uint32(reader, &this->earliest_eid);
+
+ if (this->request_id == 0)
+ {
+ *offset = 4;
+ return FAILED;
+ }
+ *offset = TCG_SWID_REQ_MIN_SIZE;
+
+ this->flags &= SWID_REQ_RESERVED_MASK;
+
+ while (tag_id_count--)
+ {
+ if (!reader->read_data16(reader, &tag_creator))
+ {
+ DBG1(DBG_TNC, "insufficient data for Tag Creator field");
+ return FAILED;
+ }
+ *offset += 2 + tag_creator.len;
+
+ if (!reader->read_data16(reader, &unique_sw_id))
+ {
+ DBG1(DBG_TNC, "insufficient data for Unique Software ID");
+ return FAILED;
+ }
+ *offset += 2 + unique_sw_id.len;
+
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty);
+ this->targets->add(this->targets, tag_id);
+ }
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_swid_attr_req_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("mc", this->value, segment);
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_swid_attr_req_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_swid_attr_req_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ this->targets->destroy(this->targets);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_swid_attr_req_t, get_flags, u_int8_t,
+ private_tcg_swid_attr_req_t *this)
+{
+ return this->flags;
+}
+
+METHOD(tcg_swid_attr_req_t, get_request_id, u_int32_t,
+ private_tcg_swid_attr_req_t *this)
+{
+ return this->request_id;
+}
+
+METHOD(tcg_swid_attr_req_t, get_earliest_eid, u_int32_t,
+ private_tcg_swid_attr_req_t *this)
+{
+ return this->earliest_eid;
+}
+
+METHOD(tcg_swid_attr_req_t, add_target, void,
+ private_tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id)
+{
+ this->targets->add(this->targets, tag_id);
+}
+
+METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*,
+ private_tcg_swid_attr_req_t *this)
+{
+ return this->targets;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
+ u_int32_t eid)
+{
+ private_tcg_swid_attr_req_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_flags = _get_flags,
+ .get_request_id = _get_request_id,
+ .get_earliest_eid = _get_earliest_eid,
+ .add_target = _add_target,
+ .get_targets = _get_targets,
+ },
+ .type = { PEN_TCG, TCG_SWID_REQUEST },
+ .flags = flags & SWID_REQ_RESERVED_MASK,
+ .request_id = request_id,
+ .earliest_eid = eid,
+ .targets = swid_inventory_create(FALSE),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(size_t length, chunk_t data)
+{
+ private_tcg_swid_attr_req_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_flags = _get_flags,
+ .get_request_id = _get_request_id,
+ .get_earliest_eid = _get_earliest_eid,
+ .add_target = _add_target,
+ .get_targets = _get_targets,
+ },
+ .type = { PEN_TCG, TCG_SWID_REQUEST },
+ .length = length,
+ .value = chunk_clone(data),
+ .targets = swid_inventory_create(FALSE),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h
new file mode 100644
index 0000000..fd2ccdc
--- /dev/null
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_swid_attr_req tcg_swid_attr_req
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SWID_ATTR_REQ_H_
+#define TCG_SWID_ATTR_REQ_H_
+
+#define TCG_SWID_REQ_MIN_SIZE 12
+
+typedef struct tcg_swid_attr_req_t tcg_swid_attr_req_t;
+typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t;
+
+enum tcg_swid_attr_req_flag_t {
+ TCG_SWID_ATTR_REQ_FLAG_NONE = 0,
+ TCG_SWID_ATTR_REQ_FLAG_R = (1 << 7),
+ TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6),
+ TCG_SWID_ATTR_REQ_FLAG_C = (1 << 5)
+};
+
+#include "tcg/tcg_attr.h"
+#include "swid/swid_tag_id.h"
+#include "swid/swid_inventory.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+/**
+ * Class implementing the TCG SWID Request attribute
+ */
+struct tcg_swid_attr_req_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get SWID request flags
+ *
+ * @return Flags
+ */
+ u_int8_t (*get_flags)(tcg_swid_attr_req_t *this);
+
+ /**
+ * Get Request ID
+ *
+ * @return Request ID
+ */
+ u_int32_t (*get_request_id)(tcg_swid_attr_req_t *this);
+
+ /**
+ * Get Earliest EID
+ *
+ * @return Event ID
+ */
+ u_int32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this);
+
+ /**
+ * Add Tag ID
+ *
+ * @param tag_id SWID Tag ID (is not cloned by constructor!)
+ */
+ void (*add_target)(tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id);
+
+ /**
+ * Create Tag ID enumerator
+ *
+ * @return Get a list of target tag IDs
+ */
+ swid_inventory_t* (*get_targets)(tcg_swid_attr_req_t *this);
+
+};
+
+/**
+ * Creates an tcg_swid_attr_req_t object
+ *
+ * @param flags Sets the C|S|R flags
+ * @param request_id Request ID
+ * @param eid Earliest Event ID
+ */
+pa_tnc_attr_t* tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
+ u_int32_t eid);
+
+/**
+ * Creates an tcg_swid_attr_req_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(size_t length, chunk_t value);
+
+#endif /** TCG_SWID_ATTR_REQ_H_ @}*/
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c
new file mode 100644
index 0000000..560d587
--- /dev/null
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_swid_attr_tag_id_inv.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+
+typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_inv_t;
+
+/**
+ * SWID Tag Identifier Inventory
+ * see section 4.8 of TCG TNC SWID Message and Attributes for IF-M
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved | Tag ID Count |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Request ID Copy |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | EID Epoch |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Last EID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Tag Creator Length | Tag Creator (variable length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Unique Software ID Length |Unique Software ID (var length)|
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Instance ID Length | Instance ID (variable length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define TCG_SWID_TAG_ID_INV_RESERVED 0x00
+
+/**
+ * Private data of an tcg_swid_attr_tag_id_inv_t object.
+ */
+struct private_tcg_swid_attr_tag_id_inv_t {
+
+ /**
+ * Public members of tcg_swid_attr_tag_id_inv_t
+ */
+ tcg_swid_attr_tag_id_inv_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Offset up to which attribute value has been processed
+ */
+ size_t offset;
+
+ /**
+ * Current position of attribute value pointer
+ */
+ chunk_t value;
+
+ /**
+ * Contains complete attribute or current segment
+ */
+ chunk_t segment;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Request ID
+ */
+ uint32_t request_id;
+
+ /**
+ * Event ID Epoch
+ */
+ uint32_t eid_epoch;
+
+ /**
+ * Last Event ID
+ */
+ uint32_t last_eid;
+
+ /**
+ * Number of SWID Tag IDs in attribute
+ */
+ uint32_t tag_id_count;
+
+ /**
+ * SWID Tag ID Inventory
+ */
+ swid_inventory_t *inventory;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_swid_attr_tag_id_inv_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ bio_writer_t *writer;
+ swid_tag_id_t *tag_id;
+ chunk_t tag_creator, unique_sw_id, instance_id;
+ enumerator_t *enumerator;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+
+ writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE);
+ writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED);
+ writer->write_uint24(writer, this->inventory->get_count(this->inventory));
+ writer->write_uint32(writer, this->request_id);
+ writer->write_uint32(writer, this->eid_epoch);
+ writer->write_uint32(writer, this->last_eid);
+
+ enumerator = this->inventory->create_enumerator(this->inventory);
+ while (enumerator->enumerate(enumerator, &tag_id))
+ {
+ tag_creator = tag_id->get_tag_creator(tag_id);
+ unique_sw_id = tag_id->get_unique_sw_id(tag_id, &instance_id);
+ writer->write_data16(writer, tag_creator);
+ writer->write_data16(writer, unique_sw_id);
+ writer->write_data16(writer, instance_id);
+ }
+ enumerator->destroy(enumerator);
+
+ this->value = writer->extract_buf(writer);
+ this->segment = this->value;
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
+{
+ bio_reader_t *reader;
+ uint8_t reserved;
+ chunk_t tag_creator, unique_sw_id, instance_id;
+ swid_tag_id_t *tag_id;
+ status_t status = NEED_MORE;
+
+ if (this->offset == 0)
+ {
+ if (this->length < TCG_SWID_TAG_ID_INV_MIN_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ return FAILED;
+ }
+ if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
+ {
+ return NEED_MORE;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint24(reader, &this->tag_id_count);
+ reader->read_uint32(reader, &this->request_id);
+ reader->read_uint32(reader, &this->eid_epoch);
+ reader->read_uint32(reader, &this->last_eid);
+ this->offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
+ this->value = reader->peek(reader);
+ reader->destroy(reader);
+ }
+
+ reader = bio_reader_create(this->value);
+
+ while (this->tag_id_count)
+ {
+ if (!reader->read_data16(reader, &tag_creator) ||
+ !reader->read_data16(reader, &unique_sw_id) ||
+ !reader->read_data16(reader, &instance_id))
+ {
+ goto end;
+ }
+ tag_id = swid_tag_id_create(tag_creator, unique_sw_id, instance_id);
+ this->inventory->add(this->inventory, tag_id);
+ this->offset += this->value.len - reader->remaining(reader);
+ this->value = reader->peek(reader);
+
+ /* at least one tag ID was processed */
+ status = SUCCESS;
+ this->tag_id_count--;
+ }
+
+ if (this->length != this->offset)
+ {
+ DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ status = FAILED;
+ }
+
+end:
+ reader->destroy(reader);
+ return status;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_swid_attr_tag_id_inv_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("cc", this->value, segment);
+ chunk_free(&this->segment);
+ this->segment = this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ this->inventory->destroy(this->inventory);
+ free(this->segment.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, add, void,
+ private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
+{
+ this->inventory->add(this->inventory, tag_id);
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ return this->request_id;
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
+ private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch)
+{
+ if (eid_epoch)
+ {
+ *eid_epoch = this->eid_epoch;
+ }
+ return this->last_eid;
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, get_tag_id_count, uint32_t,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ return this->tag_id_count;
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ return this->inventory;
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, clear_inventory, void,
+ private_tcg_swid_attr_tag_id_inv_t *this)
+{
+ this->inventory->destroy(this->inventory);
+ this->inventory = swid_inventory_create(FALSE);
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
+ uint32_t eid_epoch,
+ uint32_t eid)
+{
+ private_tcg_swid_attr_tag_id_inv_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .add = _add,
+ .get_request_id = _get_request_id,
+ .get_last_eid = _get_last_eid,
+ .get_tag_id_count = _get_tag_id_count,
+ .get_inventory = _get_inventory,
+ .clear_inventory = _clear_inventory,
+ },
+ .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
+ .request_id = request_id,
+ .eid_epoch = eid_epoch,
+ .last_eid = eid,
+ .inventory = swid_inventory_create(FALSE),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_swid_attr_tag_id_inv_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .add = _add,
+ .get_request_id = _get_request_id,
+ .get_last_eid = _get_last_eid,
+ .get_tag_id_count = _get_tag_id_count,
+ .get_inventory = _get_inventory,
+ .clear_inventory = _clear_inventory,
+ },
+ .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
+ .length = length,
+ .segment = chunk_clone(data),
+ .inventory = swid_inventory_create(FALSE),
+ .ref = 1,
+ );
+
+ /* received either complete attribute value or first segment */
+ this->value = this->segment;
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h
new file mode 100644
index 0000000..e9db9b3
--- /dev/null
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_swid_attr_tag_id_inv tcg_swid_attr_tag_id_inv
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SWID_ATTR_TAG_ID_INV_H_
+#define TCG_SWID_ATTR_TAG_ID_INV_H_
+
+typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t;
+
+#include "tcg/tcg_attr.h"
+#include "swid/swid_tag_id.h"
+#include "swid/swid_inventory.h"
+
+#include <pa_tnc/pa_tnc_attr.h>
+
+#define TCG_SWID_TAG_ID_INV_MIN_SIZE 16
+
+/**
+ * Class implementing the TCG SWID Tag Identifier Inventory attribute
+ *
+ */
+struct tcg_swid_attr_tag_id_inv_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Add a Tag ID to the attribute
+ *
+ * @param tag_id SWID Tag ID to be added
+ */
+ void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
+
+ /**
+ * Get Request ID
+ *
+ * @return Request ID
+ */
+ uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
+
+ /**
+ * Get Last Event ID
+ *
+ * @param eid_epoch Event ID Epoch
+ * @return Last Event ID
+ */
+ uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
+ uint32_t *eid_epoch);
+
+ /**
+ * Get count of remaining SWID tag IDs
+ *
+ * @return SWID Tag ID count
+ */
+ uint32_t (*get_tag_id_count)(tcg_swid_attr_tag_id_inv_t *this);
+
+ /**
+ * Get Inventory of SWID tag IDs
+ *
+ * @result SWID Tag ID Inventory
+ */
+ swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this);
+
+ /**
+ * Remove all SWID Tag IDs from the Inventory
+ */
+ void (*clear_inventory)(tcg_swid_attr_tag_id_inv_t *this);
+
+};
+
+/**
+ * Creates an tcg_swid_attr_tag_id_inv_t object
+ *
+ * @param request_id Copy of the Request ID
+ * @param eid_epoch Event ID Epoch
+ * @param eid Last Event ID
+ */
+pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
+ uint32_t eid_epoch,
+ uint32_t eid);
+
+/**
+ * Creates an tcg_swid_attr_tag_id_inv_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_SWID_ATTR_TAG_ID_INV_H_ @}*/
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c
new file mode 100644
index 0000000..0134824
--- /dev/null
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c
@@ -0,0 +1,389 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_swid_attr_tag_inv.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+
+typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
+
+/**
+ * SWID Tag Inventory
+ * see section 4.10 of TCG TNC SWID Message and Attributes for IF-M
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved | Tag ID Count |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Request ID Copy |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | EID Epoch |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Last EID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Instance ID Length | Instance ID (var. length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Tag Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Tag (Variable) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define TCG_SWID_TAG_INV_RESERVED 0x00
+
+/**
+ * Private data of an tcg_swid_attr_tag_inv_t object.
+ */
+struct private_tcg_swid_attr_tag_inv_t {
+
+ /**
+ * Public members of tcg_swid_attr_tag_inv_t
+ */
+ tcg_swid_attr_tag_inv_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Length of attribute value
+ */
+ size_t length;
+
+ /**
+ * Offset up to which attribute value has been processed
+ */
+ size_t offset;
+
+ /**
+ * Current position of attribute value pointer
+ */
+ chunk_t value;
+
+ /**
+ * Contains complete attribute or current segment
+ */
+ chunk_t segment;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Request ID
+ */
+ uint32_t request_id;
+
+ /**
+ * Event ID Epoch
+ */
+ uint32_t eid_epoch;
+
+ /**
+ * Last Event ID
+ */
+ uint32_t last_eid;
+
+ /**
+ * Number of SWID Tags in attribute
+ */
+ uint32_t tag_count;
+
+ /**
+ * SWID Tag Inventory
+ */
+ swid_inventory_t *inventory;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_swid_attr_tag_inv_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ bio_writer_t *writer;
+ swid_tag_t *tag;
+ enumerator_t *enumerator;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+
+ writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE);
+ writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED);
+ writer->write_uint24(writer, this->inventory->get_count(this->inventory));
+ writer->write_uint32(writer, this->request_id);
+ writer->write_uint32(writer, this->eid_epoch);
+ writer->write_uint32(writer, this->last_eid);
+
+ enumerator = this->inventory->create_enumerator(this->inventory);
+ while (enumerator->enumerate(enumerator, &tag))
+ {
+ writer->write_data16(writer, tag->get_instance_id(tag));
+ writer->write_data32(writer, tag->get_encoding(tag));
+ }
+ enumerator->destroy(enumerator);
+
+ this->value = writer->extract_buf(writer);
+ this->segment = this->value;
+ this->length = this->value.len;
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
+{
+ bio_reader_t *reader;
+ uint8_t reserved;
+ chunk_t tag_encoding, instance_id;
+ swid_tag_t *tag;
+ status_t status = NEED_MORE;
+
+ if (this->offset == 0)
+ {
+ if (this->length < TCG_SWID_TAG_INV_MIN_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ return FAILED;
+ }
+ if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
+ {
+ return NEED_MORE;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint24(reader, &this->tag_count);
+ reader->read_uint32(reader, &this->request_id);
+ reader->read_uint32(reader, &this->eid_epoch);
+ reader->read_uint32(reader, &this->last_eid);
+ this->offset = TCG_SWID_TAG_INV_MIN_SIZE;
+ this->value = reader->peek(reader);
+ reader->destroy(reader);
+ }
+
+ reader = bio_reader_create(this->value);
+
+ while (this->tag_count)
+ {
+ if (!reader->read_data16(reader, &instance_id) ||
+ !reader->read_data32(reader, &tag_encoding))
+ {
+ goto end;
+ }
+ tag = swid_tag_create(tag_encoding, instance_id);
+ this->inventory->add(this->inventory, tag);
+ this->offset += this->value.len - reader->remaining(reader);
+ this->value = reader->peek(reader);
+
+ /* at least one tag was processed */
+ status = SUCCESS;
+ this->tag_count--;
+ }
+
+ if (this->length != this->offset)
+ {
+ DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
+ tcg_attr_names, this->type.type);
+ *offset = this->offset;
+ status = FAILED;
+ }
+
+end:
+ reader->destroy(reader);
+ return status;
+}
+
+METHOD(pa_tnc_attr_t, add_segment, void,
+ private_tcg_swid_attr_tag_inv_t *this, chunk_t segment)
+{
+ this->value = chunk_cat("cc", this->value, segment);
+ chunk_free(&this->segment);
+ this->segment = this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ this->inventory->destroy(this->inventory);
+ free(this->segment.ptr);
+ free(this);
+ }
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, add, void,
+ private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
+{
+ this->inventory->add(this->inventory, tag);
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ return this->request_id;
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
+ private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch)
+{
+ if (eid_epoch)
+ {
+ *eid_epoch = this->eid_epoch;
+ }
+ return this->last_eid;
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, get_tag_count, uint32_t,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ return this->tag_count;
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ return this->inventory;
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, clear_inventory, void,
+ private_tcg_swid_attr_tag_inv_t *this)
+{
+ this->inventory->destroy(this->inventory);
+ this->inventory = swid_inventory_create(TRUE);
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
+ uint32_t eid_epoch, uint32_t eid)
+{
+ private_tcg_swid_attr_tag_inv_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .add = _add,
+ .get_request_id = _get_request_id,
+ .get_last_eid = _get_last_eid,
+ .get_tag_count = _get_tag_count,
+ .get_inventory = _get_inventory,
+ .clear_inventory = _clear_inventory,
+ },
+ .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
+ .request_id = request_id,
+ .eid_epoch = eid_epoch,
+ .last_eid = eid,
+ .inventory = swid_inventory_create(TRUE),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(size_t length,
+ chunk_t data)
+{
+ private_tcg_swid_attr_tag_inv_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .add_segment = _add_segment,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .add = _add,
+ .get_request_id = _get_request_id,
+ .get_last_eid = _get_last_eid,
+ .get_tag_count = _get_tag_count,
+ .get_inventory = _get_inventory,
+ .clear_inventory = _clear_inventory,
+ },
+ .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
+ .length = length,
+ .segment = chunk_clone(data),
+ .inventory = swid_inventory_create(TRUE),
+ .ref = 1,
+ );
+
+ /* received either complete attribute value or first segment */
+ this->value = this->segment;
+
+ return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h
new file mode 100644
index 0000000..43ebd9e
--- /dev/null
+++ b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h
@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_swid_attr_tag_inv tcg_swid_attr_tag_inv
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SWID_ATTR_TAG_INV_H_
+#define TCG_SWID_ATTR_TAG_INV_H_
+
+typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t;
+
+#include "tcg/tcg_attr.h"
+#include "swid/swid_tag.h"
+#include "swid/swid_inventory.h"
+
+#include <pa_tnc/pa_tnc_attr.h>
+
+#define TCG_SWID_TAG_INV_MIN_SIZE 16
+
+/**
+ * Class implementing the TCG SWID Tag Inventory attribute
+ *
+ */
+struct tcg_swid_attr_tag_inv_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Add a Tag ID to the attribute
+ *
+ * @param tag SWID Tag to be added
+ */
+ void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
+ /**
+ * Get Request ID
+ *
+ * @return Request ID
+ */
+ uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
+
+ /**
+ * Get Last Event ID
+ *
+ * @param eid_epoch Event ID Epoch
+ * @return Last Event ID
+ */
+ uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
+ uint32_t *eid_epoch);
+
+ /**
+ * Get count of remaining SWID tags
+ *
+ * @return SWID Tag count
+ */
+ uint32_t (*get_tag_count)(tcg_swid_attr_tag_inv_t *this);
+
+ /**
+ * Get Inventory of SWID tags
+ *
+ * @result SWID Tag Inventory
+ */
+ swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this);
+
+ /**
+ * Remove all SWID Tags from the Inventory
+ */
+ void (*clear_inventory)(tcg_swid_attr_tag_inv_t *this);
+
+};
+
+/**
+ * Creates an tcg_swid_attr_tag_inv_t object
+ *
+ * @param request_id Copy of the Request ID
+ * @param eid_epoch Event ID Epoch
+ * @param eid Last Event ID
+ */
+pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
+ uint32_t eid_epoch,
+ uint32_t eid);
+
+/**
+ * Creates an tcg_swid_attr_tag_inv_t object from received data
+ *
+ * @param length Total length of attribute value
+ * @param value Unparsed attribute value (might be a segment)
+ */
+pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(size_t length,
+ chunk_t value);
+
+#endif /** TCG_SWID_ATTR_TAG_INV_H_ @}*/
diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c
new file mode 100644
index 0000000..7949291
--- /dev/null
+++ b/src/libimcv/tcg/tcg_attr.c
@@ -0,0 +1,270 @@
+/*
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_attr.h"
+#include "tcg/pts/tcg_pts_attr_proto_caps.h"
+#include "tcg/pts/tcg_pts_attr_dh_nonce_params_req.h"
+#include "tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h"
+#include "tcg/pts/tcg_pts_attr_dh_nonce_finish.h"
+#include "tcg/pts/tcg_pts_attr_meas_algo.h"
+#include "tcg/pts/tcg_pts_attr_get_tpm_version_info.h"
+#include "tcg/pts/tcg_pts_attr_tpm_version_info.h"
+#include "tcg/pts/tcg_pts_attr_get_aik.h"
+#include "tcg/pts/tcg_pts_attr_aik.h"
+#include "tcg/pts/tcg_pts_attr_req_func_comp_evid.h"
+#include "tcg/pts/tcg_pts_attr_gen_attest_evid.h"
+#include "tcg/pts/tcg_pts_attr_simple_comp_evid.h"
+#include "tcg/pts/tcg_pts_attr_simple_evid_final.h"
+#include "tcg/pts/tcg_pts_attr_req_file_meas.h"
+#include "tcg/pts/tcg_pts_attr_file_meas.h"
+#include "tcg/pts/tcg_pts_attr_req_file_meta.h"
+#include "tcg/pts/tcg_pts_attr_unix_file_meta.h"
+#include "tcg/swid/tcg_swid_attr_req.h"
+#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
+#include "tcg/swid/tcg_swid_attr_tag_inv.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/seg/tcg_seg_attr_next_seg.h"
+
+ENUM_BEGIN(tcg_attr_names, TCG_SCAP_REFERENCES,
+ TCG_SCAP_SUMMARY_RESULTS,
+ "SCAP References",
+ "SCAP Capabilities and Inventory",
+ "SCAP Content",
+ "SCAP Assessment",
+ "SCAP Results",
+ "SCAP Summary Results");
+ENUM_NEXT(tcg_attr_names, TCG_SWID_REQUEST,
+ TCG_SWID_TAG_EVENTS,
+ TCG_SCAP_SUMMARY_RESULTS,
+ "SWID Request",
+ "SWID Tag Identifier Inventory",
+ "SWID Tag Identifier Events",
+ "SWID Tag Inventory",
+ "SWID Tag Events");
+ENUM_NEXT(tcg_attr_names, TCG_SEG_MAX_ATTR_SIZE_REQ,
+ TCG_SEG_CANCEL_SEG_EXCH,
+ TCG_SWID_TAG_EVENTS,
+ "Max Attribute Size Request",
+ "Max Attribute Size Response",
+ "Attribute Segment Envelope",
+ "Next Segment Request",
+ "Cancel Segment Exchange");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FUNC_COMP_EVID,
+ TCG_PTS_REQ_FUNC_COMP_EVID,
+ TCG_SEG_CANCEL_SEG_EXCH,
+ "Request Functional Component Evidence");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_GEN_ATTEST_EVID,
+ TCG_PTS_GEN_ATTEST_EVID,
+ TCG_PTS_REQ_FUNC_COMP_EVID,
+ "Generate Attestation Evidence");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_SIMPLE_COMP_EVID,
+ TCG_PTS_SIMPLE_COMP_EVID,
+ TCG_PTS_GEN_ATTEST_EVID,
+ "Simple Component Evidence");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_SIMPLE_EVID_FINAL,
+ TCG_PTS_SIMPLE_EVID_FINAL,
+ TCG_PTS_SIMPLE_COMP_EVID,
+ "Simple Evidence Final");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_VERIFICATION_RESULT,
+ TCG_PTS_VERIFICATION_RESULT,
+ TCG_PTS_SIMPLE_EVID_FINAL,
+ "Verification Result");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_INTEG_REPORT,
+ TCG_PTS_INTEG_REPORT,
+ TCG_PTS_VERIFICATION_RESULT,
+ "Integrity Report");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FILE_META,
+ TCG_PTS_REQ_FILE_META,
+ TCG_PTS_INTEG_REPORT,
+ "Request File Metadata");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_WIN_FILE_META,
+ TCG_PTS_WIN_FILE_META,
+ TCG_PTS_REQ_FILE_META,
+ "Windows-Style File Metadata");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_UNIX_FILE_META,
+ TCG_PTS_UNIX_FILE_META,
+ TCG_PTS_WIN_FILE_META,
+ "Unix-Style File Metadata");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_REGISTRY_VALUE,
+ TCG_PTS_REQ_REGISTRY_VALUE,
+ TCG_PTS_UNIX_FILE_META,
+ "Request Registry Value");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_REGISTRY_VALUE,
+ TCG_PTS_REGISTRY_VALUE,
+ TCG_PTS_REQ_REGISTRY_VALUE,
+ "Registry Value");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FILE_MEAS,
+ TCG_PTS_REQ_FILE_MEAS,
+ TCG_PTS_REGISTRY_VALUE,
+ "Request File Measurement");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_FILE_MEAS,
+ TCG_PTS_FILE_MEAS,
+ TCG_PTS_REQ_FILE_MEAS,
+ "File Measurement");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_INTEG_MEAS_LOG,
+ TCG_PTS_REQ_INTEG_MEAS_LOG,
+ TCG_PTS_FILE_MEAS,
+ "Request Integrity Measurement Log");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_INTEG_MEAS_LOG,
+ TCG_PTS_INTEG_MEAS_LOG,
+ TCG_PTS_REQ_INTEG_MEAS_LOG,
+ "Integrity Measurement Log");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_PROTO_CAPS,
+ TCG_PTS_REQ_PROTO_CAPS,
+ TCG_PTS_INTEG_MEAS_LOG,
+ "Request PTS Protocol Capabilities");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_PROTO_CAPS,
+ TCG_PTS_PROTO_CAPS,
+ TCG_PTS_REQ_PROTO_CAPS,
+ "PTS Protocol Capabilities");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_DH_NONCE_PARAMS_REQ,
+ TCG_PTS_DH_NONCE_PARAMS_REQ,
+ TCG_PTS_PROTO_CAPS,
+ "DH Nonce Parameters Request");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_DH_NONCE_PARAMS_RESP,
+ TCG_PTS_DH_NONCE_PARAMS_RESP,
+ TCG_PTS_DH_NONCE_PARAMS_REQ,
+ "DH Nonce Parameters Response");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_DH_NONCE_FINISH,
+ TCG_PTS_DH_NONCE_FINISH,
+ TCG_PTS_DH_NONCE_PARAMS_RESP,
+ "DH Nonce Finish");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_MEAS_ALGO,
+ TCG_PTS_MEAS_ALGO,
+ TCG_PTS_DH_NONCE_FINISH,
+ "PTS Measurement Algorithm Request");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_MEAS_ALGO_SELECTION,
+ TCG_PTS_MEAS_ALGO_SELECTION,
+ TCG_PTS_MEAS_ALGO,
+ "PTS Measurement Algorithm");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_GET_TPM_VERSION_INFO,
+ TCG_PTS_GET_TPM_VERSION_INFO,
+ TCG_PTS_MEAS_ALGO_SELECTION,
+ "Get TPM Version Information");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_TPM_VERSION_INFO,
+ TCG_PTS_TPM_VERSION_INFO,
+ TCG_PTS_GET_TPM_VERSION_INFO,
+ "TPM Version Information");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_TEMPL_REF_MANI_SET_META,
+ TCG_PTS_REQ_TEMPL_REF_MANI_SET_META,
+ TCG_PTS_TPM_VERSION_INFO,
+ "Request Template Reference Manifest Set Metadata");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_TEMPL_REF_MANI_SET_META,
+ TCG_PTS_TEMPL_REF_MANI_SET_META,
+ TCG_PTS_REQ_TEMPL_REF_MANI_SET_META,
+ "Template Reference Manifest Set Metadata");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_UPDATE_TEMPL_REF_MANI,
+ TCG_PTS_UPDATE_TEMPL_REF_MANI,
+ TCG_PTS_TEMPL_REF_MANI_SET_META,
+ "Update Template Reference Manifest");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_GET_AIK,
+ TCG_PTS_GET_AIK,
+ TCG_PTS_UPDATE_TEMPL_REF_MANI,
+ "Get Attestation Identity Key");
+ENUM_NEXT(tcg_attr_names, TCG_PTS_AIK,
+ TCG_PTS_AIK,
+ TCG_PTS_GET_AIK,
+ "Attestation Identity Key");
+ENUM_END(tcg_attr_names, TCG_PTS_AIK);
+
+/**
+ * See header
+ */
+pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value)
+{
+ switch (type)
+ {
+ case TCG_SWID_REQUEST:
+ return tcg_swid_attr_req_create_from_data(length, value);
+ case TCG_SWID_TAG_ID_INVENTORY:
+ return tcg_swid_attr_tag_id_inv_create_from_data(length, value);
+ case TCG_SWID_TAG_INVENTORY:
+ return tcg_swid_attr_tag_inv_create_from_data(length, value);
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ return tcg_seg_attr_max_size_create_from_data(length, value, TRUE);
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ return tcg_seg_attr_max_size_create_from_data(length, value, FALSE);
+ case TCG_SEG_ATTR_SEG_ENV:
+ return tcg_seg_attr_seg_env_create_from_data(length, value);
+ case TCG_SEG_NEXT_SEG_REQ:
+ return tcg_seg_attr_next_seg_create_from_data(length, value);
+ case TCG_PTS_REQ_PROTO_CAPS:
+ return tcg_pts_attr_proto_caps_create_from_data(length, value,
+ TRUE);
+ case TCG_PTS_PROTO_CAPS:
+ return tcg_pts_attr_proto_caps_create_from_data(length, value,
+ FALSE);
+ case TCG_PTS_DH_NONCE_PARAMS_REQ:
+ return tcg_pts_attr_dh_nonce_params_req_create_from_data(length,
+ value);
+ case TCG_PTS_DH_NONCE_PARAMS_RESP:
+ return tcg_pts_attr_dh_nonce_params_resp_create_from_data(length,
+ value);
+ case TCG_PTS_DH_NONCE_FINISH:
+ return tcg_pts_attr_dh_nonce_finish_create_from_data(length, value);
+ case TCG_PTS_MEAS_ALGO:
+ return tcg_pts_attr_meas_algo_create_from_data(length, value,
+ FALSE);
+ case TCG_PTS_MEAS_ALGO_SELECTION:
+ return tcg_pts_attr_meas_algo_create_from_data(length, value,
+ TRUE);
+ case TCG_PTS_GET_TPM_VERSION_INFO:
+ return tcg_pts_attr_get_tpm_version_info_create_from_data(length,
+ value);
+ case TCG_PTS_TPM_VERSION_INFO:
+ return tcg_pts_attr_tpm_version_info_create_from_data(length,
+ value);
+ case TCG_PTS_GET_AIK:
+ return tcg_pts_attr_get_aik_create_from_data(length, value);
+ case TCG_PTS_AIK:
+ return tcg_pts_attr_aik_create_from_data(length, value);
+ case TCG_PTS_REQ_FUNC_COMP_EVID:
+ return tcg_pts_attr_req_func_comp_evid_create_from_data(length,
+ value);
+ case TCG_PTS_GEN_ATTEST_EVID:
+ return tcg_pts_attr_gen_attest_evid_create_from_data(length, value);
+ case TCG_PTS_SIMPLE_COMP_EVID:
+ return tcg_pts_attr_simple_comp_evid_create_from_data(length,
+ value);
+ case TCG_PTS_SIMPLE_EVID_FINAL:
+ return tcg_pts_attr_simple_evid_final_create_from_data(length,
+ value);
+ case TCG_PTS_REQ_FILE_MEAS:
+ return tcg_pts_attr_req_file_meas_create_from_data(length, value);
+ case TCG_PTS_FILE_MEAS:
+ return tcg_pts_attr_file_meas_create_from_data(length, value);
+ case TCG_PTS_REQ_FILE_META:
+ return tcg_pts_attr_req_file_meta_create_from_data(length, value);
+ case TCG_PTS_UNIX_FILE_META:
+ return tcg_pts_attr_unix_file_meta_create_from_data(length, value);
+ /* unsupported TCG/SWID attributes */
+ case TCG_SWID_TAG_ID_EVENTS:
+ case TCG_SWID_TAG_EVENTS:
+ /* unsupported TCG/PTS attributes */
+ case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
+ case TCG_PTS_TEMPL_REF_MANI_SET_META:
+ case TCG_PTS_UPDATE_TEMPL_REF_MANI:
+ case TCG_PTS_VERIFICATION_RESULT:
+ case TCG_PTS_INTEG_REPORT:
+ case TCG_PTS_WIN_FILE_META:
+ case TCG_PTS_REQ_REGISTRY_VALUE:
+ case TCG_PTS_REGISTRY_VALUE:
+ case TCG_PTS_REQ_INTEG_MEAS_LOG:
+ case TCG_PTS_INTEG_MEAS_LOG:
+ default:
+ return NULL;
+ }
+}
diff --git a/src/libimcv/tcg/tcg_attr.h b/src/libimcv/tcg/tcg_attr.h
new file mode 100644
index 0000000..9523f8e
--- /dev/null
+++ b/src/libimcv/tcg/tcg_attr.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_attr tcg_attr
+ * @{ @ingroup libimcv
+ */
+
+#ifndef TCG_ATTR_H_
+#define TCG_ATTR_H_
+
+#include <pa_tnc/pa_tnc_attr.h>
+#include <library.h>
+
+typedef enum tcg_attr_t tcg_attr_t;
+
+/**
+ * TCG PTS IF-M Attributes (section 4 of PTS PROTO: Binding to TNC IF-M)
+ */
+enum tcg_attr_t {
+
+ /* SCAP Attributes */
+ TCG_SCAP_REFERENCES = 0x00000001,
+ TCG_SCAP_CAPS_AND_INVENTORY = 0x00000002,
+ TCG_SCAP_CONTENT = 0x00000003,
+ TCG_SCAP_ASSESSMENT = 0x00000004,
+ TCG_SCAP_RESULTS = 0x00000005,
+ TCG_SCAP_SUMMARY_RESULTS = 0x00000006,
+
+ /* SWID Attributes */
+ TCG_SWID_REQUEST = 0x00000011,
+ TCG_SWID_TAG_ID_INVENTORY = 0x00000012,
+ TCG_SWID_TAG_ID_EVENTS = 0x00000013,
+ TCG_SWID_TAG_INVENTORY = 0x00000014,
+ TCG_SWID_TAG_EVENTS = 0x00000015,
+
+ /* IF-M Attribute Segmentation */
+ TCG_SEG_MAX_ATTR_SIZE_REQ = 0x00000021,
+ TCG_SEG_MAX_ATTR_SIZE_RESP = 0x00000022,
+ TCG_SEG_ATTR_SEG_ENV = 0x00000023,
+ TCG_SEG_NEXT_SEG_REQ = 0x00000024,
+ TCG_SEG_CANCEL_SEG_EXCH = 0x00000025,
+
+ /* PTS Protocol Negotiations */
+ TCG_PTS_REQ_PROTO_CAPS = 0x01000000,
+ TCG_PTS_PROTO_CAPS = 0x02000000,
+ TCG_PTS_DH_NONCE_PARAMS_REQ = 0x03000000,
+ TCG_PTS_DH_NONCE_PARAMS_RESP = 0x04000000,
+ TCG_PTS_DH_NONCE_FINISH = 0x05000000,
+ TCG_PTS_MEAS_ALGO = 0x06000000,
+ TCG_PTS_MEAS_ALGO_SELECTION = 0x07000000,
+ TCG_PTS_GET_TPM_VERSION_INFO = 0x08000000,
+ TCG_PTS_TPM_VERSION_INFO = 0x09000000,
+ TCG_PTS_REQ_TEMPL_REF_MANI_SET_META = 0x0A000000,
+ TCG_PTS_TEMPL_REF_MANI_SET_META = 0x0B000000,
+ TCG_PTS_UPDATE_TEMPL_REF_MANI = 0x0C000000,
+ TCG_PTS_GET_AIK = 0x0D000000,
+ TCG_PTS_AIK = 0x0E000000,
+
+ /* PTS-based Attestation Evidence */
+ TCG_PTS_REQ_FUNC_COMP_EVID = 0x00100000,
+ TCG_PTS_GEN_ATTEST_EVID = 0x00200000,
+ TCG_PTS_SIMPLE_COMP_EVID = 0x00300000,
+ TCG_PTS_SIMPLE_EVID_FINAL = 0x00400000,
+ TCG_PTS_VERIFICATION_RESULT = 0x00500000,
+ TCG_PTS_INTEG_REPORT = 0x00600000,
+ TCG_PTS_REQ_FILE_META = 0x00700000,
+ TCG_PTS_WIN_FILE_META = 0x00800000,
+ TCG_PTS_UNIX_FILE_META = 0x00900000,
+ TCG_PTS_REQ_REGISTRY_VALUE = 0x00A00000,
+ TCG_PTS_REGISTRY_VALUE = 0x00B00000,
+ TCG_PTS_REQ_FILE_MEAS = 0x00C00000,
+ TCG_PTS_FILE_MEAS = 0x00D00000,
+ TCG_PTS_REQ_INTEG_MEAS_LOG = 0x00E00000,
+ TCG_PTS_INTEG_MEAS_LOG = 0x00F00000,
+};
+
+/**
+ * enum name for tcg_attr_t.
+ */
+extern enum_name_t *tcg_attr_names;
+
+/**
+ * Create a TCG PA-TNC attribute from data
+ *
+ * @param type attribute type
+ * @param length attribute length
+ * @param value attribute value or segment
+ */
+pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length,
+ chunk_t value);
+
+#endif /** TCG_ATTR_H_ @}*/
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index 31494ed..3663cf8 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -272,6 +272,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -332,6 +333,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -397,6 +399,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -444,6 +448,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 181cb88..0998efa 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,33 @@
#include <netinet/ip6.h>
#endif
+/**
+ * TCP header, defined here because platforms disagree regarding member names
+ * and unfortunately Android does not define a variant with BSD names.
+ */
+struct tcphdr {
+ u_int16_t source;
+ u_int16_t dest;
+ u_int32_t seq;
+ u_int32_t ack_seq;
+ u_int16_t flags;
+ u_int16_t window;
+ u_int16_t check;
+ u_int16_t urg_ptr;
+} __attribute__((packed));
+
+/**
+ * UDP header, similar to the TCP header the system headers disagree on member
+ * names. Linux uses a union and on Android we could define __FAVOR_BSD to get
+ * the BSD member names, but this is simpler and more consistent with the above.
+ */
+struct udphdr {
+ u_int16_t source;
+ u_int16_t dest;
+ u_int16_t len;
+ u_int16_t check;
+} __attribute__((packed));
+
typedef struct private_ip_packet_t private_ip_packet_t;
/**
@@ -54,6 +81,11 @@ struct private_ip_packet_t {
chunk_t packet;
/**
+ * IP payload (points into packet)
+ */
+ chunk_t payload;
+
+ /**
* IP version
*/
u_int8_t version;
@@ -89,6 +121,12 @@ METHOD(ip_packet_t, get_encoding, chunk_t,
return this->packet;
}
+METHOD(ip_packet_t, get_payload, chunk_t,
+ private_ip_packet_t *this)
+{
+ return this->payload;
+}
+
METHOD(ip_packet_t, get_next_header, u_int8_t,
private_ip_packet_t *this)
{
@@ -111,13 +149,57 @@ METHOD(ip_packet_t, destroy, void,
}
/**
+ * Parse transport protocol header
+ */
+static bool parse_transport_header(chunk_t packet, u_int8_t proto,
+ u_int16_t *sport, u_int16_t *dport)
+{
+ switch (proto)
+ {
+ case IPPROTO_UDP:
+ {
+ struct udphdr *udp;
+
+ if (packet.len < sizeof(*udp))
+ {
+ DBG1(DBG_ESP, "UDP packet too short");
+ return FALSE;
+ }
+ udp = (struct udphdr*)packet.ptr;
+ *sport = ntohs(udp->source);
+ *dport = ntohs(udp->dest);
+ break;
+ }
+ case IPPROTO_TCP:
+ {
+ struct tcphdr *tcp;
+
+ if (packet.len < sizeof(*tcp))
+ {
+ DBG1(DBG_ESP, "TCP packet too short");
+ return FALSE;
+ }
+ tcp = (struct tcphdr*)packet.ptr;
+ *sport = ntohs(tcp->source);
+ *dport = ntohs(tcp->dest);
+ break;
+ }
+ default:
+ break;
+ }
+ return TRUE;
+}
+
+/**
* Described in header.
*/
ip_packet_t *ip_packet_create(chunk_t packet)
{
private_ip_packet_t *this;
u_int8_t version, next_header;
+ u_int16_t sport = 0, dport = 0;
host_t *src, *dst;
+ chunk_t payload;
if (packet.len < 1)
{
@@ -141,11 +223,15 @@ ip_packet_t *ip_packet_create(chunk_t packet)
ip = (struct ip*)packet.ptr;
/* remove any RFC 4303 TFC extra padding */
packet.len = min(packet.len, untoh16(&ip->ip_len));
-
+ payload = chunk_skip(packet, ip->ip_hl * 4);
+ if (!parse_transport_header(payload, ip->ip_p, &sport, &dport))
+ {
+ goto failed;
+ }
src = host_create_from_chunk(AF_INET,
- chunk_from_thing(ip->ip_src), 0);
+ chunk_from_thing(ip->ip_src), sport);
dst = host_create_from_chunk(AF_INET,
- chunk_from_thing(ip->ip_dst), 0);
+ chunk_from_thing(ip->ip_dst), dport);
next_header = ip->ip_p;
break;
}
@@ -154,19 +240,25 @@ ip_packet_t *ip_packet_create(chunk_t packet)
{
struct ip6_hdr *ip;
- if (packet.len < sizeof(struct ip6_hdr))
+ if (packet.len < sizeof(*ip))
{
DBG1(DBG_ESP, "IPv6 packet too short");
goto failed;
}
ip = (struct ip6_hdr*)packet.ptr;
/* remove any RFC 4303 TFC extra padding */
- packet.len = min(packet.len, untoh16(&ip->ip6_plen));
-
+ packet.len = min(packet.len, 40 + untoh16(&ip->ip6_plen));
+ /* we only handle packets without extension headers, just skip the
+ * basic IPv6 header */
+ payload = chunk_skip(packet, 40);
+ if (!parse_transport_header(payload, ip->ip6_nxt, &sport, &dport))
+ {
+ goto failed;
+ }
src = host_create_from_chunk(AF_INET6,
- chunk_from_thing(ip->ip6_src), 0);
+ chunk_from_thing(ip->ip6_src), sport);
dst = host_create_from_chunk(AF_INET6,
- chunk_from_thing(ip->ip6_dst), 0);
+ chunk_from_thing(ip->ip6_dst), dport);
next_header = ip->ip6_nxt;
break;
}
@@ -183,12 +275,14 @@ ip_packet_t *ip_packet_create(chunk_t packet)
.get_destination = _get_destination,
.get_next_header = _get_next_header,
.get_encoding = _get_encoding,
+ .get_payload = _get_payload,
.clone = _clone_,
.destroy = _destroy,
},
.src = src,
.dst = dst,
.packet = packet,
+ .payload = payload,
.version = version,
.next_header = next_header,
);
@@ -198,3 +292,189 @@ failed:
chunk_free(&packet);
return NULL;
}
+
+/**
+ * Calculate the checksum for the pseudo IP header
+ */
+static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst,
+ u_int8_t proto, chunk_t payload)
+{
+ switch (src->get_family(src))
+ {
+ case AF_INET:
+ {
+ struct __attribute__((packed)) {
+ u_int32_t src;
+ u_int32_t dst;
+ u_char zero;
+ u_char proto;
+ u_int16_t len;
+ } pseudo = {
+ .proto = proto,
+ .len = htons(payload.len),
+ };
+ memcpy(&pseudo.src, src->get_address(src).ptr,
+ sizeof(pseudo.src));
+ memcpy(&pseudo.dst, dst->get_address(dst).ptr,
+ sizeof(pseudo.dst));
+ return chunk_internet_checksum(chunk_from_thing(pseudo));
+ }
+ case AF_INET6:
+ {
+ struct __attribute__((packed)) {
+ u_char src[16];
+ u_char dst[16];
+ u_int32_t len;
+ u_char zero[3];
+ u_char next_header;
+ } pseudo = {
+ .next_header = proto,
+ .len = htons(payload.len),
+ };
+ memcpy(&pseudo.src, src->get_address(src).ptr,
+ sizeof(pseudo.src));
+ memcpy(&pseudo.dst, dst->get_address(dst).ptr,
+ sizeof(pseudo.dst));
+ return chunk_internet_checksum(chunk_from_thing(pseudo));
+ }
+ }
+ return 0xffff;
+}
+
+/**
+ * Apply transport ports and calculate header checksums
+ */
+static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto,
+ chunk_t payload)
+{
+ u_int16_t sum = 0, sport, dport;
+
+ sport = src->get_port(src);
+ dport = dst->get_port(dst);
+
+ switch (proto)
+ {
+ case IPPROTO_UDP:
+ {
+ struct udphdr *udp;
+
+ if (payload.len < sizeof(*udp))
+ {
+ return;
+ }
+ udp = (struct udphdr*)payload.ptr;
+ if (sport != 0)
+ {
+ udp->source = htons(sport);
+ }
+ if (dport != 0)
+ {
+ udp->dest = htons(dport);
+ }
+ udp->check = 0;
+ sum = pseudo_header_checksum(src, dst, proto, payload);
+ udp->check = chunk_internet_checksum_inc(payload, sum);
+ break;
+ }
+ case IPPROTO_TCP:
+ {
+ struct tcphdr *tcp;
+
+ if (payload.len < sizeof(*tcp))
+ {
+ return;
+ }
+ tcp = (struct tcphdr*)payload.ptr;
+ if (sport != 0)
+ {
+ tcp->source = htons(sport);
+ }
+ if (dport != 0)
+ {
+ tcp->dest = htons(dport);
+ }
+ tcp->check = 0;
+ sum = pseudo_header_checksum(src, dst, proto, payload);
+ tcp->check = chunk_internet_checksum_inc(payload, sum);
+ break;
+ }
+ default:
+ break;
+ }
+}
+
+/**
+ * Described in header.
+ */
+ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst,
+ u_int8_t next_header, chunk_t data)
+{
+ chunk_t packet;
+ int family;
+
+ family = src->get_family(src);
+ if (family != dst->get_family(dst))
+ {
+ DBG1(DBG_ESP, "address family does not match");
+ return NULL;
+ }
+
+ switch (family)
+ {
+ case AF_INET:
+ {
+ struct ip ip = {
+ .ip_v = 4,
+ .ip_hl = 5,
+ .ip_len = htons(20 + data.len),
+ .ip_ttl = 0x80,
+ .ip_p = next_header,
+ };
+ memcpy(&ip.ip_src, src->get_address(src).ptr, sizeof(ip.ip_src));
+ memcpy(&ip.ip_dst, dst->get_address(dst).ptr, sizeof(ip.ip_dst));
+ ip.ip_sum = chunk_internet_checksum(chunk_from_thing(ip));
+
+ packet = chunk_cat("cc", chunk_from_thing(ip), data);
+ fix_transport_header(src, dst, next_header, chunk_skip(packet, 20));
+ return ip_packet_create(packet);
+ }
+#ifdef HAVE_NETINET_IP6_H
+ case AF_INET6:
+ {
+ struct ip6_hdr ip = {
+ .ip6_flow = htonl(6),
+ .ip6_plen = htons(40 + data.len),
+ .ip6_nxt = next_header,
+ .ip6_hlim = 0x80,
+ };
+ memcpy(&ip.ip6_src, src->get_address(src).ptr, sizeof(ip.ip6_src));
+ memcpy(&ip.ip6_dst, dst->get_address(dst).ptr, sizeof(ip.ip6_dst));
+
+ packet = chunk_cat("cc", chunk_from_thing(ip), data);
+ fix_transport_header(src, dst, next_header, chunk_skip(packet, 40));
+ return ip_packet_create(packet);
+ }
+#endif /* HAVE_NETINET_IP6_H */
+ default:
+ DBG1(DBG_ESP, "unsupported address family");
+ return NULL;
+ }
+}
+
+/**
+ * Described in header.
+ */
+ip_packet_t *ip_packet_create_udp_from_data(host_t *src, host_t *dst,
+ chunk_t data)
+{
+ struct udphdr udp = {
+ .len = htons(8 + data.len),
+ .check = 0,
+ };
+ ip_packet_t *packet;
+
+ data = chunk_cat("cc", chunk_from_thing(udp), data);
+ packet = ip_packet_create_from_data(src, dst, IPPROTO_UDP, data);
+ chunk_free(&data);
+ return packet;
+}
diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h
index de817e2..fa38eac 100644
--- a/src/libipsec/ip_packet.h
+++ b/src/libipsec/ip_packet.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2014 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -68,6 +68,13 @@ struct ip_packet_t {
chunk_t (*get_encoding)(ip_packet_t *this);
/**
+ * Get only the payload
+ *
+ * @return IP payload (internal data)
+ */
+ chunk_t (*get_payload)(ip_packet_t *this);
+
+ /**
* Clone the IP packet
*
* @return clone of the packet
@@ -93,4 +100,30 @@ struct ip_packet_t {
*/
ip_packet_t *ip_packet_create(chunk_t packet);
+/**
+ * Encode an IP packet from the given data.
+ *
+ * If src and/or dst have ports set they are applied to UDP/TCP headers found
+ * in the packet.
+ *
+ * @param src source address and optional port (cloned)
+ * @param dst destination address and optional port (cloned)
+ * @param next_header the protocol (IPv4) or next header (IPv6)
+ * @param data complete data after basic IP header (cloned)
+ * @return ip_packet_t instance, or NULL if invalid
+ */
+ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst,
+ u_int8_t next_header, chunk_t data);
+
+/**
+ * Encode a UDP packet from the given data.
+ *
+ * @param src source address and port (cloned)
+ * @param dst destination address and port (cloned)
+ * @param data UDP data (cloned)
+ * @return ip_packet_t instance, or NULL if invalid
+ */
+ip_packet_t *ip_packet_create_udp_from_data(host_t *src, host_t *dst,
+ chunk_t data);
+
#endif /** IP_PACKET_H_ @}*/
diff --git a/src/libpts/Android.mk b/src/libpts/Android.mk
deleted file mode 100644
index ce328c5..0000000
--- a/src/libpts/Android.mk
+++ /dev/null
@@ -1,78 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-
-# copy-n-paste from Makefile.am
-libpts_la_SOURCES := \
- libpts.h libpts.c \
- pts/pts.h pts/pts.c \
- pts/pts_error.h pts/pts_error.c \
- pts/pts_pcr.h pts/pts_pcr.c \
- pts/pts_proto_caps.h \
- pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
- pts/pts_creds.h pts/pts_creds.c \
- pts/pts_database.h pts/pts_database.c \
- pts/pts_dh_group.h pts/pts_dh_group.c \
- pts/pts_file_meas.h pts/pts_file_meas.c \
- pts/pts_file_meta.h pts/pts_file_meta.c \
- pts/pts_file_type.h pts/pts_file_type.c \
- pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
- pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
- pts/pts_meas_algo.h pts/pts_meas_algo.c \
- pts/components/pts_component.h \
- pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
- pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
- pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
- pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
- pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
- pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
- pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
- pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
- tcg/tcg_attr.h tcg/tcg_attr.c \
- tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
- tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
- tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
- tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
- tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
- tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
- tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
- tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
- tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
- tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
- tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
- tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
- tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
-
-LOCAL_SRC_FILES := $(filter %.c,$(libpts_la_SOURCES))
-
-# build libpts -----------------------------------------------------------------
-
-LOCAL_C_INCLUDES += \
- $(strongswan_PATH)/src/libtncif \
- $(strongswan_PATH)/src/libimcv \
- $(strongswan_PATH)/src/libstrongswan
-
-LOCAL_CFLAGS := $(strongswan_CFLAGS)
-
-LOCAL_MODULE := libpts
-
-LOCAL_MODULE_TAGS := optional
-
-LOCAL_ARM_MODE := arm
-
-LOCAL_PRELINK_MODULE := false
-
-LOCAL_SHARED_LIBRARIES += libstrongswan libimcv
-
-include $(BUILD_SHARED_LIBRARY)
diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am
deleted file mode 100644
index ea685d8..0000000
--- a/src/libpts/Makefile.am
+++ /dev/null
@@ -1,94 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
-
-AM_LDFLAGS = \
- -no-undefined
-
-ipseclib_LTLIBRARIES = libpts.la
-
-libpts_la_LIBADD = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la \
- $(top_builddir)/src/libimcv/libimcv.la
-
-if USE_WINDOWS
- libpts_la_LIBADD += -lws2_32
-endif
-
-if USE_TROUSERS
- libpts_la_LIBADD += -ltspi
-endif
-
-libpts_la_SOURCES = \
- libpts.h libpts.c \
- pts/pts.h pts/pts.c \
- pts/pts_error.h pts/pts_error.c \
- pts/pts_pcr.h pts/pts_pcr.c \
- pts/pts_proto_caps.h \
- pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
- pts/pts_creds.h pts/pts_creds.c \
- pts/pts_database.h pts/pts_database.c \
- pts/pts_dh_group.h pts/pts_dh_group.c \
- pts/pts_file_meas.h pts/pts_file_meas.c \
- pts/pts_file_meta.h pts/pts_file_meta.c \
- pts/pts_file_type.h pts/pts_file_type.c \
- pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
- pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
- pts/pts_meas_algo.h pts/pts_meas_algo.c \
- pts/components/pts_component.h \
- pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
- pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
- pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
- pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
- pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
- pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
- pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
- pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
- tcg/tcg_attr.h tcg/tcg_attr.c \
- tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
- tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
- tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
- tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
- tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
- tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
- tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
- tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
- tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
- tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
- tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
- tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
- tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
-
-EXTRA_DIST = Android.mk
-
-SUBDIRS = .
-
-if USE_IMC_ATTESTATION
- SUBDIRS += plugins/imc_attestation
-endif
-
-if USE_IMV_ATTESTATION
- SUBDIRS += plugins/imv_attestation
-endif
-
-if USE_IMC_SWID
- SUBDIRS += plugins/imc_swid
-endif
-
-if USE_IMV_SWID
- SUBDIRS += plugins/imv_swid
-endif
diff --git a/src/libpts/Makefile.in b/src/libpts/Makefile.in
deleted file mode 100644
index 405b5f7..0000000
--- a/src/libpts/Makefile.in
+++ /dev/null
@@ -1,1181 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
- at SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
- at USE_WINDOWS_TRUE@am__append_1 = -lws2_32
- at USE_TROUSERS_TRUE@am__append_2 = -ltspi
- at USE_IMC_ATTESTATION_TRUE@am__append_3 = plugins/imc_attestation
- at USE_IMV_ATTESTATION_TRUE@am__append_4 = plugins/imv_attestation
- at USE_IMC_SWID_TRUE@am__append_5 = plugins/imc_swid
- at USE_IMV_SWID_TRUE@am__append_6 = plugins/imv_swid
-subdir = src/libpts
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(ipseclibdir)"
-LTLIBRARIES = $(ipseclib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libpts_la_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la \
- $(top_builddir)/src/libimcv/libimcv.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
-am__dirstamp = $(am__leading_dot)dirstamp
-am_libpts_la_OBJECTS = libpts.lo pts/pts.lo pts/pts_error.lo \
- pts/pts_pcr.lo pts/pts_creds.lo pts/pts_database.lo \
- pts/pts_dh_group.lo pts/pts_file_meas.lo pts/pts_file_meta.lo \
- pts/pts_file_type.lo pts/pts_ima_bios_list.lo \
- pts/pts_ima_event_list.lo pts/pts_meas_algo.lo \
- pts/components/pts_component_manager.lo \
- pts/components/pts_comp_evidence.lo \
- pts/components/pts_comp_func_name.lo \
- pts/components/ita/ita_comp_func_name.lo \
- pts/components/ita/ita_comp_ima.lo \
- pts/components/ita/ita_comp_tboot.lo \
- pts/components/ita/ita_comp_tgrub.lo \
- pts/components/tcg/tcg_comp_func_name.lo swid/swid_error.lo \
- swid/swid_inventory.lo swid/swid_tag.lo swid/swid_tag_id.lo \
- tcg/tcg_attr.lo tcg/pts/tcg_pts_attr_proto_caps.lo \
- tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \
- tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \
- tcg/pts/tcg_pts_attr_dh_nonce_finish.lo \
- tcg/pts/tcg_pts_attr_meas_algo.lo \
- tcg/pts/tcg_pts_attr_get_tpm_version_info.lo \
- tcg/pts/tcg_pts_attr_tpm_version_info.lo \
- tcg/pts/tcg_pts_attr_get_aik.lo tcg/pts/tcg_pts_attr_aik.lo \
- tcg/pts/tcg_pts_attr_req_func_comp_evid.lo \
- tcg/pts/tcg_pts_attr_gen_attest_evid.lo \
- tcg/pts/tcg_pts_attr_simple_comp_evid.lo \
- tcg/pts/tcg_pts_attr_simple_evid_final.lo \
- tcg/pts/tcg_pts_attr_req_file_meas.lo \
- tcg/pts/tcg_pts_attr_file_meas.lo \
- tcg/pts/tcg_pts_attr_req_file_meta.lo \
- tcg/pts/tcg_pts_attr_unix_file_meta.lo \
- tcg/swid/tcg_swid_attr_req.lo \
- tcg/swid/tcg_swid_attr_tag_id_inv.lo \
- tcg/swid/tcg_swid_attr_tag_inv.lo
-libpts_la_OBJECTS = $(am_libpts_la_OBJECTS)
-AM_V_lt = $(am__v_lt_ at AM_V@)
-am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-AM_V_P = $(am__v_P_ at AM_V@)
-am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_ at AM_V@)
-am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_ at AM_V@)
-am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_ at AM_V@)
-am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libpts_la_SOURCES)
-DIST_SOURCES = $(libpts_la_SOURCES)
-RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
- ctags-recursive dvi-recursive html-recursive info-recursive \
- install-data-recursive install-dvi-recursive \
- install-exec-recursive install-html-recursive \
- install-info-recursive install-pdf-recursive \
- install-ps-recursive install-recursive installcheck-recursive \
- installdirs-recursive pdf-recursive ps-recursive \
- tags-recursive uninstall-recursive
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-am__recursive_targets = \
- $(RECURSIVE_TARGETS) \
- $(RECURSIVE_CLEAN_TARGETS) \
- $(am__extra_recursive_targets)
-AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = . plugins/imc_attestation plugins/imv_attestation \
- plugins/imc_swid plugins/imv_swid
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-libdir = @libdir@
-libexecdir = @libexecdir@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
-
-AM_LDFLAGS = \
- -no-undefined
-
-ipseclib_LTLIBRARIES = libpts.la
-libpts_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libtncif/libtncif.la \
- $(top_builddir)/src/libimcv/libimcv.la $(am__append_1) \
- $(am__append_2)
-libpts_la_SOURCES = \
- libpts.h libpts.c \
- pts/pts.h pts/pts.c \
- pts/pts_error.h pts/pts_error.c \
- pts/pts_pcr.h pts/pts_pcr.c \
- pts/pts_proto_caps.h \
- pts/pts_req_func_comp_evid.h \
- pts/pts_simple_evid_final.h \
- pts/pts_creds.h pts/pts_creds.c \
- pts/pts_database.h pts/pts_database.c \
- pts/pts_dh_group.h pts/pts_dh_group.c \
- pts/pts_file_meas.h pts/pts_file_meas.c \
- pts/pts_file_meta.h pts/pts_file_meta.c \
- pts/pts_file_type.h pts/pts_file_type.c \
- pts/pts_ima_bios_list.h pts/pts_ima_bios_list.c \
- pts/pts_ima_event_list.h pts/pts_ima_event_list.c \
- pts/pts_meas_algo.h pts/pts_meas_algo.c \
- pts/components/pts_component.h \
- pts/components/pts_component_manager.h pts/components/pts_component_manager.c \
- pts/components/pts_comp_evidence.h pts/components/pts_comp_evidence.c \
- pts/components/pts_comp_func_name.h pts/components/pts_comp_func_name.c \
- pts/components/ita/ita_comp_func_name.h pts/components/ita/ita_comp_func_name.c \
- pts/components/ita/ita_comp_ima.h pts/components/ita/ita_comp_ima.c \
- pts/components/ita/ita_comp_tboot.h pts/components/ita/ita_comp_tboot.c \
- pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
- pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
- tcg/tcg_attr.h tcg/tcg_attr.c \
- tcg/pts/tcg_pts_attr_proto_caps.h tcg/pts/tcg_pts_attr_proto_caps.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_req.h tcg/pts/tcg_pts_attr_dh_nonce_params_req.c \
- tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c \
- tcg/pts/tcg_pts_attr_dh_nonce_finish.h tcg/pts/tcg_pts_attr_dh_nonce_finish.c \
- tcg/pts/tcg_pts_attr_meas_algo.h tcg/pts/tcg_pts_attr_meas_algo.c \
- tcg/pts/tcg_pts_attr_get_tpm_version_info.h tcg/pts/tcg_pts_attr_get_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_tpm_version_info.h tcg/pts/tcg_pts_attr_tpm_version_info.c \
- tcg/pts/tcg_pts_attr_get_aik.h tcg/pts/tcg_pts_attr_get_aik.c \
- tcg/pts/tcg_pts_attr_aik.h tcg/pts/tcg_pts_attr_aik.c \
- tcg/pts/tcg_pts_attr_req_func_comp_evid.h tcg/pts/tcg_pts_attr_req_func_comp_evid.c \
- tcg/pts/tcg_pts_attr_gen_attest_evid.h tcg/pts/tcg_pts_attr_gen_attest_evid.c \
- tcg/pts/tcg_pts_attr_simple_comp_evid.h tcg/pts/tcg_pts_attr_simple_comp_evid.c \
- tcg/pts/tcg_pts_attr_simple_evid_final.h tcg/pts/tcg_pts_attr_simple_evid_final.c \
- tcg/pts/tcg_pts_attr_req_file_meas.h tcg/pts/tcg_pts_attr_req_file_meas.c \
- tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
- tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
- tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
-
-EXTRA_DIST = Android.mk
-SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \
- $(am__append_6)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \
- }
-
-uninstall-ipseclibLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \
- done
-
-clean-ipseclibLTLIBRARIES:
- -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES)
- @list='$(ipseclib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-pts/$(am__dirstamp):
- @$(MKDIR_P) pts
- @: > pts/$(am__dirstamp)
-pts/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) pts/$(DEPDIR)
- @: > pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_error.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_pcr.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_creds.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_database.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_dh_group.lo: pts/$(am__dirstamp) pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_file_meas.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_file_meta.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_file_type.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_ima_bios_list.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_ima_event_list.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/pts_meas_algo.lo: pts/$(am__dirstamp) \
- pts/$(DEPDIR)/$(am__dirstamp)
-pts/components/$(am__dirstamp):
- @$(MKDIR_P) pts/components
- @: > pts/components/$(am__dirstamp)
-pts/components/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) pts/components/$(DEPDIR)
- @: > pts/components/$(DEPDIR)/$(am__dirstamp)
-pts/components/pts_component_manager.lo: \
- pts/components/$(am__dirstamp) \
- pts/components/$(DEPDIR)/$(am__dirstamp)
-pts/components/pts_comp_evidence.lo: pts/components/$(am__dirstamp) \
- pts/components/$(DEPDIR)/$(am__dirstamp)
-pts/components/pts_comp_func_name.lo: pts/components/$(am__dirstamp) \
- pts/components/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/$(am__dirstamp):
- @$(MKDIR_P) pts/components/ita
- @: > pts/components/ita/$(am__dirstamp)
-pts/components/ita/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) pts/components/ita/$(DEPDIR)
- @: > pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/ita_comp_func_name.lo: \
- pts/components/ita/$(am__dirstamp) \
- pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/ita_comp_ima.lo: \
- pts/components/ita/$(am__dirstamp) \
- pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/ita_comp_tboot.lo: \
- pts/components/ita/$(am__dirstamp) \
- pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/ita/ita_comp_tgrub.lo: \
- pts/components/ita/$(am__dirstamp) \
- pts/components/ita/$(DEPDIR)/$(am__dirstamp)
-pts/components/tcg/$(am__dirstamp):
- @$(MKDIR_P) pts/components/tcg
- @: > pts/components/tcg/$(am__dirstamp)
-pts/components/tcg/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) pts/components/tcg/$(DEPDIR)
- @: > pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
-pts/components/tcg/tcg_comp_func_name.lo: \
- pts/components/tcg/$(am__dirstamp) \
- pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
-swid/$(am__dirstamp):
- @$(MKDIR_P) swid
- @: > swid/$(am__dirstamp)
-swid/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) swid/$(DEPDIR)
- @: > swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_error.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_inventory.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_tag_id.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-tcg/$(am__dirstamp):
- @$(MKDIR_P) tcg
- @: > tcg/$(am__dirstamp)
-tcg/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) tcg/$(DEPDIR)
- @: > tcg/$(DEPDIR)/$(am__dirstamp)
-tcg/tcg_attr.lo: tcg/$(am__dirstamp) tcg/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/$(am__dirstamp):
- @$(MKDIR_P) tcg/pts
- @: > tcg/pts/$(am__dirstamp)
-tcg/pts/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) tcg/pts/$(DEPDIR)
- @: > tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_proto_caps.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_dh_nonce_finish.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_meas_algo.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_get_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_tpm_version_info.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_get_aik.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_aik.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_req_func_comp_evid.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_gen_attest_evid.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_simple_comp_evid.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_simple_evid_final.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_req_file_meas.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_file_meas.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_req_file_meta.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/pts/tcg_pts_attr_unix_file_meta.lo: tcg/pts/$(am__dirstamp) \
- tcg/pts/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/$(am__dirstamp):
- @$(MKDIR_P) tcg/swid
- @: > tcg/swid/$(am__dirstamp)
-tcg/swid/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) tcg/swid/$(DEPDIR)
- @: > tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-
-libpts.la: $(libpts_la_OBJECTS) $(libpts_la_DEPENDENCIES) $(EXTRA_libpts_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libpts_la_OBJECTS) $(libpts_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
- -rm -f pts/*.$(OBJEXT)
- -rm -f pts/*.lo
- -rm -f pts/components/*.$(OBJEXT)
- -rm -f pts/components/*.lo
- -rm -f pts/components/ita/*.$(OBJEXT)
- -rm -f pts/components/ita/*.lo
- -rm -f pts/components/tcg/*.$(OBJEXT)
- -rm -f pts/components/tcg/*.lo
- -rm -f swid/*.$(OBJEXT)
- -rm -f swid/*.lo
- -rm -f tcg/*.$(OBJEXT)
- -rm -f tcg/*.lo
- -rm -f tcg/pts/*.$(OBJEXT)
- -rm -f tcg/pts/*.lo
- -rm -f tcg/swid/*.$(OBJEXT)
- -rm -f tcg/swid/*.lo
-
-distclean-compile:
- -rm -f *.tab.c
-
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libpts.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_creds.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_database.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_dh_group.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_error.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_file_meas.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_file_meta.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_file_type.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_ima_bios_list.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_ima_event_list.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_meas_algo.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/$(DEPDIR)/pts_pcr.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/components/$(DEPDIR)/pts_comp_evidence.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/components/$(DEPDIR)/pts_comp_func_name.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/components/$(DEPDIR)/pts_component_manager.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/components/ita/$(DEPDIR)/ita_comp_func_name.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/components/ita/$(DEPDIR)/ita_comp_ima.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/components/ita/$(DEPDIR)/ita_comp_tboot.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/components/ita/$(DEPDIR)/ita_comp_tgrub.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at pts/components/tcg/$(DEPDIR)/tcg_comp_func_name.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at swid/$(DEPDIR)/swid_error.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at swid/$(DEPDIR)/swid_inventory.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at swid/$(DEPDIR)/swid_tag.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at swid/$(DEPDIR)/swid_tag_id.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/$(DEPDIR)/tcg_attr.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_aik.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_finish.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_req.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_dh_nonce_params_resp.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_file_meas.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_gen_attest_evid.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_get_aik.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_get_tpm_version_info.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_meas_algo.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_proto_caps.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meas.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_req_file_meta.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_req_func_comp_evid.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_comp_evid.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_simple_evid_final.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_tpm_version_info.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/pts/$(DEPDIR)/tcg_pts_attr_unix_file_meta.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo at am__quote@
-
-.c.o:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
- at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
- -rm -rf pts/.libs pts/_libs
- -rm -rf pts/components/.libs pts/components/_libs
- -rm -rf pts/components/ita/.libs pts/components/ita/_libs
- -rm -rf pts/components/tcg/.libs pts/components/tcg/_libs
- -rm -rf swid/.libs swid/_libs
- -rm -rf tcg/.libs tcg/_libs
- -rm -rf tcg/pts/.libs tcg/pts/_libs
- -rm -rf tcg/swid/.libs tcg/swid/_libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run 'make' without going through this Makefile.
-# To change the values of 'make' variables: instead of editing Makefiles,
-# (1) if the variable is set in 'config.status', edit 'config.status'
-# (which will cause the Makefiles to be regenerated when you run 'make');
-# (2) otherwise, pass the desired values on the 'make' command line.
-$(am__recursive_targets):
- @fail=; \
- if $(am__make_keepgoing); then \
- failcom='fail=yes'; \
- else \
- failcom='exit 1'; \
- fi; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-recursive
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-recursive
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-recursive
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- $(am__make_dryrun) \
- || test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-recursive
-all-am: Makefile $(LTLIBRARIES)
-installdirs: installdirs-recursive
-installdirs-am:
- for dir in "$(DESTDIR)$(ipseclibdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
- -rm -f pts/$(DEPDIR)/$(am__dirstamp)
- -rm -f pts/$(am__dirstamp)
- -rm -f pts/components/$(DEPDIR)/$(am__dirstamp)
- -rm -f pts/components/$(am__dirstamp)
- -rm -f pts/components/ita/$(DEPDIR)/$(am__dirstamp)
- -rm -f pts/components/ita/$(am__dirstamp)
- -rm -f pts/components/tcg/$(DEPDIR)/$(am__dirstamp)
- -rm -f pts/components/tcg/$(am__dirstamp)
- -rm -f swid/$(DEPDIR)/$(am__dirstamp)
- -rm -f swid/$(am__dirstamp)
- -rm -f tcg/$(DEPDIR)/$(am__dirstamp)
- -rm -f tcg/$(am__dirstamp)
- -rm -f tcg/pts/$(DEPDIR)/$(am__dirstamp)
- -rm -f tcg/pts/$(am__dirstamp)
- -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp)
- -rm -f tcg/swid/$(am__dirstamp)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
- mostlyclean-am
-
-distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/swid/$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-html-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-ipseclibLTLIBRARIES
-
-install-dvi: install-dvi-recursive
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-recursive
-
-install-html-am:
-
-install-info: install-info-recursive
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-pdf-am:
-
-install-ps: install-ps-recursive
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) swid/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/swid/$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am: uninstall-ipseclibLTLIBRARIES
-
-.MAKE: $(am__recursive_targets) install-am install-strip
-
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
- check-am clean clean-generic clean-ipseclibLTLIBRARIES \
- clean-libtool cscopelist-am ctags ctags-am distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am \
- install-ipseclibLTLIBRARIES install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs installdirs-am \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
- uninstall-ipseclibLTLIBRARIES
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libpts/libpts.c b/src/libpts/libpts.c
deleted file mode 100644
index 9511082..0000000
--- a/src/libpts/libpts.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "libpts.h"
-#include "tcg/tcg_attr.h"
-#include "pts/components/pts_component.h"
-#include "pts/components/pts_component_manager.h"
-#include "pts/components/tcg/tcg_comp_func_name.h"
-#include "pts/components/ita/ita_comp_func_name.h"
-#include "pts/components/ita/ita_comp_ima.h"
-#include "pts/components/ita/ita_comp_tboot.h"
-#include "pts/components/ita/ita_comp_tgrub.h"
-
-#include <imcv.h>
-#include <utils/debug.h>
-
-/**
- * PTS Functional Component manager
- */
-pts_component_manager_t *pts_components;
-
-/**
- * Reference count for IMC/IMV instances
- */
-static refcount_t libpts_ref = 0;
-
-/**
- * Described in header.
- */
-bool libpts_init(void)
-{
- if (libpts_ref == 0)
- {
- if (!imcv_pa_tnc_attributes)
- {
- return FALSE;
- }
- imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_TCG,
- tcg_attr_create_from_data, tcg_attr_names);
-
- pts_components = pts_component_manager_create();
- pts_components->add_vendor(pts_components, PEN_TCG,
- pts_tcg_comp_func_names, PTS_TCG_QUALIFIER_TYPE_SIZE,
- pts_tcg_qualifier_flag_names, pts_tcg_qualifier_type_names);
- pts_components->add_vendor(pts_components, PEN_ITA,
- pts_ita_comp_func_names, PTS_ITA_QUALIFIER_TYPE_SIZE,
- pts_ita_qualifier_flag_names, pts_ita_qualifier_type_names);
-
- pts_components->add_component(pts_components, PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_TGRUB,
- pts_ita_comp_tgrub_create);
- pts_components->add_component(pts_components, PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_TBOOT,
- pts_ita_comp_tboot_create);
- pts_components->add_component(pts_components, PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_IMA,
- pts_ita_comp_ima_create);
-
- DBG1(DBG_LIB, "libpts initialized");
- }
- ref_get(&libpts_ref);
-
- return TRUE;
-}
-
-/**
- * Described in header.
- */
-void libpts_deinit(void)
-{
- if (ref_put(&libpts_ref))
- {
- pts_components->remove_vendor(pts_components, PEN_TCG);
- pts_components->remove_vendor(pts_components, PEN_ITA);
- pts_components->destroy(pts_components);
-
- if (!imcv_pa_tnc_attributes)
- {
- return;
- }
- imcv_pa_tnc_attributes->remove_vendor(imcv_pa_tnc_attributes, PEN_TCG);
- DBG1(DBG_LIB, "libpts terminated");
- }
-}
-
diff --git a/src/libpts/libpts.h b/src/libpts/libpts.h
deleted file mode 100644
index e3814e9..0000000
--- a/src/libpts/libpts.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup libpts libpts
- *
- * @defgroup libpts_plugins plugins
- * @ingroup libpts
- *
- * @defgroup swid swid
- * @ingroup libpts
- *
- * @addtogroup libpts
- * @{
- */
-
-#ifndef LIBPTS_H_
-#define LIBPTS_H_
-
-#include "pts/components/pts_component_manager.h"
-
-#include <library.h>
-
-/**
- * Initialize libpts.
- *
- * @return FALSE if initialization failed
- */
-bool libpts_init(void);
-
-/**
- * Deinitialize libpts.
- */
-void libpts_deinit(void);
-
-/**
- * PTS Functional Component manager
- */
-extern pts_component_manager_t* pts_components;
-
-#endif /** LIBPTS_H_ @}*/
diff --git a/src/libpts/plugins/imc_attestation/Makefile.am b/src/libpts/plugins/imc_attestation/Makefile.am
deleted file mode 100644
index 88d9ddd..0000000
--- a/src/libpts/plugins/imc_attestation/Makefile.am
+++ /dev/null
@@ -1,20 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imc-attestation.la
-
-imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
-
-imc_attestation_la_SOURCES = imc_attestation.c \
- imc_attestation_state.h imc_attestation_state.c \
- imc_attestation_process.h imc_attestation_process.c
-
-imc_attestation_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libpts/plugins/imc_attestation/Makefile.in
deleted file mode 100644
index 1f12af6..0000000
--- a/src/libpts/plugins/imc_attestation/Makefile.in
+++ /dev/null
@@ -1,760 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
- at SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libpts/plugins/imc_attestation
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(imcvdir)"
-LTLIBRARIES = $(imcv_LTLIBRARIES)
-imc_attestation_la_DEPENDENCIES = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
-am_imc_attestation_la_OBJECTS = imc_attestation.lo \
- imc_attestation_state.lo imc_attestation_process.lo
-imc_attestation_la_OBJECTS = $(am_imc_attestation_la_OBJECTS)
-AM_V_lt = $(am__v_lt_ at AM_V@)
-am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-imc_attestation_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(imc_attestation_la_LDFLAGS) \
- $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_ at AM_V@)
-am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_ at AM_V@)
-am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_ at AM_V@)
-am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_ at AM_V@)
-am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(imc_attestation_la_SOURCES)
-DIST_SOURCES = $(imc_attestation_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-libdir = @libdir@
-libexecdir = @libexecdir@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imc-attestation.la
-imc_attestation_la_LIBADD = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
-
-imc_attestation_la_SOURCES = imc_attestation.c \
- imc_attestation_state.h imc_attestation_state.c \
- imc_attestation_process.h imc_attestation_process.c
-
-imc_attestation_la_LDFLAGS = -module -avoid-version -no-undefined
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imc_attestation/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/plugins/imc_attestation/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
- }
-
-uninstall-imcvLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
- done
-
-clean-imcvLTLIBRARIES:
- -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
- @list='$(imcv_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-imc-attestation.la: $(imc_attestation_la_OBJECTS) $(imc_attestation_la_DEPENDENCIES) $(EXTRA_imc_attestation_la_DEPENDENCIES)
- $(AM_V_CCLD)$(imc_attestation_la_LINK) -rpath $(imcvdir) $(imc_attestation_la_OBJECTS) $(imc_attestation_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_attestation.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_attestation_process.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_attestation_state.Plo at am__quote@
-
-.c.o:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
- at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES)
-installdirs:
- for dir in "$(DESTDIR)$(imcvdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-imcvLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-imcvLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am \
- install-imcvLTLIBRARIES install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-imcvLTLIBRARIES
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c
deleted file mode 100644
index 74bbc46..0000000
--- a/src/libpts/plugins/imc_attestation/imc_attestation.c
+++ /dev/null
@@ -1,339 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imc_attestation_state.h"
-#include "imc_attestation_process.h"
-
-#include <imc/imc_agent.h>
-#include <imc/imc_msg.h>
-#include <ietf/ietf_attr.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
-#include <ietf/ietf_attr_product_info.h>
-#include <ietf/ietf_attr_string_version.h>
-#include <ietf/ietf_attr_assess_result.h>
-#include <os_info/os_info.h>
-
-#include <libpts.h>
-
-#include <pts/pts_error.h>
-
-#include <tcg/pts/tcg_pts_attr_proto_caps.h>
-#include <tcg/pts/tcg_pts_attr_meas_algo.h>
-
-#include <tncif_pa_subtypes.h>
-
-#include <pen/pen.h>
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-/* IMC definitions */
-
-static const char imc_name[] = "Attestation";
-
-static pen_type_t msg_types[] = {
- { PEN_TCG, PA_SUBTYPE_TCG_PTS }
-};
-
-static imc_agent_t *imc_attestation;
-
-/**
- * Supported PTS measurement algorithms
- */
-static pts_meas_algorithms_t supported_algorithms = PTS_MEAS_ALGO_NONE;
-
-/**
- * Supported PTS Diffie Hellman Groups
- */
-static pts_dh_group_t supported_dh_groups = PTS_DH_GROUP_NONE;
-
-/**
- * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_API TNC_IMC_Initialize(TNC_IMCID imc_id,
- TNC_Version min_version,
- TNC_Version max_version,
- TNC_Version *actual_version)
-{
- bool mandatory_dh_groups;
-
- if (imc_attestation)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
- return TNC_RESULT_ALREADY_INITIALIZED;
- }
- imc_attestation = imc_agent_create(imc_name, msg_types, countof(msg_types),
- imc_id, actual_version);
- if (!imc_attestation)
- {
- return TNC_RESULT_FATAL;
- }
-
- mandatory_dh_groups = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-attestation.mandatory_dh_groups", TRUE, lib->ns);
-
- if (!pts_meas_algo_probe(&supported_algorithms) ||
- !pts_dh_group_probe(&supported_dh_groups, mandatory_dh_groups))
- {
- imc_attestation->destroy(imc_attestation);
- imc_attestation = NULL;
- return TNC_RESULT_FATAL;
- }
- libpts_init();
-
- if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
- {
- DBG1(DBG_IMC, "no common IF-IMC version");
- return TNC_RESULT_NO_COMMON_VERSION;
- }
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_ConnectionState new_state)
-{
- imc_state_t *state;
-
- if (!imc_attestation)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_CREATE:
- state = imc_attestation_state_create(connection_id);
- return imc_attestation->create_state(imc_attestation, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_attestation->change_state(imc_attestation, connection_id,
- new_state, &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
- case TNC_CONNECTION_STATE_DELETE:
- return imc_attestation->delete_state(imc_attestation, connection_id);
- case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
- case TNC_CONNECTION_STATE_ACCESS_NONE:
- default:
- return imc_attestation->change_state(imc_attestation, connection_id,
- new_state, NULL);
- }
-}
-
-
-/**
- * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_API TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- if (!imc_attestation)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
-
- return TNC_RESULT_SUCCESS;
-}
-
-static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
-{
- imc_msg_t *out_msg;
- imc_attestation_state_t *attestation_state;
- enumerator_t *enumerator;
- pa_tnc_attr_t *attr;
- pen_type_t type;
- TNC_Result result;
- bool fatal_error = FALSE;
-
- /* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- out_msg = imc_msg_create_as_reply(in_msg);
-
- /* analyze PA-TNC attributes */
- enumerator = in_msg->create_attribute_enumerator(in_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- type = attr->get_type(attr);
-
- if (type.vendor_id == PEN_IETF)
- {
- if (type.type == IETF_ATTR_PA_TNC_ERROR)
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pen_type_t error_code;
- chunk_t msg_info;
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
-
- if (error_code.vendor_id == PEN_TCG)
- {
- msg_info = error_attr->get_msg_info(error_attr);
-
- DBG1(DBG_IMC, "received TCG-PTS error '%N'",
- pts_error_code_names, error_code.type);
- DBG1(DBG_IMC, "error information: %B", &msg_info);
-
- result = TNC_RESULT_FATAL;
- }
- }
- }
- else if (type.vendor_id == PEN_TCG)
- {
- attestation_state = (imc_attestation_state_t*)state;
-
- if (!imc_attestation_process(attr, out_msg, attestation_state,
- supported_algorithms, supported_dh_groups))
- {
- result = TNC_RESULT_FATAL;
- break;
- }
- }
- }
- enumerator->destroy(enumerator);
-
- if (result == TNC_RESULT_SUCCESS)
- {
- /* send PA-TNC message with the excl flag set */
- result = out_msg->send(out_msg, TRUE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_MessageType msg_type)
-{
- imc_state_t *state;
- imc_msg_t *in_msg;
- TNC_Result result;
-
- if (!imc_attestation)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
-
- in_msg = imc_msg_create_from_data(imc_attestation, state, connection_id,
- msg_type, chunk_create(msg, msg_len));
- result = receive_message(state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
- */
-TNC_Result TNC_IMC_API TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_UInt32 msg_flags,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_VendorID msg_vid,
- TNC_MessageSubtype msg_subtype,
- TNC_UInt32 src_imv_id,
- TNC_UInt32 dst_imc_id)
-{
- imc_state_t *state;
- imc_msg_t *in_msg;
- TNC_Result result;
-
- if (!imc_attestation)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_attestation->get_state(imc_attestation, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imc_msg_create_from_long_data(imc_attestation, state, connection_id,
- src_imv_id, dst_imc_id, msg_vid, msg_subtype,
- chunk_create(msg, msg_len));
- result =receive_message(state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_API TNC_IMC_BatchEnding(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- if (!imc_attestation)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_API TNC_IMC_Terminate(TNC_IMCID imc_id)
-{
- if (!imc_attestation)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
-
- libpts_deinit();
-
- imc_attestation->destroy(imc_attestation);
- imc_attestation = NULL;
-
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_API TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
- TNC_TNCC_BindFunctionPointer bind_function)
-{
- if (!imc_attestation)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- return imc_attestation->bind_functions(imc_attestation, bind_function);
-}
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libpts/plugins/imc_attestation/imc_attestation_process.c
deleted file mode 100644
index fbe81ee..0000000
--- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c
+++ /dev/null
@@ -1,476 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-
-#include <stdio.h>
-/* for isdigit */
-#include <ctype.h>
-
-#include "imc_attestation_process.h"
-
-#include <ietf/ietf_attr_pa_tnc_error.h>
-
-#include <pts/pts.h>
-
-#include <tcg/pts/tcg_pts_attr_proto_caps.h>
-#include <tcg/pts/tcg_pts_attr_meas_algo.h>
-#include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
-#include <tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h>
-#include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
-#include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
-#include <tcg/pts/tcg_pts_attr_tpm_version_info.h>
-#include <tcg/pts/tcg_pts_attr_get_aik.h>
-#include <tcg/pts/tcg_pts_attr_aik.h>
-#include <tcg/pts/tcg_pts_attr_req_func_comp_evid.h>
-#include <tcg/pts/tcg_pts_attr_gen_attest_evid.h>
-#include <tcg/pts/tcg_pts_attr_simple_comp_evid.h>
-#include <tcg/pts/tcg_pts_attr_simple_evid_final.h>
-#include <tcg/pts/tcg_pts_attr_req_file_meas.h>
-#include <tcg/pts/tcg_pts_attr_file_meas.h>
-#include <tcg/pts/tcg_pts_attr_req_file_meta.h>
-#include <tcg/pts/tcg_pts_attr_unix_file_meta.h>
-
-#include <utils/debug.h>
-#include <utils/lexparser.h>
-
-#define DEFAULT_NONCE_LEN 20
-
-bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg,
- imc_attestation_state_t *attestation_state,
- pts_meas_algorithms_t supported_algorithms,
- pts_dh_group_t supported_dh_groups)
-{
- chunk_t attr_info;
- pts_t *pts;
- pts_error_code_t pts_error;
- pen_type_t attr_type;
- bool valid_path;
-
- pts = attestation_state->get_pts(attestation_state);
- attr_type = attr->get_type(attr);
-
- switch (attr_type.type)
- {
- case TCG_PTS_REQ_PROTO_CAPS:
- {
- tcg_pts_attr_proto_caps_t *attr_cast;
- pts_proto_caps_flag_t imc_caps, imv_caps;
-
- attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
- imv_caps = attr_cast->get_flags(attr_cast);
- imc_caps = pts->get_proto_caps(pts);
- pts->set_proto_caps(pts, imc_caps & imv_caps);
-
- /* Send PTS Protocol Capabilities attribute */
- attr = tcg_pts_attr_proto_caps_create(imc_caps & imv_caps, FALSE);
- msg->add_attribute(msg, attr);
- break;
- }
- case TCG_PTS_MEAS_ALGO:
- {
- tcg_pts_attr_meas_algo_t *attr_cast;
- pts_meas_algorithms_t offered_algorithms, selected_algorithm;
-
- attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
- offered_algorithms = attr_cast->get_algorithms(attr_cast);
- selected_algorithm = pts_meas_algo_select(supported_algorithms,
- offered_algorithms);
- if (selected_algorithm == PTS_MEAS_ALGO_NONE)
- {
- attr = pts_hash_alg_error_create(supported_algorithms);
- msg->add_attribute(msg, attr);
- break;
- }
-
- /* Send Measurement Algorithm Selection attribute */
- pts->set_meas_algorithm(pts, selected_algorithm);
- attr = tcg_pts_attr_meas_algo_create(selected_algorithm, TRUE);
- msg->add_attribute(msg, attr);
- break;
- }
- case TCG_PTS_DH_NONCE_PARAMS_REQ:
- {
- tcg_pts_attr_dh_nonce_params_req_t *attr_cast;
- pts_dh_group_t offered_dh_groups, selected_dh_group;
- chunk_t responder_value, responder_nonce;
- int nonce_len, min_nonce_len;
-
- nonce_len = lib->settings->get_int(lib->settings,
- "%s.plugins.imc-attestation.nonce_len",
- DEFAULT_NONCE_LEN, lib->ns);
-
- attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr;
- min_nonce_len = attr_cast->get_min_nonce_len(attr_cast);
- if (nonce_len < PTS_MIN_NONCE_LEN ||
- (min_nonce_len > 0 && nonce_len < min_nonce_len))
- {
- attr = pts_dh_nonce_error_create(nonce_len, PTS_MAX_NONCE_LEN);
- msg->add_attribute(msg, attr);
- break;
- }
-
- offered_dh_groups = attr_cast->get_dh_groups(attr_cast);
- selected_dh_group = pts_dh_group_select(supported_dh_groups,
- offered_dh_groups);
- if (selected_dh_group == PTS_DH_GROUP_NONE)
- {
- attr = pts_dh_group_error_create(supported_dh_groups);
- msg->add_attribute(msg, attr);
- break;
- }
-
- /* Create own DH factor and nonce */
- if (!pts->create_dh_nonce(pts, selected_dh_group, nonce_len))
- {
- return FALSE;
- }
- pts->get_my_public_value(pts, &responder_value, &responder_nonce);
-
- /* Send DH Nonce Parameters Response attribute */
- attr = tcg_pts_attr_dh_nonce_params_resp_create(selected_dh_group,
- supported_algorithms, responder_nonce, responder_value);
- msg->add_attribute(msg, attr);
- break;
- }
- case TCG_PTS_DH_NONCE_FINISH:
- {
- tcg_pts_attr_dh_nonce_finish_t *attr_cast;
- pts_meas_algorithms_t selected_algorithm;
- chunk_t initiator_nonce, initiator_value;
- int nonce_len;
-
- attr_cast = (tcg_pts_attr_dh_nonce_finish_t*)attr;
- selected_algorithm = attr_cast->get_hash_algo(attr_cast);
- if (!(selected_algorithm & supported_algorithms))
- {
- DBG1(DBG_IMC, "PTS-IMV selected unsupported DH hash algorithm");
- return FALSE;
- }
- pts->set_dh_hash_algorithm(pts, selected_algorithm);
-
- initiator_value = attr_cast->get_initiator_value(attr_cast);
- initiator_nonce = attr_cast->get_initiator_nonce(attr_cast);
-
- nonce_len = lib->settings->get_int(lib->settings,
- "%s.plugins.imc-attestation.nonce_len",
- DEFAULT_NONCE_LEN, lib->ns);
- if (nonce_len != initiator_nonce.len)
- {
- DBG1(DBG_IMC, "initiator and responder DH nonces "
- "have differing lengths");
- return FALSE;
- }
-
- pts->set_peer_public_value(pts, initiator_value, initiator_nonce);
- if (!pts->calculate_secret(pts))
- {
- return FALSE;
- }
- break;
- }
- case TCG_PTS_GET_TPM_VERSION_INFO:
- {
- chunk_t tpm_version_info, attr_info;
- pen_type_t error_code = { PEN_TCG, TCG_PTS_TPM_VERS_NOT_SUPPORTED };
-
- if (!pts->get_tpm_version_info(pts, &tpm_version_info))
- {
- attr_info = attr->get_value(attr);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
-
- /* Send TPM Version Info attribute */
- attr = tcg_pts_attr_tpm_version_info_create(tpm_version_info);
- msg->add_attribute(msg, attr);
- break;
- }
- case TCG_PTS_GET_AIK:
- {
- certificate_t *aik;
-
- aik = pts->get_aik(pts);
- if (!aik)
- {
- DBG1(DBG_IMC, "no AIK certificate or public key available");
- break;
- }
-
- /* Send AIK attribute */
- attr = tcg_pts_attr_aik_create(aik);
- msg->add_attribute(msg, attr);
- break;
- }
- case TCG_PTS_REQ_FILE_MEAS:
- {
- tcg_pts_attr_req_file_meas_t *attr_cast;
- char *pathname;
- u_int16_t request_id;
- bool is_directory;
- u_int32_t delimiter;
- pts_file_meas_t *measurements;
- pen_type_t error_code;
-
- attr_info = attr->get_value(attr);
- attr_cast = (tcg_pts_attr_req_file_meas_t*)attr;
- is_directory = attr_cast->get_directory_flag(attr_cast);
- request_id = attr_cast->get_request_id(attr_cast);
- delimiter = attr_cast->get_delimiter(attr_cast);
- pathname = attr_cast->get_pathname(attr_cast);
- valid_path = pts->is_path_valid(pts, pathname, &pts_error);
-
- if (valid_path && pts_error)
- {
- error_code = pen_type_create(PEN_TCG, pts_error);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
- else if (!valid_path)
- {
- break;
- }
-
- if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
- {
- error_code = pen_type_create(PEN_TCG,
- TCG_PTS_INVALID_DELIMITER);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
-
- /* Do PTS File Measurements and send them to PTS-IMV */
- DBG2(DBG_IMC, "measurement request %d for %s '%s'",
- request_id, is_directory ? "directory" : "file",
- pathname);
- measurements = pts_file_meas_create_from_path(request_id,
- pathname, is_directory, TRUE,
- pts->get_meas_algorithm(pts));
- if (!measurements)
- {
- /* TODO handle error codes from measurements */
- return FALSE;
- }
- attr = tcg_pts_attr_file_meas_create(measurements);
- attr->set_noskip_flag(attr, TRUE);
- msg->add_attribute(msg, attr);
- break;
- }
- case TCG_PTS_REQ_FILE_META:
- {
- tcg_pts_attr_req_file_meta_t *attr_cast;
- char *pathname;
- bool is_directory;
- u_int8_t delimiter;
- pts_file_meta_t *metadata;
- pen_type_t error_code;
-
- attr_info = attr->get_value(attr);
- attr_cast = (tcg_pts_attr_req_file_meta_t*)attr;
- is_directory = attr_cast->get_directory_flag(attr_cast);
- delimiter = attr_cast->get_delimiter(attr_cast);
- pathname = attr_cast->get_pathname(attr_cast);
-
- valid_path = pts->is_path_valid(pts, pathname, &pts_error);
- if (valid_path && pts_error)
- {
- error_code = pen_type_create(PEN_TCG, pts_error);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
- else if (!valid_path)
- {
- break;
- }
- if (delimiter != SOLIDUS_UTF && delimiter != REVERSE_SOLIDUS_UTF)
- {
- error_code = pen_type_create(PEN_TCG,
- TCG_PTS_INVALID_DELIMITER);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
- /* Get File Metadata and send them to PTS-IMV */
- DBG2(DBG_IMC, "metadata request for %s '%s'",
- is_directory ? "directory" : "file",
- pathname);
- metadata = pts->get_metadata(pts, pathname, is_directory);
-
- if (!metadata)
- {
- /* TODO handle error codes from measurements */
- return FALSE;
- }
- attr = tcg_pts_attr_unix_file_meta_create(metadata);
- attr->set_noskip_flag(attr, TRUE);
- msg->add_attribute(msg, attr);
- break;
- }
- case TCG_PTS_REQ_FUNC_COMP_EVID:
- {
- tcg_pts_attr_req_func_comp_evid_t *attr_cast;
- pts_proto_caps_flag_t negotiated_caps;
- pts_comp_func_name_t *name;
- pts_comp_evidence_t *evid;
- pts_component_t *comp;
- pen_type_t error_code;
- u_int32_t depth;
- u_int8_t flags;
- status_t status;
- enumerator_t *e;
-
- attr_info = attr->get_value(attr);
- attr_cast = (tcg_pts_attr_req_func_comp_evid_t*)attr;
-
- DBG1(DBG_IMC, "evidence requested for %d functional components",
- attr_cast->get_count(attr_cast));
-
- e = attr_cast->create_enumerator(attr_cast);
- while (e->enumerate(e, &flags, &depth, &name))
- {
- name->log(name, "* ");
- negotiated_caps = pts->get_proto_caps(pts);
-
- if (flags & PTS_REQ_FUNC_COMP_EVID_TTC)
- {
- error_code = pen_type_create(PEN_TCG,
- TCG_PTS_UNABLE_DET_TTC);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
- if (flags & PTS_REQ_FUNC_COMP_EVID_VER &&
- !(negotiated_caps & PTS_PROTO_CAPS_V))
- {
- error_code = pen_type_create(PEN_TCG,
- TCG_PTS_UNABLE_LOCAL_VAL);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
- if (flags & PTS_REQ_FUNC_COMP_EVID_CURR &&
- !(negotiated_caps & PTS_PROTO_CAPS_C))
- {
- error_code = pen_type_create(PEN_TCG,
- TCG_PTS_UNABLE_CUR_EVID);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
- if (flags & PTS_REQ_FUNC_COMP_EVID_PCR &&
- !(negotiated_caps & PTS_PROTO_CAPS_T))
- {
- error_code = pen_type_create(PEN_TCG,
- TCG_PTS_UNABLE_DET_PCR);
- attr = ietf_attr_pa_tnc_error_create(error_code, attr_info);
- msg->add_attribute(msg, attr);
- break;
- }
- if (depth > 0)
- {
- DBG1(DBG_IMC, "the Attestation IMC currently does not "
- "support sub component measurements");
- return FALSE;
- }
- comp = attestation_state->create_component(attestation_state,
- name, depth);
- if (!comp)
- {
- DBG2(DBG_IMC, " not registered: no evidence provided");
- continue;
- }
-
- /* do the component evidence measurement[s] and cache them */
- do
- {
- status = comp->measure(comp, name->get_qualifier(name),
- pts, &evid);
- if (status == FAILED)
- {
- break;
- }
- attestation_state->add_evidence(attestation_state, evid);
- }
- while (status == NEED_MORE);
- }
- e->destroy(e);
- break;
- }
- case TCG_PTS_GEN_ATTEST_EVID:
- {
- pts_simple_evid_final_flag_t flags;
- pts_meas_algorithms_t comp_hash_algorithm;
- pts_comp_evidence_t *evid;
- chunk_t pcr_composite, quote_sig;
- bool use_quote2;
-
- /* Send cached Component Evidence entries */
- while (attestation_state->next_evidence(attestation_state, &evid))
- {
- attr = tcg_pts_attr_simple_comp_evid_create(evid);
- msg->add_attribute(msg, attr);
- }
-
- use_quote2 = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-attestation.use_quote2", TRUE,
- lib->ns);
- if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig))
- {
- DBG1(DBG_IMC, "error occurred during TPM quote operation");
- return FALSE;
- }
-
- /* Send Simple Evidence Final attribute */
- flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 :
- PTS_SIMPLE_EVID_FINAL_QUOTE_INFO;
- comp_hash_algorithm = PTS_MEAS_ALGO_SHA1;
-
- attr = tcg_pts_attr_simple_evid_final_create(flags,
- comp_hash_algorithm, pcr_composite, quote_sig);
- msg->add_attribute(msg, attr);
- break;
- }
- /* TODO: Not implemented yet */
- case TCG_PTS_REQ_INTEG_MEAS_LOG:
- /* Attributes using XML */
- case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
- case TCG_PTS_UPDATE_TEMPL_REF_MANI:
- /* On Windows only*/
- case TCG_PTS_REQ_REGISTRY_VALUE:
- /* Received on IMV side only*/
- case TCG_PTS_PROTO_CAPS:
- case TCG_PTS_DH_NONCE_PARAMS_RESP:
- case TCG_PTS_MEAS_ALGO_SELECTION:
- case TCG_PTS_TPM_VERSION_INFO:
- case TCG_PTS_TEMPL_REF_MANI_SET_META:
- case TCG_PTS_AIK:
- case TCG_PTS_SIMPLE_COMP_EVID:
- case TCG_PTS_SIMPLE_EVID_FINAL:
- case TCG_PTS_VERIFICATION_RESULT:
- case TCG_PTS_INTEG_REPORT:
- case TCG_PTS_UNIX_FILE_META:
- case TCG_PTS_FILE_MEAS:
- case TCG_PTS_INTEG_MEAS_LOG:
- default:
- DBG1(DBG_IMC, "received unsupported attribute '%N'",
- tcg_attr_names, attr->get_type(attr));
- break;
- }
- return TRUE;
-}
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libpts/plugins/imc_attestation/imc_attestation_state.c
deleted file mode 100644
index 4fcbdfa..0000000
--- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imc_attestation_state.h"
-
-#include <libpts.h>
-
-#include <tncif_names.h>
-
-#include <collections/linked_list.h>
-#include <utils/debug.h>
-
-typedef struct private_imc_attestation_state_t private_imc_attestation_state_t;
-typedef struct func_comp_t func_comp_t;
-
-/**
- * Private data of an imc_attestation_state_t object.
- */
-struct private_imc_attestation_state_t {
-
- /**
- * Public members of imc_attestation_state_t
- */
- imc_attestation_state_t public;
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID connection_id;
-
- /**
- * TNCCS connection state
- */
- TNC_ConnectionState state;
-
- /**
- * Assessment/Evaluation Result
- */
- TNC_IMV_Evaluation_Result result;
-
- /**
- * Does the TNCCS connection support long message types?
- */
- bool has_long;
-
- /**
- * Does the TNCCS connection support exclusive delivery?
- */
- bool has_excl;
-
- /**
- * Maximum PA-TNC message size for this TNCCS connection
- */
- u_int32_t max_msg_len;
-
- /**
- * PTS object
- */
- pts_t *pts;
-
- /**
- * List of Functional Components
- */
- linked_list_t *components;
-
- /**
- * Functional Component Evidence cache list
- */
- linked_list_t *list;
-
-};
-
-METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
- private_imc_attestation_state_t *this)
-{
- return this->connection_id;
-}
-
-METHOD(imc_state_t, has_long, bool,
- private_imc_attestation_state_t *this)
-{
- return this->has_long;
-}
-
-METHOD(imc_state_t, has_excl, bool,
- private_imc_attestation_state_t *this)
-{
- return this->has_excl;
-}
-
-METHOD(imc_state_t, set_flags, void,
- private_imc_attestation_state_t *this, bool has_long, bool has_excl)
-{
- this->has_long = has_long;
- this->has_excl = has_excl;
-}
-
-METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_attestation_state_t *this, u_int32_t max_msg_len)
-{
- this->max_msg_len = max_msg_len;
-}
-
-METHOD(imc_state_t, get_max_msg_len, u_int32_t,
- private_imc_attestation_state_t *this)
-{
- return this->max_msg_len;
-}
-
-METHOD(imc_state_t, change_state, void,
- private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
-{
- this->state = new_state;
-}
-
-METHOD(imc_state_t, set_result, void,
- private_imc_attestation_state_t *this, TNC_IMCID id,
- TNC_IMV_Evaluation_Result result)
-{
- this->result = result;
-}
-
-METHOD(imc_state_t, get_result, bool,
- private_imc_attestation_state_t *this, TNC_IMCID id,
- TNC_IMV_Evaluation_Result *result)
-{
- if (result)
- {
- *result = this->result;
- }
- return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
-}
-
-METHOD(imc_state_t, destroy, void,
- private_imc_attestation_state_t *this)
-{
- this->pts->destroy(this->pts);
- this->components->destroy_offset(this->components,
- offsetof(pts_component_t, destroy));
- this->list->destroy_offset(this->list,
- offsetof(pts_comp_evidence_t, destroy));
- free(this);
-}
-
-METHOD(imc_attestation_state_t, get_pts, pts_t*,
- private_imc_attestation_state_t *this)
-{
- return this->pts;
-}
-
-METHOD(imc_attestation_state_t, create_component, pts_component_t*,
- private_imc_attestation_state_t *this, pts_comp_func_name_t *name,
- u_int32_t depth)
-{
- enumerator_t *enumerator;
- pts_component_t *component;
- bool found = FALSE;
-
- enumerator = this->components->create_enumerator(this->components);
- while (enumerator->enumerate(enumerator, &component))
- {
- if (name->equals(name, component->get_comp_func_name(component)))
- {
- found = TRUE;
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (!found)
- {
- component = pts_components->create(pts_components, name, depth, NULL);
- if (!component)
- {
- return NULL;
- }
- this->components->insert_last(this->components, component);
-
- }
- return component;
-}
-
-METHOD(imc_attestation_state_t, add_evidence, void,
- private_imc_attestation_state_t *this, pts_comp_evidence_t *evid)
-{
- this->list->insert_last(this->list, evid);
-}
-
-METHOD(imc_attestation_state_t, next_evidence, bool,
- private_imc_attestation_state_t *this, pts_comp_evidence_t **evid)
-{
- return this->list->remove_first(this->list, (void**)evid) == SUCCESS;
-}
-
-/**
- * Described in header.
- */
-imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
-{
- private_imc_attestation_state_t *this;
-
- INIT(this,
- .public = {
- .interface = {
- .get_connection_id = _get_connection_id,
- .has_long = _has_long,
- .has_excl = _has_excl,
- .set_flags = _set_flags,
- .set_max_msg_len = _set_max_msg_len,
- .get_max_msg_len = _get_max_msg_len,
- .change_state = _change_state,
- .set_result = _set_result,
- .get_result = _get_result,
- .destroy = _destroy,
- },
- .get_pts = _get_pts,
- .create_component = _create_component,
- .add_evidence = _add_evidence,
- .next_evidence = _next_evidence,
- },
- .connection_id = connection_id,
- .state = TNC_CONNECTION_STATE_CREATE,
- .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
- .pts = pts_create(TRUE),
- .components = linked_list_create(),
- .list = linked_list_create(),
- );
-
- return &this->public.interface;
-}
-
-
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.h b/src/libpts/plugins/imc_attestation/imc_attestation_state.h
deleted file mode 100644
index 4b93931..0000000
--- a/src/libpts/plugins/imc_attestation/imc_attestation_state.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imc_attestation imc_attestation
- * @ingroup libpts_plugins
- *
- * @defgroup imc_attestation_state_t imc_attestation_state
- * @{ @ingroup imc_attestation
- */
-
-#ifndef IMC_ATTESTATION_STATE_H_
-#define IMC_ATTESTATION_STATE_H_
-
-#include <imc/imc_state.h>
-#include <pts/pts.h>
-#include <pts/components/pts_component.h>
-#include <pts/components/pts_comp_evidence.h>
-#include <library.h>
-
-typedef struct imc_attestation_state_t imc_attestation_state_t;
-
-/**
- * Internal state of an imc_attestation_t connection instance
- */
-struct imc_attestation_state_t {
-
- /**
- * imc_state_t interface
- */
- imc_state_t interface;
-
- /**
- * Get the PTS object
- *
- * @return PTS object
- */
- pts_t* (*get_pts)(imc_attestation_state_t *this);
-
- /**
- * Create and add an entry to the list of Functional Components
- *
- * @param name Component Functional Name
- * @param depth Sub-component Depth
- * @return created functional component instance or NULL
- */
- pts_component_t* (*create_component)(imc_attestation_state_t *this,
- pts_comp_func_name_t *name, u_int32_t depth);
-
- /**
- * Add an entry to the Component Evidence cache list
- *
- * @param evid Component Evidence entry
- */
- void (*add_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t *evid);
-
- /**
- * Removes next entry from the Component Evidence cache list and returns it
- *
- * @param evid Next Component Evidence entry
- * @return TRUE if next entry is available
- */
- bool (*next_evidence)(imc_attestation_state_t *this, pts_comp_evidence_t** evid);
-
-};
-
-/**
- * Create an imc_attestation_state_t instance
- *
- * @param id connection ID
- */
-imc_state_t* imc_attestation_state_create(TNC_ConnectionID id);
-
-#endif /** IMC_ATTESTATION_STATE_H_ @}*/
diff --git a/src/libpts/plugins/imc_swid/Makefile.am b/src/libpts/plugins/imc_swid/Makefile.am
deleted file mode 100644
index ddf5964..0000000
--- a/src/libpts/plugins/imc_swid/Makefile.am
+++ /dev/null
@@ -1,39 +0,0 @@
-regid = regid.2004-03.org.strongswan
-unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW)
-swid_tag = $(regid)_$(unique_sw_id).swidtag
-
-swiddir = $(prefix)/share/$(regid)
-swid_DATA = $(swid_tag)
-ipsec_DATA = $(swid_tag)
-EXTRA_DIST = $(regid)_strongSwan.swidtag.in
-CLEANFILES = $(regid)_strongSwan*.swidtag
-
-$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in
- $(AM_V_GEN) \
- sed \
- -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \
- -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \
- -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \
- -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \
- $(srcdir)/$(regid)_strongSwan.swidtag.in > $@
-
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts \
- -DSWID_DIRECTORY=\"${prefix}/share\"
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imc-swid.la
-
-imc_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
-
-imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libpts/plugins/imc_swid/Makefile.in b/src/libpts/plugins/imc_swid/Makefile.in
deleted file mode 100644
index 6c3923a..0000000
--- a/src/libpts/plugins/imc_swid/Makefile.in
+++ /dev/null
@@ -1,821 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
- at SET_MAKE@
-
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libpts/plugins/imc_swid
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" \
- "$(DESTDIR)$(swiddir)"
-LTLIBRARIES = $(imcv_LTLIBRARIES)
-imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-am_imc_swid_la_OBJECTS = imc_swid.lo imc_swid_state.lo
-imc_swid_la_OBJECTS = $(am_imc_swid_la_OBJECTS)
-AM_V_lt = $(am__v_lt_ at AM_V@)
-am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-imc_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(imc_swid_la_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_ at AM_V@)
-am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_ at AM_V@)
-am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_ at AM_V@)
-am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_ at AM_V@)
-am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(imc_swid_la_SOURCES)
-DIST_SOURCES = $(imc_swid_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-DATA = $(ipsec_DATA) $(swid_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-libdir = @libdir@
-libexecdir = @libexecdir@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-regid = regid.2004-03.org.strongswan
-unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW)
-swid_tag = $(regid)_$(unique_sw_id).swidtag
-swiddir = $(prefix)/share/$(regid)
-swid_DATA = $(swid_tag)
-ipsec_DATA = $(swid_tag)
-EXTRA_DIST = $(regid)_strongSwan.swidtag.in
-CLEANFILES = $(regid)_strongSwan*.swidtag
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts \
- -DSWID_DIRECTORY=\"${prefix}/share\"
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imc-swid.la
-imc_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
-imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imc_swid/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/plugins/imc_swid/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
- }
-
-uninstall-imcvLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
- done
-
-clean-imcvLTLIBRARIES:
- -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
- @list='$(imcv_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-imc-swid.la: $(imc_swid_la_OBJECTS) $(imc_swid_la_DEPENDENCIES) $(EXTRA_imc_swid_la_DEPENDENCIES)
- $(AM_V_CCLD)$(imc_swid_la_LINK) -rpath $(imcvdir) $(imc_swid_la_OBJECTS) $(imc_swid_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_swid.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imc_swid_state.Plo at am__quote@
-
-.c.o:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
- at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-ipsecDATA: $(ipsec_DATA)
- @$(NORMAL_INSTALL)
- @list='$(ipsec_DATA)'; test -n "$(ipsecdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(ipsecdir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(ipsecdir)" || exit $$?; \
- done
-
-uninstall-ipsecDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(ipsec_DATA)'; test -n "$(ipsecdir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(ipsecdir)'; $(am__uninstall_files_from_dir)
-install-swidDATA: $(swid_DATA)
- @$(NORMAL_INSTALL)
- @list='$(swid_DATA)'; test -n "$(swiddir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(swiddir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \
- done
-
-uninstall-swidDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(swid_DATA)'; test -n "$(swiddir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(DATA)
-installdirs:
- for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(swiddir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-imcvLTLIBRARIES install-ipsecDATA \
- install-swidDATA
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \
- uninstall-swidDATA
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am \
- install-imcvLTLIBRARIES install-info install-info-am \
- install-ipsecDATA install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip install-swidDATA \
- installcheck installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
- uninstall-ipsecDATA uninstall-swidDATA
-
-
-$(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in
- $(AM_V_GEN) \
- sed \
- -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \
- -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \
- -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \
- -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \
- $(srcdir)/$(regid)_strongSwan.swidtag.in > $@
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c
deleted file mode 100644
index ef3a6a3..0000000
--- a/src/libpts/plugins/imc_swid/imc_swid.c
+++ /dev/null
@@ -1,479 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imc_swid_state.h"
-
-#include "libpts.h"
-#include "swid/swid_inventory.h"
-#include "swid/swid_error.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-
-#include <imc/imc_agent.h>
-#include <imc/imc_msg.h>
-#include <ita/ita_attr.h>
-#include <ita/ita_attr_angel.h>
-
-#include <tncif_pa_subtypes.h>
-
-#include <pen/pen.h>
-#include <utils/debug.h>
-
-#define SWID_GENERATOR "/usr/local/bin/swid_generator"
-
-/* IMC definitions */
-
-static const char imc_name[] = "SWID";
-
-static pen_type_t msg_types[] = {
- { PEN_TCG, PA_SUBTYPE_TCG_SWID }
-};
-
-static imc_agent_t *imc_swid;
-
-/**
- * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
- TNC_Version min_version,
- TNC_Version max_version,
- TNC_Version *actual_version)
-{
- if (imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
- return TNC_RESULT_ALREADY_INITIALIZED;
- }
- imc_swid = imc_agent_create(imc_name, msg_types, countof(msg_types),
- imc_id, actual_version);
- if (!imc_swid)
- {
- return TNC_RESULT_FATAL;
- }
-
- libpts_init();
-
- if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
- {
- DBG1(DBG_IMC, "no common IF-IMC version");
- return TNC_RESULT_NO_COMMON_VERSION;
- }
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_ConnectionState new_state)
-{
- imc_state_t *state;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_CREATE:
- state = imc_swid_state_create(connection_id);
- return imc_swid->create_state(imc_swid, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_swid->change_state(imc_swid, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
- case TNC_CONNECTION_STATE_DELETE:
- return imc_swid->delete_state(imc_swid, connection_id);
- default:
- return imc_swid->change_state(imc_swid, connection_id,
- new_state, NULL);
- }
-}
-
-/**
- * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- imc_state_t *state;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
-
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * Add one or multiple SWID Inventory attributes to the send queue
- */
-static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
- uint32_t request_id, bool full_tags,
- swid_inventory_t *targets)
-{
- pa_tnc_attr_t *attr, *attr_angel, *attr_error;
- imc_swid_state_t *swid_state;
- swid_inventory_t *swid_inventory;
- char *swid_directory, *swid_generator;
- uint32_t eid_epoch;
- size_t max_attr_size, attr_size, entry_size;
- bool first = TRUE, swid_pretty, swid_full;
- enumerator_t *enumerator;
-
- swid_directory = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-swid.swid_directory",
- SWID_DIRECTORY, lib->ns);
- swid_generator = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-swid.swid_generator",
- SWID_GENERATOR, lib->ns);
- swid_pretty = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-swid.swid_pretty",
- FALSE, lib->ns);
- swid_full = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-swid.swid_full",
- FALSE, lib->ns);
-
- swid_inventory = swid_inventory_create(full_tags);
- if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator,
- targets, swid_pretty, swid_full))
- {
- swid_inventory->destroy(swid_inventory);
- attr_error = swid_error_create(TCG_SWID_ERROR, request_id,
- 0, "error in SWID tag collection");
- msg->add_attribute(msg, attr_error);
- return FALSE;
- }
- DBG1(DBG_IMC, "collected %d SWID tag%s%s",
- swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
- swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
-
- swid_state = (imc_swid_state_t*)state;
- eid_epoch = swid_state->get_eid_epoch(swid_state);
-
- /**
- * Compute the maximum TCG SWID Tag [ID] Inventory attribute size
- * leaving space for an additional ITA Angel attribute
- */
- max_attr_size = state->get_max_msg_len(state) -
- PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
-
- if (full_tags)
- {
- tcg_swid_attr_tag_inv_t *swid_attr;
- swid_tag_t *tag;
- chunk_t encoding, tag_file_path;
-
- /* At least one TCG Tag Inventory attribute is sent */
- attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE;
- attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
-
- enumerator = swid_inventory->create_enumerator(swid_inventory);
- while (enumerator->enumerate(enumerator, &tag))
- {
- tag_file_path = tag->get_tag_file_path(tag);
- encoding = tag->get_encoding(tag);
- entry_size = 2 + tag_file_path.len + 4 + encoding.len;
-
- /* Check for oversize tags that cannot be transported */
- if (PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE +
- entry_size > max_attr_size)
- {
- attr_error = swid_error_create(TCG_SWID_RESPONSE_TOO_LARGE,
- request_id, max_attr_size,
- "oversize SWID tag omitted");
- msg->add_attribute(msg, attr_error);
- continue;
- }
-
- if (attr_size + entry_size > max_attr_size)
- {
- if (first)
- {
- /**
- * Send an ITA Start Angel attribute to the IMV signalling
- * that multiple TGC SWID Tag Inventory attributes follow
- */
- attr_angel = ita_attr_angel_create(TRUE);
- msg->add_attribute(msg, attr_angel);
- first = FALSE;
- }
- msg->add_attribute(msg, attr);
-
- /* create the next TCG SWID Tag Inventory attribute */
- attr_size = PA_TNC_ATTR_HEADER_SIZE +
- TCG_SWID_TAG_INV_MIN_SIZE;
- attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
- }
- swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
- swid_attr->add(swid_attr, tag->get_ref(tag));
- attr_size += entry_size;
- }
- enumerator->destroy(enumerator);
- }
- else
- {
- tcg_swid_attr_tag_id_inv_t *swid_id_attr;
- swid_tag_id_t *tag_id;
- chunk_t tag_creator, unique_sw_id, tag_file_path;
-
- /* At least one TCG Tag ID Inventory attribute is sent */
- attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_ID_INV_MIN_SIZE;
- attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
- swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
-
- enumerator = swid_inventory->create_enumerator(swid_inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
- entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len +
- 2 + tag_file_path.len;
-
- if (attr_size + entry_size > max_attr_size)
- {
- if (first)
- {
- /**
- * Send an ITA Start Angel attribute to the IMV signalling
- * that multiple TGC SWID Tag ID Inventory attributes follow
- */
- attr_angel = ita_attr_angel_create(TRUE);
- msg->add_attribute(msg, attr_angel);
- first = FALSE;
- }
- msg->add_attribute(msg, attr);
-
- /* create the next TCG SWID Tag ID Inventory attribute */
- attr_size = PA_TNC_ATTR_HEADER_SIZE +
- TCG_SWID_TAG_ID_INV_MIN_SIZE;
- attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
- }
- swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
- swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
- attr_size += entry_size;
- }
- enumerator->destroy(enumerator);
- }
- msg->add_attribute(msg, attr);
- swid_inventory->destroy(swid_inventory);
-
- if (!first)
- {
- /**
- * If we sent an ITA Start Angel attribute in the first place,
- * terminate by appending a matching ITA Stop Angel attribute.
- */
- attr_angel = ita_attr_angel_create(FALSE);
- msg->add_attribute(msg, attr_angel);
- }
-
- return TRUE;
-}
-
-static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
-{
- imc_msg_t *out_msg;
- pa_tnc_attr_t *attr;
- enumerator_t *enumerator;
- pen_type_t type;
- TNC_Result result;
- bool fatal_error = FALSE;
-
- /* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- out_msg = imc_msg_create_as_reply(in_msg);
-
- /* analyze PA-TNC attributes */
- enumerator = in_msg->create_attribute_enumerator(in_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- tcg_swid_attr_req_t *attr_req;
- uint8_t flags;
- uint32_t request_id;
- bool full_tags;
- swid_inventory_t *targets;
-
- type = attr->get_type(attr);
-
- if (type.vendor_id != PEN_TCG || type.type != TCG_SWID_REQUEST)
- {
- continue;
- }
-
- attr_req = (tcg_swid_attr_req_t*)attr;
- flags = attr_req->get_flags(attr_req);
- request_id = attr_req->get_request_id(attr_req);
- targets = attr_req->get_targets(attr_req);
-
- if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
- {
- attr = swid_error_create(TCG_SWID_SUBSCRIPTION_DENIED, request_id,
- 0, "no subscription available yet");
- out_msg->add_attribute(out_msg, attr);
- break;
- }
- full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
-
- if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
- {
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (fatal_error)
- {
- result = TNC_RESULT_FATAL;
- }
- else
- {
- result = out_msg->send(out_msg, TRUE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
-
- */
-TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_MessageType msg_type)
-{
- imc_state_t *state;
- imc_msg_t *in_msg;
- TNC_Result result;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imc_msg_create_from_data(imc_swid, state, connection_id, msg_type,
- chunk_create(msg, msg_len));
- result = receive_message(state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
- */
-TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_UInt32 msg_flags,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_VendorID msg_vid,
- TNC_MessageSubtype msg_subtype,
- TNC_UInt32 src_imv_id,
- TNC_UInt32 dst_imc_id)
-{
- imc_state_t *state;
- imc_msg_t *in_msg;
- TNC_Result result;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imc_msg_create_from_long_data(imc_swid, state, connection_id,
- src_imv_id, dst_imc_id,msg_vid, msg_subtype,
- chunk_create(msg, msg_len));
- result =receive_message(state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
-
- libpts_deinit();
-
- imc_swid->destroy(imc_swid);
- imc_swid = NULL;
-
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
- TNC_TNCC_BindFunctionPointer bind_function)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- return imc_swid->bind_functions(imc_swid, bind_function);
-}
diff --git a/src/libpts/plugins/imc_swid/imc_swid_state.c b/src/libpts/plugins/imc_swid/imc_swid_state.c
deleted file mode 100644
index 11f4673..0000000
--- a/src/libpts/plugins/imc_swid/imc_swid_state.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imc_swid_state.h"
-
-#include <tncif_names.h>
-
-#include <utils/debug.h>
-
-typedef struct private_imc_swid_state_t private_imc_swid_state_t;
-
-/**
- * Private data of an imc_swid_state_t object.
- */
-struct private_imc_swid_state_t {
-
- /**
- * Public members of imc_swid_state_t
- */
- imc_swid_state_t public;
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID connection_id;
-
- /**
- * TNCCS connection state
- */
- TNC_ConnectionState state;
-
- /**
- * Assessment/Evaluation Result
- */
- TNC_IMV_Evaluation_Result result;
-
- /**
- * Does the TNCCS connection support long message types?
- */
- bool has_long;
-
- /**
- * Does the TNCCS connection support exclusive delivery?
- */
- bool has_excl;
-
- /**
- * Maximum PA-TNC message size for this TNCCS connection
- */
- u_int32_t max_msg_len;
-
- /**
- * Event ID Epoch
- */
- u_int32_t eid_epoch;
-};
-
-METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
- private_imc_swid_state_t *this)
-{
- return this->connection_id;
-}
-
-METHOD(imc_state_t, has_long, bool,
- private_imc_swid_state_t *this)
-{
- return this->has_long;
-}
-
-METHOD(imc_state_t, has_excl, bool,
- private_imc_swid_state_t *this)
-{
- return this->has_excl;
-}
-
-METHOD(imc_state_t, set_flags, void,
- private_imc_swid_state_t *this, bool has_long, bool has_excl)
-{
- this->has_long = has_long;
- this->has_excl = has_excl;
-}
-
-METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_swid_state_t *this, u_int32_t max_msg_len)
-{
- this->max_msg_len = max_msg_len;
-}
-
-METHOD(imc_state_t, get_max_msg_len, u_int32_t,
- private_imc_swid_state_t *this)
-{
- return this->max_msg_len;
-}
-
-METHOD(imc_state_t, change_state, void,
- private_imc_swid_state_t *this, TNC_ConnectionState new_state)
-{
- this->state = new_state;
-}
-
-METHOD(imc_state_t, set_result, void,
- private_imc_swid_state_t *this, TNC_IMCID id,
- TNC_IMV_Evaluation_Result result)
-{
- this->result = result;
-}
-
-METHOD(imc_state_t, get_result, bool,
- private_imc_swid_state_t *this, TNC_IMCID id,
- TNC_IMV_Evaluation_Result *result)
-{
- if (result)
- {
- *result = this->result;
- }
- return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
-}
-
-METHOD(imc_state_t, destroy, void,
- private_imc_swid_state_t *this)
-{
- free(this);
-}
-
-METHOD(imc_swid_state_t, get_eid_epoch, u_int32_t,
- private_imc_swid_state_t *this)
-{
- return this->eid_epoch;
-}
-
-/**
- * Described in header.
- */
-imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
-{
- private_imc_swid_state_t *this;
- u_int32_t eid_epoch;
- nonce_gen_t *ng;
-
- ng = lib->crypto->create_nonce_gen(lib->crypto);
- if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&eid_epoch))
- {
- DBG1(DBG_TNC, "failed to generate random EID epoch value");
- DESTROY_IF(ng);
- return NULL;
- }
- ng->destroy(ng);
-
- DBG1(DBG_IMC, "creating random EID epoch 0x%08x", eid_epoch);
-
- INIT(this,
- .public = {
- .interface = {
- .get_connection_id = _get_connection_id,
- .has_long = _has_long,
- .has_excl = _has_excl,
- .set_flags = _set_flags,
- .set_max_msg_len = _set_max_msg_len,
- .get_max_msg_len = _get_max_msg_len,
- .change_state = _change_state,
- .set_result = _set_result,
- .get_result = _get_result,
- .destroy = _destroy,
- },
- .get_eid_epoch = _get_eid_epoch,
- },
- .state = TNC_CONNECTION_STATE_CREATE,
- .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
- .connection_id = connection_id,
- .eid_epoch = eid_epoch,
- );
-
-
- return &this->public.interface;
-}
-
-
diff --git a/src/libpts/plugins/imv_attestation/Makefile.am b/src/libpts/plugins/imv_attestation/Makefile.am
deleted file mode 100644
index 8dc74fd..0000000
--- a/src/libpts/plugins/imv_attestation/Makefile.am
+++ /dev/null
@@ -1,36 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts \
- -DPLUGINS=\""${attest_plugins}\""
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imv-attestation.la
-
-imv_attestation_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
-
-imv_attestation_la_SOURCES = imv_attestation.c \
- imv_attestation_state.h imv_attestation_state.c \
- imv_attestation_agent.h imv_attestation_agent.c \
- imv_attestation_process.h imv_attestation_process.c \
- imv_attestation_build.h imv_attestation_build.c
-
-imv_attestation_la_LDFLAGS = -module -avoid-version -no-undefined
-
-ipsec_PROGRAMS = attest
-attest_SOURCES = attest.c \
- attest_usage.h attest_usage.c \
- attest_db.h attest_db.c
-attest_LDADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-attest.o : $(top_builddir)/config.status
-
-EXTRA_DIST = build-database.sh
diff --git a/src/libpts/plugins/imv_attestation/Makefile.in b/src/libpts/plugins/imv_attestation/Makefile.in
deleted file mode 100644
index b0e3787..0000000
--- a/src/libpts/plugins/imv_attestation/Makefile.in
+++ /dev/null
@@ -1,844 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
- at SET_MAKE@
-
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-ipsec_PROGRAMS = attest$(EXEEXT)
-subdir = src/libpts/plugins/imv_attestation
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"
-LTLIBRARIES = $(imcv_LTLIBRARIES)
-imv_attestation_la_DEPENDENCIES = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
-am_imv_attestation_la_OBJECTS = imv_attestation.lo \
- imv_attestation_state.lo imv_attestation_agent.lo \
- imv_attestation_process.lo imv_attestation_build.lo
-imv_attestation_la_OBJECTS = $(am_imv_attestation_la_OBJECTS)
-AM_V_lt = $(am__v_lt_ at AM_V@)
-am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-imv_attestation_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(imv_attestation_la_LDFLAGS) \
- $(LDFLAGS) -o $@
-PROGRAMS = $(ipsec_PROGRAMS)
-am_attest_OBJECTS = attest.$(OBJEXT) attest_usage.$(OBJEXT) \
- attest_db.$(OBJEXT)
-attest_OBJECTS = $(am_attest_OBJECTS)
-attest_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-AM_V_P = $(am__v_P_ at AM_V@)
-am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_ at AM_V@)
-am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_ at AM_V@)
-am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_ at AM_V@)
-am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(imv_attestation_la_SOURCES) $(attest_SOURCES)
-DIST_SOURCES = $(imv_attestation_la_SOURCES) $(attest_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-libdir = @libdir@
-libexecdir = @libexecdir@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts \
- -DPLUGINS=\""${attest_plugins}\""
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imv-attestation.la
-imv_attestation_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libpts/libpts.la
-
-imv_attestation_la_SOURCES = imv_attestation.c \
- imv_attestation_state.h imv_attestation_state.c \
- imv_attestation_agent.h imv_attestation_agent.c \
- imv_attestation_process.h imv_attestation_process.c \
- imv_attestation_build.h imv_attestation_build.c
-
-imv_attestation_la_LDFLAGS = -module -avoid-version -no-undefined
-attest_SOURCES = attest.c \
- attest_usage.h attest_usage.c \
- attest_db.h attest_db.c
-
-attest_LDADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-EXTRA_DIST = build-database.sh
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imv_attestation/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/plugins/imv_attestation/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
- }
-
-uninstall-imcvLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
- done
-
-clean-imcvLTLIBRARIES:
- -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
- @list='$(imcv_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-imv-attestation.la: $(imv_attestation_la_OBJECTS) $(imv_attestation_la_DEPENDENCIES) $(EXTRA_imv_attestation_la_DEPENDENCIES)
- $(AM_V_CCLD)$(imv_attestation_la_LINK) -rpath $(imcvdir) $(imv_attestation_la_OBJECTS) $(imv_attestation_la_LIBADD) $(LIBS)
-install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
- @$(NORMAL_INSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
- fi; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p \
- || test -f $$p1 \
- ; then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' \
- -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-ipsecPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' \
- `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files
-
-clean-ipsecPROGRAMS:
- @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-attest$(EXEEXT): $(attest_OBJECTS) $(attest_DEPENDENCIES) $(EXTRA_attest_DEPENDENCIES)
- @rm -f attest$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(attest_OBJECTS) $(attest_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/attest.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/attest_db.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/attest_usage.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation_agent.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation_build.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation_process.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_attestation_state.Plo at am__quote@
-
-.c.o:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
- at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
-installdirs:
- for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-ipsecPROGRAMS \
- clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-imcvLTLIBRARIES install-ipsecPROGRAMS
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-ipsecPROGRAMS clean-libtool \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-imcvLTLIBRARIES install-info install-info-am \
- install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \
- uninstall-ipsecPROGRAMS
-
-attest.o : $(top_builddir)/config.status
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c
deleted file mode 100644
index 63c0023..0000000
--- a/src/libpts/plugins/imv_attestation/attest.c
+++ /dev/null
@@ -1,487 +0,0 @@
-/*
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-#include <getopt.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <libgen.h>
-#ifdef HAVE_SYSLOG
-# include <syslog.h>
-#endif
-
-#include <library.h>
-#include <utils/debug.h>
-
-#include <imcv.h>
-#include <libpts.h>
-#include <pts/pts_meas_algo.h>
-
-#include "attest_db.h"
-#include "attest_usage.h"
-
-/**
- * global debug output variables
- */
-static int debug_level = 1;
-static bool stderr_quiet = TRUE;
-
-/**
- * attest dbg function
- */
-static void attest_dbg(debug_t group, level_t level, char *fmt, ...)
-{
- va_list args;
-
- if (level <= debug_level)
- {
- if (!stderr_quiet)
- {
- va_start(args, fmt);
- vfprintf(stderr, fmt, args);
- fprintf(stderr, "\n");
- va_end(args);
- }
-
-#ifdef HAVE_SYSLOG
- {
- int priority = LOG_INFO;
- char buffer[8192];
- char *current = buffer, *next;
-
- /* write in memory buffer first */
- va_start(args, fmt);
- vsnprintf(buffer, sizeof(buffer), fmt, args);
- va_end(args);
-
- /* do a syslog with every line */
- while (current)
- {
- next = strchr(current, '\n');
- if (next)
- {
- *(next++) = '\0';
- }
- syslog(priority, "%s\n", current);
- current = next;
- }
- }
-#endif /* HAVE_SYSLOG */
- }
-}
-
-/**
- * global attestation database object
- */
-attest_db_t *attest;
-
-
-/**
- * atexit handler to close db on shutdown
- */
-static void cleanup(void)
-{
- attest->destroy(attest);
- libpts_deinit();
- libimcv_deinit();
-#ifdef HAVE_SYSLOG
- closelog();
-#endif
-}
-
-static void do_args(int argc, char *argv[])
-{
- enum {
- OP_UNDEF,
- OP_USAGE,
- OP_KEYS,
- OP_COMPONENTS,
- OP_DEVICES,
- OP_DIRECTORIES,
- OP_FILES,
- OP_HASHES,
- OP_MEASUREMENTS,
- OP_PACKAGES,
- OP_PRODUCTS,
- OP_SESSIONS,
- OP_ADD,
- OP_DEL,
- } op = OP_UNDEF;
-
- /* reinit getopt state */
- optind = 0;
-
- while (TRUE)
- {
- int c;
-
- struct option long_opts[] = {
- { "help", no_argument, NULL, 'h' },
- { "components", no_argument, NULL, 'c' },
- { "devices", no_argument, NULL, 'e' },
- { "directories", no_argument, NULL, 'd' },
- { "dirs", no_argument, NULL, 'd' },
- { "files", no_argument, NULL, 'f' },
- { "keys", no_argument, NULL, 'k' },
- { "packages", no_argument, NULL, 'g' },
- { "products", no_argument, NULL, 'p' },
- { "hashes", no_argument, NULL, 'H' },
- { "measurements", no_argument, NULL, 'm' },
- { "sessions", no_argument, NULL, 's' },
- { "add", no_argument, NULL, 'a' },
- { "delete", no_argument, NULL, 'r' },
- { "del", no_argument, NULL, 'r' },
- { "remove", no_argument, NULL, 'r' },
- { "aik", required_argument, NULL, 'A' },
- { "blacklist", no_argument, NULL, 'B' },
- { "component", required_argument, NULL, 'C' },
- { "comp", required_argument, NULL, 'C' },
- { "directory", required_argument, NULL, 'D' },
- { "dir", required_argument, NULL, 'D' },
- { "file", required_argument, NULL, 'F' },
- { "package", required_argument, NULL, 'G' },
- { "key", required_argument, NULL, 'K' },
- { "measdir", required_argument, NULL, 'M' },
- { "owner", required_argument, NULL, 'O' },
- { "product", required_argument, NULL, 'P' },
- { "relative", no_argument, NULL, 'R' },
- { "rel", no_argument, NULL, 'R' },
- { "sequence", required_argument, NULL, 'S' },
- { "seq", required_argument, NULL, 'S' },
- { "utc", no_argument, NULL, 'U' },
- { "version", required_argument, NULL, 'V' },
- { "security", no_argument, NULL, 'Y' },
- { "sha1", no_argument, NULL, '1' },
- { "sha256", no_argument, NULL, '2' },
- { "sha384", no_argument, NULL, '3' },
- { "did", required_argument, NULL, '4' },
- { "fid", required_argument, NULL, '5' },
- { "pid", required_argument, NULL, '6' },
- { "cid", required_argument, NULL, '7' },
- { "kid", required_argument, NULL, '8' },
- { "gid", required_argument, NULL, '9' },
- { 0,0,0,0 }
- };
-
- c = getopt_long(argc, argv, "", long_opts, NULL);
- switch (c)
- {
- case EOF:
- break;
- case 'h':
- op = OP_USAGE;
- break;
- case 'c':
- op = OP_COMPONENTS;
- continue;
- case 'd':
- op = OP_DIRECTORIES;
- continue;
- case 'e':
- op = OP_DEVICES;
- continue;
- case 'f':
- op = OP_FILES;
- continue;
- case 'g':
- op = OP_PACKAGES;
- continue;
- case 'k':
- op = OP_KEYS;
- continue;
- case 'p':
- op = OP_PRODUCTS;
- continue;
- case 'H':
- op = OP_HASHES;
- continue;
- case 'm':
- op = OP_MEASUREMENTS;
- continue;
- case 's':
- op = OP_SESSIONS;
- continue;
- case 'a':
- op = OP_ADD;
- continue;
- case 'r':
- op = OP_DEL;
- continue;
- case 'A':
- {
- certificate_t *aik_cert;
- public_key_t *aik_key;
- chunk_t aik;
-
- aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
- CERT_X509, BUILD_FROM_FILE, optarg, BUILD_END);
- if (!aik_cert)
- {
- printf("AIK certificate '%s' could not be loaded\n", optarg);
- exit(EXIT_FAILURE);
- }
- aik_key = aik_cert->get_public_key(aik_cert);
- aik_cert->destroy(aik_cert);
-
- if (!aik_key)
- {
- printf("AIK public key could not be retrieved\n");
- exit(EXIT_FAILURE);
- }
- if (!aik_key->get_fingerprint(aik_key, KEYID_PUBKEY_INFO_SHA1,
- &aik))
- {
- printf("AIK fingerprint could not be computed\n");
- aik_key->destroy(aik_key);
- exit(EXIT_FAILURE);
- }
- aik = chunk_clone(aik);
- aik_key->destroy(aik_key);
-
- if (!attest->set_key(attest, aik, op == OP_ADD))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- }
- case 'B':
- attest->set_package_state(attest, OS_PACKAGE_STATE_BLACKLIST);
- continue;
- case 'C':
- if (!attest->set_component(attest, optarg, op == OP_ADD))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case 'D':
- if (!attest->set_directory(attest, optarg, op == OP_ADD))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case 'F':
- {
- char *dir = path_dirname(optarg);
- char *file = path_basename(optarg);
-
- if (*dir != '.')
- {
- if (!attest->set_directory(attest, dir, op == OP_ADD))
- {
- free(file);
- free(dir);
- exit(EXIT_FAILURE);
- }
- }
- free(dir);
-
- if (!attest->set_file(attest, file, op == OP_ADD))
- {
- free(file);
- exit(EXIT_FAILURE);
- }
- free(file);
- continue;
- }
- case 'G':
- if (!attest->set_package(attest, optarg, op == OP_ADD))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case 'K':
- {
- chunk_t aik;
-
- aik = chunk_from_hex(chunk_create(optarg, strlen(optarg)), NULL);
- if (!attest->set_key(attest, aik, op == OP_ADD))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- }
- case 'M':
- if (!attest->set_meas_directory(attest, optarg))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case 'O':
- attest->set_owner(attest, optarg);
- continue;
- case 'P':
- if (!attest->set_product(attest, optarg, op == OP_ADD))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case 'R':
- attest->set_relative(attest);
- continue;
- case 'S':
- attest->set_sequence(attest, atoi(optarg));
- continue;
- case 'U':
- attest->set_utc(attest);
- continue;
- case 'V':
- if (!attest->set_version(attest, optarg))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case 'Y':
- attest->set_package_state(attest, OS_PACKAGE_STATE_SECURITY);
- continue;
- case '1':
- attest->set_algo(attest, PTS_MEAS_ALGO_SHA1);
- continue;
- case '2':
- attest->set_algo(attest, PTS_MEAS_ALGO_SHA256);
- continue;
- case '3':
- attest->set_algo(attest, PTS_MEAS_ALGO_SHA384);
- continue;
- case '4':
- if (!attest->set_did(attest, atoi(optarg)))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case '5':
- if (!attest->set_fid(attest, atoi(optarg)))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case '6':
- if (!attest->set_pid(attest, atoi(optarg)))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case '7':
- if (!attest->set_cid(attest, atoi(optarg)))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case '8':
- if (!attest->set_kid(attest, atoi(optarg)))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- case '9':
- if (!attest->set_gid(attest, atoi(optarg)))
- {
- exit(EXIT_FAILURE);
- }
- continue;
- }
- break;
- }
-
- switch (op)
- {
- case OP_USAGE:
- usage();
- break;
- case OP_PACKAGES:
- attest->list_packages(attest);
- break;
- case OP_PRODUCTS:
- attest->list_products(attest);
- break;
- case OP_KEYS:
- attest->list_keys(attest);
- break;
- case OP_COMPONENTS:
- attest->list_components(attest);
- break;
- case OP_DEVICES:
- attest->list_devices(attest);
- break;
- case OP_DIRECTORIES:
- attest->list_directories(attest);
- break;
- case OP_FILES:
- attest->list_files(attest);
- break;
- case OP_HASHES:
- attest->list_hashes(attest);
- break;
- case OP_MEASUREMENTS:
- attest->list_measurements(attest);
- break;
- case OP_SESSIONS:
- attest->list_sessions(attest);
- break;
- case OP_ADD:
- attest->add(attest);
- break;
- case OP_DEL:
- attest->delete(attest);
- break;
- default:
- usage();
- exit(EXIT_FAILURE);
- }
-}
-
-int main(int argc, char *argv[])
-{
- char *uri;
-
- /* enable attest debugging hook */
- dbg = attest_dbg;
-#ifdef HAVE_SYSLOG
- openlog("attest", 0, LOG_DEBUG);
-#endif
-
- atexit(library_deinit);
-
- /* initialize library */
- if (!library_init(NULL, "attest"))
- {
- exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
- }
- if (!lib->plugins->load(lib->plugins,
- lib->settings->get_str(lib->settings, "attest.load", PLUGINS)))
- {
- exit(SS_RC_INITIALIZATION_FAILED);
- }
-
- uri = lib->settings->get_str(lib->settings, "attest.database", NULL);
- if (!uri)
- {
- fprintf(stderr, "database URI attest.database not set.\n");
- exit(SS_RC_INITIALIZATION_FAILED);
- }
- attest = attest_db_create(uri);
- if (!attest)
- {
- exit(SS_RC_INITIALIZATION_FAILED);
- }
- atexit(cleanup);
- libimcv_init(FALSE);
- libpts_init();
-
- do_args(argc, argv);
-
- exit(EXIT_SUCCESS);
-}
diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c
deleted file mode 100644
index d7f45ad..0000000
--- a/src/libpts/plugins/imv_attestation/attest_db.c
+++ /dev/null
@@ -1,1994 +0,0 @@
-/*
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <libgen.h>
-#include <time.h>
-
-#include <tncif_names.h>
-
-#include "attest_db.h"
-
-#include "libpts.h"
-#include "pts/pts_meas_algo.h"
-#include "pts/pts_file_meas.h"
-#include "pts/components/pts_comp_func_name.h"
-
-#define IMA_MAX_NAME_LEN 255
-#define DEVICE_MAX_LEN 20
-
-typedef struct private_attest_db_t private_attest_db_t;
-
-/**
- * Private data of an attest_db_t object.
- */
-struct private_attest_db_t {
-
- /**
- * Public members of attest_db_state_t
- */
- attest_db_t public;
-
- /**
- * Component Functional Name to be queried
- */
- pts_comp_func_name_t *cfn;
-
- /**
- * Primary key of the Component Functional Name to be queried
- */
- int cid;
-
- /**
- * TRUE if Component Functional Name has been set
- */
- bool comp_set;
-
- /**
- * Directory containing the Measurement file to be queried
- */
- char *dir;
-
- /**
- * Primary key of the directory to be queried
- */
- int did;
-
- /**
- * Measurement file to be queried
- */
- char *file;
-
- /**
- * Primary key of measurement file to be queried
- */
- int fid;
-
- /**
- * Directory where file measurement are to be taken
- */
- char *meas_dir;
-
- /**
- * AIK to be queried
- */
- chunk_t key;
-
- /**
- * Primary key of the AIK to be queried
- */
- int kid;
-
- /**
- * TRUE if AIK has been set
- */
- bool key_set;
-
- /**
- * Software package to be queried
- */
- char *package;
-
- /**
- * Primary key of software package to be queried
- */
- int gid;
-
- /**
- * TRUE if package has been set
- */
- bool package_set;
-
- /**
- * Software product to be queried
- */
- char *product;
-
- /**
- * Primary key of software product to be queried
- */
- int pid;
-
- /**
- * TRUE if product has been set
- */
- bool product_set;
-
- /**
- * Software package version to be queried
- */
- char *version;
-
- /**
- * TRUE if version has been set
- */
- bool version_set;
-
- /**
- * TRUE if relative filenames are to be used
- */
- bool relative;
-
- /**
- * TRUE if dates are to be displayed in UTC
- */
- bool utc;
-
- /**
- * Package security or blacklist state
- */
- os_package_state_t package_state;
-
- /**
- * Sequence number for ordering entries
- */
- int seq_no;
-
- /**
- * File measurement hash algorithm
- */
- pts_meas_algorithms_t algo;
-
- /**
- * Optional owner (user/host name)
- */
- char *owner;
-
- /**
- * Attestation database
- */
- database_t *db;
-
-};
-
-char* print_cfn(pts_comp_func_name_t *cfn)
-{
- static char buf[BUF_LEN];
- char flags[8];
- int type, vid, name, qualifier, n;
- enum_name_t *names, *types;
-
- vid = cfn->get_vendor_id(cfn),
- name = cfn->get_name(cfn);
- qualifier = cfn->get_qualifier(cfn);
- n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier);
-
- names = pts_components->get_comp_func_names(pts_components, vid);
- types = pts_components->get_qualifier_type_names(pts_components, vid);
- type = pts_components->get_qualifier(pts_components, cfn, flags);
- if (names && types)
- {
- n = snprintf(buf + n, BUF_LEN - n, " %N/%N [%s] %N",
- pen_names, vid, names, name, flags, types, type);
- }
- return buf;
-}
-
-/**
- * Get the directory separator to append to a path
- */
-static const char* get_separator(const char *path)
-{
- if (streq(path, DIRECTORY_SEPARATOR))
- { /* root directory on Unix file system, no separator */
- return "";
- }
- else
- { /* non-root or Windows path, use system specific separator */
- return DIRECTORY_SEPARATOR;
- }
-}
-
-METHOD(attest_db_t, set_component, bool,
- private_attest_db_t *this, char *comp, bool create)
-{
- enumerator_t *e;
- char *pos1, *pos2;
- int vid, name, qualifier;
- pts_comp_func_name_t *cfn;
-
- if (this->comp_set)
- {
- printf("component has already been set\n");
- return FALSE;
- }
-
- /* parse component string */
- pos1 = strchr(comp, '/');
- pos2 = strchr(comp, '-');
- if (!pos1 || !pos2)
- {
- printf("component string must have the form \"vendor_id/name-qualifier\"\n");
- return FALSE;
- }
- vid = atoi(comp);
- name = atoi(pos1 + 1);
- qualifier = atoi(pos2 + 1);
- cfn = pts_comp_func_name_create(vid, name, qualifier);
-
- e = this->db->query(this->db,
- "SELECT id FROM components "
- "WHERE vendor_id = ? AND name = ? AND qualifier = ?",
- DB_UINT, vid, DB_INT, name, DB_INT, qualifier, DB_INT);
- if (e)
- {
- if (e->enumerate(e, &this->cid))
- {
- this->comp_set = TRUE;
- this->cfn = cfn;
- }
- e->destroy(e);
- }
- if (this->comp_set)
- {
- return TRUE;
- }
-
- if (!create)
- {
- printf("component '%s' not found in database\n", print_cfn(cfn));
- cfn->destroy(cfn);
- return FALSE;
- }
-
- /* Add a new database entry */
- this->comp_set = this->db->execute(this->db, &this->cid,
- "INSERT INTO components (vendor_id, name, qualifier) "
- "VALUES (?, ?, ?)",
- DB_INT, vid, DB_INT, name, DB_INT, qualifier) == 1;
-
- printf("component '%s' %sinserted into database\n", print_cfn(cfn),
- this->comp_set ? "" : "could not be ");
- if (this->comp_set)
- {
- this->cfn = cfn;
- }
- else
- {
- cfn->destroy(cfn);
- }
- return this->comp_set;
-}
-
-METHOD(attest_db_t, set_cid, bool,
- private_attest_db_t *this, int cid)
-{
- enumerator_t *e;
- int vid, name, qualifier;
-
- if (this->comp_set)
- {
- printf("component has already been set\n");
- return FALSE;
- }
- this->cid = cid;
-
- e = this->db->query(this->db, "SELECT vendor_id, name, qualifier "
- "FROM components WHERE id = ?",
- DB_UINT, cid, DB_INT, DB_INT, DB_INT);
- if (e)
- {
- if (e->enumerate(e, &vid, &name, &qualifier))
- {
- this->cfn = pts_comp_func_name_create(vid, name, qualifier);
- this->comp_set = TRUE;
- }
- else
- {
- printf("no component found with cid %d\n", cid);
- }
- e->destroy(e);
- }
- return this->comp_set;
-}
-
-METHOD(attest_db_t, set_directory, bool,
- private_attest_db_t *this, char *dir, bool create)
-{
- enumerator_t *e;
- int did;
- size_t len;
-
- if (this->did)
- {
- printf("directory has already been set\n");
- return FALSE;
- }
-
- /* remove trailing '/' or '\' character if not root directory */
- len = strlen(dir);
- if (len > 1 && dir[len-1] == DIRECTORY_SEPARATOR[0])
- {
- dir[len-1] = '\0';
- }
- this->dir = strdup(dir);
-
- e = this->db->query(this->db,
- "SELECT id FROM directories WHERE path = ?",
- DB_TEXT, dir, DB_INT);
- if (e)
- {
- if (e->enumerate(e, &did))
- {
- this->did = did;
- }
- e->destroy(e);
- }
- if (this->did)
- {
- return TRUE;
- }
-
- if (!create)
- {
- printf("directory '%s' not found in database\n", dir);
- return FALSE;
- }
-
- /* Add a new database entry */
- if (1 == this->db->execute(this->db, &did,
- "INSERT INTO directories (path) VALUES (?)", DB_TEXT, dir))
- {
- this->did = did;
- }
- printf("directory '%s' %sinserted into database\n", dir,
- this->did ? "" : "could not be ");
-
- return this->did > 0;
-}
-
-METHOD(attest_db_t, set_did, bool,
- private_attest_db_t *this, int did)
-{
- enumerator_t *e;
- char *dir;
-
- if (this->did)
- {
- printf("directory has already been set\n");
- return FALSE;
- }
-
- e = this->db->query(this->db, "SELECT path FROM directories WHERE id = ?",
- DB_UINT, did, DB_TEXT);
- if (e)
- {
- if (e->enumerate(e, &dir))
- {
- this->dir = strdup(dir);
- this->did = did;
- }
- else
- {
- printf("no directory found with did %d\n", did);
- }
- e->destroy(e);
- }
- return this->did > 0;
-}
-
-METHOD(attest_db_t, set_file, bool,
- private_attest_db_t *this, char *file, bool create)
-{
- int fid;
- enumerator_t *e;
-
- if (this->file)
- {
- printf("file has already been set\n");
- return FALSE;
- }
- this->file = strdup(file);
-
- if (!this->did)
- {
- return TRUE;
- }
- e = this->db->query(this->db, "SELECT id FROM files "
- "WHERE dir = ? AND name = ?",
- DB_INT, this->did, DB_TEXT, file, DB_INT);
- if (e)
- {
- if (e->enumerate(e, &fid))
- {
- this->fid = fid;
- }
- e->destroy(e);
- }
- if (this->fid)
- {
- return TRUE;
- }
-
- if (!create)
- {
- printf("file '%s%s%s' not found in database\n",
- this->dir, get_separator(this->dir), file);
- return FALSE;
- }
-
- /* Add a new database entry */
- if (1 == this->db->execute(this->db, &fid,
- "INSERT INTO files (dir, name) VALUES (?, ?)",
- DB_INT, this->did, DB_TEXT, file))
- {
- this->fid = fid;
- }
- printf("file '%s%s%s' %sinserted into database\n", this->dir,
- get_separator(this->dir), file, this->fid ? "" : "could not be ");
-
- return this->fid > 0;
-}
-
-METHOD(attest_db_t, set_fid, bool,
- private_attest_db_t *this, int fid)
-{
- enumerator_t *e;
- int did;
- char *file;
-
- if (this->fid)
- {
- printf("file has already been set\n");
- return FALSE;
- }
-
- e = this->db->query(this->db, "SELECT dir, name FROM files WHERE id = ?",
- DB_UINT, fid, DB_INT, DB_TEXT);
- if (e)
- {
- if (e->enumerate(e, &did, &file))
- {
- if (did)
- {
- set_did(this, did);
- }
- this->file = strdup(file);
- this->fid = fid;
- }
- else
- {
- printf("no file found with fid %d\n", fid);
- }
- e->destroy(e);
- }
- return this->fid > 0;
-}
-
-METHOD(attest_db_t, set_meas_directory, bool,
- private_attest_db_t *this, char *dir)
-{
- size_t len;
-
- /* remove trailing '/' character if not root directory */
- len = strlen(dir);
- if (len > 1 && dir[len-1] == '/')
- {
- dir[len-1] = '\0';
- }
- this->meas_dir = strdup(dir);
-
- return TRUE;
-}
-
-METHOD(attest_db_t, set_key, bool,
- private_attest_db_t *this, chunk_t key, bool create)
-{
- enumerator_t *e;
- char *owner;
-
- if (this->key_set)
- {
- printf("key has already been set\n");
- return FALSE;
- }
- this->key = key;
-
- e = this->db->query(this->db, "SELECT id, owner FROM keys WHERE keyid= ?",
- DB_BLOB, this->key, DB_INT, DB_TEXT);
- if (e)
- {
- if (e->enumerate(e, &this->kid, &owner))
- {
- free(this->owner);
- this->owner = strdup(owner);
- this->key_set = TRUE;
- }
- e->destroy(e);
- }
- if (this->key_set)
- {
- return TRUE;
- }
-
- if (!create)
- {
- printf("key '%#B' not found in database\n", &this->key);
- return FALSE;
- }
-
- /* Add a new database entry */
- if (!this->owner)
- {
- this->owner = strdup("");
- }
- this->key_set = this->db->execute(this->db, &this->kid,
- "INSERT INTO keys (keyid, owner) VALUES (?, ?)",
- DB_BLOB, this->key, DB_TEXT, this->owner) == 1;
-
- printf("key '%#B' %sinserted into database\n", &this->key,
- this->key_set ? "" : "could not be ");
-
- return this->key_set;
-
-};
-
-METHOD(attest_db_t, set_kid, bool,
- private_attest_db_t *this, int kid)
-{
- enumerator_t *e;
- chunk_t key;
- char *owner;
-
- if (this->key_set)
- {
- printf("key has already been set\n");
- return FALSE;
- }
- this->kid = kid;
-
- e = this->db->query(this->db, "SELECT keyid, owner FROM keys WHERE id = ?",
- DB_UINT, kid, DB_BLOB, DB_TEXT);
- if (e)
- {
- if (e->enumerate(e, &key, &owner))
- {
- this->owner = strdup(owner);
- this->key = chunk_clone(key);
- this->key_set = TRUE;
- }
- else
- {
- printf("no key found with kid %d\n", kid);
- }
- e->destroy(e);
- }
- return this->key_set;
-
-};
-
-METHOD(attest_db_t, set_product, bool,
- private_attest_db_t *this, char *product, bool create)
-{
- enumerator_t *e;
-
- if (this->product_set)
- {
- printf("product has already been set\n");
- return FALSE;
- }
- this->product = strdup(product);
-
- e = this->db->query(this->db, "SELECT id FROM products WHERE name = ?",
- DB_TEXT, product, DB_INT);
- if (e)
- {
- if (e->enumerate(e, &this->pid))
- {
- this->product_set = TRUE;
- }
- e->destroy(e);
- }
- if (this->product_set)
- {
- return TRUE;
- }
-
- if (!create)
- {
- printf("product '%s' not found in database\n", product);
- return FALSE;
- }
-
- /* Add a new database entry */
- this->product_set = this->db->execute(this->db, &this->pid,
- "INSERT INTO products (name) VALUES (?)",
- DB_TEXT, product) == 1;
-
- printf("product '%s' %sinserted into database\n", product,
- this->product_set ? "" : "could not be ");
-
- return this->product_set;
-}
-
-METHOD(attest_db_t, set_pid, bool,
- private_attest_db_t *this, int pid)
-{
- enumerator_t *e;
- char *product;
-
- if (this->product_set)
- {
- printf("product has already been set\n");
- return FALSE;
- }
- this->pid = pid;
-
- e = this->db->query(this->db, "SELECT name FROM products WHERE id = ?",
- DB_UINT, pid, DB_TEXT);
- if (e)
- {
- if (e->enumerate(e, &product))
- {
- this->product = strdup(product);
- this->product_set = TRUE;
- }
- else
- {
- printf("no product found with pid %d in database\n", pid);
- }
- e->destroy(e);
- }
- return this->product_set;
-}
-
-METHOD(attest_db_t, set_package, bool,
- private_attest_db_t *this, char *package, bool create)
-{
- enumerator_t *e;
-
- if (this->package_set)
- {
- printf("package has already been set\n");
- return FALSE;
- }
- this->package = strdup(package);
-
- e = this->db->query(this->db, "SELECT id FROM packages WHERE name = ?",
- DB_TEXT, package, DB_INT);
- if (e)
- {
- if (e->enumerate(e, &this->gid))
- {
- this->package_set = TRUE;
- }
- e->destroy(e);
- }
- if (this->package_set)
- {
- return TRUE;
- }
-
- if (!create)
- {
- printf("package '%s' not found in database\n", package);
- return FALSE;
- }
-
- /* Add a new database entry */
- this->package_set = this->db->execute(this->db, &this->gid,
- "INSERT INTO packages (name) VALUES (?)",
- DB_TEXT, package) == 1;
-
- printf("package '%s' %sinserted into database\n", package,
- this->package_set ? "" : "could not be ");
-
- return this->package_set;
-}
-
-METHOD(attest_db_t, set_gid, bool,
- private_attest_db_t *this, int gid)
-{
- enumerator_t *e;
- char *package;
-
- if (this->package_set)
- {
- printf("package has already been set\n");
- return FALSE;
- }
- this->gid = gid;
-
- e = this->db->query(this->db, "SELECT name FROM packages WHERE id = ?",
- DB_UINT, gid, DB_TEXT);
- if (e)
- {
- if (e->enumerate(e, &package))
- {
- this->package = strdup(package);
- this->package_set = TRUE;
- }
- else
- {
- printf("no package found with gid %d in database\n", gid);
- }
- e->destroy(e);
- }
- return this->package_set;
-}
-
-METHOD(attest_db_t, set_version, bool,
- private_attest_db_t *this, char *version)
-{
- if (this->version_set)
- {
- printf("version has already been set\n");
- return FALSE;
- }
- this->version = strdup(version);
- this->version_set = TRUE;
-
- return TRUE;
-}
-
-
-METHOD(attest_db_t, set_algo, void,
- private_attest_db_t *this, pts_meas_algorithms_t algo)
-{
- this->algo = algo;
-}
-
-METHOD(attest_db_t, set_relative, void,
- private_attest_db_t *this)
-{
- this->relative = TRUE;
-}
-
-METHOD(attest_db_t, set_package_state, void,
- private_attest_db_t *this, os_package_state_t package_state)
-{
- this->package_state = package_state;
-}
-
-METHOD(attest_db_t, set_sequence, void,
- private_attest_db_t *this, int seq_no)
-{
- this->seq_no = seq_no;
-}
-
-METHOD(attest_db_t, set_owner, void,
- private_attest_db_t *this, char *owner)
-{
- free(this->owner);
- this->owner = strdup(owner);
-}
-
-METHOD(attest_db_t, set_utc, void,
- private_attest_db_t *this)
-{
- this->utc = TRUE;
-}
-
-METHOD(attest_db_t, list_components, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- pts_comp_func_name_t *cfn;
- int seq_no, cid, vid, name, qualifier, count = 0;
-
- if (this->kid)
- {
- e = this->db->query(this->db,
- "SELECT kc.seq_no, c.id, c.vendor_id, c.name, c.qualifier "
- "FROM components AS c "
- "JOIN key_component AS kc ON c.id = kc.component "
- "WHERE kc.key = ? ORDER BY kc.seq_no",
- DB_UINT, this->kid, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT);
- if (e)
- {
- while (e->enumerate(e, &cid, &seq_no, &vid, &name, &qualifier))
- {
- cfn = pts_comp_func_name_create(vid, name, qualifier);
- printf("%4d: #%-2d %s\n", seq_no, cid, print_cfn(cfn));
- cfn->destroy(cfn);
- count++;
- }
- e->destroy(e);
- printf("%d component%s found for key %#B\n", count,
- (count == 1) ? "" : "s", &this->key);
- }
- }
- else
- {
- e = this->db->query(this->db,
- "SELECT id, vendor_id, name, qualifier FROM components "
- "ORDER BY vendor_id, name, qualifier",
- DB_INT, DB_INT, DB_INT, DB_INT);
- if (e)
- {
- while (e->enumerate(e, &cid, &vid, &name, &qualifier))
- {
- cfn = pts_comp_func_name_create(vid, name, qualifier);
- printf("%4d: %s\n", cid, print_cfn(cfn));
- cfn->destroy(cfn);
- count++;
- }
- e->destroy(e);
- printf("%d component%s found\n", count, (count == 1) ? "" : "s");
- }
- }
-}
-
-METHOD(attest_db_t, list_devices, void,
- private_attest_db_t *this)
-{
- enumerator_t *e, *e_ar;
- chunk_t ar_id_value = chunk_empty;
- char *product, *device;
- time_t timestamp;
- int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0;
- int session_id, rec;
- u_int32_t ar_id_type;
- u_int tstamp;
-
- e = this->db->query(this->db,
- "SELECT d.id, d.value, s.id, s.time, s.identity, s.rec, p.name "
- "FROM devices AS d "
- "JOIN sessions AS s ON d.id = s.device "
- "JOIN products AS p ON p.id = s.product "
- "ORDER BY d.value, s.time DESC", DB_INT, DB_TEXT, DB_INT, DB_UINT,
- DB_INT, DB_INT, DB_TEXT);
-
- if (e)
- {
- while (e->enumerate(e, &id, &device, &session_id, &tstamp, &ar_id, &rec,
- &product))
- {
- if (id != last_id)
- {
- printf("%4d: %s - %s\n", id, device, product);
- device_count++;
- last_id = id;
- }
- timestamp = tstamp;
- printf("%4d: %T", session_id, ×tamp, this->utc);
- if (ar_id)
- {
- if (ar_id != last_ar_id)
- {
- chunk_free(&ar_id_value);
- e_ar = this->db->query(this->db,
- "SELECT type, value FROM identities "
- "WHERE id = ?", DB_INT, ar_id, DB_INT, DB_BLOB);
- if (e_ar)
- {
- e_ar->enumerate(e_ar, &ar_id_type, &ar_id_value);
- ar_id_value = chunk_clone(ar_id_value);
- e_ar->destroy(e_ar);
- }
- }
- if (ar_id_value.len)
- {
- printf(" %.*s", (int)ar_id_value.len, ar_id_value.ptr);
- }
- last_ar_id = ar_id;
- }
- printf(" - %N\n", TNC_IMV_Action_Recommendation_names, rec);
- }
- e->destroy(e);
- free(ar_id_value.ptr);
-
- printf("%d device%s found\n", device_count,
- (device_count == 1) ? "" : "s");
- }
-}
-
-METHOD(attest_db_t, list_keys, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- chunk_t keyid;
- char *owner;
- int kid, count = 0;
-
- if (this->cid)
- {
- e = this->db->query(this->db,
- "SELECT k.id, k.keyid, k.owner FROM keys AS k "
- "JOIN key_component AS kc ON k.id = kc.key "
- "WHERE kc.component = ? ORDER BY k.keyid",
- DB_UINT, this->cid, DB_INT, DB_BLOB, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &kid, &keyid, &owner))
- {
- printf("%4d: %#B '%s'\n", kid, &keyid, owner);
- count++;
- }
- e->destroy(e);
- }
- }
- else
- {
- e = this->db->query(this->db, "SELECT id, keyid, owner FROM keys "
- "ORDER BY keyid",
- DB_INT, DB_BLOB, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &kid, &keyid, &owner))
- {
- printf("%4d: %#B '%s'\n", kid, &keyid, owner);
- count++;
- }
- e->destroy(e);
- }
- }
-
- printf("%d key%s found", count, (count == 1) ? "" : "s");
- if (this->comp_set)
- {
- printf(" for component '%s'", print_cfn(this->cfn));
- }
- printf("\n");
-}
-
-METHOD(attest_db_t, list_files, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- char *dir, *file;
- int did, last_did = 0, fid, count = 0;
-
- if (this->did)
- {
- e = this->db->query(this->db,
- "SELECT id, name FROM files WHERE dir = ? ORDER BY name",
- DB_INT, this->did, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &fid, &file))
- {
- printf("%4d: %s\n", fid, file);
- count++;
- }
- e->destroy(e);
- }
- printf("%d file%s found in directory '%s'\n", count,
- (count == 1) ? "" : "s", this->dir);
- }
- else
- {
- e = this->db->query(this->db,
- "SELECT d.id, d.path, f.id, f.name FROM files AS f "
- "JOIN directories AS d ON f.dir = d.id "
- "ORDER BY d.path, f.name",
- DB_INT, DB_TEXT, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &did, &dir, &fid, &file))
- {
- if (did != last_did)
- {
- printf("%4d: %s\n", did, dir);
- last_did = did;
- }
- printf("%4d: %s\n", fid, file);
- count++;
- }
- e->destroy(e);
- }
- printf("%d file%s found\n", count, (count == 1) ? "" : "s");
- }
-}
-
-METHOD(attest_db_t, list_directories, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- char *dir;
- int did, count = 0;
-
- if (this->file)
- {
- e = this->db->query(this->db,
- "SELECT d.id, d.path FROM directories AS d "
- "JOIN files AS f ON f.dir = d.id WHERE f.name = ? "
- "ORDER BY path", DB_TEXT, this->file, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &did, &dir))
- {
- printf("%4d: %s\n", did, dir);
- count++;
- }
- e->destroy(e);
- }
- printf("%d director%s found containing file '%s'\n", count,
- (count == 1) ? "y" : "ies", this->file);
- }
- else
- {
- e = this->db->query(this->db,
- "SELECT id, path FROM directories ORDER BY path",
- DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &did, &dir))
- {
- printf("%4d: %s\n", did, dir);
- count++;
- }
- e->destroy(e);
- }
- printf("%d director%s found\n", count, (count == 1) ? "y" : "ies");
- }
-}
-
-METHOD(attest_db_t, list_packages, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- char *package, *version;
- os_package_state_t package_state;
- int blacklist, security, gid, gid_old = 0, spaces, count = 0, t;
- time_t timestamp;
-
- if (this->pid)
- {
- e = this->db->query(this->db,
- "SELECT p.id, p.name, "
- "v.release, v.security, v.blacklist, v.time "
- "FROM packages AS p JOIN versions AS v ON v.package = p.id "
- "WHERE v.product = ? ORDER BY p.name, v.release",
- DB_INT, this->pid,
- DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT, DB_INT);
- if (e)
- {
- while (e->enumerate(e, &gid, &package,
- &version, &security, &blacklist, &t))
- {
- if (gid != gid_old)
- {
- printf("%5d: %s,", gid, package);
- gid_old = gid;
- }
- else
- {
- spaces = 8 + strlen(package);
- while (spaces--)
- {
- printf(" ");
- }
- }
- timestamp = t;
- if (blacklist)
- {
- package_state = OS_PACKAGE_STATE_BLACKLIST;
- }
- else
- {
- package_state = security ? OS_PACKAGE_STATE_SECURITY :
- OS_PACKAGE_STATE_UPDATE;
- }
- printf(" %T (%s)%N\n", ×tamp, this->utc, version,
- os_package_state_names, package_state);
- count++;
- }
- e->destroy(e);
- }
- }
- else
- {
- e = this->db->query(this->db, "SELECT id, name FROM packages "
- "ORDER BY name",
- DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &gid, &package))
- {
- printf("%4d: %s\n", gid, package);
- count++;
- }
- e->destroy(e);
- }
- }
-
- printf("%d package%s found", count, (count == 1) ? "" : "s");
- if (this->product_set)
- {
- printf(" for product '%s'", this->product);
- }
- printf("\n");
-}
-
-METHOD(attest_db_t, list_products, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- char *product;
- int pid, meas, meta, count = 0;
-
- if (this->fid)
- {
- e = this->db->query(this->db,
- "SELECT p.id, p.name, pf.measurement, pf.metadata "
- "FROM products AS p "
- "JOIN product_file AS pf ON p.id = pf.product "
- "WHERE pf.file = ? ORDER BY p.name",
- DB_UINT, this->fid, DB_INT, DB_TEXT, DB_INT, DB_INT);
- if (e)
- {
- while (e->enumerate(e, &pid, &product, &meas, &meta))
- {
- printf("%4d: |%s%s| %s\n", pid, meas ? "M":" ", meta ? "T":" ",
- product);
- count++;
- }
- e->destroy(e);
- }
- }
- else
- {
- e = this->db->query(this->db, "SELECT id, name FROM products "
- "ORDER BY name",
- DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &pid, &product))
- {
- printf("%4d: %s\n", pid, product);
- count++;
- }
- e->destroy(e);
- }
- }
-
- printf("%d product%s found", count, (count == 1) ? "" : "s");
- if (this->fid)
- {
- printf(" for file '%s'", this->file);
- }
- printf("\n");
-}
-
-METHOD(attest_db_t, list_hashes, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- chunk_t hash;
- char *file, *dir, *product;
- int id, fid, fid_old = 0, did, did_old = 0, pid, pid_old = 0, count = 0;
-
- if (this->pid && this->fid && this->did)
- {
- printf("%4d: %s\n", this->did, this->dir);
- printf("%4d: %s\n", this->fid, this->file);
- e = this->db->query(this->db,
- "SELECT id, hash FROM file_hashes "
- "WHERE algo = ? AND file = ? AND product = ?",
- DB_INT, this->algo, DB_INT, this->fid, DB_INT, this->pid,
- DB_INT, DB_BLOB);
- if (e)
- {
- while (e->enumerate(e, &id, &hash))
- {
- printf("%4d: %#B\n", id, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for product '%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", this->product);
- }
- }
- else if (this->pid && this->file)
- {
- e = this->db->query(this->db,
- "SELECT h.id, h.hash, f.id, d.id, d.path "
- "FROM file_hashes AS h "
- "JOIN files AS f ON h.file = f.id "
- "JOIN directories AS d ON f.dir = d.id "
- "WHERE h.algo = ? AND h.product = ? AND f.name = ? "
- "ORDER BY d.path, f.name, h.hash",
- DB_INT, this->algo, DB_INT, this->pid, DB_TEXT, this->file,
- DB_INT, DB_BLOB, DB_INT, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &id, &hash, &fid, &did, &dir))
- {
- if (did != did_old)
- {
- printf("%4d: %s\n", did, dir);
- did_old = did;
- }
- if (fid != fid_old)
- {
- printf("%4d: %s\n", fid, this->file);
- fid_old = fid;
- }
- printf("%4d: %#B\n", id, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for product '%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", this->product);
- }
- }
- else if (this->pid && this->did)
- {
- printf("%4d: %s\n", this->did, this->dir);
- e = this->db->query(this->db,
- "SELECT h.id, h.hash, f.id, f.name "
- "FROM file_hashes AS h "
- "JOIN files AS f ON h.file = f.id "
- "WHERE h.algo = ? AND h.product = ? AND f.dir = ? "
- "ORDER BY f.name, h.hash",
- DB_INT, this->algo, DB_INT, this->pid, DB_INT, this->did,
- DB_INT, DB_BLOB, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &id, &hash, &fid, &file))
- {
- if (fid != fid_old)
- {
- printf("%4d: %s\n", fid, file);
- fid_old = fid;
- }
- printf("%4d: %#B\n", id, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for product '%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", this->product);
- }
- }
- else if (this->pid)
- {
- e = this->db->query(this->db,
- "SELECT h.id, h.hash, f.id, f.name, d.id, d.path "
- "FROM file_hashes AS h "
- "JOIN files AS f ON h.file = f.id "
- "JOIN directories AS d ON f.dir = d.id "
- "WHERE h.algo = ? AND h.product = ? "
- "ORDER BY d.path, f.name, h.hash",
- DB_INT, this->algo, DB_INT, this->pid,
- DB_INT, DB_BLOB, DB_INT, DB_TEXT, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &id, &hash, &fid, &file, &did, &dir))
- {
- if (did != did_old)
- {
- printf("%4d: %s\n", did, dir);
- did_old = did;
- }
- if (fid != fid_old)
- {
- printf("%4d: %s\n", fid, file);
- fid_old = fid;
- }
- printf("%4d: %#B\n", id, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for product '%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", this->product);
- }
- }
- else if (this->fid && this->did)
- {
- e = this->db->query(this->db,
- "SELECT h.id, h.hash, p.id, p.name FROM file_hashes AS h "
- "JOIN products AS p ON h.product = p.id "
- "WHERE h.algo = ? AND h.file = ? "
- "ORDER BY p.name, h.hash",
- DB_INT, this->algo, DB_INT, this->fid,
- DB_INT, DB_BLOB, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &id, &hash, &pid, &product))
- {
- if (pid != pid_old)
- {
- printf("%4d: %s\n", pid, product);
- pid_old = pid;
- }
- printf("%4d: %#B\n", id, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for file '%s%s%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", this->dir,
- get_separator(this->dir), this->file);
- }
- }
- else if (this->file)
- {
- e = this->db->query(this->db,
- "SELECT h.id, h.hash, f.id, d.id, d.path, p.id, p.name "
- "FROM file_hashes AS h "
- "JOIN files AS f ON h.file = f.id "
- "JOIN directories AS d ON f.dir = d.id "
- "JOIN products AS p ON h.product = p.id "
- "WHERE h.algo = ? AND f.name = ? "
- "ORDER BY d.path, f.name, p.name, h.hash",
- DB_INT, this->algo, DB_TEXT, this->file,
- DB_INT, DB_BLOB, DB_INT, DB_INT, DB_TEXT, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &id, &hash, &fid, &did, &dir, &pid, &product))
- {
- if (did != did_old)
- {
- printf("%4d: %s\n", did, dir);
- did_old = did;
- }
- if (fid != fid_old)
- {
- printf("%4d: %s\n", fid, this->file);
- fid_old = fid;
- pid_old = 0;
- }
- if (pid != pid_old)
- {
- printf("%4d: %s\n", pid, product);
- pid_old = pid;
- }
- printf("%4d: %#B\n", id, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found\n", count, pts_meas_algorithm_names,
- this->algo, (count == 1) ? "" : "s");
- }
-
- }
- else if (this->did)
- {
- e = this->db->query(this->db,
- "SELECT h.id, h.hash, f.id, f.name, p.id, p.name "
- "FROM file_hashes AS h "
- "JOIN files AS f ON h.file = f.id "
- "JOIN products AS p ON h.product = p.id "
- "WHERE h.algo = ? AND f.dir = ? "
- "ORDER BY f.name, p.name, h.hash",
- DB_INT, this->algo, DB_INT, this->did,
- DB_INT, DB_BLOB, DB_INT, DB_TEXT, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &id, &hash, &fid, &file, &pid, &product))
- {
- if (fid != fid_old)
- {
- printf("%4d: %s\n", fid, file);
- fid_old = fid;
- pid_old = 0;
- }
- if (pid != pid_old)
- {
- printf("%4d: %s\n", pid, product);
- pid_old = pid;
- }
- printf("%4d: %#B\n", id, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for directory '%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", this->dir);
- }
- }
- else
- {
- e = this->db->query(this->db,
- "SELECT h.id, h.hash, f.id, f.name, d.id, d.path, p.id, p.name "
- "FROM file_hashes AS h "
- "JOIN files AS f ON h.file = f.id "
- "JOIN directories AS d ON f.dir = d.id "
- "JOIN products AS p on h.product = p.id "
- "WHERE h.algo = ? "
- "ORDER BY d.path, f.name, p.name, h.hash",
- DB_INT, this->algo, DB_INT, DB_BLOB, DB_INT, DB_TEXT,
- DB_INT, DB_TEXT, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &id, &hash, &fid, &file, &did, &dir, &pid,
- &product))
- {
- if (did != did_old)
- {
- printf("%4d: %s\n", did, dir);
- did_old = did;
- }
- if (fid != fid_old)
- {
- printf("%4d: %s\n", fid, file);
- fid_old = fid;
- pid_old = 0;
- }
- if (pid != pid_old)
- {
- printf("%4d: %s\n", pid, product);
- pid_old = pid;
- }
- printf("%4d: %#B\n", id, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found\n", count, pts_meas_algorithm_names,
- this->algo, (count == 1) ? "" : "s");
- }
- }
-}
-
-METHOD(attest_db_t, list_measurements, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- chunk_t hash, keyid;
- pts_comp_func_name_t *cfn;
- char *owner;
- int seq_no, pcr, vid, name, qualifier;
- int cid, cid_old = 0, kid, kid_old = 0, count = 0;
-
- if (this->kid && this->cid)
- {
- e = this->db->query(this->db,
- "SELECT ch.seq_no, ch.pcr, ch.hash, k.owner "
- "FROM component_hashes AS ch "
- "JOIN keys AS k ON k.id = ch.key "
- "WHERE ch.algo = ? AND ch.key = ? AND ch.component = ? "
- "ORDER BY seq_no",
- DB_INT, this->algo, DB_UINT, this->kid, DB_UINT, this->cid,
- DB_INT, DB_INT, DB_BLOB, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &seq_no, &pcr, &hash, &owner))
- {
- if (this->kid != kid_old)
- {
- printf("%4d: %#B '%s'\n", this->kid, &this->key, owner);
- kid_old = this->kid;
- }
- printf("%7d %02d %#B\n", seq_no, pcr, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for component '%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", print_cfn(this->cfn));
- }
- }
- else if (this->cid)
- {
- e = this->db->query(this->db,
- "SELECT ch.seq_no, ch.pcr, ch.hash, k.id, k.keyid, k.owner "
- "FROM component_hashes AS ch "
- "JOIN keys AS k ON k.id = ch.key "
- "WHERE ch.algo = ? AND ch.component = ? "
- "ORDER BY keyid, seq_no",
- DB_INT, this->algo, DB_UINT, this->cid,
- DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &seq_no, &pcr, &hash, &kid, &keyid, &owner))
- {
- if (kid != kid_old)
- {
- printf("%4d: %#B '%s'\n", kid, &keyid, owner);
- kid_old = kid;
- }
- printf("%7d %02d %#B\n", seq_no, pcr, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for component '%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", print_cfn(this->cfn));
- }
-
- }
- else if (this->kid)
- {
- e = this->db->query(this->db,
- "SELECT ch.seq_no, ch.pcr, ch.hash, "
- "c.id, c.vendor_id, c.name, c.qualifier "
- "FROM component_hashes AS ch "
- "JOIN components AS c ON c.id = ch.component "
- "WHERE ch.algo = ? AND ch.key = ? "
- "ORDER BY vendor_id, name, qualifier, seq_no",
- DB_INT, this->algo, DB_UINT, this->kid, DB_INT, DB_INT, DB_BLOB,
- DB_INT, DB_INT, DB_INT, DB_INT);
- if (e)
- {
- while (e->enumerate(e, &seq_no, &pcr, &hash, &cid, &vid, &name,
- &qualifier))
- {
- if (cid != cid_old)
- {
- cfn = pts_comp_func_name_create(vid, name, qualifier);
- printf("%4d: %s\n", cid, print_cfn(cfn));
- cfn->destroy(cfn);
- cid_old = cid;
- }
- printf("%5d %02d %#B\n", seq_no, pcr, &hash);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for key %#B '%s'\n", count,
- pts_meas_algorithm_names, this->algo,
- (count == 1) ? "" : "s", &this->key, this->owner);
- }
- }
-}
-
-METHOD(attest_db_t, list_sessions, void,
- private_attest_db_t *this)
-{
- enumerator_t *e;
- chunk_t identity;
- char *product, *device;
- int session_id, conn_id, rec, device_len;
- time_t created;
- u_int t;
-
- e = this->db->query(this->db,
- "SELECT s.id, s.time, s.connection, s.rec, p.name, d.value, i.value "
- "FROM sessions AS s "
- "LEFT JOIN products AS p ON s.product = p.id "
- "LEFT JOIN devices AS d ON s.device = d.id "
- "LEFT JOIN identities AS i ON s.identity = i.id "
- "ORDER BY s.time DESC",
- DB_INT, DB_UINT, DB_INT, DB_INT, DB_TEXT, DB_TEXT, DB_BLOB);
- if (e)
- {
- while (e->enumerate(e, &session_id, &t, &conn_id, &rec, &product,
- &device, &identity))
- {
- created = t;
- product = product ? product : "-";
- device = strlen(device) ? device : "-";
- device_len = min(strlen(device), DEVICE_MAX_LEN);
- identity = identity.len ? identity : chunk_from_str("-");
- printf("%4d: %T %2d %-20s %.*s%*s%.*s - %N\n", session_id, &created,
- this->utc, conn_id, product, device_len, device,
- DEVICE_MAX_LEN - device_len + 1, " ", (int)identity.len,
- identity.ptr, TNC_IMV_Action_Recommendation_names, rec);
- }
- e->destroy(e);
- }
-}
-
-/**
- * Insert a file hash into the database
- */
-static bool insert_file_hash(private_attest_db_t *this,
- pts_meas_algorithms_t algo,
- chunk_t measurement, int fid,
- int *hashes_added, int *hashes_updated)
-{
- enumerator_t *e;
- chunk_t hash;
- char *label;
- bool insert = TRUE, update = FALSE;
-
- label = "could not be created";
-
- e = this->db->query(this->db,
- "SELECT hash FROM file_hashes WHERE algo = ? "
- "AND file = ? AND product = ? AND device = 0",
- DB_INT, algo, DB_UINT, fid, DB_UINT, this->pid, DB_BLOB);
-
- if (!e)
- {
- printf("file_hashes query failed\n");
- return FALSE;
- }
-
- while (e->enumerate(e, &hash))
- {
- update = TRUE;
-
- if (chunk_equals(measurement, hash))
- {
- label = "exists and equals";
- insert = FALSE;
- break;
- }
- }
- e->destroy(e);
-
- if (insert)
- {
- if (this->db->execute(this->db, NULL,
- "INSERT INTO file_hashes "
- "(file, product, device, algo, hash) "
- "VALUES (?, ?, 0, ?, ?)",
- DB_UINT, fid, DB_UINT, this->pid,
- DB_INT, algo, DB_BLOB, measurement) != 1)
- {
- printf("file_hash insertion failed\n");
- return FALSE;
- }
- if (update)
- {
- label = "updated";
- (*hashes_updated)++;
- }
- else
- {
- label = "created";
- (*hashes_added)++;
- }
- }
- printf(" %#B - %s\n", &measurement, label);
- return TRUE;
-}
-
-/**
- * Add hash measurement for a single file or all files in a directory
- */
-static bool add_hash(private_attest_db_t *this)
-{
- char *pathname, *filename, *label;
- const char *sep;
- pts_file_meas_t *measurements;
- chunk_t measurement;
- hasher_t *hasher = NULL;
- int fid, files_added = 0, hashes_added = 0, hashes_updated = 0;
- enumerator_t *enumerator, *e;
-
- if (!this->meas_dir)
- {
- this->meas_dir = strdup(this->dir);
- }
- sep = get_separator(this->meas_dir);
-
- if (this->fid)
- {
- /* build pathname from directory path and relative filename */
- if (asprintf(&pathname, "%s%s%s", this->meas_dir, sep, this->file) == -1)
- {
- return FALSE;
- }
- measurements = pts_file_meas_create_from_path(0, pathname, FALSE,
- TRUE, this->algo);
- free(pathname);
- }
- else
- {
- measurements = pts_file_meas_create_from_path(0, this->meas_dir, TRUE,
- TRUE, this->algo);
- }
- if (!measurements)
- {
- printf("file measurement failed\n");
- DESTROY_IF(hasher);
- return FALSE;
- }
-
- enumerator = measurements->create_enumerator(measurements);
- while (enumerator->enumerate(enumerator, &filename, &measurement))
- {
- if (this->fid)
- {
- /* a single file already exists */
- filename = this->file;
- fid = this->fid;
- label = "exists";
- }
- else
- {
- /* retrieve or create filename */
- label = "could not be created";
-
- e = this->db->query(this->db,
- "SELECT id FROM files WHERE name = ? AND dir = ?",
- DB_TEXT, filename, DB_INT, this->did, DB_INT);
- if (!e)
- {
- printf("files query failed\n");
- break;
- }
- if (e->enumerate(e, &fid))
- {
- label = "exists";
- }
- else
- {
- if (this->db->execute(this->db, &fid,
- "INSERT INTO files (name, dir) VALUES (?, ?)",
- DB_TEXT, filename, DB_INT, this->did) == 1)
- {
- label = "created";
- files_added++;
- }
- }
- e->destroy(e);
- }
- printf("%4d: %s - %s\n", fid, filename, label);
-
- /* compute file measurement hash */
- if (!insert_file_hash(this, this->algo, measurement, fid,
- &hashes_added, &hashes_updated))
- {
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- printf("%d measurements, added %d new files, %d file hashes, "
- "updated %d file hashes\n",
- measurements->get_file_count(measurements),
- files_added, hashes_added, hashes_updated);
- measurements->destroy(measurements);
-
- return TRUE;
-}
-
-METHOD(attest_db_t, add, bool,
- private_attest_db_t *this)
-{
- bool success = FALSE;
-
- /* add directory or file hash measurement for a given product */
- if (this->did && this->pid)
- {
- return add_hash(this);
- }
-
- /* insert package version */
- if (this->version_set && this->gid && this->pid)
- {
- time_t t = time(NULL);
- int security, blacklist;
-
- security = this->package_state == OS_PACKAGE_STATE_SECURITY;
- blacklist = this->package_state == OS_PACKAGE_STATE_BLACKLIST;
-
- success = this->db->execute(this->db, NULL,
- "INSERT INTO versions "
- "(package, product, release, security, blacklist, time) "
- "VALUES (?, ?, ?, ?, ?, ?)",
- DB_UINT, this->gid, DB_INT, this->pid, DB_TEXT,
- this->version, DB_INT, security, DB_INT, blacklist,
- DB_INT, t) == 1;
-
- printf("'%s' package %s (%s)%N %sinserted into database\n",
- this->product, this->package, this->version,
- os_package_state_names, this->package_state,
- success ? "" : "could not be ");
- }
- return success;
-}
-
-METHOD(attest_db_t, delete, bool,
- private_attest_db_t *this)
-{
- bool success;
- int id, count = 0;
- char *name;
- enumerator_t *e;
-
- /* delete a file measurement hash for a given product */
- if (this->algo && this->pid && this->fid)
- {
- success = this->db->execute(this->db, NULL,
- "DELETE FROM file_hashes "
- "WHERE algo = ? AND product = ? AND file = ?",
- DB_UINT, this->algo, DB_UINT, this->pid,
- DB_UINT, this->fid) > 0;
-
- printf("%4d: %s%s%s\n", this->fid, this->dir, get_separator(this->dir),
- this->file);
- printf("%N value for product '%s' %sdeleted from database\n",
- pts_meas_algorithm_names, this->algo, this->product,
- success ? "" : "could not be ");
-
- return success;
- }
-
- /* delete product/file entries */
- if (this->pid && (this->fid || this->did))
- {
- success = this->db->execute(this->db, NULL,
- "DELETE FROM product_file "
- "WHERE product = ? AND file = ?",
- DB_UINT, this->pid,
- DB_UINT, this->fid ? this->fid : this->did) > 0;
-
- printf("product/file pair (%d/%d) %sdeleted from database\n",
- this->pid, this->fid ? this->fid : this->did,
- success ? "" : "could not be ");
-
- return success;
- }
-
- if (this->cid)
- {
- success = this->db->execute(this->db, NULL,
- "DELETE FROM components WHERE id = ?",
- DB_UINT, this->cid) > 0;
-
- printf("component '%s' %sdeleted from database\n", print_cfn(this->cfn),
- success ? "" : "could not be ");
- return success;
- }
-
- if (this->fid)
- {
- success = this->db->execute(this->db, NULL,
- "DELETE FROM files WHERE id = ?",
- DB_UINT, this->fid) > 0;
-
- printf("file '%s%s%s' %sdeleted from database\n", this->dir,
- get_separator(this->dir), this->file,
- success ? "" : "could not be ");
- return success;
- }
-
- if (this->did)
- {
- e = this->db->query(this->db,
- "SELECT id, name FROM files WHERE dir = ? ORDER BY name",
- DB_INT, this->did, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &id, &name))
- {
- printf("%4d: %s\n", id, name);
- count++;
- }
- e->destroy(e);
-
- if (count)
- {
- printf("%d dependent file%s found, "
- "directory '%s' could not deleted\n",
- count, (count == 1) ? "" : "s", this->dir);
- return FALSE;
- }
- }
- success = this->db->execute(this->db, NULL,
- "DELETE FROM directories WHERE id = ?",
- DB_UINT, this->did) > 0;
- printf("directory '%s' %sdeleted from database\n", this->dir,
- success ? "" : "could not be ");
- return success;
- }
-
- if (this->kid)
- {
- success = this->db->execute(this->db, NULL,
- "DELETE FROM keys WHERE id = ?",
- DB_UINT, this->kid) > 0;
-
- printf("key %#B %sdeleted from database\n", &this->key,
- success ? "" : "could not be ");
- return success;
- }
- if (this->pid)
- {
- success = this->db->execute(this->db, NULL,
- "DELETE FROM products WHERE id = ?",
- DB_UINT, this->pid) > 0;
-
- printf("product '%s' %sdeleted from database\n", this->product,
- success ? "" : "could not be ");
- return success;
- }
-
- printf("empty delete command\n");
- return FALSE;
-}
-
-METHOD(attest_db_t, destroy, void,
- private_attest_db_t *this)
-{
- DESTROY_IF(this->db);
- DESTROY_IF(this->cfn);
- free(this->package);
- free(this->product);
- free(this->version);
- free(this->file);
- free(this->dir);
- free(this->meas_dir);
- free(this->owner);
- free(this->key.ptr);
- free(this);
-}
-
-/**
- * Described in header.
- */
-attest_db_t *attest_db_create(char *uri)
-{
- private_attest_db_t *this;
-
- INIT(this,
- .public = {
- .set_component = _set_component,
- .set_cid = _set_cid,
- .set_directory = _set_directory,
- .set_did = _set_did,
- .set_file = _set_file,
- .set_fid = _set_fid,
- .set_meas_directory = _set_meas_directory,
- .set_key = _set_key,
- .set_kid = _set_kid,
- .set_package = _set_package,
- .set_gid = _set_gid,
- .set_product = _set_product,
- .set_pid = _set_pid,
- .set_version = _set_version,
- .set_algo = _set_algo,
- .set_relative = _set_relative,
- .set_package_state = _set_package_state,
- .set_sequence = _set_sequence,
- .set_owner = _set_owner,
- .set_utc = _set_utc,
- .list_packages = _list_packages,
- .list_products = _list_products,
- .list_files = _list_files,
- .list_directories = _list_directories,
- .list_components = _list_components,
- .list_devices = _list_devices,
- .list_keys = _list_keys,
- .list_hashes = _list_hashes,
- .list_measurements = _list_measurements,
- .list_sessions = _list_sessions,
- .add = _add,
- .delete = _delete,
- .destroy = _destroy,
- },
- .db = lib->db->create(lib->db, uri),
- );
-
- if (!this->db)
- {
- fprintf(stderr, "opening database failed.\n");
- destroy(this);
- return NULL;
- }
-
- return &this->public;
-}
diff --git a/src/libpts/plugins/imv_attestation/attest_db.h b/src/libpts/plugins/imv_attestation/attest_db.h
deleted file mode 100644
index 07e55cc..0000000
--- a/src/libpts/plugins/imv_attestation/attest_db.h
+++ /dev/null
@@ -1,267 +0,0 @@
-/*
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup attest_db_t attest_db
- * @{ @ingroup libpts
- */
-
-#ifndef ATTEST_DB_H_
-#define ATTEST_DB_H_
-
-#include <pts/pts_meas_algo.h>
-#include <os_info/os_info.h>
-#include <library.h>
-
-typedef struct attest_db_t attest_db_t;
-
-/**
- * Attestation database object
- */
-struct attest_db_t {
-
- /**
- * Set functional component to be queried
- *
- * @param comp functional component
- * @param create if TRUE create database entry if it doesn't exist
- * @return TRUE if successful
- */
- bool (*set_component)(attest_db_t *this, char *comp, bool create);
-
- /**
- * Set primary key of the functional component to be queried
- *
- * @param fid primary key of functional component
- * @return TRUE if successful
- */
- bool (*set_cid)(attest_db_t *this, int fid);
-
- /**
- * Set directory to be queried
- *
- * @param dir directory
- * @param create if TRUE create database entry if it doesn't exist
- * @return TRUE if successful
- */
- bool (*set_directory)(attest_db_t *this, char *dir, bool create);
-
- /**
- * Set primary key of the directory to be queried
- *
- * @param did primary key of directory
- * @return TRUE if successful
- */
- bool (*set_did)(attest_db_t *this, int did);
-
- /**
- * Set measurement file to be queried
- *
- * @param file measurement file
- * @param create if TRUE create database entry if it doesn't exist
- * @return TRUE if successful
- */
- bool (*set_file)(attest_db_t *this, char *file, bool create);
-
- /**
- * Set primary key of the measurement file to be queried
- *
- * @param fid primary key of measurement file
- * @return TRUE if successful
- */
- bool (*set_fid)(attest_db_t *this, int fid);
-
- /**
- * Set path to directory where file[s] are to be measured
- *
- * @param meas_dir measurement directory
- * @return TRUE if successful
- */
- bool (*set_meas_directory)(attest_db_t *this, char *dir);
-
- /**
- * Set functional component to be queried
- *
- * @param key AIK
- * @param create if TRUE create database entry if it doesn't exist
- * @return TRUE if successful
- */
- bool (*set_key)(attest_db_t *this, chunk_t key, bool create);
-
- /**
- * Set primary key of the AIK to be queried
- *
- * @param kid primary key of AIK
- * @return TRUE if successful
- */
- bool (*set_kid)(attest_db_t *this, int kid);
-
- /**
- * Set software package to be queried
- *
- * @param product software package
- * @param create if TRUE create database entry if it doesn't exist
- * @return TRUE if successful
- */
- bool (*set_package)(attest_db_t *this, char *package, bool create);
-
- /**
- * Set primary key of the software package to be queried
- *
- * @param gid primary key of software package
- * @return TRUE if successful
- */
- bool (*set_gid)(attest_db_t *this, int gid);
-
- /**
- * Set software product to be queried
- *
- * @param product software product
- * @param create if TRUE create database entry if it doesn't exist
- * @return TRUE if successful
- */
- bool (*set_product)(attest_db_t *this, char *product, bool create);
-
- /**
- * Set primary key of the software product to be queried
- *
- * @param pid primary key of software product
- * @return TRUE if successful
- */
- bool (*set_pid)(attest_db_t *this, int pid);
-
- /**
- * Set software package version to be queried
- *
- * @param version software package version
- * @return TRUE if successful
- */
- bool (*set_version)(attest_db_t *this, char *version);
-
- /**
- * Set measurement hash algorithm
- *
- * @param algo hash algorithm
- */
- void (*set_algo)(attest_db_t *this, pts_meas_algorithms_t algo);
-
- /**
- * Set that the IMA-specific SHA-1 template hash be computed
- */
- void (*set_ima)(attest_db_t *this);
-
- /**
- * Set that relative filenames are to be used
- */
- void (*set_relative)(attest_db_t *this);
-
- /**
- * Set the package security or blacklist state
- */
- void (*set_package_state)(attest_db_t *this, os_package_state_t package_state);
-
- /**
- * Set the sequence number
- */
- void (*set_sequence)(attest_db_t *this, int seq_no);
-
- /**
- * Set owner [user/host] of an AIK
- *
- * @param owner user/host name
- * @return TRUE if successful
- */
- void (*set_owner)(attest_db_t *this, char *owner);
-
- /**
- * Display all dates in UTC
- */
- void (*set_utc)(attest_db_t *this);
-
- /**
- * List all packages stored in the database
- */
- void (*list_packages)(attest_db_t *this);
-
- /**
- * List all products stored in the database
- */
- void (*list_products)(attest_db_t *this);
-
- /**
- * List all directories stored in the database
- */
- void (*list_directories)(attest_db_t *this);
-
- /**
- * List selected files stored in the database
- */
- void (*list_files)(attest_db_t *this);
-
- /**
- * List all components stored in the database
- */
- void (*list_components)(attest_db_t *this);
-
- /**
- * List all devices stored in the database
- */
- void (*list_devices)(attest_db_t *this);
-
- /**
- * List all AIKs stored in the database
- */
- void (*list_keys)(attest_db_t *this);
-
- /**
- * List selected measurement hashes stored in the database
- */
- void (*list_hashes)(attest_db_t *this);
-
- /**
- * List selected component measurement stored in the database
- */
- void (*list_measurements)(attest_db_t *this);
-
- /**
- * List sessions stored in the database
- */
- void (*list_sessions)(attest_db_t *this);
-
- /**
- * Add an entry to the database
- */
- bool (*add)(attest_db_t *this);
-
- /**
- * Delete an entry from the database
- */
- bool (*delete)(attest_db_t *this);
-
- /**
- * Destroy attest_db_t object
- */
- void (*destroy)(attest_db_t *this);
-
-};
-
-/**
- * Create an attest_db_t instance
- *
- * @param uri database URI
- */
-attest_db_t* attest_db_create(char *uri);
-
-#endif /** ATTEST_DB_H_ @}*/
diff --git a/src/libpts/plugins/imv_attestation/build-database.sh b/src/libpts/plugins/imv_attestation/build-database.sh
deleted file mode 100755
index f16b5d1..0000000
--- a/src/libpts/plugins/imv_attestation/build-database.sh
+++ /dev/null
@@ -1,84 +0,0 @@
-#!/bin/sh
-
-p="Ubuntu 14.04 x86_64"
-a="x86_64-linux-gnu"
-k="3.13.0-30-generic"
-
-for hash in sha1 sha256
-do
- ipsec attest --add --product "$p" --$hash --dir /sbin
- ipsec attest --add --product "$p" --$hash --dir /usr/sbin
- ipsec attest --add --product "$p" --$hash --dir /bin
- ipsec attest --add --product "$p" --$hash --dir /usr/bin
-
- ipsec attest --add --product "$p" --$hash --file /etc/init.d/rc
- ipsec attest --add --product "$p" --$hash --file /etc/init.d/rcS
- ipsec attest --add --product "$p" --$hash --dir /etc/network/if-pre-up.d
- ipsec attest --add --product "$p" --$hash --dir /etc/network/if-up.d
- ipsec attest --add --product "$p" --$hash --dir /etc/ppp/ip-down.d
- ipsec attest --add --product "$p" --$hash --dir /etc/rcS.d
- ipsec attest --add --product "$p" --$hash --dir /etc/rc2.d
- ipsec attest --add --product "$p" --$hash --file /etc/rc.local
- ipsec attest --add --product "$p" --$hash --dir /etc/resolvconf/update.d
- ipsec attest --add --product "$p" --$hash --file /etc/resolvconf/update-libc.d/avahi-daemon
- ipsec attest --add --product "$p" --$hash --dir /etc/update-motd.d
-
- ipsec attest --add --product "$p" --$hash --dir /lib
- ipsec attest --add --product "$p" --$hash --file /lib/crda/setregdomain
- ipsec attest --add --product "$p" --$hash --dir /lib/ebtables
- ipsec attest --add --product "$p" --$hash --file /lib/init/apparmor-profile-load
- ipsec attest --add --product "$p" --$hash --file /lib/resolvconf/list-records
- ipsec attest --add --product "$p" --$hash --dir /lib/ufw
- ipsec attest --add --product "$p" --$hash --dir /lib/udev
- ipsec attest --add --product "$p" --$hash --dir /lib/systemd
- ipsec attest --add --product "$p" --$hash --dir /lib/xtables
- ipsec attest --add --product "$p" --$hash --dir /lib/$a
- ipsec attest --add --product "$p" --$hash --dir /lib/$a/plymouth
- ipsec attest --add --product "$p" --$hash --dir /lib/$a/plymouth/renderers
- ipsec attest --add --product "$p" --$hash --dir /lib/$a/security
-
- ipsec attest --add --product "$p" --$hash --file /lib64/ld-linux-x86-64.so.2
-
- for file in `find /usr/lib -name *.so`
- do
- ipsec attest --add --product "$p" --$hash --file $file
- done
-
- for file in `find /usr/lib -name *service`
- do
- ipsec attest --add --product "$p" --$hash --file $file
- done
-
- ipsec attest --add --product "$p" --$hash --dir /usr/lib
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/accountsservice
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/at-spi2-core
- ipsec attest --add --product "$p" --$hash --file /usr/lib/avahi/avahi-daemon-check-dns.sh
- ipsec attest --add --product "$p" --$hash --file /usr/lib/dbus-1.0/dbus-daemon-launch-helper
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/gvfs
- ipsec attest --add --product "$p" --$hash --file /usr/lib/firefox/firefox
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/NetworkManager
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/pm-utils/power.d
- ipsec attest --add --product "$p" --$hash --file /usr/lib/policykit-1/polkitd
- ipsec attest --add --product "$p" --$hash --file /usr/lib/thunderbird/thunderbird
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/ubuntu-release-upgrader
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/update-notifier
-
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a
- ipsec attest --add --product "$p" --$hash --file /usr/lib/$a/mesa/libGL.so.1.2.0
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a/samba
- ipsec attest --add --product "$p" --$hash --dir /usr/lib/$a/sasl2
-
- ipsec attest --add --product "$p" --$hash --dir /usr/share/language-tools
-
- ipsec attest --add --product "$p" --$hash --file /init \
- --measdir /usr/share/initramfs-tools
-
- ipsec attest --add --product "$p" --$hash --file /scripts/functions \
- --measdir /usr/share/initramfs-tools/scripts
-
- for file in `find /lib/modules/$k -name *.ko`
- do
- ipsec attest --add --product "$p" --$hash --file $file
- done
-done
-
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
deleted file mode 100644
index fcfee31..0000000
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
+++ /dev/null
@@ -1,909 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE /* for stdndup() */
-#include <string.h>
-
-#include "imv_attestation_agent.h"
-#include "imv_attestation_state.h"
-#include "imv_attestation_process.h"
-#include "imv_attestation_build.h"
-
-#include <imcv.h>
-#include <imv/imv_agent.h>
-#include <imv/imv_msg.h>
-#include <imv/imv_session.h>
-#include <imv/imv_os_info.h>
-#include <ietf/ietf_attr.h>
-#include <ietf/ietf_attr_attr_request.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
-#include <ietf/ietf_attr_product_info.h>
-#include <ietf/ietf_attr_string_version.h>
-#include <ita/ita_attr.h>
-#include <ita/ita_attr_device_id.h>
-
-#include <libpts.h>
-
-#include <pts/pts.h>
-#include <pts/pts_database.h>
-#include <pts/pts_creds.h>
-#include <pts/components/ita/ita_comp_func_name.h>
-
-#include <tcg/tcg_attr.h>
-#include <tcg/pts/tcg_pts_attr_meas_algo.h>
-#include <tcg/pts/tcg_pts_attr_proto_caps.h>
-#include <tcg/pts/tcg_pts_attr_req_file_meas.h>
-#include <tcg/pts/tcg_pts_attr_req_file_meta.h>
-
-#include <tncif_pa_subtypes.h>
-
-#include <pen/pen.h>
-#include <utils/debug.h>
-#include <credentials/credential_manager.h>
-#include <collections/linked_list.h>
-
-typedef struct private_imv_attestation_agent_t private_imv_attestation_agent_t;
-
-/* Subscribed PA-TNC message subtypes */
-static pen_type_t msg_types[] = {
- { PEN_TCG, PA_SUBTYPE_TCG_PTS },
- { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM }
-};
-
-/**
- * Private data of an imv_attestation_agent_t object.
- */
-struct private_imv_attestation_agent_t {
-
- /**
- * Public members of imv_attestation_agent_t
- */
- imv_agent_if_t public;
-
- /**
- * IMV agent responsible for generic functions
- */
- imv_agent_t *agent;
-
- /**
- * Supported PTS measurement algorithms
- */
- pts_meas_algorithms_t supported_algorithms;
-
- /**
- * Supported PTS Diffie Hellman Groups
- */
- pts_dh_group_t supported_dh_groups;
-
- /**
- * PTS file measurement database
- */
- pts_database_t *pts_db;
-
- /**
- * PTS credentials
- */
- pts_creds_t *pts_creds;
-
- /**
- * PTS credential manager
- */
- credential_manager_t *pts_credmgr;
-
-};
-
-METHOD(imv_agent_if_t, bind_functions, TNC_Result,
- private_imv_attestation_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
-{
- return this->agent->bind_functions(this->agent, bind_function);
-}
-
-METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
- private_imv_attestation_agent_t *this, TNC_ConnectionID id,
- TNC_ConnectionState new_state)
-{
- TNC_IMV_Action_Recommendation rec;
- imv_state_t *state;
- imv_session_t *session;
-
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_CREATE:
- state = imv_attestation_state_create(id);
- return this->agent->create_state(this->agent, state);
- case TNC_CONNECTION_STATE_DELETE:
- return this->agent->delete_state(this->agent, id);
- case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
- case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
- case TNC_CONNECTION_STATE_ACCESS_NONE:
- if (this->agent->get_state(this->agent, id, &state) && imcv_db)
- {
- session = state->get_session(state);
-
- if (session->get_policy_started(session))
- {
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
- rec = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
- break;
- case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
- rec = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
- break;
- case TNC_CONNECTION_STATE_ACCESS_NONE:
- default:
- rec = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
- }
- imcv_db->add_recommendation(imcv_db, session, rec);
- if (!imcv_db->policy_script(imcv_db, session, FALSE))
- {
- DBG1(DBG_IMV, "error in policy script stop");
- }
- }
- }
- /* fall through to default state */
- default:
- return this->agent->change_state(this->agent, id, new_state, NULL);
- }
-}
-
-/**
- * Process a received message
- */
-static TNC_Result receive_msg(private_imv_attestation_agent_t *this,
- imv_state_t *state, imv_msg_t *in_msg)
-{
- imv_msg_t *out_msg;
- imv_session_t *session;
- imv_os_info_t *os_info;
- enumerator_t *enumerator;
- pa_tnc_attr_t *attr;
- pen_type_t type;
- TNC_Result result;
- chunk_t os_name, os_version;
- bool fatal_error = FALSE;
-
- /* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
-
- session = state->get_session(state);
- os_info = session->get_os_info(session);
-
- out_msg = imv_msg_create_as_reply(in_msg);
- out_msg->set_msg_type(out_msg, msg_types[0]);
-
- /* analyze PA-TNC attributes */
- enumerator = in_msg->create_attribute_enumerator(in_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- type = attr->get_type(attr);
-
- if (type.vendor_id == PEN_IETF)
- {
- switch (type.type)
- {
- case IETF_ATTR_PA_TNC_ERROR:
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pen_type_t error_code;
- chunk_t msg_info;
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
-
- if (error_code.vendor_id == PEN_TCG)
- {
- msg_info = error_attr->get_msg_info(error_attr);
-
- DBG1(DBG_IMV, "received TCG-PTS error '%N'",
- pts_error_code_names, error_code.type);
- DBG1(DBG_IMV, "error information: %B", &msg_info);
- fatal_error = TRUE;
- }
- break;
- }
- case IETF_ATTR_PRODUCT_INFORMATION:
- {
- ietf_attr_product_info_t *attr_cast;
- pen_t vendor_id;
-
- state->set_action_flags(state,
- IMV_ATTESTATION_ATTR_PRODUCT_INFO);
- attr_cast = (ietf_attr_product_info_t*)attr;
- os_name = attr_cast->get_info(attr_cast, &vendor_id, NULL);
- os_info->set_name(os_info, os_name);
-
- if (vendor_id != PEN_IETF)
- {
- DBG1(DBG_IMV, "operating system name is '%.*s' "
- "from vendor %N", os_name.len, os_name.ptr,
- pen_names, vendor_id);
- }
- else
- {
- DBG1(DBG_IMV, "operating system name is '%.*s'",
- os_name.len, os_name.ptr);
- }
- break;
-
- break;
- }
- case IETF_ATTR_STRING_VERSION:
- {
- ietf_attr_string_version_t *attr_cast;
-
- state->set_action_flags(state,
- IMV_ATTESTATION_ATTR_STRING_VERSION);
- attr_cast = (ietf_attr_string_version_t*)attr;
- os_version = attr_cast->get_version(attr_cast, NULL, NULL);
- os_info->set_version(os_info, os_version);
-
- if (os_version.len)
- {
- DBG1(DBG_IMV, "operating system version is '%.*s'",
- os_version.len, os_version.ptr);
- }
- break;
- }
- default:
- break;
- }
- }
- else if (type.vendor_id == PEN_ITA)
- {
- switch (type.type)
- {
- case ITA_ATTR_DEVICE_ID:
- {
- chunk_t value;
-
- state->set_action_flags(state,
- IMV_ATTESTATION_ATTR_DEVICE_ID);
-
- value = attr->get_value(attr);
- DBG1(DBG_IMV, "device ID is %.*s", value.len, value.ptr);
- session->set_device_id(session, value);
- break;
- }
- default:
- break;
- }
- }
- else if (type.vendor_id == PEN_TCG)
- {
- if (!imv_attestation_process(attr, out_msg, state,
- this->supported_algorithms, this->supported_dh_groups,
- this->pts_db, this->pts_credmgr))
- {
- result = TNC_RESULT_FATAL;
- break;
- }
- }
- }
- enumerator->destroy(enumerator);
-
- if (fatal_error || result != TNC_RESULT_SUCCESS)
- {
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- TNC_IMV_EVALUATION_RESULT_ERROR);
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- /* send PA-TNC message with excl flag set */
- result = out_msg->send(out_msg, TRUE);
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, receive_message, TNC_Result,
- private_imv_attestation_agent_t *this, TNC_ConnectionID id,
- TNC_MessageType msg_type, chunk_t msg)
-{
- imv_state_t *state;
- imv_msg_t *in_msg;
- TNC_Result result;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg);
- result = receive_msg(this, state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
- private_imv_attestation_agent_t *this, TNC_ConnectionID id,
- TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
- TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg)
-{
- imv_state_t *state;
- imv_msg_t *in_msg;
- TNC_Result result;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imv_msg_create_from_long_data(this->agent, state, id,
- src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg);
- result = receive_msg(this, state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * Build an IETF Attribute Request attribute for missing attributes
- */
-static pa_tnc_attr_t* build_attr_request(uint32_t received)
-{
- pa_tnc_attr_t *attr;
- ietf_attr_attr_request_t *attr_cast;
-
- attr = ietf_attr_attr_request_create(PEN_RESERVED, 0);
- attr_cast = (ietf_attr_attr_request_t*)attr;
-
- if (!(received & IMV_ATTESTATION_ATTR_PRODUCT_INFO) ||
- !(received & IMV_ATTESTATION_ATTR_STRING_VERSION))
- {
- attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_PRODUCT_INFORMATION);
- attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_STRING_VERSION);
- }
- if (!(received & IMV_ATTESTATION_ATTR_DEVICE_ID))
- {
- attr_cast->add(attr_cast, PEN_ITA, ITA_ATTR_DEVICE_ID);
- }
-
- return attr;
-}
-
-METHOD(imv_agent_if_t, batch_ending, TNC_Result,
- private_imv_attestation_agent_t *this, TNC_ConnectionID id)
-{
- imv_msg_t *out_msg;
- imv_state_t *state;
- imv_session_t *session;
- imv_attestation_state_t *attestation_state;
- imv_attestation_handshake_state_t handshake_state;
- imv_workitem_t *workitem;
- TNC_IMV_Action_Recommendation rec;
- TNC_IMV_Evaluation_Result eval;
- TNC_IMVID imv_id;
- TNC_Result result = TNC_RESULT_SUCCESS;
- pts_t *pts;
- int pid;
- uint32_t actions;
- enumerator_t *enumerator;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- attestation_state = (imv_attestation_state_t*)state;
- pts = attestation_state->get_pts(attestation_state);
- handshake_state = attestation_state->get_handshake_state(attestation_state);
- actions = state->get_action_flags(state);
- session = state->get_session(state);
- imv_id = this->agent->get_id(this->agent);
-
- /* exit if a recommendation has already been provided */
- if (actions & IMV_ATTESTATION_REC)
- {
- return TNC_RESULT_SUCCESS;
- }
-
- /* send an IETF attribute request if no platform info was received */
- if (!(actions & IMV_ATTESTATION_ATTR_REQ))
- {
- if ((actions & IMV_ATTESTATION_ATTR_MUST) != IMV_ATTESTATION_ATTR_MUST)
- {
- imv_msg_t *os_msg;
-
- /* create attribute request for missing mandatory attributes */
- os_msg = imv_msg_create(this->agent, state, id, imv_id,
- TNC_IMCID_ANY, msg_types[1]);
- os_msg->add_attribute(os_msg, build_attr_request(actions));
- result = os_msg->send(os_msg, FALSE);
- os_msg->destroy(os_msg);
-
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- }
- state->set_action_flags(state, IMV_ATTESTATION_ATTR_REQ);
- }
-
- if (!session->get_policy_started(session) &&
- (actions & IMV_ATTESTATION_ATTR_PRODUCT_INFO) &&
- (actions & IMV_ATTESTATION_ATTR_STRING_VERSION) &&
- (actions & IMV_ATTESTATION_ATTR_DEVICE_ID))
- {
- if (imcv_db)
- {
- /* start the policy script */
- if (!imcv_db->policy_script(imcv_db, session, TRUE))
- {
- DBG1(DBG_IMV, "error in policy script start");
- }
- }
- else
- {
- DBG2(DBG_IMV, "no workitems available - no evaluation possible");
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- session->set_policy_started(session, TRUE);
- }
- }
-
- if (handshake_state == IMV_ATTESTATION_STATE_INIT)
- {
- pa_tnc_attr_t *attr;
- pts_proto_caps_flag_t flags;
-
- out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
- msg_types[0]);
-
- /* Send Request Protocol Capabilities attribute */
- flags = pts->get_proto_caps(pts);
- attr = tcg_pts_attr_proto_caps_create(flags, TRUE);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Send Measurement Algorithms attribute */
- attr = tcg_pts_attr_meas_algo_create(this->supported_algorithms, FALSE);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_DISCOVERY);
-
- /* send these initial PTS attributes and exit */
- result = out_msg->send(out_msg, FALSE);
- out_msg->destroy(out_msg);
-
- return result;
- }
-
- /* exit if we are not ready yet for PTS measurements */
- if (!(actions & IMV_ATTESTATION_ALGO))
- {
- return TNC_RESULT_SUCCESS;
- }
-
- session->get_session_id(session, &pid, NULL);
- pts->set_platform_id(pts, pid);
-
- /* create an empty out message - we might need it */
- out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
- msg_types[0]);
-
- /* establish the PTS measurements to be taken */
- if (!(actions & IMV_ATTESTATION_FILE_MEAS))
- {
- bool is_dir, no_workitems = TRUE;
- uint32_t delimiter = SOLIDUS_UTF;
- uint16_t request_id;
- pa_tnc_attr_t *attr;
- char *pathname;
-
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_END);
-
- enumerator = session->create_workitem_enumerator(session);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY)
- {
- continue;
- }
-
- switch (workitem->get_type(workitem))
- {
- case IMV_WORKITEM_FILE_REF_MEAS:
- case IMV_WORKITEM_FILE_MEAS:
- case IMV_WORKITEM_FILE_META:
- is_dir = FALSE;
- break;
- case IMV_WORKITEM_DIR_REF_MEAS:
- case IMV_WORKITEM_DIR_MEAS:
- case IMV_WORKITEM_DIR_META:
- is_dir = TRUE;
- break;
- case IMV_WORKITEM_TPM_ATTEST:
- {
- pts_component_t *comp;
- pts_comp_func_name_t *comp_name;
- bool no_d_flag, no_t_flag;
- char result_str[BUF_LEN];
-
- workitem->set_imv_id(workitem, imv_id);
- no_workitems = FALSE;
- no_d_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D);
- no_t_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T);
- if (no_d_flag || no_t_flag)
- {
- snprintf(result_str, BUF_LEN, "%s%s%s",
- (no_t_flag) ? "no TPM available" : "",
- (no_t_flag && no_d_flag) ? ", " : "",
- (no_d_flag) ? "no DH nonce negotiation" : "");
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- session->remove_workitem(session, enumerator);
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- continue;
- }
-
- /* do TPM BIOS measurements */
- if (strchr(workitem->get_arg_str(workitem), 'B'))
- {
- comp_name = pts_comp_func_name_create(PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_IMA,
- PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_TRUSTED);
- comp = attestation_state->create_component(
- attestation_state, comp_name,
- 0, this->pts_db);
- if (!comp)
- {
- comp_name->log(comp_name, "unregistered ");
- comp_name->destroy(comp_name);
- }
- }
-
- /* do TPM IMA measurements */
- if (strchr(workitem->get_arg_str(workitem), 'I'))
- {
- comp_name = pts_comp_func_name_create(PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_IMA,
- PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_OS);
- comp = attestation_state->create_component(
- attestation_state, comp_name,
- 0, this->pts_db);
- if (!comp)
- {
- comp_name->log(comp_name, "unregistered ");
- comp_name->destroy(comp_name);
- }
- }
-
- /* do TPM TRUSTED BOOT measurements */
- if (strchr(workitem->get_arg_str(workitem), 'T'))
- {
- comp_name = pts_comp_func_name_create(PEN_ITA,
- PTS_ITA_COMP_FUNC_NAME_TBOOT,
- PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_TRUSTED);
- comp = attestation_state->create_component(
- attestation_state, comp_name,
- 0, this->pts_db);
- if (!comp)
- {
- comp_name->log(comp_name, "unregistered ");
- comp_name->destroy(comp_name);
- }
- }
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_NONCE_REQ);
- continue;
- }
- default:
- continue;
- }
-
- /* initiate file and directory measurements */
- pathname = this->pts_db->get_pathname(this->pts_db, is_dir,
- workitem->get_arg_int(workitem));
- if (!pathname)
- {
- continue;
- }
- workitem->set_imv_id(workitem, imv_id);
- no_workitems = FALSE;
-
- if (workitem->get_type(workitem) == IMV_WORKITEM_FILE_META)
- {
- TNC_IMV_Action_Recommendation rec;
- TNC_IMV_Evaluation_Result eval;
- char result_str[BUF_LEN];
-
- DBG2(DBG_IMV, "IMV %d requests metadata for %s '%s'",
- imv_id, is_dir ? "directory" : "file", pathname);
-
- /* currently just fire and forget metadata requests */
- attr = tcg_pts_attr_req_file_meta_create(is_dir,
- delimiter, pathname);
- snprintf(result_str, BUF_LEN, "%s metadata requested",
- is_dir ? "directory" : "file");
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- session->remove_workitem(session, enumerator);
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- }
- else
- {
- /* use lower 16 bits of the workitem ID as request ID */
- request_id = workitem->get_id(workitem) & 0xffff;
-
- DBG2(DBG_IMV, "IMV %d requests measurement %d for %s '%s'",
- imv_id, request_id, is_dir ? "directory" : "file",
- pathname);
- attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id,
- delimiter, pathname);
- }
- free(pathname);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
- }
- enumerator->destroy(enumerator);
-
- /* sent all file and directory measurement and metadata requests */
- state->set_action_flags(state, IMV_ATTESTATION_FILE_MEAS);
-
- if (no_workitems)
- {
- DBG2(DBG_IMV, "IMV %d has no workitems - "
- "no evaluation requested", imv_id);
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- }
- }
- }
-
- /* check the IMV state for the next PA-TNC attributes to send */
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST)
- {
- if (!imv_attestation_build(out_msg, state,
- this->supported_dh_groups, this->pts_db))
- {
- imv_reason_string_t *reason_string;
- chunk_t result;
- char *result_str;
-
- reason_string = imv_reason_string_create("en", ", ");
- attestation_state->add_comp_evid_reasons(attestation_state,
- reason_string);
- result = reason_string->get_encoding(reason_string);
- result_str = strndup(result.ptr, result.len);
- reason_string->destroy(reason_string);
-
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- session->remove_workitem(session, enumerator);
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- }
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- /* finalized all workitems? */
- if (session->get_policy_started(session) &&
- session->get_workitem_count(session, imv_id) == 0 &&
- attestation_state->get_handshake_state(attestation_state) ==
- IMV_ATTESTATION_STATE_END)
- {
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- state->set_action_flags(state, IMV_ATTESTATION_REC);
-
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- /* send non-empty PA-TNC message with excl flag not set */
- if (out_msg->get_attribute_count(out_msg))
- {
- result = out_msg->send(out_msg, FALSE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
- private_imv_attestation_agent_t *this, TNC_ConnectionID id)
-{
- TNC_IMVID imv_id;
- imv_state_t *state;
- imv_attestation_state_t *attestation_state;
- imv_session_t *session;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- attestation_state = (imv_attestation_state_t*)state;
- session = state->get_session(state);
- imv_id = this->agent->get_id(this->agent);
-
- if (imcv_db)
- {
- TNC_IMV_Evaluation_Result eval;
- TNC_IMV_Action_Recommendation rec;
- imv_workitem_t *workitem;
- enumerator_t *enumerator;
- int pending_file_meas = 0;
- char *result_str;
- chunk_t result_buf;
- bio_writer_t *result;
-
- enumerator = session->create_workitem_enumerator(session);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_imv_id(workitem) != imv_id)
- {
- continue;
- }
- result = bio_writer_create(128);
-
- switch (workitem->get_type(workitem))
- {
- case IMV_WORKITEM_FILE_REF_MEAS:
- case IMV_WORKITEM_FILE_MEAS:
- case IMV_WORKITEM_DIR_REF_MEAS:
- case IMV_WORKITEM_DIR_MEAS:
- result_str = "pending file measurements";
- pending_file_meas++;
- break;
- case IMV_WORKITEM_TPM_ATTEST:
- attestation_state->finalize_components(attestation_state,
- result);
- result->write_data(result,
- chunk_from_str("; pending component evidence"));
- result->write_uint8(result, '\0');
- result_buf = result->get_buf(result);
- result_str = result_buf.ptr;
- break;
- default:
- result->destroy(result);
- continue;
- }
- session->remove_workitem(session, enumerator);
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- result->destroy(result);
- }
- enumerator->destroy(enumerator);
-
- if (pending_file_meas)
- {
- DBG1(DBG_IMV, "failure due to %d pending file measurements",
- pending_file_meas);
- attestation_state->set_measurement_error(attestation_state,
- IMV_ATTESTATION_ERROR_FILE_MEAS_PEND);
- }
- }
- }
- return this->agent->provide_recommendation(this->agent, state);
-}
-
-METHOD(imv_agent_if_t, destroy, void,
- private_imv_attestation_agent_t *this)
-{
- if (this->pts_creds)
- {
- this->pts_credmgr->remove_set(this->pts_credmgr,
- this->pts_creds->get_set(this->pts_creds));
- this->pts_creds->destroy(this->pts_creds);
- }
- DESTROY_IF(this->pts_db);
- DESTROY_IF(this->pts_credmgr);
- DESTROY_IF(this->agent);
- free(this);
- libpts_deinit();
-}
-
-/**
- * Described in header.
- */
-imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id,
- TNC_Version *actual_version)
-{
- private_imv_attestation_agent_t *this;
- imv_agent_t *agent;
- char *hash_alg, *dh_group, *cadir;
- bool mandatory_dh_groups;
-
- agent = imv_agent_create(name, msg_types, countof(msg_types), id,
- actual_version);
- if (!agent)
- {
- return NULL;
- }
-
- hash_alg = lib->settings->get_str(lib->settings,
- "%s.plugins.imv-attestation.hash_algorithm", "sha256", lib->ns);
- dh_group = lib->settings->get_str(lib->settings,
- "%s.plugins.imv-attestation.dh_group", "ecp256", lib->ns);
- mandatory_dh_groups = lib->settings->get_bool(lib->settings,
- "%s.plugins.imv-attestation.mandatory_dh_groups", TRUE, lib->ns);
- cadir = lib->settings->get_str(lib->settings,
- "%s.plugins.imv-attestation.cadir", NULL, lib->ns);
-
- INIT(this,
- .public = {
- .bind_functions = _bind_functions,
- .notify_connection_change = _notify_connection_change,
- .receive_message = _receive_message,
- .receive_message_long = _receive_message_long,
- .batch_ending = _batch_ending,
- .solicit_recommendation = _solicit_recommendation,
- .destroy = _destroy,
- },
- .agent = agent,
- .supported_algorithms = PTS_MEAS_ALGO_NONE,
- .supported_dh_groups = PTS_DH_GROUP_NONE,
- .pts_credmgr = credential_manager_create(),
- .pts_creds = pts_creds_create(cadir),
- .pts_db = pts_database_create(imcv_db),
- );
-
- libpts_init();
-
- if (!pts_meas_algo_probe(&this->supported_algorithms) ||
- !pts_dh_group_probe(&this->supported_dh_groups, mandatory_dh_groups) ||
- !pts_meas_algo_update(hash_alg, &this->supported_algorithms) ||
- !pts_dh_group_update(dh_group, &this->supported_dh_groups))
- {
- destroy(this);
- return NULL;
- }
-
- if (this->pts_creds)
- {
- this->pts_credmgr->add_set(this->pts_credmgr,
- this->pts_creds->get_set(this->pts_creds));
- }
-
- return &this->public;
-}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
deleted file mode 100644
index 120fe3e..0000000
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imv_attestation_build.h"
-#include "imv_attestation_state.h"
-
-#include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h>
-#include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h>
-#include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h>
-#include <tcg/pts/tcg_pts_attr_get_aik.h>
-#include <tcg/pts/tcg_pts_attr_req_func_comp_evid.h>
-#include <tcg/pts/tcg_pts_attr_gen_attest_evid.h>
-
-#include <utils/debug.h>
-
-bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state,
- pts_dh_group_t supported_dh_groups,
- pts_database_t *pts_db)
-{
- imv_attestation_state_t *attestation_state;
- imv_attestation_handshake_state_t handshake_state;
- pts_t *pts;
- pa_tnc_attr_t *attr = NULL;
-
- attestation_state = (imv_attestation_state_t*)state;
- handshake_state = attestation_state->get_handshake_state(attestation_state);
- pts = attestation_state->get_pts(attestation_state);
-
- switch (handshake_state)
- {
- case IMV_ATTESTATION_STATE_NONCE_REQ:
- {
- int min_nonce_len;
-
- /* Send DH nonce parameters request attribute */
- min_nonce_len = lib->settings->get_int(lib->settings,
- "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
- attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len,
- supported_dh_groups);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_TPM_INIT);
- break;
- }
- case IMV_ATTESTATION_STATE_TPM_INIT:
- {
- pts_meas_algorithms_t selected_algorithm;
- chunk_t initiator_value, initiator_nonce;
-
- if (!(state->get_action_flags(state) & IMV_ATTESTATION_DH_NONCE))
- {
- break;
- }
-
- /* Send DH nonce finish attribute */
- selected_algorithm = pts->get_meas_algorithm(pts);
- pts->get_my_public_value(pts, &initiator_value, &initiator_nonce);
- attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm,
- initiator_value, initiator_nonce);
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Send Get TPM Version attribute */
- attr = tcg_pts_attr_get_tpm_version_info_create();
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Send Get AIK attribute */
- attr = tcg_pts_attr_get_aik_create();
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_COMP_EVID);
- break;
- }
- case IMV_ATTESTATION_STATE_COMP_EVID:
- {
- tcg_pts_attr_req_func_comp_evid_t *attr_cast;
- enumerator_t *enumerator;
- pts_comp_func_name_t *name;
- uint8_t flags;
- uint32_t depth;
- bool first_component = TRUE;
-
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_END);
-
- if (!pts->get_aik_id(pts))
- {
- attestation_state->set_measurement_error(attestation_state,
- IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
- return FALSE;
- }
-
- enumerator = attestation_state->create_component_enumerator(
- attestation_state);
- while (enumerator->enumerate(enumerator, &flags, &depth, &name))
- {
- if (first_component)
- {
- attr = tcg_pts_attr_req_func_comp_evid_create();
- attr->set_noskip_flag(attr, TRUE);
- first_component = FALSE;
- DBG2(DBG_IMV, "evidence request by");
- }
- name->log(name, " ");
-
- /* TODO check flags against negotiated_caps */
- attr_cast = (tcg_pts_attr_req_func_comp_evid_t *)attr;
- attr_cast->add_component(attr_cast, flags, depth, name);
- }
- enumerator->destroy(enumerator);
-
- if (attr)
- {
- /* Send Request Functional Component Evidence attribute */
- out_msg->add_attribute(out_msg, attr);
-
- /* Send Generate Attestation Evidence attribute */
- attr = tcg_pts_attr_gen_attest_evid_create();
- attr->set_noskip_flag(attr, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_EVID_FINAL);
- }
- break;
- }
- default:
- break;
- }
-
- return TRUE;
-}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
deleted file mode 100644
index 26a57d1..0000000
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c
+++ /dev/null
@@ -1,563 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE /* for stdndup() */
-#include <string.h>
-
-#include "imv_attestation_process.h"
-
-#include <imcv.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
-
-#include <pts/pts.h>
-
-#include <tcg/pts/tcg_pts_attr_aik.h>
-#include <tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h>
-#include <tcg/pts/tcg_pts_attr_file_meas.h>
-#include <tcg/pts/tcg_pts_attr_meas_algo.h>
-#include <tcg/pts/tcg_pts_attr_proto_caps.h>
-#include <tcg/pts/tcg_pts_attr_simple_comp_evid.h>
-#include <tcg/pts/tcg_pts_attr_simple_evid_final.h>
-#include <tcg/pts/tcg_pts_attr_tpm_version_info.h>
-#include <tcg/pts/tcg_pts_attr_unix_file_meta.h>
-
-#include <utils/debug.h>
-#include <crypto/hashers/hasher.h>
-
-#include <inttypes.h>
-
-bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg,
- imv_state_t *state,
- pts_meas_algorithms_t supported_algorithms,
- pts_dh_group_t supported_dh_groups,
- pts_database_t *pts_db,
- credential_manager_t *pts_credmgr)
-{
- imv_session_t *session;
- imv_attestation_state_t *attestation_state;
- pen_type_t attr_type;
- pts_t *pts;
-
- session = state->get_session(state);
- attestation_state = (imv_attestation_state_t*)state;
- pts = attestation_state->get_pts(attestation_state);
- attr_type = attr->get_type(attr);
-
- switch (attr_type.type)
- {
- case TCG_PTS_PROTO_CAPS:
- {
- tcg_pts_attr_proto_caps_t *attr_cast;
- pts_proto_caps_flag_t flags;
-
- attr_cast = (tcg_pts_attr_proto_caps_t*)attr;
- flags = attr_cast->get_flags(attr_cast);
- pts->set_proto_caps(pts, flags);
- break;
- }
- case TCG_PTS_MEAS_ALGO_SELECTION:
- {
- tcg_pts_attr_meas_algo_t *attr_cast;
- pts_meas_algorithms_t selected_algorithm;
-
- attr_cast = (tcg_pts_attr_meas_algo_t*)attr;
- selected_algorithm = attr_cast->get_algorithms(attr_cast);
- if (!(selected_algorithm & supported_algorithms))
- {
- DBG1(DBG_IMV, "PTS-IMC selected unsupported"
- " measurement algorithm");
- return FALSE;
- }
- pts->set_meas_algorithm(pts, selected_algorithm);
- state->set_action_flags(state, IMV_ATTESTATION_ALGO);
- break;
- }
- case TCG_PTS_DH_NONCE_PARAMS_RESP:
- {
- tcg_pts_attr_dh_nonce_params_resp_t *attr_cast;
- int nonce_len, min_nonce_len;
- pts_dh_group_t dh_group;
- pts_meas_algorithms_t offered_algorithms, selected_algorithm;
- chunk_t responder_value, responder_nonce;
-
- attr_cast = (tcg_pts_attr_dh_nonce_params_resp_t*)attr;
- responder_nonce = attr_cast->get_responder_nonce(attr_cast);
-
- /* check compliance of responder nonce length */
- min_nonce_len = lib->settings->get_int(lib->settings,
- "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns);
- nonce_len = responder_nonce.len;
- if (nonce_len < PTS_MIN_NONCE_LEN ||
- (min_nonce_len > 0 && nonce_len < min_nonce_len))
- {
- attr = pts_dh_nonce_error_create(
- max(PTS_MIN_NONCE_LEN, min_nonce_len),
- PTS_MAX_NONCE_LEN);
- out_msg->add_attribute(out_msg, attr);
- break;
- }
-
- dh_group = attr_cast->get_dh_group(attr_cast);
- if (!(dh_group & supported_dh_groups))
- {
- DBG1(DBG_IMV, "PTS-IMC selected unsupported DH group");
- return FALSE;
- }
-
- offered_algorithms = attr_cast->get_hash_algo_set(attr_cast);
- selected_algorithm = pts_meas_algo_select(supported_algorithms,
- offered_algorithms);
- if (selected_algorithm == PTS_MEAS_ALGO_NONE)
- {
- attr = pts_hash_alg_error_create(supported_algorithms);
- out_msg->add_attribute(out_msg, attr);
- break;
- }
- pts->set_dh_hash_algorithm(pts, selected_algorithm);
-
- if (!pts->create_dh_nonce(pts, dh_group, nonce_len))
- {
- return FALSE;
- }
-
- responder_value = attr_cast->get_responder_value(attr_cast);
- pts->set_peer_public_value(pts, responder_value,
- responder_nonce);
-
- /* Calculate secret assessment value */
- if (!pts->calculate_secret(pts))
- {
- return FALSE;
- }
- state->set_action_flags(state, IMV_ATTESTATION_DH_NONCE);
- break;
- }
- case TCG_PTS_TPM_VERSION_INFO:
- {
- tcg_pts_attr_tpm_version_info_t *attr_cast;
- chunk_t tpm_version_info;
-
- attr_cast = (tcg_pts_attr_tpm_version_info_t*)attr;
- tpm_version_info = attr_cast->get_tpm_version_info(attr_cast);
- pts->set_tpm_version_info(pts, tpm_version_info);
- break;
- }
- case TCG_PTS_AIK:
- {
- tcg_pts_attr_aik_t *attr_cast;
- certificate_t *aik, *issuer;
- public_key_t *public;
- chunk_t keyid, keyid_hex, device_id;
- int aik_id;
- enumerator_t *e;
- bool trusted = FALSE, trusted_chain = FALSE;
-
- attr_cast = (tcg_pts_attr_aik_t*)attr;
- aik = attr_cast->get_aik(attr_cast);
- if (!aik)
- {
- DBG1(DBG_IMV, "AIK unavailable");
- attestation_state->set_measurement_error(attestation_state,
- IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
- break;
- }
-
- /* check trust into public key as stored in the database */
- public = aik->get_public_key(aik);
- public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid);
- DBG1(DBG_IMV, "verifying AIK with keyid %#B", &keyid);
- keyid_hex = chunk_to_hex(keyid, NULL, FALSE);
- if (session->get_device_id(session, &device_id) &&
- chunk_equals(keyid_hex, device_id))
- {
- trusted = session->get_device_trust(session);
- }
- else
- {
- DBG1(DBG_IMV, "device ID unknown or different from AIK keyid");
- }
- DBG1(DBG_IMV, "AIK public key is %strusted", trusted ? "" : "not ");
- public->destroy(public);
- chunk_free(&keyid_hex);
-
- if (aik->get_type(aik) == CERT_X509)
- {
-
- e = pts_credmgr->create_trusted_enumerator(pts_credmgr,
- KEY_ANY, aik->get_issuer(aik), FALSE);
- while (e->enumerate(e, &issuer))
- {
- if (aik->issued_by(aik, issuer, NULL))
- {
- trusted_chain = TRUE;
- break;
- }
- }
- e->destroy(e);
- DBG1(DBG_IMV, "AIK certificate is %strusted",
- trusted_chain ? "" : "not ");
- if (!trusted || !trusted_chain)
- {
- attestation_state->set_measurement_error(attestation_state,
- IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK);
- break;
- }
- }
- session->get_session_id(session, NULL, &aik_id);
- pts->set_aik(pts, aik, aik_id);
- break;
- }
- case TCG_PTS_FILE_MEAS:
- {
- TNC_IMV_Evaluation_Result eval;
- TNC_IMV_Action_Recommendation rec;
- tcg_pts_attr_file_meas_t *attr_cast;
- uint16_t request_id;
- int arg_int, file_count;
- pts_meas_algorithms_t algo;
- pts_file_meas_t *measurements;
- imv_workitem_t *workitem, *found = NULL;
- imv_workitem_type_t type;
- char result_str[BUF_LEN];
- bool is_dir, correct;
- enumerator_t *enumerator;
-
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- algo = pts->get_meas_algorithm(pts);
- attr_cast = (tcg_pts_attr_file_meas_t*)attr;
- measurements = attr_cast->get_measurements(attr_cast);
- request_id = measurements->get_request_id(measurements);
- file_count = measurements->get_file_count(measurements);
-
- DBG1(DBG_IMV, "measurement request %d returned %d file%s:",
- request_id, file_count, (file_count == 1) ? "":"s");
-
- if (request_id)
- {
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- /* request ID consist of lower 16 bits of workitem ID */
- if ((workitem->get_id(workitem) & 0xffff) == request_id)
- {
- found = workitem;
- break;
- }
- }
-
- if (!found)
- {
- DBG1(DBG_IMV, " no entry found for file measurement "
- "request %d", request_id);
- enumerator->destroy(enumerator);
- break;
- }
- type = found->get_type(found);
- arg_int = found->get_arg_int(found);
-
- switch (type)
- {
- default:
- case IMV_WORKITEM_FILE_REF_MEAS:
- case IMV_WORKITEM_FILE_MEAS:
- is_dir = FALSE;
- break;
- case IMV_WORKITEM_DIR_REF_MEAS:
- case IMV_WORKITEM_DIR_MEAS:
- is_dir = TRUE;
- }
-
- switch (type)
- {
- case IMV_WORKITEM_FILE_MEAS:
- case IMV_WORKITEM_DIR_MEAS:
- {
- enumerator_t *e;
-
- /* check hashes from database against measurements */
- e = pts_db->create_file_hash_enumerator(pts_db,
- pts->get_platform_id(pts),
- algo, is_dir, arg_int);
- if (!e)
- {
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- break;
- }
- correct = measurements->verify(measurements, e, is_dir);
- if (!correct)
- {
- attestation_state->set_measurement_error(
- attestation_state,
- IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL);
- eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
- }
- e->destroy(e);
-
- snprintf(result_str, BUF_LEN, "%s measurement%s correct",
- is_dir ? "directory" : "file",
- correct ? "" : " not");
- break;
- }
- case IMV_WORKITEM_FILE_REF_MEAS:
- case IMV_WORKITEM_DIR_REF_MEAS:
- {
- enumerator_t *e;
- char *filename;
- chunk_t measurement;
-
- e = measurements->create_enumerator(measurements);
- while (e->enumerate(e, &filename, &measurement))
- {
- if (pts_db->add_file_measurement(pts_db,
- pts->get_platform_id(pts), algo, measurement,
- filename, is_dir, arg_int) != SUCCESS)
- {
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- }
- }
- e->destroy(e);
- snprintf(result_str, BUF_LEN, "%s reference measurement "
- "successful", is_dir ? "directory" : "file");
- break;
- }
- default:
- break;
- }
-
- session->remove_workitem(session, enumerator);
- enumerator->destroy(enumerator);
- rec = found->set_result(found, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, found);
- found->destroy(found);
- }
- else
- {
- measurements->check(measurements, pts_db,
- pts->get_platform_id(pts), algo);
- }
- break;
- }
- case TCG_PTS_UNIX_FILE_META:
- {
- tcg_pts_attr_file_meta_t *attr_cast;
- int file_count;
- pts_file_meta_t *metadata;
- pts_file_metadata_t *entry;
- time_t created, modified, accessed;
- bool utc = FALSE;
- enumerator_t *e;
-
- attr_cast = (tcg_pts_attr_file_meta_t*)attr;
- metadata = attr_cast->get_metadata(attr_cast);
- file_count = metadata->get_file_count(metadata);
-
- DBG1(DBG_IMV, "metadata request returned %d file%s:",
- file_count, (file_count == 1) ? "":"s");
-
- e = metadata->create_enumerator(metadata);
- while (e->enumerate(e, &entry))
- {
- DBG1(DBG_IMV, " '%s' (%"PRIu64" bytes)"
- " owner %"PRIu64", group %"PRIu64", type %N",
- entry->filename, entry->filesize, entry->owner,
- entry->group, pts_file_type_names, entry->type);
-
- created = entry->created;
- modified = entry->modified;
- accessed = entry->accessed;
-
- DBG1(DBG_IMV, " created %T, modified %T, accessed %T",
- &created, utc, &modified, utc, &accessed, utc);
- }
- e->destroy(e);
- break;
- }
- case TCG_PTS_SIMPLE_COMP_EVID:
- {
- tcg_pts_attr_simple_comp_evid_t *attr_cast;
- pts_comp_func_name_t *name;
- pts_comp_evidence_t *evidence;
- pts_component_t *comp;
- uint32_t depth;
- status_t status;
-
- attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr;
- evidence = attr_cast->get_comp_evidence(attr_cast);
- name = evidence->get_comp_func_name(evidence, &depth);
-
- comp = attestation_state->get_component(attestation_state, name);
- if (!comp)
- {
- DBG1(DBG_IMV, " no entry found for component evidence request");
- break;
- }
- status = comp->verify(comp, name->get_qualifier(name), pts, evidence);
- if (status == VERIFY_ERROR || status == FAILED)
- {
- attestation_state->set_measurement_error(attestation_state,
- IMV_ATTESTATION_ERROR_COMP_EVID_FAIL);
- name->log(name, " measurement mismatch for ");
- }
- break;
- }
- case TCG_PTS_SIMPLE_EVID_FINAL:
- {
- tcg_pts_attr_simple_evid_final_t *attr_cast;
- uint8_t flags;
- pts_meas_algorithms_t comp_hash_algorithm;
- chunk_t pcr_comp, tpm_quote_sig, evid_sig;
- chunk_t pcr_composite, quote_info, result_buf;
- imv_workitem_t *workitem;
- imv_reason_string_t *reason_string;
- enumerator_t *enumerator;
- bool use_quote2, use_ver_info;
- bio_writer_t *result;
-
- attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr;
- flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm,
- &pcr_comp, &tpm_quote_sig);
-
- if (flags != PTS_SIMPLE_EVID_FINAL_NO)
- {
- use_quote2 = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 ||
- flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER);
- use_ver_info = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER);
-
- /* Construct PCR Composite and TPM Quote Info structures */
- if (!pts->get_quote_info(pts, use_quote2, use_ver_info,
- comp_hash_algorithm, &pcr_composite, "e_info))
- {
- DBG1(DBG_IMV, "unable to construct TPM Quote Info");
- return FALSE;
- }
-
- if (!chunk_equals(pcr_comp, pcr_composite))
- {
- DBG1(DBG_IMV, "received PCR Composite does not match "
- "constructed one");
- attestation_state->set_measurement_error(attestation_state,
- IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
- goto quote_error;
- }
- DBG2(DBG_IMV, "received PCR Composite matches constructed one");
-
- if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig))
- {
- attestation_state->set_measurement_error(attestation_state,
- IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL);
- goto quote_error;
- }
- DBG2(DBG_IMV, "TPM Quote Info signature verification successful");
-
-quote_error:
- free(pcr_composite.ptr);
- free(quote_info.ptr);
-
- /**
- * Finalize any pending measurement registrations and check
- * if all expected component measurements were received
- */
- result = bio_writer_create(128);
- attestation_state->finalize_components(attestation_state,
- result);
-
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST)
- {
- TNC_IMV_Action_Recommendation rec;
- TNC_IMV_Evaluation_Result eval;
- uint32_t error;
-
- error = attestation_state->get_measurement_error(
- attestation_state);
- if (error & (IMV_ATTESTATION_ERROR_COMP_EVID_FAIL |
- IMV_ATTESTATION_ERROR_COMP_EVID_PEND |
- IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL))
- {
- reason_string = imv_reason_string_create("en", ", ");
- attestation_state->add_comp_evid_reasons(
- attestation_state, reason_string);
- result->write_data(result, chunk_from_str("; "));
- result->write_data(result,
- reason_string->get_encoding(reason_string));
- reason_string->destroy(reason_string);
- eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR;
- }
- else
- {
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- }
- session->remove_workitem(session, enumerator);
-
- result->write_uint8(result, '\0');
- result_buf = result->get_buf(result);
- rec = workitem->set_result(workitem, result_buf.ptr,
- eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- attestation_state->set_handshake_state(attestation_state,
- IMV_ATTESTATION_STATE_END);
- break;
- }
- }
- enumerator->destroy(enumerator);
- result->destroy(result);
- }
-
- if (attr_cast->get_evid_sig(attr_cast, &evid_sig))
- {
- /** TODO: What to do with Evidence Signature */
- DBG1(DBG_IMV, "this version of the Attestation IMV can not "
- "handle Evidence Signatures");
- }
- break;
- }
-
- /* TODO: Not implemented yet */
- case TCG_PTS_INTEG_MEAS_LOG:
- /* Attributes using XML */
- case TCG_PTS_TEMPL_REF_MANI_SET_META:
- case TCG_PTS_VERIFICATION_RESULT:
- case TCG_PTS_INTEG_REPORT:
- /* On Windows only*/
- case TCG_PTS_WIN_FILE_META:
- case TCG_PTS_REGISTRY_VALUE:
- /* Received on IMC side only*/
- case TCG_PTS_REQ_PROTO_CAPS:
- case TCG_PTS_DH_NONCE_PARAMS_REQ:
- case TCG_PTS_DH_NONCE_FINISH:
- case TCG_PTS_MEAS_ALGO:
- case TCG_PTS_GET_TPM_VERSION_INFO:
- case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
- case TCG_PTS_UPDATE_TEMPL_REF_MANI:
- case TCG_PTS_GET_AIK:
- case TCG_PTS_REQ_FUNC_COMP_EVID:
- case TCG_PTS_GEN_ATTEST_EVID:
- case TCG_PTS_REQ_FILE_META:
- case TCG_PTS_REQ_FILE_MEAS:
- case TCG_PTS_REQ_INTEG_MEAS_LOG:
- default:
- DBG1(DBG_IMV, "received unsupported attribute '%N'",
- tcg_attr_names, attr->get_type(attr));
- break;
- }
- return TRUE;
-}
-
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c
deleted file mode 100644
index 11afbc2..0000000
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imv_attestation_state.h"
-
-#include <libpts.h>
-
-#include <imv/imv_lang_string.h>
-#include "imv/imv_reason_string.h"
-
-#include <tncif_policy.h>
-
-#include <collections/linked_list.h>
-#include <utils/debug.h>
-
-typedef struct private_imv_attestation_state_t private_imv_attestation_state_t;
-typedef struct file_meas_request_t file_meas_request_t;
-typedef struct func_comp_t func_comp_t;
-
-/**
- * Private data of an imv_attestation_state_t object.
- */
-struct private_imv_attestation_state_t {
-
- /**
- * Public members of imv_attestation_state_t
- */
- imv_attestation_state_t public;
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID connection_id;
-
- /**
- * TNCCS connection state
- */
- TNC_ConnectionState state;
-
- /**
- * Does the TNCCS connection support long message types?
- */
- bool has_long;
-
- /**
- * Does the TNCCS connection support exclusive delivery?
- */
- bool has_excl;
-
- /**
- * Maximum PA-TNC message size for this TNCCS connection
- */
- uint32_t max_msg_len;
-
- /**
- * Flags set for completed actions
- */
- uint32_t action_flags;
-
- /**
- * IMV database session associated with TNCCS connection
- */
- imv_session_t *session;
-
- /**
- * IMV Attestation handshake state
- */
- imv_attestation_handshake_state_t handshake_state;
-
- /**
- * IMV action recommendation
- */
- TNC_IMV_Action_Recommendation rec;
-
- /**
- * IMV evaluation result
- */
- TNC_IMV_Evaluation_Result eval;
-
- /**
- * List of Functional Components
- */
- linked_list_t *components;
-
- /**
- * PTS object
- */
- pts_t *pts;
-
- /**
- * Measurement error flags
- */
- uint32_t measurement_error;
-
- /**
- * TNC Reason String
- */
- imv_reason_string_t *reason_string;
-
-};
-
-/**
- * PTS Functional Component entry
- */
-struct func_comp_t {
- pts_component_t *comp;
- pts_comp_func_name_t* name;
-};
-
-/**
- * Frees a func_comp_t object
- */
-static void free_func_comp(func_comp_t *this)
-{
- this->comp->destroy(this->comp);
- this->name->destroy(this->name);
- free(this);
-}
-
-/**
- * Supported languages
- */
-static char* languages[] = { "en", "de", "mn" };
-
-/**
- * Table of reason strings
- */
-static imv_lang_string_t reason_file_meas_fail[] = {
- { "en", "Incorrect file measurement" },
- { "de", "Falsche Dateimessung" },
- { "mn", "Буруу байгаа файл" },
- { NULL, NULL }
-};
-
-static imv_lang_string_t reason_file_meas_pend[] = {
- { "en", "Pending file measurement" },
- { "de", "Ausstehende Dateimessung" },
- { "mn", "Xүлээгдэж байгаа файл" },
- { NULL, NULL }
-};
-
-static imv_lang_string_t reason_no_trusted_aik[] = {
- { "en", "No trusted AIK available" },
- { "de", "Kein vetrauenswürdiger AIK verfügbar" },
- { NULL, NULL }
-};
-
-static imv_lang_string_t reason_comp_evid_fail[] = {
- { "en", "Incorrect component evidence" },
- { "de", "Falsche Komponenten-Evidenz" },
- { "mn", "Буруу компонент хэмжилт" },
- { NULL, NULL }
-};
-
-static imv_lang_string_t reason_comp_evid_pend[] = {
- { "en", "Pending component evidence" },
- { "de", "Ausstehende Komponenten-Evidenz" },
- { "mn", "Xүлээгдэж компонент хэмжилт" },
- { NULL, NULL }
-};
-
-static imv_lang_string_t reason_tpm_quote_fail[] = {
- { "en", "Invalid TPM Quote signature received" },
- { "de", "Falsche TPM Quote Signature erhalten" },
- { "mn", "Буруу TPM Quote гарын үсэг" },
- { NULL, NULL }
-};
-
-METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
- private_imv_attestation_state_t *this)
-{
- return this->connection_id;
-}
-
-METHOD(imv_state_t, has_long, bool,
- private_imv_attestation_state_t *this)
-{
- return this->has_long;
-}
-
-METHOD(imv_state_t, has_excl, bool,
- private_imv_attestation_state_t *this)
-{
- return this->has_excl;
-}
-
-METHOD(imv_state_t, set_flags, void,
- private_imv_attestation_state_t *this, bool has_long, bool has_excl)
-{
- this->has_long = has_long;
- this->has_excl = has_excl;
-}
-
-METHOD(imv_state_t, set_max_msg_len, void,
- private_imv_attestation_state_t *this, uint32_t max_msg_len)
-{
- this->max_msg_len = max_msg_len;
-}
-
-METHOD(imv_state_t, get_max_msg_len, uint32_t,
- private_imv_attestation_state_t *this)
-{
- return this->max_msg_len;
-}
-
-METHOD(imv_state_t, set_action_flags, void,
- private_imv_attestation_state_t *this, uint32_t flags)
-{
- this->action_flags |= flags;
-}
-
-METHOD(imv_state_t, get_action_flags, uint32_t,
- private_imv_attestation_state_t *this)
-{
- return this->action_flags;
-}
-
-METHOD(imv_state_t, set_session, void,
- private_imv_attestation_state_t *this, imv_session_t *session)
-{
- this->session = session;
-}
-
-METHOD(imv_state_t, get_session, imv_session_t*,
- private_imv_attestation_state_t *this)
-{
- return this->session;
-}
-
-METHOD(imv_state_t, change_state, void,
- private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
-{
- this->state = new_state;
-}
-
-METHOD(imv_state_t, get_recommendation, void,
- private_imv_attestation_state_t *this, TNC_IMV_Action_Recommendation *rec,
- TNC_IMV_Evaluation_Result *eval)
-{
- *rec = this->rec;
- *eval = this->eval;
-}
-
-METHOD(imv_state_t, set_recommendation, void,
- private_imv_attestation_state_t *this, TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- this->rec = rec;
- this->eval = eval;
-}
-
-METHOD(imv_state_t, update_recommendation, void,
- private_imv_attestation_state_t *this, TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- this->rec = tncif_policy_update_recommendation(this->rec, rec);
- this->eval = tncif_policy_update_evaluation(this->eval, eval);
-}
-
-METHOD(imv_attestation_state_t, add_file_meas_reasons, void,
- private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
-{
- if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL)
- {
- reason_string->add_reason(reason_string, reason_file_meas_fail);
- }
- if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND)
- {
- reason_string->add_reason(reason_string, reason_file_meas_pend);
- }
-}
-
-METHOD(imv_attestation_state_t, add_comp_evid_reasons, void,
- private_imv_attestation_state_t *this, imv_reason_string_t *reason_string)
-{
- if (this->measurement_error & IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK)
- {
- reason_string->add_reason(reason_string, reason_no_trusted_aik);
- }
- if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL)
- {
- reason_string->add_reason(reason_string, reason_comp_evid_fail);
- }
- if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND)
- {
- reason_string->add_reason(reason_string, reason_comp_evid_pend);
- }
- if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)
- {
- reason_string->add_reason(reason_string, reason_tpm_quote_fail);
- }
-}
-
-METHOD(imv_state_t, get_reason_string, bool,
- private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
- chunk_t *reason_string, char **reason_language)
-{
- *reason_language = imv_lang_string_select_lang(language_enumerator,
- languages, countof(languages));
-
- /* Instantiate a TNC Reason String object */
- DESTROY_IF(this->reason_string);
- this->reason_string = imv_reason_string_create(*reason_language, "\n");
- add_file_meas_reasons(this, this->reason_string);
- add_comp_evid_reasons(this, this->reason_string);
- *reason_string = this->reason_string->get_encoding(this->reason_string);
-
- return TRUE;
-}
-
-METHOD(imv_state_t, get_remediation_instructions, bool,
- private_imv_attestation_state_t *this, enumerator_t *language_enumerator,
- chunk_t *string, char **lang_code, char **uri)
-{
- return FALSE;
-}
-
-METHOD(imv_state_t, destroy, void,
- private_imv_attestation_state_t *this)
-{
- DESTROY_IF(this->session);
- DESTROY_IF(this->reason_string);
- this->components->destroy_function(this->components, (void *)free_func_comp);
- this->pts->destroy(this->pts);
- free(this);
-}
-
-METHOD(imv_attestation_state_t, get_handshake_state,
- imv_attestation_handshake_state_t, private_imv_attestation_state_t *this)
-{
- return this->handshake_state;
-}
-
-METHOD(imv_attestation_state_t, set_handshake_state, void,
- private_imv_attestation_state_t *this,
- imv_attestation_handshake_state_t new_state)
-{
- this->handshake_state = new_state;
-}
-
-METHOD(imv_attestation_state_t, get_pts, pts_t*,
- private_imv_attestation_state_t *this)
-{
- return this->pts;
-}
-
-METHOD(imv_attestation_state_t, create_component, pts_component_t*,
- private_imv_attestation_state_t *this, pts_comp_func_name_t *name,
- uint32_t depth, pts_database_t *pts_db)
-{
- enumerator_t *enumerator;
- func_comp_t *entry, *new_entry;
- pts_component_t *component;
- bool found = FALSE;
-
- enumerator = this->components->create_enumerator(this->components);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (name->equals(name, entry->comp->get_comp_func_name(entry->comp)))
- {
- found = TRUE;
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (found)
- {
- if (name->equals(name, entry->name))
- {
- /* duplicate entry */
- return NULL;
- }
- new_entry = malloc_thing(func_comp_t);
- new_entry->name = name->clone(name);
- new_entry->comp = entry->comp->get_ref(entry->comp);
- this->components->insert_last(this->components, new_entry);
- return entry->comp;
- }
- else
- {
- component = pts_components->create(pts_components, name, depth, pts_db);
- if (!component)
- {
- /* unsupported component */
- return NULL;
- }
- new_entry = malloc_thing(func_comp_t);
- new_entry->name = name->clone(name);
- new_entry->comp = component;
- this->components->insert_last(this->components, new_entry);
- return component;
- }
-}
-
-/**
- * Enumerate file measurement entries
- */
-static bool entry_filter(void *null, func_comp_t **entry, uint8_t *flags,
- void *i2, uint32_t *depth,
- void *i3, pts_comp_func_name_t **comp_name)
-{
- pts_component_t *comp;
- pts_comp_func_name_t *name;
-
- comp = (*entry)->comp;
- name = (*entry)->name;
-
- *flags = comp->get_evidence_flags(comp);
- *depth = comp->get_depth(comp);
- *comp_name = name;
-
- return TRUE;
-}
-
-METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*,
- private_imv_attestation_state_t *this)
-{
- return enumerator_create_filter(
- this->components->create_enumerator(this->components),
- (void*)entry_filter, NULL, NULL);
-}
-
-METHOD(imv_attestation_state_t, get_component, pts_component_t*,
- private_imv_attestation_state_t *this, pts_comp_func_name_t *name)
-{
- enumerator_t *enumerator;
- func_comp_t *entry;
- pts_component_t *found = NULL;
-
- enumerator = this->components->create_enumerator(this->components);
- while (enumerator->enumerate(enumerator, &entry))
- {
- if (name->equals(name, entry->name))
- {
- found = entry->comp;
- break;
- }
- }
- enumerator->destroy(enumerator);
- return found;
-}
-
-METHOD(imv_attestation_state_t, get_measurement_error, uint32_t,
- private_imv_attestation_state_t *this)
-{
- return this->measurement_error;
-}
-
-METHOD(imv_attestation_state_t, set_measurement_error, void,
- private_imv_attestation_state_t *this, uint32_t error)
-{
- this->measurement_error |= error;
-}
-
-METHOD(imv_attestation_state_t, finalize_components, void,
- private_imv_attestation_state_t *this, bio_writer_t *result)
-{
- func_comp_t *entry;
- bool first = TRUE;
-
- while (this->components->remove_last(this->components,
- (void**)&entry) == SUCCESS)
- {
- if (first)
- {
- first = FALSE;
- }
- else
- {
- result->write_data(result, chunk_from_str("; "));
- }
- if (!entry->comp->finalize(entry->comp,
- entry->name->get_qualifier(entry->name),
- result))
- {
- set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND);
- }
- free_func_comp(entry);
- }
-}
-
-/**
- * Described in header.
- */
-imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
-{
- private_imv_attestation_state_t *this;
-
- INIT(this,
- .public = {
- .interface = {
- .get_connection_id = _get_connection_id,
- .has_long = _has_long,
- .has_excl = _has_excl,
- .set_flags = _set_flags,
- .set_max_msg_len = _set_max_msg_len,
- .get_max_msg_len = _get_max_msg_len,
- .set_action_flags = _set_action_flags,
- .get_action_flags = _get_action_flags,
- .set_session = _set_session,
- .get_session = _get_session,
- .change_state = _change_state,
- .get_recommendation = _get_recommendation,
- .set_recommendation = _set_recommendation,
- .update_recommendation = _update_recommendation,
- .get_reason_string = _get_reason_string,
- .get_remediation_instructions = _get_remediation_instructions,
- .destroy = _destroy,
- },
- .get_handshake_state = _get_handshake_state,
- .set_handshake_state = _set_handshake_state,
- .get_pts = _get_pts,
- .create_component = _create_component,
- .create_component_enumerator = _create_component_enumerator,
- .get_component = _get_component,
- .finalize_components = _finalize_components,
- .get_measurement_error = _get_measurement_error,
- .set_measurement_error = _set_measurement_error,
- .add_file_meas_reasons = _add_file_meas_reasons,
- .add_comp_evid_reasons = _add_comp_evid_reasons,
- },
- .connection_id = connection_id,
- .state = TNC_CONNECTION_STATE_CREATE,
- .handshake_state = IMV_ATTESTATION_STATE_INIT,
- .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
- .components = linked_list_create(),
- .pts = pts_create(FALSE),
- );
-
- return &this->public.interface;
-}
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h
deleted file mode 100644
index b728575..0000000
--- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_attestation imv_attestation
- * @ingroup libpts_plugins
- *
- * @defgroup imv_attestation_state_t imv_attestation_state
- * @{ @ingroup imv_attestation
- */
-
-#ifndef IMV_ATTESTATION_STATE_H_
-#define IMV_ATTESTATION_STATE_H_
-
-#include <imv/imv_state.h>
-#include <imv/imv_reason_string.h>
-#include <pts/pts.h>
-#include <pts/pts_database.h>
-#include <pts/components/pts_component.h>
-
-#include <library.h>
-#include <bio/bio_writer.h>
-
-typedef struct imv_attestation_state_t imv_attestation_state_t;
-typedef enum imv_attestation_flag_t imv_attestation_flag_t;
-typedef enum imv_attestation_handshake_state_t imv_attestation_handshake_state_t;
-typedef enum imv_meas_error_t imv_meas_error_t;
-
-/**
- * IMV Attestation Flags set for completed actions
- */
-enum imv_attestation_flag_t {
- IMV_ATTESTATION_ATTR_PRODUCT_INFO = (1<<0),
- IMV_ATTESTATION_ATTR_STRING_VERSION = (1<<1),
- IMV_ATTESTATION_ATTR_DEVICE_ID = (1<<2),
- IMV_ATTESTATION_ATTR_MUST = (1<<3)-1,
- IMV_ATTESTATION_ATTR_REQ = (1<<3),
- IMV_ATTESTATION_ALGO = (1<<4),
- IMV_ATTESTATION_DH_NONCE = (1<<5),
- IMV_ATTESTATION_FILE_MEAS = (1<<6),
- IMV_ATTESTATION_REC = (1<<7)
-};
-
-/**
- * IMV Attestation Handshake States (state machine)
- */
-enum imv_attestation_handshake_state_t {
- IMV_ATTESTATION_STATE_INIT,
- IMV_ATTESTATION_STATE_DISCOVERY,
- IMV_ATTESTATION_STATE_NONCE_REQ,
- IMV_ATTESTATION_STATE_TPM_INIT,
- IMV_ATTESTATION_STATE_COMP_EVID,
- IMV_ATTESTATION_STATE_EVID_FINAL,
- IMV_ATTESTATION_STATE_END,
-};
-
-/**
- * IMV Measurement Error Types
- */
-enum imv_meas_error_t {
- IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL = 1,
- IMV_ATTESTATION_ERROR_FILE_MEAS_PEND = 2,
- IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK = 4,
- IMV_ATTESTATION_ERROR_COMP_EVID_FAIL = 8,
- IMV_ATTESTATION_ERROR_COMP_EVID_PEND = 16,
- IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 32
-};
-
-/**
- * Internal state of an imv_attestation_t connection instance
- */
-struct imv_attestation_state_t {
-
- /**
- * imv_state_t interface
- */
- imv_state_t interface;
-
- /**
- * Get state of the handshake
- *
- * @return the handshake state of IMV
- */
- imv_attestation_handshake_state_t (*get_handshake_state)(
- imv_attestation_state_t *this);
-
- /**
- * Set state of the handshake
- *
- * @param new_state the handshake state of IMV
- */
- void (*set_handshake_state)(imv_attestation_state_t *this,
- imv_attestation_handshake_state_t new_state);
-
- /**
- * Get the PTS object
- *
- * @return PTS object
- */
- pts_t* (*get_pts)(imv_attestation_state_t *this);
-
- /**
- * Create and add an entry to the list of Functional Components
- *
- * @param name Component Functional Name
- * @param depth Sub-component Depth
- * @param pts_db PTS measurement database
- * @return created functional component instance or NULL
- */
- pts_component_t* (*create_component)(imv_attestation_state_t *this,
- pts_comp_func_name_t *name,
- uint32_t depth,
- pts_database_t *pts_db);
-
- /**
- * Enumerate over all Functional Components
- *
- * @return Functional Component enumerator
- */
- enumerator_t* (*create_component_enumerator)(imv_attestation_state_t *this);
-
- /**
- * Get a Functional Component with a given name
- *
- * @param name Name of the requested Functional Component
- * @return Functional Component if found, NULL otherwise
- */
- pts_component_t* (*get_component)(imv_attestation_state_t *this,
- pts_comp_func_name_t *name);
-
- /**
- * Tell the Functional Components to finalize any measurement registrations
- * and to check if all expected measurements were received
- *
- * @param result Writer appending component measurement results
- */
- void (*finalize_components)(imv_attestation_state_t *this,
- bio_writer_t *result);
-
- /**
- * Indicates the types of measurement errors that occurred
- *
- * @return Measurement error flags
- */
- uint32_t (*get_measurement_error)(imv_attestation_state_t *this);
-
- /**
- * Call if a measurement error is encountered
- *
- * @param error Measurement error type
- */
- void (*set_measurement_error)(imv_attestation_state_t *this,
- uint32_t error);
-
- /**
- * Returns a concatenation of File Measurement reason strings
- *
- * @param reason_string Concatenated reason strings
- */
- void (*add_file_meas_reasons)(imv_attestation_state_t *this,
- imv_reason_string_t *reason_string);
-
- /**
- * Returns a concatenation of Component Evidence reason strings
- *
- * @param reason_string Concatenated reason strings
- */
- void (*add_comp_evid_reasons)(imv_attestation_state_t *this,
- imv_reason_string_t *reason_string);
-};
-
-/**
- * Create an imv_attestation_state_t instance
- *
- * @param id connection ID
- */
-imv_state_t* imv_attestation_state_create(TNC_ConnectionID id);
-
-#endif /** IMV_ATTESTATION_STATE_H_ @}*/
diff --git a/src/libpts/plugins/imv_swid/Makefile.am b/src/libpts/plugins/imv_swid/Makefile.am
deleted file mode 100644
index 77f33e6..0000000
--- a/src/libpts/plugins/imv_swid/Makefile.am
+++ /dev/null
@@ -1,23 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imv-swid.la
-
-imv_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- -ljson
-
-imv_swid_la_SOURCES = \
- imv_swid.c imv_swid_state.h imv_swid_state.c \
- imv_swid_agent.h imv_swid_agent.c \
- imv_swid_rest.h imv_swid_rest.c
-
-imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libpts/plugins/imv_swid/Makefile.in b/src/libpts/plugins/imv_swid/Makefile.in
deleted file mode 100644
index bd89a6f..0000000
--- a/src/libpts/plugins/imv_swid/Makefile.in
+++ /dev/null
@@ -1,762 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
- at SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libpts/plugins/imv_swid
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(imcvdir)"
-LTLIBRARIES = $(imcv_LTLIBRARIES)
-imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \
- imv_swid_agent.lo imv_swid_rest.lo
-imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS)
-AM_V_lt = $(am__v_lt_ at AM_V@)
-am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-imv_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(imv_swid_la_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_ at AM_V@)
-am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_ at AM_V@)
-am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_ at AM_V@)
-am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_ at AM_V@)
-am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(imv_swid_la_SOURCES)
-DIST_SOURCES = $(imv_swid_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-libdir = @libdir@
-libexecdir = @libexecdir@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -I$(top_srcdir)/src/libpts
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imv-swid.la
-imv_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libpts/libpts.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- -ljson
-
-imv_swid_la_SOURCES = \
- imv_swid.c imv_swid_state.h imv_swid_state.c \
- imv_swid_agent.h imv_swid_agent.c \
- imv_swid_rest.h imv_swid_rest.c
-
-imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpts/plugins/imv_swid/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libpts/plugins/imv_swid/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
- }
-
-uninstall-imcvLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
- done
-
-clean-imcvLTLIBRARIES:
- -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
- @list='$(imcv_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-imv-swid.la: $(imv_swid_la_OBJECTS) $(imv_swid_la_DEPENDENCIES) $(EXTRA_imv_swid_la_DEPENDENCIES)
- $(AM_V_CCLD)$(imv_swid_la_LINK) -rpath $(imcvdir) $(imv_swid_la_OBJECTS) $(imv_swid_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_swid.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_swid_agent.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_swid_rest.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/imv_swid_state.Plo at am__quote@
-
-.c.o:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
- at am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
- at am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
- at am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES)
-installdirs:
- for dir in "$(DESTDIR)$(imcvdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-imcvLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-imcvLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am \
- install-imcvLTLIBRARIES install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-imcvLTLIBRARIES
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.c b/src/libpts/plugins/imv_swid/imv_swid_agent.c
deleted file mode 100644
index 3053b26..0000000
--- a/src/libpts/plugins/imv_swid/imv_swid_agent.c
+++ /dev/null
@@ -1,717 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-#include <stdio.h>
-
-#include "imv_swid_agent.h"
-#include "imv_swid_state.h"
-#include "imv_swid_rest.h"
-
-#include "libpts.h"
-#include "swid/swid_error.h"
-#include "swid/swid_inventory.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-
-#include <imcv.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
-#include <imv/imv_agent.h>
-#include <imv/imv_msg.h>
-#include <ita/ita_attr.h>
-#include <ita/ita_attr_angel.h>
-
-#include <tncif_names.h>
-#include <tncif_pa_subtypes.h>
-
-#include <pen/pen.h>
-#include <utils/debug.h>
-#include <bio/bio_reader.h>
-
-typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
-
-/* Subscribed PA-TNC message subtypes */
-static pen_type_t msg_types[] = {
- { PEN_TCG, PA_SUBTYPE_TCG_SWID }
-};
-
-/**
- * Flag set when corresponding attribute has been received
- */
-enum imv_swid_attr_t {
- IMV_SWID_ATTR_TAG_INV = (1<<0),
- IMV_SWID_ATTR_TAG_ID_INV = (1<<1)
-};
-
-/**
- * Private data of an imv_swid_agent_t object.
- */
-struct private_imv_swid_agent_t {
-
- /**
- * Public members of imv_swid_agent_t
- */
- imv_agent_if_t public;
-
- /**
- * IMV agent responsible for generic functions
- */
- imv_agent_t *agent;
-
- /**
- * REST API to strongTNC manager
- */
- imv_swid_rest_t *rest_api;
-
-};
-
-METHOD(imv_agent_if_t, bind_functions, TNC_Result,
- private_imv_swid_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
-{
- return this->agent->bind_functions(this->agent, bind_function);
-}
-
-METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_ConnectionState new_state)
-{
- imv_state_t *state;
-
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_CREATE:
- state = imv_swid_state_create(id);
- return this->agent->create_state(this->agent, state);
- case TNC_CONNECTION_STATE_DELETE:
- return this->agent->delete_state(this->agent, id);
- default:
- return this->agent->change_state(this->agent, id, new_state, NULL);
- }
-}
-
-/**
- * Process a received message
- */
-static TNC_Result receive_msg(private_imv_swid_agent_t *this,
- imv_state_t *state, imv_msg_t *in_msg)
-{
- imv_swid_state_t *swid_state;
- imv_msg_t *out_msg;
- enumerator_t *enumerator;
- pa_tnc_attr_t *attr;
- TNC_Result result;
- bool fatal_error = FALSE;
-
- /* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
-
- swid_state = (imv_swid_state_t*)state;
-
- /* analyze PA-TNC attributes */
- enumerator = in_msg->create_attribute_enumerator(in_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- uint32_t request_id = 0, last_eid, eid_epoch;
- swid_inventory_t *inventory;
- pen_type_t type;
-
- type = attr->get_type(attr);
-
- if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pen_type_t error_code;
- chunk_t msg_info, description;
- bio_reader_t *reader;
- uint32_t max_attr_size;
- bool success;
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
-
- if (error_code.vendor_id == PEN_TCG)
- {
- fatal_error = TRUE;
- msg_info = error_attr->get_msg_info(error_attr);
- reader = bio_reader_create(msg_info);
- success = reader->read_uint32(reader, &request_id);
-
- DBG1(DBG_IMV, "received TCG error '%N' for request %d",
- swid_error_code_names, error_code.type, request_id);
- if (!success)
- {
- reader->destroy(reader);
- continue;
- }
- if (error_code.type == TCG_SWID_RESPONSE_TOO_LARGE)
- {
- if (!reader->read_uint32(reader, &max_attr_size))
- {
- reader->destroy(reader);
- continue;
- }
- DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes",
- max_attr_size);
- }
- description = reader->peek(reader);
- if (description.len)
- {
- DBG1(DBG_IMV, " description: %.*s", description.len,
- description.ptr);
- }
- reader->destroy(reader);
- }
- }
- else if (type.vendor_id == PEN_ITA)
- {
- switch (type.type)
- {
- case ITA_ATTR_START_ANGEL:
- swid_state->set_angel_count(swid_state, TRUE);
- continue;
- case ITA_ATTR_STOP_ANGEL:
- swid_state->set_angel_count(swid_state, FALSE);
- continue;
- default:
- continue;
- }
- }
- else if (type.vendor_id != PEN_TCG)
- {
- continue;
- }
-
- switch (type.type)
- {
- case TCG_SWID_TAG_ID_INVENTORY:
- {
- tcg_swid_attr_tag_id_inv_t *attr_cast;
- int tag_id_count;
-
- state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV);
-
- attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
- request_id = attr_cast->get_request_id(attr_cast);
- last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
- inventory = attr_cast->get_inventory(attr_cast);
- tag_id_count = inventory->get_count(inventory);
-
- DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s "
- "for request %d at eid %d of epoch 0x%08x",
- tag_id_count, (tag_id_count == 1) ? "" : "s",
- request_id, last_eid, eid_epoch);
-
- if (request_id == swid_state->get_request_id(swid_state))
- {
- swid_state->set_swid_inventory(swid_state, inventory);
- swid_state->set_count(swid_state, tag_id_count, 0);
- }
- else
- {
- DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory "
- "with request ID %d", request_id);
- }
- break;
- }
- case TCG_SWID_TAG_INVENTORY:
- {
- tcg_swid_attr_tag_inv_t *attr_cast;
- swid_tag_t *tag;
- chunk_t tag_encoding;
- json_object *jobj, *jarray, *jstring;
- char *tag_str;
- int tag_count;
- enumerator_t *e;
-
- state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV);
-
- attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
- request_id = attr_cast->get_request_id(attr_cast);
- last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
- inventory = attr_cast->get_inventory(attr_cast);
- tag_count = inventory->get_count(inventory);
-
- DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for "
- "request %d at eid %d of epoch 0x%08x",
- tag_count, (tag_count == 1) ? "" : "s",
- request_id, last_eid, eid_epoch);
-
-
- if (request_id == swid_state->get_request_id(swid_state))
- {
- swid_state->set_count(swid_state, 0, tag_count);
-
- if (this->rest_api)
- {
- jobj = json_object_new_object();
- jarray = json_object_new_array();
- json_object_object_add(jobj, "data", jarray);
-
- e = inventory->create_enumerator(inventory);
- while (e->enumerate(e, &tag))
- {
- tag_encoding = tag->get_encoding(tag);
- tag_str = strndup(tag_encoding.ptr, tag_encoding.len);
- DBG3(DBG_IMV, "%s", tag_str);
- jstring = json_object_new_string(tag_str);
- json_object_array_add(jarray, jstring);
- free(tag_str);
- }
- e->destroy(e);
-
- if (this->rest_api->post(this->rest_api,
- "swid/add-tags/", jobj, NULL) != SUCCESS)
- {
- DBG1(DBG_IMV, "error in REST API add-tags request");
- }
- json_object_put(jobj);
- }
- }
- else
- {
- DBG1(DBG_IMV, "no workitem found for SWID tag inventory "
- "with request ID %d", request_id);
- }
- }
- default:
- continue;
- }
- }
- enumerator->destroy(enumerator);
-
- if (fatal_error)
- {
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- TNC_IMV_EVALUATION_RESULT_ERROR);
- out_msg = imv_msg_create_as_reply(in_msg);
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- return TNC_RESULT_SUCCESS;
-}
-
-METHOD(imv_agent_if_t, receive_message, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_MessageType msg_type, chunk_t msg)
-{
- imv_state_t *state;
- imv_msg_t *in_msg;
- TNC_Result result;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg);
- result = receive_msg(this, state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
- TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg)
-{
- imv_state_t *state;
- imv_msg_t *in_msg;
- TNC_Result result;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imv_msg_create_from_long_data(this->agent, state, id,
- src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg);
- result = receive_msg(this, state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-
-}
-
-METHOD(imv_agent_if_t, batch_ending, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id)
-{
- imv_msg_t *out_msg;
- imv_state_t *state;
- imv_session_t *session;
- imv_workitem_t *workitem;
- imv_swid_state_t *swid_state;
- imv_swid_handshake_state_t handshake_state;
- pa_tnc_attr_t *attr;
- TNC_IMVID imv_id;
- TNC_Result result = TNC_RESULT_SUCCESS;
- bool no_workitems = TRUE;
- uint32_t request_id, received;
- uint8_t flags;
- enumerator_t *enumerator;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- swid_state = (imv_swid_state_t*)state;
- handshake_state = swid_state->get_handshake_state(swid_state);
- session = state->get_session(state);
- imv_id = this->agent->get_id(this->agent);
-
- if (handshake_state == IMV_SWID_STATE_END)
- {
- return TNC_RESULT_SUCCESS;
- }
-
- /* Create an empty out message - we might need it */
- out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
- msg_types[0]);
-
- if (!imcv_db)
- {
- DBG2(DBG_IMV, "no workitems available - no evaluation possible");
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
-
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- /* Look for SWID tag workitem and create SWID tag request */
- if (handshake_state == IMV_SWID_STATE_INIT &&
- session->get_policy_started(session))
- {
- enumerator = session->create_workitem_enumerator(session);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY ||
- workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS)
- {
- continue;
- }
-
- flags = TCG_SWID_ATTR_REQ_FLAG_NONE;
- if (strchr(workitem->get_arg_str(workitem), 'R'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_R;
- }
- if (strchr(workitem->get_arg_str(workitem), 'S'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_S;
- }
- if (strchr(workitem->get_arg_str(workitem), 'C'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_C;
- }
- request_id = workitem->get_id(workitem);
- swid_state->set_request_id(swid_state, request_id);
- attr = tcg_swid_attr_req_create(flags, request_id, 0);
- out_msg->add_attribute(out_msg, attr);
- workitem->set_imv_id(workitem, imv_id);
- no_workitems = FALSE;
- DBG2(DBG_IMV, "IMV %d issues SWID request %d",
- imv_id, request_id);
- break;
- }
- enumerator->destroy(enumerator);
-
- if (no_workitems)
- {
- DBG2(DBG_IMV, "IMV %d has no workitems - "
- "no evaluation requested", imv_id);
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- }
- handshake_state = IMV_SWID_STATE_WORKITEMS;
- swid_state->set_handshake_state(swid_state, handshake_state);
- }
- }
-
- received = state->get_action_flags(state);
-
- if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
- (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) &&
- swid_state->get_angel_count(swid_state) <= 0)
- {
- TNC_IMV_Evaluation_Result eval;
- TNC_IMV_Action_Recommendation rec;
- char result_str[BUF_LEN], *error_str = "", *command;
- char *target, *separator;
- int tag_id_count, tag_count, i;
- size_t max_attr_size, attr_size, entry_size;
- chunk_t tag_creator, unique_sw_id;
- json_object *jrequest, *jresponse, *jvalue;
- tcg_swid_attr_req_t *cast_attr;
- swid_tag_id_t *tag_id;
- status_t status = SUCCESS;
-
- if (this->rest_api && (received & IMV_SWID_ATTR_TAG_ID_INV))
- {
- if (asprintf(&command, "sessions/%d/swid-measurement/",
- session->get_session_id(session, NULL, NULL)) < 0)
- {
- error_str = "allocation of command string failed";
- status = FAILED;
- }
- else
- {
- jrequest = swid_state->get_swid_inventory(swid_state);
- status = this->rest_api->post(this->rest_api, command,
- jrequest, &jresponse);
- if (status == FAILED)
- {
- error_str = "error in REST API swid-measurement request";
- }
- free(command);
- }
- }
-
- switch (status)
- {
- case SUCCESS:
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
- {
- swid_state->get_count(swid_state, &tag_id_count,
- &tag_count);
- snprintf(result_str, BUF_LEN, "received inventory of "
- "%d SWID tag ID%s and %d SWID tag%s",
- tag_id_count, (tag_id_count == 1) ? "" : "s",
- tag_count, (tag_count == 1) ? "" : "s");
- session->remove_workitem(session, enumerator);
-
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- break;
- }
- }
- enumerator->destroy(enumerator);
- break;
- case NEED_MORE:
- if (received & IMV_SWID_ATTR_TAG_INV)
- {
- error_str = "not all requested SWID tags were received";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
- if (json_object_get_type(jresponse) != json_type_array)
- {
- error_str = "response was not a json_array";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
-
- /* Compute the maximum TCG SWID Request attribute size */
- max_attr_size = state->get_max_msg_len(state) -
- PA_TNC_HEADER_SIZE;
-
- /* Create the [first] TCG SWID Request attribute */
- attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_REQ_MIN_SIZE;
- attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE,
- swid_state->get_request_id(swid_state), 0);
-
- tag_id_count = json_object_array_length(jresponse);
- DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count,
- (tag_id_count == 1) ? "" : "s");
-
- for (i = 0; i < tag_id_count; i++)
- {
- jvalue = json_object_array_get_idx(jresponse, i);
- if (json_object_get_type(jvalue) != json_type_string)
- {
- error_str = "json_string element expected in json_array";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
- target = (char*)json_object_get_string(jvalue);
- DBG1(DBG_IMV, " %s", target);
-
- /* Separate target into tag_creator and unique_sw_id */
- separator = strchr(target, '_');
- if (!separator)
- {
- error_str = "separation of regid from "
- "unique software ID failed";
- break;
- }
- tag_creator = chunk_create(target, separator - target);
- separator++;
- unique_sw_id = chunk_create(separator, strlen(target) -
- tag_creator.len - 1);
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id,
- chunk_empty);
- entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len;
-
- /* Have we reached the maximum attribute size? */
- if (attr_size + entry_size > max_attr_size)
- {
- out_msg->add_attribute(out_msg, attr);
- attr_size = PA_TNC_ATTR_HEADER_SIZE +
- TCG_SWID_REQ_MIN_SIZE;
- attr = tcg_swid_attr_req_create(
- TCG_SWID_ATTR_REQ_FLAG_NONE,
- swid_state->get_request_id(swid_state), 0);
- }
- cast_attr = (tcg_swid_attr_req_t*)attr;
- cast_attr->add_target(cast_attr, tag_id);
- }
- json_object_put(jresponse);
-
- out_msg->add_attribute(out_msg, attr);
- break;
- case FAILED:
- default:
- break;
- }
-
- if (status == FAILED)
- {
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
- {
- session->remove_workitem(session, enumerator);
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- rec = workitem->set_result(workitem, error_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- break;
- }
- }
- enumerator->destroy(enumerator);
- }
- }
-
- /* finalized all workitems ? */
- if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
- session->get_workitem_count(session, imv_id) == 0)
- {
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
-
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- /* send non-empty PA-TNC message with excl flag not set */
- if (out_msg->get_attribute_count(out_msg))
- {
- result = out_msg->send(out_msg, FALSE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id)
-{
- imv_state_t *state;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- return this->agent->provide_recommendation(this->agent, state);
-}
-
-METHOD(imv_agent_if_t, destroy, void,
- private_imv_swid_agent_t *this)
-{
- DESTROY_IF(this->rest_api);
- this->agent->destroy(this->agent);
- free(this);
- libpts_deinit();
-}
-
-/**
- * Described in header.
- */
-imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
- TNC_Version *actual_version)
-{
- private_imv_swid_agent_t *this;
- imv_agent_t *agent;
- char *rest_api_uri;
- u_int rest_api_timeout;
-
- agent = imv_agent_create(name, msg_types, countof(msg_types), id,
- actual_version);
- if (!agent)
- {
- return NULL;
- }
-
- INIT(this,
- .public = {
- .bind_functions = _bind_functions,
- .notify_connection_change = _notify_connection_change,
- .receive_message = _receive_message,
- .receive_message_long = _receive_message_long,
- .batch_ending = _batch_ending,
- .solicit_recommendation = _solicit_recommendation,
- .destroy = _destroy,
- },
- .agent = agent,
- );
-
- rest_api_uri = lib->settings->get_str(lib->settings,
- "%s.plugins.imv-swid.rest_api_uri", NULL, lib->ns);
- rest_api_timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns);
- if (rest_api_uri)
- {
- this->rest_api = imv_swid_rest_create(rest_api_uri, rest_api_timeout);
- }
- libpts_init();
-
- return &this->public;
-}
-
diff --git a/src/libpts/plugins/imv_swid/imv_swid_rest.h b/src/libpts/plugins/imv_swid/imv_swid_rest.h
deleted file mode 100644
index 93e3d6a..0000000
--- a/src/libpts/plugins/imv_swid/imv_swid_rest.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_swid imv_swid
- * @ingroup libimcv_plugins
- *
- * @defgroup imv_swid_rest_t imv_swid_rest
- * @{ @ingroup imv_swid
- */
-
-#ifndef IMV_SWID_REST_H_
-#define IMV_SWID_REST_H_
-
-#include <library.h>
-
-#include <json/json.h>
-
-typedef struct imv_swid_rest_t imv_swid_rest_t;
-
-/**
- * Public REST interface
- */
-struct imv_swid_rest_t {
-
- /**
- * Post a HTTP request including a JSON object
- *
- * @param jreq JSON object in HTTP request
- * @param jresp JSON object in HTTP response if NEED_MORE
- * @return Status (SUCCESS, NEED_MORE or FAILED)
- */
- status_t (*post)(imv_swid_rest_t *this, char *command, json_object *jreq,
- json_object **jresp);
-
- /**
- * Destroy imv_swid_rest_t object
- */
- void (*destroy)(imv_swid_rest_t *this);
-
-};
-
-/**
- * Create an imv_swid_rest_t instance
- *
- * @param uri REST URI (http://username:password@hostname[:port]/api/)
- * @param timeout Timeout of the REST connection
- */
-imv_swid_rest_t* imv_swid_rest_create(char *uri, u_int timeout);
-
-#endif /** IMV_SWID_REST_H_ @}*/
diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.c b/src/libpts/plugins/imv_swid/imv_swid_state.c
deleted file mode 100644
index c68b57e..0000000
--- a/src/libpts/plugins/imv_swid/imv_swid_state.c
+++ /dev/null
@@ -1,388 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imv_swid_state.h"
-
-#include <imv/imv_lang_string.h>
-#include <imv/imv_reason_string.h>
-#include <imv/imv_remediation_string.h>
-#include <swid/swid_tag_id.h>
-
-#include <tncif_policy.h>
-
-#include <utils/lexparser.h>
-#include <utils/debug.h>
-
-typedef struct private_imv_swid_state_t private_imv_swid_state_t;
-
-/**
- * Private data of an imv_swid_state_t object.
- */
-struct private_imv_swid_state_t {
-
- /**
- * Public members of imv_swid_state_t
- */
- imv_swid_state_t public;
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID connection_id;
-
- /**
- * TNCCS connection state
- */
- TNC_ConnectionState state;
-
- /**
- * Does the TNCCS connection support long message types?
- */
- bool has_long;
-
- /**
- * Does the TNCCS connection support exclusive delivery?
- */
- bool has_excl;
-
- /**
- * Maximum PA-TNC message size for this TNCCS connection
- */
- uint32_t max_msg_len;
-
- /**
- * Flags set for completed actions
- */
- uint32_t action_flags;
-
- /**
- * IMV database session associatied with TNCCS connection
- */
- imv_session_t *session;
-
- /**
- * IMV action recommendation
- */
- TNC_IMV_Action_Recommendation rec;
-
- /**
- * IMV evaluation result
- */
- TNC_IMV_Evaluation_Result eval;
-
- /**
- * IMV Scanner handshake state
- */
- imv_swid_handshake_state_t handshake_state;
-
- /**
- * TNC Reason String
- */
- imv_reason_string_t *reason_string;
-
- /**
- * IETF Remediation Instructions String
- */
- imv_remediation_string_t *remediation_string;
-
- /**
- * SWID Tag Request ID
- */
- uint32_t request_id;
-
- /**
- * Number of processed SWID Tag IDs
- */
- int tag_id_count;
-
- /**
- * Number of processed SWID Tags
- */
- int tag_count;
-
- /**
- * Top level JSON object
- */
- json_object *jobj;
-
- /**
- * JSON array containing an inventory of SWID Tag IDs
- */
- json_object *jarray;
-
- /**
- * Angel count
- */
- int angel_count;
-
-};
-
-METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
- private_imv_swid_state_t *this)
-{
- return this->connection_id;
-}
-
-METHOD(imv_state_t, has_long, bool,
- private_imv_swid_state_t *this)
-{
- return this->has_long;
-}
-
-METHOD(imv_state_t, has_excl, bool,
- private_imv_swid_state_t *this)
-{
- return this->has_excl;
-}
-
-METHOD(imv_state_t, set_flags, void,
- private_imv_swid_state_t *this, bool has_long, bool has_excl)
-{
- this->has_long = has_long;
- this->has_excl = has_excl;
-}
-
-METHOD(imv_state_t, set_max_msg_len, void,
- private_imv_swid_state_t *this, uint32_t max_msg_len)
-{
- this->max_msg_len = max_msg_len;
-}
-
-METHOD(imv_state_t, get_max_msg_len, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->max_msg_len;
-}
-
-METHOD(imv_state_t, set_action_flags, void,
- private_imv_swid_state_t *this, uint32_t flags)
-{
- this->action_flags |= flags;
-}
-
-METHOD(imv_state_t, get_action_flags, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->action_flags;
-}
-
-METHOD(imv_state_t, set_session, void,
- private_imv_swid_state_t *this, imv_session_t *session)
-{
- this->session = session;
-}
-
-METHOD(imv_state_t, get_session, imv_session_t*,
- private_imv_swid_state_t *this)
-{
- return this->session;
-}
-
-METHOD(imv_state_t, change_state, void,
- private_imv_swid_state_t *this, TNC_ConnectionState new_state)
-{
- this->state = new_state;
-}
-
-METHOD(imv_state_t, get_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation *rec,
- TNC_IMV_Evaluation_Result *eval)
-{
- *rec = this->rec;
- *eval = this->eval;
-}
-
-METHOD(imv_state_t, set_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- this->rec = rec;
- this->eval = eval;
-}
-
-METHOD(imv_state_t, update_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- this->rec = tncif_policy_update_recommendation(this->rec, rec);
- this->eval = tncif_policy_update_evaluation(this->eval, eval);
-}
-
-METHOD(imv_state_t, get_reason_string, bool,
- private_imv_swid_state_t *this, enumerator_t *language_enumerator,
- chunk_t *reason_string, char **reason_language)
-{
- return FALSE;
-}
-
-METHOD(imv_state_t, get_remediation_instructions, bool,
- private_imv_swid_state_t *this, enumerator_t *language_enumerator,
- chunk_t *string, char **lang_code, char **uri)
-{
- return FALSE;
-}
-
-METHOD(imv_state_t, destroy, void,
- private_imv_swid_state_t *this)
-{
- json_object_put(this->jobj);
- DESTROY_IF(this->session);
- DESTROY_IF(this->reason_string);
- DESTROY_IF(this->remediation_string);
- free(this);
-}
-
-METHOD(imv_swid_state_t, set_handshake_state, void,
- private_imv_swid_state_t *this, imv_swid_handshake_state_t new_state)
-{
- this->handshake_state = new_state;
-}
-
-METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t,
- private_imv_swid_state_t *this)
-{
- return this->handshake_state;
-}
-
-METHOD(imv_swid_state_t, set_request_id, void,
- private_imv_swid_state_t *this, uint32_t request_id)
-{
- this->request_id = request_id;
-}
-
-METHOD(imv_swid_state_t, get_request_id, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->request_id;
-}
-
-METHOD(imv_swid_state_t, set_swid_inventory, void,
- private_imv_swid_state_t *this, swid_inventory_t *inventory)
-{
- chunk_t tag_creator, unique_sw_id;
- char software_id[256];
- json_object *jstring;
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
-
- enumerator = inventory->create_enumerator(inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- /* Construct software ID from tag creator and unique software ID */
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- snprintf(software_id, 256, "%.*s_%.*s",
- tag_creator.len, tag_creator.ptr,
- unique_sw_id.len, unique_sw_id.ptr);
- DBG3(DBG_IMV, " %s", software_id);
-
- /* Add software ID to JSON array */
- jstring = json_object_new_string(software_id);
- json_object_array_add(this->jarray, jstring);
- }
- enumerator->destroy(enumerator);
-}
-
-METHOD(imv_swid_state_t, get_swid_inventory, json_object*,
- private_imv_swid_state_t *this)
-{
- return this->jobj;
-}
-
-METHOD(imv_swid_state_t, set_count, void,
- private_imv_swid_state_t *this, int tag_id_count, int tag_count)
-{
- this->tag_id_count += tag_id_count;
- this->tag_count += tag_count;
-}
-
-METHOD(imv_swid_state_t, get_count, void,
- private_imv_swid_state_t *this, int *tag_id_count, int *tag_count)
-{
- if (tag_id_count)
- {
- *tag_id_count = this->tag_id_count;
- }
- if (tag_count)
- {
- *tag_count = this->tag_count;
- }
-}
-
-METHOD(imv_swid_state_t, set_angel_count, void,
- private_imv_swid_state_t *this, bool start)
-{
- this->angel_count += start ? 1 : -1;
-}
-
-METHOD(imv_swid_state_t, get_angel_count, int,
- private_imv_swid_state_t *this)
-{
- return this->angel_count;
-}
-
-/**
- * Described in header.
- */
-imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
-{
- private_imv_swid_state_t *this;
-
- INIT(this,
- .public = {
- .interface = {
- .get_connection_id = _get_connection_id,
- .has_long = _has_long,
- .has_excl = _has_excl,
- .set_flags = _set_flags,
- .set_max_msg_len = _set_max_msg_len,
- .get_max_msg_len = _get_max_msg_len,
- .set_action_flags = _set_action_flags,
- .get_action_flags = _get_action_flags,
- .set_session = _set_session,
- .get_session= _get_session,
- .change_state = _change_state,
- .get_recommendation = _get_recommendation,
- .set_recommendation = _set_recommendation,
- .update_recommendation = _update_recommendation,
- .get_reason_string = _get_reason_string,
- .get_remediation_instructions = _get_remediation_instructions,
- .destroy = _destroy,
- },
- .set_handshake_state = _set_handshake_state,
- .get_handshake_state = _get_handshake_state,
- .set_request_id = _set_request_id,
- .get_request_id = _get_request_id,
- .set_swid_inventory = _set_swid_inventory,
- .get_swid_inventory = _get_swid_inventory,
- .set_count = _set_count,
- .get_count = _get_count,
- .set_angel_count = _set_angel_count,
- .get_angel_count = _get_angel_count,
- },
- .state = TNC_CONNECTION_STATE_CREATE,
- .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
- .connection_id = connection_id,
- .jobj = json_object_new_object(),
- .jarray = json_object_new_array(),
- );
-
- json_object_object_add(this->jobj, "data", this->jarray);
-
- return &this->public.interface;
-}
-
-
diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.h b/src/libpts/plugins/imv_swid/imv_swid_state.h
deleted file mode 100644
index 7ffabfd..0000000
--- a/src/libpts/plugins/imv_swid/imv_swid_state.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_swid imv_swid
- * @ingroup libimcv_plugins
- *
- * @defgroup imv_swid_state_t imv_swid_state
- * @{ @ingroup imv_swid
- */
-
-#ifndef IMV_SWID_STATE_H_
-#define IMV_SWID_STATE_H_
-
-#include <imv/imv_state.h>
-#include <swid/swid_inventory.h>
-#include <library.h>
-
-#include <json/json.h>
-
-typedef struct imv_swid_state_t imv_swid_state_t;
-typedef enum imv_swid_handshake_state_t imv_swid_handshake_state_t;
-
-/**
- * IMV OS Handshake States (state machine)
- */
-enum imv_swid_handshake_state_t {
- IMV_SWID_STATE_INIT,
- IMV_SWID_STATE_WORKITEMS,
- IMV_SWID_STATE_END
-};
-
-/**
- * Internal state of an imv_swid_t connection instance
- */
-struct imv_swid_state_t {
-
- /**
- * imv_state_t interface
- */
- imv_state_t interface;
-
- /**
- * Set state of the handshake
- *
- * @param new_state the handshake state of IMV
- */
- void (*set_handshake_state)(imv_swid_state_t *this,
- imv_swid_handshake_state_t new_state);
-
- /**
- * Get state of the handshake
- *
- * @return the handshake state of IMV
- */
- imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
-
- /**
- * Set the SWID request ID
- *
- * @param request_id SWID request ID to be set
- */
- void (*set_request_id)(imv_swid_state_t *this, uint32_t request_id);
-
- /**
- * Get the SWID request ID
- *
- * @return SWID request ID
- */
- uint32_t (*get_request_id)(imv_swid_state_t *this);
-
- /**
- * Set or extend the SWID Tag ID inventory in the state
- *
- * @param inventory SWID Tags ID inventory to be added
- */
- void (*set_swid_inventory)(imv_swid_state_t *this, swid_inventory_t *inventory);
-
- /**
- * Get the encoding of the complete SWID Tag ID inventory
- *
- * @return SWID Tags ID inventory as a JSON array
- */
- json_object* (*get_swid_inventory)(imv_swid_state_t *this);
-
- /**
- * Set [or with multiple attributes increment] SWID Tag [ID] counters
- *
- * @param tag_id_count Number of received SWID Tag IDs
- * @param tag_count Number of received SWID Tags
- */
- void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count);
-
- /**
- * Set [or with multiple attributes increment] SWID Tag [ID] counters
- *
- * @param tag_id_count Number of received SWID Tag IDs
- * @param tag_count Number of received SWID Tags
- */
- void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count);
-
- /**
- * Increase/Decrease the ITA Angel count
- *
- * @param start TRUE increases and FALSE decreases count by one
- */
- void (*set_angel_count)(imv_swid_state_t *this, bool start);
-
- /**
- * Get the ITA Angel count
- *
- * @return ITA Angel count
- */
- int (*get_angel_count)(imv_swid_state_t *this);
-
-};
-
-/**
- * Create an imv_swid_state_t instance
- *
- * @param id connection ID
- */
-imv_state_t* imv_swid_state_create(TNC_ConnectionID id);
-
-#endif /** IMV_SWID_STATE_H_ @}*/
diff --git a/src/libpts/pts/components/ita/ita_comp_ima.c b/src/libpts/pts/components/ita/ita_comp_ima.c
deleted file mode 100644
index be8aa40..0000000
--- a/src/libpts/pts/components/ita/ita_comp_ima.c
+++ /dev/null
@@ -1,914 +0,0 @@
-/*
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "ita_comp_ima.h"
-#include "ita_comp_func_name.h"
-
-#include "libpts.h"
-#include "pts/pts_pcr.h"
-#include "pts/pts_ima_bios_list.h"
-#include "pts/pts_ima_event_list.h"
-#include "pts/components/pts_component.h"
-
-#include <utils/debug.h>
-#include <crypto/hashers/hasher.h>
-#include <pen/pen.h>
-
-#define SECURITY_DIR "/sys/kernel/security/"
-#define IMA_BIOS_MEASUREMENTS SECURITY_DIR "tpm0/binary_bios_measurements"
-#define IMA_RUNTIME_MEASUREMENTS SECURITY_DIR "ima/binary_runtime_measurements"
-#define IMA_FILENAME_LEN_MAX 255
-
-typedef struct pts_ita_comp_ima_t pts_ita_comp_ima_t;
-typedef enum ima_state_t ima_state_t;
-
-enum ima_state_t {
- IMA_STATE_INIT,
- IMA_STATE_BIOS,
- IMA_STATE_BOOT_AGGREGATE,
- IMA_STATE_RUNTIME,
- IMA_STATE_END
-};
-
-/**
- * Private data of a pts_ita_comp_ima_t object.
- *
- */
-struct pts_ita_comp_ima_t {
-
- /**
- * Public pts_component_t interface.
- */
- pts_component_t public;
-
- /**
- * Component Functional Name
- */
- pts_comp_func_name_t *name;
-
- /**
- * Sub-component depth
- */
- uint32_t depth;
-
- /**
- * PTS measurement database
- */
- pts_database_t *pts_db;
-
- /**
- * Primary key for AIK database entry
- */
- int aik_id;
-
- /**
- * Primary key for IMA BIOS Component Functional Name database entry
- */
- int bios_cid;
-
- /**
- * Primary key for IMA Runtime Component Functional Name database entry
- */
- int ima_cid;
-
- /**
- * Component is registering IMA BIOS measurements
- */
- bool is_bios_registering;
-
- /**
- * Component is registering IMA boot aggregate measurement
- */
- bool is_ima_registering;
-
- /**
- * Measurement sequence number
- */
- int seq_no;
-
- /**
- * Expected IMA BIOS measurement count
- */
- int bios_count;
-
- /**
- * IMA BIOS measurements
- */
- pts_ima_bios_list_t *bios_list;
-
- /**
- * IMA runtime file measurements
- */
- pts_ima_event_list_t *ima_list;
-
- /**
- * Whether to send pcr_before and pcr_after info
- */
- bool pcr_info;
-
- /**
- * Creation time of measurement
- */
- time_t creation_time;
-
- /**
- * IMA state machine
- */
- ima_state_t state;
-
- /**
- * Total number of component measurements
- */
- int count;
-
- /**
- * Number of successful component measurements
- */
- int count_ok;
-
- /**
- * Number of unknown component measurements
- */
- int count_unknown;
-
- /**
- * Number of differing component measurements
- */
- int count_differ;
-
- /**
- * Number of failed component measurements
- */
- int count_failed;
-
- /**
- * Reference count
- */
- refcount_t ref;
-
-};
-
-/**
- * Extend measurement into PCR and create evidence
- */
-static pts_comp_evidence_t* extend_pcr(pts_ita_comp_ima_t* this,
- uint8_t qualifier, pts_pcr_t *pcrs,
- uint32_t pcr, chunk_t measurement)
-{
- size_t pcr_len;
- pts_pcr_transform_t pcr_transform;
- pts_meas_algorithms_t hash_algo;
- pts_comp_func_name_t *name;
- pts_comp_evidence_t *evidence;
- chunk_t pcr_before = chunk_empty, pcr_after = chunk_empty;
-
- hash_algo = PTS_MEAS_ALGO_SHA1;
- pcr_len = HASH_SIZE_SHA1;
- pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
-
- if (this->pcr_info)
- {
- pcr_before = chunk_clone(pcrs->get(pcrs, pcr));
- }
- pcr_after = pcrs->extend(pcrs, pcr, measurement);
- if (!pcr_after.ptr)
- {
- free(pcr_before.ptr);
- return NULL;
- }
- name = this->name->clone(this->name);
- name->set_qualifier(name, qualifier);
- evidence = pts_comp_evidence_create(name, this->depth, pcr, hash_algo,
- pcr_transform, this->creation_time, measurement);
- if (this->pcr_info)
- {
- pcr_after =chunk_clone(pcrs->get(pcrs, pcr));
- evidence->set_pcr_info(evidence, pcr_before, pcr_after);
- }
- return evidence;
-}
-
-/**
- * Generate an IMA or IMA-NG hash from an event digest and event name
- *
- * @param digest event digest
- * @param ima_algo hash algorithm string ("sha1:", "sha256:", etc.)
- * @param ima_name event name
- * @param little_endian endianness of client platform
- * @param algo hash algorithm used by TPM
- * @param hash_buf hash value to be compared with TPM measurement
- */
-static bool ima_hash(chunk_t digest, char *ima_algo, char *ima_name,
- bool little_endian, pts_meas_algorithms_t algo,
- char *hash_buf)
-{
- hash_algorithm_t hash_alg;
- hasher_t *hasher;
- bool success;
-
- hash_alg = pts_meas_algo_to_hash(algo);
- hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
- if (!hasher)
- {
- DBG1(DBG_PTS, "%N hasher could not be created",
- hash_algorithm_short_names, hash_alg);
- return FALSE;
- }
-
- if (ima_algo)
- {
- uint32_t d_len, n_len;
- chunk_t algo_name, event_name, digest_len, name_len;
-
- /* IMA-NG hash */
- algo_name = chunk_create(ima_algo, strlen(ima_algo) + 1);
- event_name = chunk_create(ima_name, strlen(ima_name) + 1);
-
- d_len = algo_name.len + digest.len;
- digest_len = chunk_create((uint8_t*)&d_len, sizeof(d_len));
- /* TODO handle endianness of both client and server platforms */
-
- n_len = event_name.len;
- name_len = chunk_create((uint8_t*)&n_len, sizeof(n_len));
- /* TODO handle endianness of both client and server platforms */
-
- success = hasher->get_hash(hasher, digest_len, NULL) &&
- hasher->get_hash(hasher, algo_name, NULL) &&
- hasher->get_hash(hasher, digest, NULL) &&
- hasher->get_hash(hasher, name_len, NULL) &&
- hasher->get_hash(hasher, event_name, hash_buf);
- }
- else
- {
- u_char filename_buffer[IMA_FILENAME_LEN_MAX + 1];
- chunk_t file_name;
-
- /* IMA legacy hash */
- memset(filename_buffer, 0, sizeof(filename_buffer));
- strncpy(filename_buffer, ima_name, IMA_FILENAME_LEN_MAX);
- file_name = chunk_create (filename_buffer, sizeof(filename_buffer));
-
- success = hasher->get_hash(hasher, digest, NULL) &&
- hasher->get_hash(hasher, file_name, hash_buf);
- }
- hasher->destroy(hasher);
-
- return success;
-}
-
-/**
- * Compute and check boot aggregate value by hashing PCR0 to PCR7
- */
-static bool check_boot_aggregate(pts_pcr_t *pcrs, chunk_t measurement,
- char *algo)
-{
- u_char pcr_buffer[HASH_SIZE_SHA1];
- chunk_t boot_aggregate;
- hasher_t *hasher;
- uint32_t i;
- bool success, pcr_ok = TRUE;
-
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (!hasher)
- {
- DBG1(DBG_PTS, "%N hasher could not be created",
- hash_algorithm_short_names, HASH_SHA1);
- return FALSE;
- }
- for (i = 0; i < 8 && pcr_ok; i++)
- {
- pcr_ok = hasher->get_hash(hasher, pcrs->get(pcrs, i), NULL);
- }
- if (pcr_ok)
- {
- pcr_ok = hasher->get_hash(hasher, chunk_empty, pcr_buffer);
- }
- hasher->destroy(hasher);
-
- if (pcr_ok)
- {
- boot_aggregate = chunk_create(pcr_buffer, sizeof(pcr_buffer));
-
- /* TODO handle endianness of client platform */
- pcr_ok = ima_hash(boot_aggregate, algo, "boot_aggregate",
- TRUE, PTS_MEAS_ALGO_SHA1, pcr_buffer);
- }
- if (pcr_ok)
- {
- success = chunk_equals(boot_aggregate, measurement);
- DBG1(DBG_PTS, "boot aggregate value is %scorrect",
- success ? "":"in");
- return success;
- }
- else
- {
- DBG1(DBG_PTS, "failed to compute boot aggregate value");
- return FALSE;
- }
-}
-
-METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
- pts_ita_comp_ima_t *this)
-{
- return this->name;
-}
-
-METHOD(pts_component_t, get_evidence_flags, uint8_t,
- pts_ita_comp_ima_t *this)
-{
- return PTS_REQ_FUNC_COMP_EVID_PCR;
-}
-
-METHOD(pts_component_t, get_depth, uint32_t,
- pts_ita_comp_ima_t *this)
-{
- return this->depth;
-}
-
-METHOD(pts_component_t, measure, status_t,
- pts_ita_comp_ima_t *this, uint8_t qualifier, pts_t *pts,
- pts_comp_evidence_t **evidence)
-{
- pts_pcr_t *pcrs;
- pts_comp_evidence_t *evid = NULL;
- size_t algo_len, name_len;
- chunk_t measurement;
- char *uri, *algo, *name;
- uint32_t pcr;
- status_t status;
-
- pcrs = pts->get_pcrs(pts);
-
- if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_TRUSTED))
- {
- switch (this->state)
- {
- case IMA_STATE_INIT:
- this->bios_list = pts_ima_bios_list_create(
- IMA_BIOS_MEASUREMENTS);
- if (!this->bios_list)
- {
- return FAILED;
- }
- this->creation_time = this->bios_list->get_time(this->bios_list);
- this->bios_count = this->bios_list->get_count(this->bios_list);
- this->state = IMA_STATE_BIOS;
- /* fall through to next state */
- case IMA_STATE_BIOS:
- status = this->bios_list->get_next(this->bios_list, &pcr,
- &measurement);
- if (status != SUCCESS)
- {
- DBG1(DBG_PTS, "could not retrieve bios measurement entry");
- return status;
- }
- evid = extend_pcr(this, qualifier, pcrs, pcr, measurement);
-
- this->state = this->bios_list->get_count(this->bios_list) ?
- IMA_STATE_BIOS : IMA_STATE_INIT;
- break;
- default:
- return FAILED;
- }
- }
- else if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_OS))
- {
- switch (this->state)
- {
- case IMA_STATE_INIT:
- this->ima_list = pts_ima_event_list_create(
- IMA_RUNTIME_MEASUREMENTS);
- if (!this->ima_list)
- {
- return FAILED;
- }
- this->creation_time = this->ima_list->get_time(this->ima_list);
- this->count = this->ima_list->get_count(this->ima_list);
- this->state = IMA_STATE_BOOT_AGGREGATE;
- /* fall through to next state */
- case IMA_STATE_BOOT_AGGREGATE:
- case IMA_STATE_RUNTIME:
- status = this->ima_list->get_next(this->ima_list, &measurement,
- &algo, &name);
- if (status != SUCCESS)
- {
- DBG1(DBG_PTS, "could not retrieve ima measurement entry");
- return status;
- }
- if (this->state == IMA_STATE_BOOT_AGGREGATE && this->bios_count)
- {
- if (!check_boot_aggregate(pcrs, measurement, algo))
- {
- return FAILED;
- }
- }
- evid = extend_pcr(this, qualifier, pcrs, IMA_PCR,
- measurement);
- if (evid)
- {
- if (algo)
- {
- algo_len = strlen(algo);
- name_len = strlen(name);
- uri = malloc(algo_len + name_len + 1);
- memcpy(uri, algo, algo_len);
- strcpy(uri + algo_len, name);
- }
- else
- {
- uri = strdup(name);
- }
- evid->set_validation(evid, PTS_COMP_EVID_VALIDATION_PASSED,
- uri);
- free(uri);
- }
- free(name);
- free(algo);
-
- this->state = this->ima_list->get_count(this->ima_list) ?
- IMA_STATE_RUNTIME : IMA_STATE_END;
- break;
- default:
- return FAILED;
- }
- }
- else
- {
- DBG1(DBG_PTS, "unsupported functional component name qualifier");
- return FAILED;
- }
-
- *evidence = evid;
- if (!evid)
- {
- return FAILED;
- }
-
- return (this->state == IMA_STATE_INIT || this->state == IMA_STATE_END) ?
- SUCCESS : NEED_MORE;
-}
-
-/**
- * Parse a validation URI of the form <hash algorithm>:<event name>
- * into its components
- */
-static pts_meas_algorithms_t parse_validation_uri(pts_comp_evidence_t *evidence,
- char **ima_name, char **ima_algo, char *algo_buf)
-{
- pts_meas_algorithms_t hash_algo;
- char *uri, *pos, *algo, *name;
-
- evidence->get_validation(evidence, &uri);
-
- /* IMA-NG format? */
- pos = strchr(uri, ':');
- if (pos && (pos - uri + 1) < IMA_ALGO_LEN_MAX)
- {
- memset(algo_buf, '\0', IMA_ALGO_LEN_MAX);
- memcpy(algo_buf, uri, pos - uri + 1);
- algo = algo_buf;
- name = pos + 1;
-
- if (streq(algo, "sha1:") || streq(algo, ":"))
- {
- hash_algo = PTS_MEAS_ALGO_SHA1;
- }
- else if (streq(algo, "sha256:"))
- {
- hash_algo = PTS_MEAS_ALGO_SHA256;
- }
- else if (streq(algo, "sha384:"))
- {
- hash_algo = PTS_MEAS_ALGO_SHA384;
- }
- else
- {
- hash_algo = PTS_MEAS_ALGO_NONE;
- }
- }
- else
- {
- algo = NULL;
- name = uri;
- hash_algo = PTS_MEAS_ALGO_SHA1;
- }
-
- if (ima_name)
- {
- *ima_name = name;
- }
- if (ima_algo)
- {
- *ima_algo = algo;
- }
-
- return hash_algo;
-}
-
-METHOD(pts_component_t, verify, status_t,
- pts_ita_comp_ima_t *this, uint8_t qualifier, pts_t *pts,
- pts_comp_evidence_t *evidence)
-{
- bool has_pcr_info;
- uint32_t pcr;
- pts_meas_algorithms_t algo;
- pts_pcr_transform_t transform;
- pts_pcr_t *pcrs;
- time_t creation_time;
- chunk_t measurement, pcr_before, pcr_after;
- status_t status = NOT_FOUND;
-
- this->aik_id = pts->get_aik_id(pts);
- pcrs = pts->get_pcrs(pts);
- measurement = evidence->get_measurement(evidence, &pcr, &algo, &transform,
- &creation_time);
-
- if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_TRUSTED))
- {
- switch (this->state)
- {
- case IMA_STATE_INIT:
- this->name->set_qualifier(this->name, qualifier);
- status = this->pts_db->get_comp_measurement_count(this->pts_db,
- this->name, this->aik_id, algo,
- &this->bios_cid, &this->bios_count);
- this->name->set_qualifier(this->name, PTS_QUALIFIER_UNKNOWN);
- if (status != SUCCESS)
- {
- return status;
- }
-
- if (this->bios_count)
- {
- DBG1(DBG_PTS, "checking %d BIOS evidence measurements",
- this->bios_count);
- }
- else
- {
- DBG1(DBG_PTS, "registering BIOS evidence measurements");
- this->is_bios_registering = TRUE;
- }
-
- this->state = IMA_STATE_BIOS;
- /* fall through to next state */
- case IMA_STATE_BIOS:
- if (this->is_bios_registering)
- {
- status = this->pts_db->insert_comp_measurement(this->pts_db,
- measurement, this->bios_cid, this->aik_id,
- ++this->seq_no, pcr, algo);
- if (status != SUCCESS)
- {
- return status;
- }
- this->bios_count = this->seq_no + 1;
- }
- else
- {
- status = this->pts_db->check_comp_measurement(this->pts_db,
- measurement, this->bios_cid, this->aik_id,
- ++this->seq_no, pcr, algo);
- if (status == FAILED)
- {
- return status;
- }
- }
- break;
- default:
- return FAILED;
- }
- }
- else if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_OS))
- {
- int ima_count;
- char *ima_algo, *ima_name;
- char algo_buf[IMA_ALGO_LEN_MAX];
- pts_meas_algorithms_t hash_algo;
-
- hash_algo = parse_validation_uri(evidence, &ima_name, &ima_algo,
- algo_buf);
-
- switch (this->state)
- {
- case IMA_STATE_BIOS:
- this->state = IMA_STATE_RUNTIME;
-
- if (!streq(ima_name, "boot_aggregate"))
- {
- DBG1(DBG_PTS, "ima: name must be 'boot_aggregate' "
- "but is '%s'", ima_name);
- return FAILED;
- }
- if (hash_algo != PTS_MEAS_ALGO_SHA1)
- {
- DBG1(DBG_PTS, "ima: boot_aggregate algorithm must be %N "
- "but is %N",
- pts_meas_algorithm_names, PTS_MEAS_ALGO_SHA1,
- pts_meas_algorithm_names, hash_algo);
- return FAILED;
- }
- if (!check_boot_aggregate(pcrs, measurement, ima_algo))
- {
- return FAILED;
- }
- this->state = IMA_STATE_INIT;
- /* fall through to next state */
- case IMA_STATE_INIT:
- this->name->set_qualifier(this->name, qualifier);
- status = this->pts_db->get_comp_measurement_count(this->pts_db,
- this->name, this->aik_id, algo,
- &this->ima_cid, &ima_count);
- this->name->set_qualifier(this->name, PTS_QUALIFIER_UNKNOWN);
- if (status != SUCCESS)
- {
- return status;
- }
-
- if (ima_count)
- {
- DBG1(DBG_PTS, "checking boot aggregate evidence "
- "measurement");
- status = this->pts_db->check_comp_measurement(this->pts_db,
- measurement, this->ima_cid,
- this->aik_id, 1, pcr, algo);
- }
- else
- {
- DBG1(DBG_PTS, "registering boot aggregate evidence "
- "measurement");
- this->is_ima_registering = TRUE;
- status = this->pts_db->insert_comp_measurement(this->pts_db,
- measurement, this->ima_cid,
- this->aik_id, 1, pcr, algo);
- }
- this->state = IMA_STATE_RUNTIME;
-
- if (status != SUCCESS)
- {
- return status;
- }
- break;
- case IMA_STATE_RUNTIME:
- {
- uint8_t hash_buf[HASH_SIZE_SHA512];
- chunk_t digest, hash;
- enumerator_t *e;
-
- this->count++;
- if (evidence->get_validation(evidence, NULL) !=
- PTS_COMP_EVID_VALIDATION_PASSED)
- {
- DBG1(DBG_PTS, "evidence validation failed");
- this->count_failed++;
- return FAILED;
- }
- hash = chunk_create(hash_buf, pts_meas_algo_hash_size(algo));
-
- e = this->pts_db->create_file_meas_enumerator(this->pts_db,
- pts->get_platform_id(pts),
- hash_algo, ima_name);
- if (e)
- {
- while (e->enumerate(e, &digest))
- {
- if (!ima_hash(digest, ima_algo, ima_name,
- FALSE, algo, hash_buf))
- {
- status = FAILED;
- break;
- }
- if (chunk_equals(measurement, hash))
- {
- status = SUCCESS;
- break;
- }
- else
- {
- status = VERIFY_ERROR;
- }
- }
- e->destroy(e);
- }
- else
- {
- status = FAILED;
- }
-
- switch (status)
- {
- case SUCCESS:
- DBG3(DBG_PTS, "%#B for '%s' is ok",
- &measurement, ima_name);
- this->count_ok++;
- break;
- case NOT_FOUND:
- DBG2(DBG_PTS, "%#B for '%s' not found",
- &measurement, ima_name);
- this->count_unknown++;
- break;
- case VERIFY_ERROR:
- DBG1(DBG_PTS, "%#B for '%s' differs",
- &measurement, ima_name);
- this->count_differ++;
- break;
- case FAILED:
- default:
- DBG1(DBG_PTS, "%#B for '%s' failed",
- &measurement, ima_name);
- this->count_failed++;
- }
- break;
- }
- default:
- return FAILED;
- }
- }
- else
- {
- DBG1(DBG_PTS, "unsupported functional component name qualifier");
- return FAILED;
- }
-
- has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
- if (has_pcr_info)
- {
- if (!chunk_equals(pcr_before, pcrs->get(pcrs, pcr)))
- {
- DBG1(DBG_PTS, "PCR %2u: pcr_before is not equal to register value",
- pcr);
- }
- if (pcrs->set(pcrs, pcr, pcr_after))
- {
- return status;
- }
- }
- else
- {
- pcr_after = pcrs->extend(pcrs, pcr, measurement);
- if (pcr_after.ptr)
- {
- return status;
- }
- }
- return FAILED;
-}
-
-METHOD(pts_component_t, finalize, bool,
- pts_ita_comp_ima_t *this, uint8_t qualifier, bio_writer_t *result)
-{
- char result_buf[BUF_LEN];
- char *pos = result_buf;
- size_t len = BUF_LEN;
- int written;
- bool success = TRUE;
-
- this->name->set_qualifier(this->name, qualifier);
-
- if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_TRUSTED))
- {
- /* finalize BIOS measurements */
- if (this->is_bios_registering)
- {
- /* close registration */
- this->is_bios_registering = FALSE;
-
- snprintf(pos, len, "registered %d BIOS evidence measurements",
- this->seq_no);
- }
- else if (this->seq_no < this->bios_count)
- {
- snprintf(pos, len, "%d of %d BIOS evidence measurements missing",
- this->bios_count - this->seq_no, this->bios_count);
- success = FALSE;
- }
- else
- {
- snprintf(pos, len, "%d BIOS evidence measurements are ok",
- this->bios_count);
- }
- }
- else if (qualifier == (PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_OS))
- {
- /* finalize IMA file measurements */
- if (this->is_ima_registering)
- {
- /* close registration */
- this->is_ima_registering = FALSE;
-
- written = snprintf(pos, len, "registered IMA boot aggregate "
- "evidence measurement; ");
- pos += written;
- len -= written;
- }
- if (this->count)
- {
- snprintf(pos, len, "processed %d IMA file evidence measurements: "
- "%d ok, %d unknown, %d differ, %d failed",
- this->count, this->count_ok, this->count_unknown,
- this->count_differ, this->count_failed);
- }
- else
- {
- snprintf(pos, len, "no IMA file evidence measurements");
- success = FALSE;
- }
- }
- else
- {
- snprintf(pos, len, "unsupported functional component name qualifier");
- success = FALSE;
- }
- this->name->set_qualifier(this->name, PTS_QUALIFIER_UNKNOWN);
-
- DBG1(DBG_PTS, "%s", result_buf);
- result->write_data(result, chunk_from_str(result_buf));
-
- return success;
-}
-
-METHOD(pts_component_t, get_ref, pts_component_t*,
- pts_ita_comp_ima_t *this)
-{
- ref_get(&this->ref);
- return &this->public;
-}
-
-METHOD(pts_component_t, destroy, void,
- pts_ita_comp_ima_t *this)
-{
- int count;
-
- if (ref_put(&this->ref))
- {
-
- if (this->is_bios_registering)
- {
- count = this->pts_db->delete_comp_measurements(this->pts_db,
- this->bios_cid, this->aik_id);
- DBG1(DBG_PTS, "deleted %d registered BIOS evidence measurements",
- count);
- }
- if (this->is_ima_registering)
- {
- count = this->pts_db->delete_comp_measurements(this->pts_db,
- this->ima_cid, this->aik_id);
- DBG1(DBG_PTS, "deleted registered boot aggregate evidence "
- "measurement");
- }
- DESTROY_IF(this->bios_list);
- DESTROY_IF(this->ima_list);
- this->name->destroy(this->name);
-
- free(this);
- }
-}
-
-/**
- * See header
- */
-pts_component_t *pts_ita_comp_ima_create(uint32_t depth,
- pts_database_t *pts_db)
-{
- pts_ita_comp_ima_t *this;
-
- INIT(this,
- .public = {
- .get_comp_func_name = _get_comp_func_name,
- .get_evidence_flags = _get_evidence_flags,
- .get_depth = _get_depth,
- .measure = _measure,
- .verify = _verify,
- .finalize = _finalize,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_IMA,
- PTS_QUALIFIER_UNKNOWN),
- .depth = depth,
- .pts_db = pts_db,
- .pcr_info = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-attestation.pcr_info", FALSE, lib->ns),
- .ref = 1,
- );
-
- return &this->public;
-}
-
diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libpts/pts/components/ita/ita_comp_tboot.c
deleted file mode 100644
index 67be1ca..0000000
--- a/src/libpts/pts/components/ita/ita_comp_tboot.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/*
- * Copyright (C) 2011-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "ita_comp_tboot.h"
-#include "ita_comp_func_name.h"
-
-#include "libpts.h"
-#include "pts/components/pts_component.h"
-
-#include <utils/debug.h>
-#include <pen/pen.h>
-
-typedef struct pts_ita_comp_tboot_t pts_ita_comp_tboot_t;
-
-/**
- * Private data of a pts_ita_comp_tboot_t object.
- *
- */
-struct pts_ita_comp_tboot_t {
-
- /**
- * Public pts_component_t interface.
- */
- pts_component_t public;
-
- /**
- * Component Functional Name
- */
- pts_comp_func_name_t *name;
-
- /**
- * Sub-component depth
- */
- u_int32_t depth;
-
- /**
- * PTS measurement database
- */
- pts_database_t *pts_db;
-
- /**
- * Primary key for AIK database entry
- */
- int aik_id;
-
- /**
- * Primary key for Component Functional Name database entry
- */
- int cid;
-
- /**
- * Primary key for AIK database entry
- */
- int kid;
-
- /**
- * Component is registering measurements
- */
- bool is_registering;
-
- /**
- * Time of TBOOT measurement
- */
- time_t measurement_time;
-
- /**
- * Expected measurement count
- */
- int count;
-
- /**
- * Measurement sequence number
- */
- int seq_no;
-
- /**
- * Reference count
- */
- refcount_t ref;
-
-};
-
-METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*,
- pts_ita_comp_tboot_t *this)
-{
- return this->name;
-}
-
-METHOD(pts_component_t, get_evidence_flags, u_int8_t,
- pts_ita_comp_tboot_t *this)
-{
- return PTS_REQ_FUNC_COMP_EVID_PCR;
-}
-
-METHOD(pts_component_t, get_depth, u_int32_t,
- pts_ita_comp_tboot_t *this)
-{
- return this->depth;
-}
-
-METHOD(pts_component_t, measure, status_t,
- pts_ita_comp_tboot_t *this, u_int8_t qualifier, pts_t *pts,
- pts_comp_evidence_t **evidence)
-
-{
- size_t pcr_len;
- pts_pcr_t *pcrs;
- pts_pcr_transform_t pcr_transform;
- pts_meas_algorithms_t hash_algo;
- pts_comp_evidence_t *evid;
- char *meas_hex, *pcr_before_hex, *pcr_after_hex;
- chunk_t measurement, pcr_before, pcr_after;
- u_int32_t extended_pcr;
-
- switch (this->seq_no++)
- {
- case 0:
- /* dummy data since currently the TBOOT log is not retrieved */
- time(&this->measurement_time);
- meas_hex = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-attestation.pcr17_meas", NULL, lib->ns);
- pcr_before_hex = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-attestation.pcr17_before", NULL, lib->ns);
- pcr_after_hex = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-attestation.pcr17_after", NULL, lib->ns);
- extended_pcr = PCR_TBOOT_POLICY;
- break;
- case 1:
- /* dummy data since currently the TBOOT log is not retrieved */
- meas_hex = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-attestation.pcr18_meas", NULL, lib->ns);
- pcr_before_hex = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-attestation.pcr18_before", NULL, lib->ns);
- pcr_after_hex = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-attestation.pcr18_after", NULL, lib->ns);
- extended_pcr = PCR_TBOOT_MLE;
- break;
- default:
- return FAILED;
- }
-
- if (meas_hex == NULL || pcr_before_hex == NULL || pcr_after_hex == NULL)
- {
- return FAILED;
- }
-
- hash_algo = PTS_MEAS_ALGO_SHA1;
- pcr_len = HASH_SIZE_SHA1;
- pcr_transform = pts_meas_algo_to_pcr_transform(hash_algo, pcr_len);
-
- /* get and check the measurement data */
- measurement = chunk_from_hex(
- chunk_create(meas_hex, strlen(meas_hex)), NULL);
- pcr_before = chunk_from_hex(
- chunk_create(pcr_before_hex, strlen(pcr_before_hex)), NULL);
- pcr_after = chunk_from_hex(
- chunk_create(pcr_after_hex, strlen(pcr_after_hex)), NULL);
- if (pcr_before.len != pcr_len || pcr_after.len != pcr_len ||
- measurement.len != pcr_len)
- {
- DBG1(DBG_PTS, "TBOOT measurement or PCR data have the wrong size");
- free(measurement.ptr);
- free(pcr_before.ptr);
- free(pcr_after.ptr);
- return FAILED;
- }
-
- pcrs = pts->get_pcrs(pts);
- pcrs->set(pcrs, extended_pcr, pcr_after);
- evid = *evidence = pts_comp_evidence_create(this->name->clone(this->name),
- this->depth, extended_pcr, hash_algo, pcr_transform,
- this->measurement_time, measurement);
- evid->set_pcr_info(evid, pcr_before, pcr_after);
-
- return (this->seq_no < 2) ? NEED_MORE : SUCCESS;
-}
-
-METHOD(pts_component_t, verify, status_t,
- pts_ita_comp_tboot_t *this, u_int8_t qualifier,pts_t *pts,
- pts_comp_evidence_t *evidence)
-{
- bool has_pcr_info;
- u_int32_t extended_pcr, vid, name;
- enum_name_t *names;
- pts_meas_algorithms_t algo;
- pts_pcr_transform_t transform;
- pts_pcr_t *pcrs;
- time_t measurement_time;
- chunk_t measurement, pcr_before, pcr_after;
- status_t status;
-
- this->aik_id = pts->get_aik_id(pts);
- pcrs = pts->get_pcrs(pts);
- measurement = evidence->get_measurement(evidence, &extended_pcr,
- &algo, &transform, &measurement_time);
-
- status = this->pts_db->get_comp_measurement_count(this->pts_db,
- this->name, this->aik_id, algo,
- &this->cid, &this->count);
- if (status != SUCCESS)
- {
- return status;
- }
- vid = this->name->get_vendor_id(this->name);
- name = this->name->get_name(this->name);
- names = pts_components->get_comp_func_names(pts_components, vid);
-
- if (this->count)
- {
- DBG1(DBG_PTS, "checking %d %N '%N' functional component evidence "
- "measurements", this->count, pen_names, vid, names, name);
- }
- else
- {
- DBG1(DBG_PTS, "registering %N '%N' functional component evidence "
- "measurements", pen_names, vid, names, name);
- this->is_registering = TRUE;
- }
-
- if (this->is_registering)
- {
- status = this->pts_db->insert_comp_measurement(this->pts_db,
- measurement, this->cid, this->aik_id,
- ++this->seq_no, extended_pcr, algo);
- if (status != SUCCESS)
- {
- return status;
- }
- this->count = this->seq_no + 1;
- }
- else
- {
- status = this->pts_db->check_comp_measurement(this->pts_db,
- measurement, this->cid, this->kid,
- ++this->seq_no, extended_pcr, algo);
- if (status != SUCCESS)
- {
- return status;
- }
- }
-
- has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
- if (has_pcr_info)
- {
- if (!chunk_equals(pcr_before, pcrs->get(pcrs, extended_pcr)))
- {
- DBG1(DBG_PTS, "PCR %2u: pcr_before is not equal to register value",
- extended_pcr);
- }
- if (pcrs->set(pcrs, extended_pcr, pcr_after))
- {
- return SUCCESS;
- }
- }
-
- return SUCCESS;
-}
-
-METHOD(pts_component_t, finalize, bool,
- pts_ita_comp_tboot_t *this, u_int8_t qualifier, bio_writer_t *result)
-{
- char result_buf[BUF_LEN];
-
- if (this->is_registering)
- {
- /* close registration */
- this->is_registering = FALSE;
-
- snprintf(result_buf, BUF_LEN, "registered %d evidence measurements",
- this->seq_no);
- }
- else if (this->seq_no < this->count)
- {
- snprintf(result_buf, BUF_LEN, "%d of %d evidence measurements "
- "missing", this->count - this->seq_no, this->count);
- return FALSE;
- }
- else
- {
- snprintf(result_buf, BUF_LEN, "%d evidence measurements are ok",
- this->count);
- }
- DBG1(DBG_PTS, "%s", result_buf);
- result->write_data(result, chunk_from_str(result_buf));
-
- return TRUE;
-}
-
-METHOD(pts_component_t, get_ref, pts_component_t*,
- pts_ita_comp_tboot_t *this)
-{
- ref_get(&this->ref);
- return &this->public;
-}
-
-METHOD(pts_component_t, destroy, void,
- pts_ita_comp_tboot_t *this)
-{
- int count;
- u_int32_t vid, name;
- enum_name_t *names;
-
- if (ref_put(&this->ref))
- {
- if (this->is_registering)
- {
- count = this->pts_db->delete_comp_measurements(this->pts_db,
- this->cid, this->aik_id);
- vid = this->name->get_vendor_id(this->name);
- name = this->name->get_name(this->name);
- names = pts_components->get_comp_func_names(pts_components, vid);
- DBG1(DBG_PTS, "deleted %d registered %N '%N' functional component "
- "evidence measurements", count, pen_names, vid, names, name);
- }
- this->name->destroy(this->name);
- free(this);
- }
-}
-
-/**
- * See header
- */
-pts_component_t *pts_ita_comp_tboot_create(u_int32_t depth,
- pts_database_t *pts_db)
-{
- pts_ita_comp_tboot_t *this;
-
- INIT(this,
- .public = {
- .get_comp_func_name = _get_comp_func_name,
- .get_evidence_flags = _get_evidence_flags,
- .get_depth = _get_depth,
- .measure = _measure,
- .verify = _verify,
- .finalize = _finalize,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .name = pts_comp_func_name_create(PEN_ITA, PTS_ITA_COMP_FUNC_NAME_TBOOT,
- PTS_ITA_QUALIFIER_FLAG_KERNEL |
- PTS_ITA_QUALIFIER_TYPE_TRUSTED),
- .depth = depth,
- .pts_db = pts_db,
- .ref = 1,
- );
-
- return &this->public;
-}
-
diff --git a/src/libpts/pts/components/pts_comp_func_name.c b/src/libpts/pts/components/pts_comp_func_name.c
deleted file mode 100644
index 6c630f8..0000000
--- a/src/libpts/pts/components/pts_comp_func_name.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Andreas Steffen
- *
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "libpts.h"
-#include "pts/components/pts_comp_func_name.h"
-
-#include <utils/debug.h>
-
-typedef struct private_pts_comp_func_name_t private_pts_comp_func_name_t;
-
-/**
- * Private data of a pts_comp_func_name_t object.
- *
- */
-struct private_pts_comp_func_name_t {
-
- /**
- * Public pts_comp_func_name_t interface.
- */
- pts_comp_func_name_t public;
-
- /**
- * PTS Component Functional Name Vendor ID
- */
- u_int32_t vid;
-
- /**
- * PTS Component Functional Name
- */
- u_int32_t name;
-
- /**
- * PTS Component Functional Name Qualifier
- */
- u_int8_t qualifier;
-
-};
-
-METHOD(pts_comp_func_name_t, get_vendor_id, u_int32_t,
- private_pts_comp_func_name_t *this)
-{
- return this->vid;
-}
-
-METHOD(pts_comp_func_name_t, get_name, u_int32_t,
- private_pts_comp_func_name_t *this)
-{
- return this->name;
-}
-
-METHOD(pts_comp_func_name_t, get_qualifier, u_int8_t,
- private_pts_comp_func_name_t *this)
-{
- return this->qualifier;
-}
-
-METHOD(pts_comp_func_name_t, set_qualifier, void,
- private_pts_comp_func_name_t *this, u_int8_t qualifier)
-{
- this->qualifier = qualifier;
-}
-
-static bool equals(private_pts_comp_func_name_t *this,
- private_pts_comp_func_name_t *other)
-{
- if (this->vid != other->vid || this->name != other->name)
- {
- return FALSE;
- }
- if (this->qualifier == PTS_QUALIFIER_UNKNOWN ||
- other->qualifier == PTS_QUALIFIER_UNKNOWN)
- {
- return TRUE;
- }
- /* TODO handle qualifier wildcards */
-
- return this->qualifier == other->qualifier;
-}
-
-METHOD(pts_comp_func_name_t, clone_, pts_comp_func_name_t*,
- private_pts_comp_func_name_t *this)
-{
- private_pts_comp_func_name_t *clone;
-
- clone = malloc_thing(private_pts_comp_func_name_t);
- memcpy(clone, this, sizeof(private_pts_comp_func_name_t));
-
- return &clone->public;
-}
-
-METHOD(pts_comp_func_name_t, log_, void,
- private_pts_comp_func_name_t *this, char *label)
-{
- enum_name_t *names, *types;
- char flags[8];
- int type;
-
- names = pts_components->get_comp_func_names(pts_components, this->vid);
- types = pts_components->get_qualifier_type_names(pts_components, this->vid);
- type = pts_components->get_qualifier(pts_components, &this->public, flags);
-
- if (names && types)
- {
- DBG2(DBG_PTS, "%s%N functional component '%N' [%s] '%N'",
- label, pen_names, this->vid, names, this->name, flags, types, type);
- }
- else
- {
- DBG2(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x",
- label, this->vid, this->name, this->qualifier);
- }
-}
-
-METHOD(pts_comp_func_name_t, destroy, void,
- private_pts_comp_func_name_t *this)
-{
- free(this);
-}
-
-/**
- * See header
- */
-pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name,
- u_int8_t qualifier)
-{
- private_pts_comp_func_name_t *this;
-
- INIT(this,
- .public = {
- .get_vendor_id = _get_vendor_id,
- .get_name = _get_name,
- .get_qualifier = _get_qualifier,
- .set_qualifier = _set_qualifier,
- .equals = (bool(*)(pts_comp_func_name_t*,pts_comp_func_name_t*))equals,
- .clone = _clone_,
- .log = _log_,
- .destroy = _destroy,
- },
- .vid = vid,
- .name = name,
- .qualifier = qualifier,
- );
-
- return &this->public;
-}
-
diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h
deleted file mode 100644
index fead588..0000000
--- a/src/libpts/pts/pts.h
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * Copyright (C) 2012-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup pts pts
- * @{ @ingroup libpts
- */
-
-#ifndef PTS_H_
-#define PTS_H_
-
-typedef struct pts_t pts_t;
-
-#include "pts_error.h"
-#include "pts_proto_caps.h"
-#include "pts_meas_algo.h"
-#include "pts_file_meas.h"
-#include "pts_file_meta.h"
-#include "pts_dh_group.h"
-#include "pts_pcr.h"
-#include "pts_req_func_comp_evid.h"
-#include "pts_simple_evid_final.h"
-#include "components/pts_comp_func_name.h"
-
-#include <library.h>
-#include <collections/linked_list.h>
-
-/**
- * UTF-8 encoding of the character used to delimiter the filename
- */
-#define SOLIDUS_UTF 0x2F
-#define REVERSE_SOLIDUS_UTF 0x5C
-
-/**
- * PCR indices used for measurements of various functional components
- */
-#define PCR_BIOS 0
-#define PCR_PLATFORM_EXT 1
-#define PCR_MOTHERBOARD 1
-#define PCR_OPTION_ROMS 2
-#define PCR_IPL 4
-
-#define PCR_TBOOT_POLICY 17
-#define PCR_TBOOT_MLE 18
-
-#define PCR_TGRUB_MBR_STAGE1 4
-#define PCR_TGRUB_STAGE2_PART1 8
-#define PCR_TGRUB_STAGE2_PART2 9
-#define PCR_TGRUB_CMD_LINE_ARGS 12
-#define PCR_TGRUB_CHECKFILE 13
-#define PCR_TGRUB_LOADED_FILES 14
-
-#define PCR_DEBUG 16
-
-/**
- * Length of the generated nonce used for calculation of shared secret
- */
-#define ASSESSMENT_SECRET_LEN 20
-
-/**
- * Length of the TPM_QUOTE_INFO structure, TPM Spec 1.2
- */
-#define TPM_QUOTE_INFO_LEN 48
-
-/**
- * Hashing algorithm used by tboot and trustedGRUB
- */
-#define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1
-
-/**
- * Class implementing the TCG Platform Trust Service (PTS)
- *
- */
-struct pts_t {
-
- /**
- * Get PTS Protocol Capabilities
- *
- * @return Protocol capabilities flags
- */
- pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
-
- /**
- * Set PTS Protocol Capabilities
- *
- * @param flags Protocol capabilities flags
- */
- void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
-
- /**
- * Get PTS Measurement Algorithm
- *
- * @return PTS measurement algorithm
- */
- pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
-
- /**
- * Set PTS Measurement Algorithm
- *
- * @param algorithm PTS measurement algorithm
- */
- void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
-
- /**
- * Get DH Hash Algorithm
- *
- * @return DH hash algorithm
- */
- pts_meas_algorithms_t (*get_dh_hash_algorithm)(pts_t *this);
-
- /**
- * Set DH Hash Algorithm
- *
- * @param algorithm DH hash algorithm
- */
- void (*set_dh_hash_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
-
- /**
- * Create PTS Diffie-Hellman object and nonce
- *
- * @param group PTS DH group
- * @param nonce_len Nonce length
- * @return TRUE if creation was successful
- *
- */
- bool (*create_dh_nonce)(pts_t *this, pts_dh_group_t group, int nonce_len);
-
- /**
- * Get my Diffie-Hellman public value
- *
- * @param value My public DH value
- * @param nonce My DH nonce
- */
- void (*get_my_public_value)(pts_t *this, chunk_t *value, chunk_t *nonce);
-
- /**
- * Set peer Diffie.Hellman public value
- *
- * @param value Peer public DH value
- * @param nonce Peer DH nonce
- */
- void (*set_peer_public_value) (pts_t *this, chunk_t value, chunk_t nonce);
-
- /**
- * Calculates assessment secret to be used for TPM Quote as ExternalData
- *
- * @return TRUE unless both DH public values
- * and nonces are set
- */
- bool (*calculate_secret) (pts_t *this);
-
- /**
- * Get primary key of platform entry in database
- *
- * @return Platform and OS info
- */
- int (*get_platform_id)(pts_t *this);
-
- /**
- * Set primary key of platform entry in database
- *
- * @param pid Primary key of platform entry in database
- */
- void (*set_platform_id)(pts_t *this, int pid);
-
- /**
- * Get TPM 1.2 Version Info
- *
- * @param info chunk containing a TPM_CAP_VERSION_INFO struct
- * @return TRUE if TPM Version Info available
- */
- bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
-
- /**
- * Set TPM 1.2 Version Info
- *
- * @param info chunk containing a TPM_CAP_VERSION_INFO struct
- */
- void (*set_tpm_version_info)(pts_t *this, chunk_t info);
-
- /**
- * Get Attestation Identity Certificate or Public Key
- *
- * @return AIK Certificate or Public Key
- */
- certificate_t* (*get_aik)(pts_t *this);
-
- /**
- * Set Attestation Identity Certificate or Public Key
- *
- * @param aik AIK Certificate or Public Key
- * @param aik_id Primary key referencing AIK in database
- */
- void (*set_aik)(pts_t *this, certificate_t *aik, int aik_id);
-
- /**
- * Get primary key referencing AIK in database
- *
- * @return Primary key referencing AIK in database
- */
- int (*get_aik_id)(pts_t *this);
-
- /**
- * Check whether path is valid file/directory on filesystem
- *
- * @param path Absolute path
- * @param error_code Output variable for PTS error code
- * @return TRUE if path is valid or file/directory
- * doesn't exist or path is invalid
- * FALSE if local error occurred within stat function
- */
- bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
-
- /**
- * Obtain file metadata
- *
- * @param pathname Absolute pathname of file/directory
- * @param is_dir TRUE if directory contents are requested
- * @return PTS File Metadata or NULL if FAILED
- */
- pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir);
-
- /**
- * Reads given PCR value and returns it
- * Expects owner secret to be WELL_KNOWN_SECRET
- *
- * @param pcr_num Number of PCR to read
- * @param pcr_value Chunk to save pcr read output
- * @return NULL in case of TSS error, PCR value otherwise
- */
- bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
-
- /**
- * Extends given PCR with given value
- * Expects owner secret to be WELL_KNOWN_SECRET
- *
- * @param pcr_num Number of PCR to extend
- * @param input Value to extend
- * @param output Chunk to save PCR value after extension
- * @return FALSE in case of TSS error, TRUE otherwise
- */
- bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input,
- chunk_t *output);
-
- /**
- * Quote over PCR's
- * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
- *
- * @param use_quote2 Version of the Quote function to be used
- * @param pcr_comp Chunk to save PCR composite structure
- * @param quote_sig Chunk to save quote operation output
- * without external data (anti-replay protection)
- * @return FALSE in case of TSS error, TRUE otherwise
- */
- bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp,
- chunk_t *quote_sig);
-
- /**
- * Get the shadow PCR set
- *
- * @return shadow PCR set
- */
- pts_pcr_t* (*get_pcrs)(pts_t *this);
-
- /**
- * Constructs and returns TPM Quote Info structure expected from IMC
- *
- * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed
- * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2
- * @param comp_hash_algo Composite Hash Algorithm
- * @param pcr_comp Output variable to store PCR Composite
- * @param quote_info Output variable to store TPM Quote Info
- * @return FALSE in case of any error, TRUE otherwise
- */
- bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included,
- pts_meas_algorithms_t comp_hash_algo,
- chunk_t *pcr_comp, chunk_t *quote_info);
-
- /**
- * Constructs and returns PCR Quote Digest structure expected from IMC
- *
- * @param data Calculated TPM Quote Digest
- * @param signature TPM Quote Signature received from IMC
- * @return FALSE if signature is not verified
- */
- bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature);
-
- /**
- * Destroys a pts_t object.
- */
- void (*destroy)(pts_t *this);
-
-};
-
-/**
- * Creates an pts_t object
- *
- * @param is_imc TRUE if running on an IMC
- */
-pts_t* pts_create(bool is_imc);
-
-#endif /** PTS_H_ @}*/
diff --git a/src/libpts/swid/swid_error.h b/src/libpts/swid/swid_error.h
deleted file mode 100644
index 1da6148..0000000
--- a/src/libpts/swid/swid_error.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_error swid_error
- * @{ @ingroup swid
- */
-
-#ifndef SWID_ERROR_H_
-#define SWID_ERROR_H_
-
-typedef enum swid_error_code_t swid_error_code_t;
-
-#include "pa_tnc/pa_tnc_attr.h"
-
-#include <library.h>
-
-
-/**
- * SWID Error Codes
- * see section 3.14.2 of PTS Protocol: Binding to TNC IF-M Specification
- */
-enum swid_error_code_t {
- TCG_SWID_ERROR = 0x20,
- TCG_SWID_SUBSCRIPTION_DENIED = 0x21,
- TCG_SWID_RESPONSE_TOO_LARGE = 0x22
-};
-
-/**
- * enum name for swid_error_code_t.
- */
-extern enum_name_t *swid_error_code_names;
-
-/**
- * Creates a SWID Error Attribute
- * see section 4.12 of TNC SWID Message and Attributes for IF-M
- *
- * @param code SWID error code
- * @param request SWID request ID
- * @param max_attr_size Maximum IF-M attribute size (if applicable)
- * @param description Optional description string or NULL
- */
-pa_tnc_attr_t* swid_error_create(swid_error_code_t code, u_int32_t request,
- u_int32_t max_attr_size, char *description);
-
-#endif /** SWID_ERROR_H_ @}*/
diff --git a/src/libpts/swid/swid_inventory.c b/src/libpts/swid/swid_inventory.c
deleted file mode 100644
index a9f081e..0000000
--- a/src/libpts/swid/swid_inventory.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_inventory.h"
-#include "swid_tag.h"
-#include "swid_tag_id.h"
-
-#include <collections/linked_list.h>
-#include <bio/bio_writer.h>
-#include <utils/debug.h>
-
-#include <stdio.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <libgen.h>
-#include <errno.h>
-
-typedef struct private_swid_inventory_t private_swid_inventory_t;
-
-/**
- * Private data of a swid_inventory_t object.
- *
- */
-struct private_swid_inventory_t {
-
- /**
- * Public swid_inventory_t interface.
- */
- swid_inventory_t public;
-
- /**
- * Full SWID tags or just SWID tag IDs
- */
- bool full_tags;
-
- /**
- * List of SWID tags or tag IDs
- */
- linked_list_t *list;
-};
-
-/**
- * Read SWID tags issued by the swid_generator tool
- */
-static status_t read_swid_tags(private_swid_inventory_t *this, FILE *file)
-{
- swid_tag_t *tag;
- bio_writer_t *writer;
- chunk_t tag_encoding, tag_file_path = chunk_empty;
- bool more_tags = TRUE, last_newline, end_of_tag;
- char line[8192];
- size_t len;
-
- while (more_tags)
- {
- last_newline = TRUE;
- end_of_tag = FALSE;
- writer = bio_writer_create(512);
- do
- {
- if (!fgets(line, sizeof(line), file))
- {
- more_tags = FALSE;
- end_of_tag = TRUE;
- break;
- }
- len = strlen(line);
-
- if (last_newline && line[0] == '\n')
- {
- end_of_tag = TRUE;
- break;
- }
- else
- {
- last_newline = (line[len-1] == '\n');
- writer->write_data(writer, chunk_create(line, len));
- }
- }
- while (!end_of_tag);
-
- tag_encoding = writer->get_buf(writer);
-
- if (tag_encoding.len > 1)
- {
- /* remove trailing newline if present */
- if (tag_encoding.ptr[tag_encoding.len - 1] == '\n')
- {
- tag_encoding.len--;
- }
- DBG3(DBG_IMC, " %.*s", tag_encoding.len, tag_encoding.ptr);
-
- tag = swid_tag_create(tag_encoding, tag_file_path);
- this->list->insert_last(this->list, tag);
- }
- writer->destroy(writer);
- }
-
- return SUCCESS;
-}
-
-/**
- * Read SWID tag or software IDs issued by the swid_generator tool
- */
-static status_t read_swid_tag_ids(private_swid_inventory_t *this, FILE *file)
-{
- swid_tag_id_t *tag_id;
- chunk_t tag_creator, unique_sw_id, tag_file_path = chunk_empty;
- char line[BUF_LEN];
-
- while (TRUE)
- {
- char *separator;
- size_t len;
-
- if (!fgets(line, sizeof(line), file))
- {
- return SUCCESS;
- }
- len = strlen(line);
-
- /* remove trailing newline if present */
- if (len > 0 && line[len - 1] == '\n')
- {
- len--;
- }
- DBG3(DBG_IMC, " %.*s", len, line);
-
- separator = strchr(line, '_');
- if (!separator)
- {
- DBG1(DBG_IMC, "separation of regid from unique software ID failed");
- return FAILED;
- }
- tag_creator = chunk_create(line, separator - line);
- separator++;
-
- unique_sw_id = chunk_create(separator, len - (separator - line));
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
- this->list->insert_last(this->list, tag_id);
- }
-}
-
-static status_t generate_tags(private_swid_inventory_t *this, char *generator,
- swid_inventory_t *targets, bool pretty, bool full)
-{
- FILE *file;
- char command[BUF_LEN];
- char doc_separator[] = "'\n\n'";
-
- status_t status = SUCCESS;
-
- if (targets->get_count(targets) == 0)
- {
- /* Assemble the SWID generator command */
- if (this->full_tags)
- {
- snprintf(command, BUF_LEN, "%s swid --doc-separator %s%s%s",
- generator, doc_separator, pretty ? " --pretty" : "",
- full ? " --full" : "");
- }
- else
- {
- snprintf(command, BUF_LEN, "%s software-id", generator);
- }
-
- /* Open a pipe stream for reading the SWID generator output */
- file = popen(command, "r");
- if (!file)
- {
- DBG1(DBG_IMC, "failed to run swid_generator command");
- return NOT_SUPPORTED;
- }
-
- if (this->full_tags)
- {
- DBG2(DBG_IMC, "SWID tag generation by package manager");
- status = read_swid_tags(this, file);
- }
- else
- {
- DBG2(DBG_IMC, "SWID tag ID generation by package manager");
- status = read_swid_tag_ids(this, file);
- }
- pclose(file);
- }
- else if (this->full_tags)
- {
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
-
- enumerator = targets->create_enumerator(targets);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- char software_id[BUF_LEN];
- chunk_t tag_creator, unique_sw_id;
-
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- snprintf(software_id, BUF_LEN, "%.*s_%.*s",
- tag_creator.len, tag_creator.ptr,
- unique_sw_id.len, unique_sw_id.ptr);
-
- /* Assemble the SWID generator command */
- snprintf(command, BUF_LEN, "%s swid --software-id %s%s%s",
- generator, software_id, pretty ? " --pretty" : "",
- full ? " --full" : "");
-
- /* Open a pipe stream for reading the SWID generator output */
- file = popen(command, "r");
- if (!file)
- {
- DBG1(DBG_IMC, "failed to run swid_generator command");
- return NOT_SUPPORTED;
- }
- status = read_swid_tags(this, file);
- pclose(file);
-
- if (status != SUCCESS)
- {
- break;
- }
- }
- enumerator->destroy(enumerator);
- }
-
- return status;
-}
-
-static bool collect_tags(private_swid_inventory_t *this, char *pathname,
- swid_inventory_t *targets)
-{
- char *rel_name, *abs_name;
- struct stat st;
- bool success = FALSE;
- enumerator_t *enumerator;
-
- enumerator = enumerator_create_directory(pathname);
- if (!enumerator)
- {
- DBG1(DBG_IMC, "directory '%s' can not be opened, %s",
- pathname, strerror(errno));
- return FALSE;
- }
- DBG2(DBG_IMC, "entering %s", pathname);
-
- while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st))
- {
- char * start, *stop;
- chunk_t tag_creator;
- chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty;
-
- if (!strstr(rel_name, "regid."))
- {
- continue;
- }
- if (S_ISDIR(st.st_mode))
- {
- /* In case of a targeted request */
- if (targets->get_count(targets))
- {
- enumerator_t *target_enumerator;
- swid_tag_id_t *tag_id;
- bool match = FALSE;
-
- target_enumerator = targets->create_enumerator(targets);
- while (target_enumerator->enumerate(target_enumerator, &tag_id))
- {
- if (chunk_equals(tag_id->get_tag_creator(tag_id),
- chunk_from_str(rel_name)))
- {
- match = TRUE;
- break;
- }
- }
- target_enumerator->destroy(target_enumerator);
-
- if (!match)
- {
- continue;
- }
- }
-
- if (!collect_tags(this, abs_name, targets))
- {
- goto end;
- }
- continue;
- }
-
- /* parse the regid filename into its components */
- start = rel_name;
- stop = strchr(start, '_');
- if (!stop)
- {
- DBG1(DBG_IMC, " %s", rel_name);
- DBG1(DBG_IMC, " '_' separator not found");
- goto end;
- }
- tag_creator = chunk_create(start, stop-start);
- start = stop + 1;
-
- stop = strstr(start, ".swidtag");
- if (!stop)
- {
- DBG1(DBG_IMC, " %s", rel_name);
- DBG1(DBG_IMC, " swidtag postfix not found");
- goto end;
- }
- unique_sw_id = chunk_create(start, stop-start);
- tag_file_path = chunk_from_str(abs_name);
-
- /* In case of a targeted request */
- if (targets->get_count(targets))
- {
- chunk_t target_unique_sw_id, target_tag_creator;
- enumerator_t *target_enumerator;
- swid_tag_id_t *tag_id;
- bool match = FALSE;
-
- target_enumerator = targets->create_enumerator(targets);
- while (target_enumerator->enumerate(target_enumerator, &tag_id))
- {
- target_unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- target_tag_creator = tag_id->get_tag_creator(tag_id);
-
- if (chunk_equals(target_unique_sw_id, unique_sw_id) &&
- chunk_equals(target_tag_creator, tag_creator))
- {
- match = TRUE;
- break;
- }
- }
- target_enumerator->destroy(target_enumerator);
-
- if (!match)
- {
- continue;
- }
- }
- DBG2(DBG_IMC, " %s", rel_name);
-
- if (this->full_tags)
- {
- swid_tag_t *tag;
- chunk_t *xml_tag;
-
- xml_tag = chunk_map(abs_name, FALSE);
- if (!xml_tag)
- {
- DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name,
- strerror(errno));
- goto end;
- }
-
- tag = swid_tag_create(*xml_tag, tag_file_path);
- this->list->insert_last(this->list, tag);
- chunk_unmap(xml_tag);
- }
- else
- {
- swid_tag_id_t *tag_id;
-
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
- this->list->insert_last(this->list, tag_id);
- }
- }
- success = TRUE;
-
-end:
- enumerator->destroy(enumerator);
- DBG2(DBG_IMC, "leaving %s", pathname);
-
- return success;
-}
-
-METHOD(swid_inventory_t, collect, bool,
- private_swid_inventory_t *this, char *directory, char *generator,
- swid_inventory_t *targets, bool pretty, bool full)
-{
- /**
- * Tags are generated by a package manager
- */
- generate_tags(this, generator, targets, pretty, full);
-
- /**
- * Collect swidtag files by iteratively entering all directories in
- * the tree under the "directory" path.
- */
- return collect_tags(this, directory, targets);
-}
-
-METHOD(swid_inventory_t, add, void,
- private_swid_inventory_t *this, void *item)
-{
- this->list->insert_last(this->list, item);
-}
-
-METHOD(swid_inventory_t, get_count, int,
- private_swid_inventory_t *this)
-{
- return this->list->get_count(this->list);
-}
-
-METHOD(swid_inventory_t, create_enumerator, enumerator_t*,
- private_swid_inventory_t *this)
-{
- return this->list->create_enumerator(this->list);
-}
-
-METHOD(swid_inventory_t, destroy, void,
- private_swid_inventory_t *this)
-{
- if (this->full_tags)
- {
- this->list->destroy_offset(this->list, offsetof(swid_tag_t, destroy));
- }
- else
- {
- this->list->destroy_offset(this->list, offsetof(swid_tag_id_t, destroy));
- }
- free(this);
-}
-
-/**
- * See header
- */
-swid_inventory_t *swid_inventory_create(bool full_tags)
-{
- private_swid_inventory_t *this;
-
- INIT(this,
- .public = {
- .collect = _collect,
- .add = _add,
- .get_count = _get_count,
- .create_enumerator = _create_enumerator,
- .destroy = _destroy,
- },
- .full_tags = full_tags,
- .list = linked_list_create(),
- );
-
- return &this->public;
-}
diff --git a/src/libpts/swid/swid_inventory.h b/src/libpts/swid/swid_inventory.h
deleted file mode 100644
index 7de8bb2..0000000
--- a/src/libpts/swid/swid_inventory.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_inventory swid_inventory
- * @{ @ingroup pts
- */
-
-#ifndef SWID_INVENTORY_H_
-#define SWID_INVENTORY_H_
-
-#include <library.h>
-
-typedef struct swid_inventory_t swid_inventory_t;
-
-/**
- * Class managing SWID tag inventory
- */
-struct swid_inventory_t {
-
- /**
- * Collect the SWID tags stored on the endpoint
- *
- * @param directory SWID directory path
- * @param generator Path to SWID generator
- * @param targets List of target tag IDs
- * @param pretty Generate indented XML SWID tags
- * @param full Include file information in SWID tags
- * @return TRUE if successful
- */
- bool (*collect)(swid_inventory_t *this, char *directory, char *generator,
- swid_inventory_t *targets, bool pretty, bool full);
-
- /**
- * Collect the SWID tags stored on the endpoint
- *
- * @param item SWID tag or tag ID to be added
- */
- void (*add)(swid_inventory_t *this, void *item);
-
- /**
- * Get the number of collected SWID tags
- *
- * @return Number of collected SWID tags
- */
- int (*get_count)(swid_inventory_t *this);
-
- /**
- * Create a SWID tag inventory enumerator
- *
- * @return Enumerator returning either tag ID or full tag
- */
- enumerator_t* (*create_enumerator)(swid_inventory_t *this);
-
- /**
- * Destroys a swid_inventory_t object.
- */
- void (*destroy)(swid_inventory_t *this);
-
-};
-
-/**
- * Creates a swid_inventory_t object
- *
- * @param full_tags TRUE if full tags, FALSE if tag IDs only
- */
-swid_inventory_t* swid_inventory_create(bool full_tags);
-
-#endif /** SWID_INVENTORY_H_ @}*/
diff --git a/src/libpts/swid/swid_tag.c b/src/libpts/swid/swid_tag.c
deleted file mode 100644
index c71d5d2..0000000
--- a/src/libpts/swid/swid_tag.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_tag.h"
-
-typedef struct private_swid_tag_t private_swid_tag_t;
-
-/**
- * Private data of a swid_tag_t object.
- *
- */
-struct private_swid_tag_t {
-
- /**
- * Public swid_tag_t interface.
- */
- swid_tag_t public;
-
- /**
- * UTF-8 XML encoding of SWID tag
- */
- chunk_t encoding;
-
- /**
- * Optional Tag File Path
- */
- chunk_t tag_file_path;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(swid_tag_t, get_encoding, chunk_t,
- private_swid_tag_t *this)
-{
- return this->encoding;
-}
-
-METHOD(swid_tag_t, get_tag_file_path, chunk_t,
- private_swid_tag_t *this)
-{
- return this->tag_file_path;
-}
-
-METHOD(swid_tag_t, get_ref, swid_tag_t*,
- private_swid_tag_t *this)
-{
- ref_get(&this->ref);
- return &this->public;
-}
-
-METHOD(swid_tag_t, destroy, void,
- private_swid_tag_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->encoding.ptr);
- free(this->tag_file_path.ptr);
- free(this);
- }
-}
-
-/**
- * See header
- */
-swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path)
-{
- private_swid_tag_t *this;
-
- INIT(this,
- .public = {
- .get_encoding = _get_encoding,
- .get_tag_file_path = _get_tag_file_path,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .encoding = chunk_clone(encoding),
- .ref = 1,
- );
-
- if (tag_file_path.len > 0)
- {
- this->tag_file_path = chunk_clone(tag_file_path);
- }
-
- return &this->public;
-}
-
diff --git a/src/libpts/swid/swid_tag.h b/src/libpts/swid/swid_tag.h
deleted file mode 100644
index e20c538..0000000
--- a/src/libpts/swid/swid_tag.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_tag swid_tag
- * @{ @ingroup swid
- */
-
-#ifndef SWID_TAG_H_
-#define SWID_TAG_H_
-
-#include <library.h>
-
-typedef struct swid_tag_t swid_tag_t;
-
-
-/**
- * Class storing a SWID Tag
- */
-struct swid_tag_t {
-
- /**
- * Get UTF-8 XML encoding of SWID tag
- *
- * @return XML encoding of SWID tag
- */
- chunk_t (*get_encoding)(swid_tag_t *this);
-
- /**
- * Get th Optional Tag File Path
- *
- * @return Optional Tag File Path
- */
- chunk_t (*get_tag_file_path)(swid_tag_t *this);
-
- /**
- * Get a new reference to the swid_tag object
- *
- * @return this, with an increased refcount
- */
- swid_tag_t* (*get_ref)(swid_tag_t *this);
-
- /**
- * Destroys a swid_tag_t object.
- */
- void (*destroy)(swid_tag_t *this);
-
-};
-
-/**
- * Creates a swid_tag_t object
- *
- * @param encoding XML encoding of SWID tag
- * @param tag_file_path Tag File Path or empty chunk
- */
-swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t tag_file_path);
-
-#endif /** SWID_TAG_H_ @}*/
diff --git a/src/libpts/swid/swid_tag_id.c b/src/libpts/swid/swid_tag_id.c
deleted file mode 100644
index 8bede28..0000000
--- a/src/libpts/swid/swid_tag_id.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_tag_id.h"
-
-typedef struct private_swid_tag_id_t private_swid_tag_id_t;
-
-/**
- * Private data of a swid_tag_id_t object.
- *
- */
-struct private_swid_tag_id_t {
-
- /**
- * Public swid_tag_id_t interface.
- */
- swid_tag_id_t public;
-
- /**
- * Tag Creator
- */
- chunk_t tag_creator;
-
- /**
- * Unique Software ID
- */
- chunk_t unique_sw_id;
-
- /**
- * Tag File Path
- */
- chunk_t tag_file_path;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
- private_swid_tag_id_t *this)
-{
- return this->tag_creator;
-}
-
-METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
- private_swid_tag_id_t *this, chunk_t *tag_file_path)
-{
- if (tag_file_path)
- {
- *tag_file_path = this->tag_file_path;
- }
- return this->unique_sw_id;
-}
-
-METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*,
- private_swid_tag_id_t *this)
-{
- ref_get(&this->ref);
- return &this->public;
-}
-
-METHOD(swid_tag_id_t, destroy, void,
- private_swid_tag_id_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->tag_creator.ptr);
- free(this->unique_sw_id.ptr);
- free(this->tag_file_path.ptr);
- free(this);
- }
-}
-
-/**
- * See header
- */
-swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t tag_file_path)
-{
- private_swid_tag_id_t *this;
-
- INIT(this,
- .public = {
- .get_tag_creator = _get_tag_creator,
- .get_unique_sw_id = _get_unique_sw_id,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .tag_creator = chunk_clone(tag_creator),
- .unique_sw_id = chunk_clone(unique_sw_id),
- .ref = 1,
- );
-
- if (tag_file_path.len > 0)
- {
- this->tag_file_path = chunk_clone(tag_file_path);
- }
-
- return &this->public;
-}
-
diff --git a/src/libpts/swid/swid_tag_id.h b/src/libpts/swid/swid_tag_id.h
deleted file mode 100644
index d2a783b..0000000
--- a/src/libpts/swid/swid_tag_id.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_tag_id swid_tag_id
- * @{ @ingroup swid
- */
-
-#ifndef SWID_TAG_ID_H_
-#define SWID_TAG_ID_H_
-
-#include <library.h>
-
-typedef struct swid_tag_id_t swid_tag_id_t;
-
-
-/**
- * Class storing a SWID Tag ID
- */
-struct swid_tag_id_t {
-
- /**
- * Get the Tag Creator
- *
- * @return Tag Creator
- */
- chunk_t (*get_tag_creator)(swid_tag_id_t *this);
-
- /**
- * Get the Unique Software ID and optional Tag File Path
- *
- * @param Optional Tag File Path
- * @return Unique Software ID
- */
- chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *tag_file_path);
-
- /**
- * Get a new reference to the swid_tag_id object
- *
- * @return this, with an increased refcount
- */
- swid_tag_id_t* (*get_ref)(swid_tag_id_t *this);
-
- /**
- * Destroys a swid_tag_id_t object.
- */
- void (*destroy)(swid_tag_id_t *this);
-
-};
-
-/**
- * Creates a swid_tag_id_t object
- *
- * @param tag_creator Tag Creator
- * @param unique_sw_id Unique Software ID
- * @param tag_file_path Tag File Path or empty chunk
- */
-swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t tag_file_path);
-
-#endif /** SWID_TAG_ID_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_aik.c b/src/libpts/tcg/pts/tcg_pts_attr_aik.c
deleted file mode 100644
index 17a8db5..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_aik.c
+++ /dev/null
@@ -1,245 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_aik.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_aik_t private_tcg_pts_attr_aik_t;
-
-/**
- * Attestation Identity Key
- * see section 3.13 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Attestation Identity Key (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Attestation Identity Key (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define PTS_AIK_SIZE 4
-#define PTS_AIK_FLAGS_NONE 0
-#define PTS_AIK_FLAGS_NAKED_KEY (1<<7)
-/**
- * Private data of an tcg_pts_attr_aik_t object.
- */
-struct private_tcg_pts_attr_aik_t {
-
- /**
- * Public members of tcg_pts_attr_aik_t
- */
- tcg_pts_attr_aik_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * AIK Certificate or Public Key
- */
- certificate_t *aik;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_aik_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_aik_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_aik_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_aik_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_aik_t *this)
-{
- bio_writer_t *writer;
- u_int8_t flags = PTS_AIK_FLAGS_NONE;
- cred_encoding_type_t encoding_type = CERT_ASN1_DER;
- chunk_t aik_blob;
-
- if (this->value.ptr)
- {
- return;
- }
- if (this->aik->get_type(this->aik) == CERT_TRUSTED_PUBKEY)
- {
- flags |= PTS_AIK_FLAGS_NAKED_KEY;
- encoding_type = PUBKEY_SPKI_ASN1_DER;
- }
- if (!this->aik->get_encoding(this->aik, encoding_type, &aik_blob))
- {
- DBG1(DBG_TNC, "encoding of Attestation Identity Key failed");
- aik_blob = chunk_empty;
- }
- writer = bio_writer_create(PTS_AIK_SIZE);
- writer->write_uint8(writer, flags);
- writer->write_data (writer, aik_blob);
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
- free(aik_blob.ptr);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_aik_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int8_t flags;
- certificate_type_t type;
- chunk_t aik_blob;
-
- if (this->value.len < PTS_AIK_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Attestation Identity Key");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint8(reader, &flags);
- reader->read_data (reader, reader->remaining(reader), &aik_blob);
-
- type = (flags & PTS_AIK_FLAGS_NAKED_KEY) ? CERT_TRUSTED_PUBKEY : CERT_X509;
-
- this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, type,
- BUILD_BLOB_PEM, aik_blob, BUILD_END);
- reader->destroy(reader);
-
- if (!this->aik)
- {
- DBG1(DBG_TNC, "parsing of Attestation Identity Key failed");
- *offset = 0;
- return FAILED;
- }
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_aik_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_aik_t *this)
-{
- if (ref_put(&this->ref))
- {
- DESTROY_IF(this->aik);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_aik_t, get_aik, certificate_t*,
- private_tcg_pts_attr_aik_t *this)
-{
- return this->aik;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_aik_create(certificate_t *aik)
-{
- private_tcg_pts_attr_aik_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_aik = _get_aik,
- },
- .type = { PEN_TCG, TCG_PTS_AIK },
- .aik = aik->get_ref(aik),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_aik_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_aik_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_aik = _get_aik,
- },
- .type = { PEN_TCG, TCG_PTS_AIK },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_aik.h b/src/libpts/tcg/pts/tcg_pts_attr_aik.h
deleted file mode 100644
index 0962432..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_aik.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_aik tcg_pts_attr_aik
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_AIK_H_
-#define TCG_PTS_ATTR_AIK_H_
-
-typedef struct tcg_pts_attr_aik_t tcg_pts_attr_aik_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-#include <credentials/certificates/certificate.h>
-
-/**
- * Class implementing the TCG PTS Attestation Identity Key attribute
- *
- */
-struct tcg_pts_attr_aik_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get AIK
- *
- * @return AIK Certificate or Public Key
- */
- certificate_t* (*get_aik)(tcg_pts_attr_aik_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_aik_t object
- *
- * @param aik Attestation Identity Key
- */
-pa_tnc_attr_t* tcg_pts_attr_aik_create(certificate_t *aik);
-
-/**
- * Creates an tcg_pts_attr_aik_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_aik_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_AIK_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c b/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
deleted file mode 100644
index 6119b49..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.c
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_dh_nonce_finish.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_dh_nonce_finish_t
- private_tcg_pts_attr_dh_nonce_finish_t;
-
-/**
- * PTS DH Nonce Finish
- * see section 3.8.3 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Nonce Len | Selected Hash Algorithm |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | D-H Initiator Public Value ... |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | D-H Initiator Nonce ... |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- */
-
-#define PTS_DH_NONCE_FINISH_SIZE 12
-#define PTS_DH_NONCE_FINISH_RESERVED 0x00
-
-/**
- * Private data of an tcg_pts_attr_dh_nonce_finish_t object.
- */
-struct private_tcg_pts_attr_dh_nonce_finish_t {
-
- /**
- * Public members of tcg_pts_attr_dh_nonce_finish_t
- */
- tcg_pts_attr_dh_nonce_finish_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Selected Hashing Algorithm
- */
- pts_meas_algorithms_t hash_algo;
-
- /**
- * DH Initiator Public Value
- */
- chunk_t initiator_value;
-
- /**
- * DH Initiator Nonce
- */
- chunk_t initiator_nonce;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_dh_nonce_finish_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_DH_NONCE_FINISH_SIZE);
- writer->write_uint8 (writer, PTS_DH_NONCE_FINISH_RESERVED);
- writer->write_uint8 (writer, this->initiator_nonce.len);
- writer->write_uint16(writer, this->hash_algo);
- writer->write_data (writer, this->initiator_value);
- writer->write_data (writer, this->initiator_nonce);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_dh_nonce_finish_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int8_t reserved, nonce_len;
- u_int16_t hash_algo;
-
- if (this->value.len < PTS_DH_NONCE_FINISH_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Finish");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint8 (reader, &nonce_len);
- reader->read_uint16(reader, &hash_algo);
- reader->read_data(reader, reader->remaining(reader) - nonce_len,
- &this->initiator_value);
- reader->read_data(reader, nonce_len, &this->initiator_nonce);
- this->hash_algo = hash_algo;
- this->initiator_value = chunk_clone(this->initiator_value);
- this->initiator_nonce = chunk_clone(this->initiator_nonce);
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this->initiator_value.ptr);
- free(this->initiator_nonce.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_dh_nonce_finish_t, get_hash_algo, pts_meas_algorithms_t,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- return this->hash_algo;
-}
-
-METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_value, chunk_t,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- return this->initiator_value;
-}
-
-METHOD(tcg_pts_attr_dh_nonce_finish_t, get_initiator_nonce, chunk_t,
- private_tcg_pts_attr_dh_nonce_finish_t *this)
-{
- return this->initiator_nonce;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create(
- pts_meas_algorithms_t hash_algo,
- chunk_t initiator_value,
- chunk_t initiator_nonce)
-{
- private_tcg_pts_attr_dh_nonce_finish_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_hash_algo = _get_hash_algo,
- .get_initiator_nonce = _get_initiator_nonce,
- .get_initiator_value = _get_initiator_value,
- },
- .type = { PEN_TCG, TCG_PTS_DH_NONCE_FINISH },
- .hash_algo = hash_algo,
- .initiator_value = initiator_value,
- .initiator_nonce = chunk_clone(initiator_nonce),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value)
-{
- private_tcg_pts_attr_dh_nonce_finish_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_hash_algo = _get_hash_algo,
- .get_initiator_nonce = _get_initiator_nonce,
- .get_initiator_value = _get_initiator_value,
- },
- .type = { PEN_TCG, TCG_PTS_DH_NONCE_FINISH },
- .value = chunk_clone(value),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h b/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
deleted file mode 100644
index efe6fd1..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_finish.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_dh_nonce_finish tcg_pts_attr_dh_nonce_finish
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_DH_NONCE_FINISH_H_
-#define TCG_PTS_ATTR_DH_NONCE_FINISH_H_
-
-typedef struct tcg_pts_attr_dh_nonce_finish_t tcg_pts_attr_dh_nonce_finish_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-#include "pts/pts_meas_algo.h"
-
-/**
- * Class implementing the TCG PTS DH Nonce Finish Attribute
- */
-struct tcg_pts_attr_dh_nonce_finish_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get nonce length
- *
- * @return Length of nonce
- */
- u_int8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_finish_t *this);
-
- /**
- * Get selected hash algorithm
- *
- * @return Selected hash algorithm
- */
- pts_meas_algorithms_t (*get_hash_algo)(tcg_pts_attr_dh_nonce_finish_t *this);
-
- /**
- * Get DH Initiator Public Value
- *
- * @return DH Initiator Public Value
- */
- chunk_t (*get_initiator_value)(tcg_pts_attr_dh_nonce_finish_t *this);
-
- /**
- * Get DH Initiator Nonce
- *
- * @return DH Initiator Nonce
- */
- chunk_t (*get_initiator_nonce)(tcg_pts_attr_dh_nonce_finish_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_dh_nonce_finish_t object
- *
- * @param hash_algo Selected hash algorithm
- * @param initiator_value DH Initiator Public Value
- * @param initiator_nonce DH Initiator Nonce
- */
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create(
- pts_meas_algorithms_t hash_algo,
- chunk_t initiator_value,
- chunk_t initiator_nonce);
-
-/**
- * Creates an tcg_pts_attr_dh_nonce_finish_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_finish_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_DH_NONCE_FINISH_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c b/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
deleted file mode 100644
index 7761b97..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_dh_nonce_params_req.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_dh_nonce_params_req_t
- private_tcg_pts_attr_dh_nonce_params_req_t;
-
-/**
- * PTS DH Nonce Parameters Request
- * see section 3.8.1 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Min. Nonce Len | D-H Group Set |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- */
-
-#define PTS_DH_NONCE_PARAMS_REQ_SIZE 4
-#define PTS_DH_NONCE_PARAMS_REQ_RESERVED 0x00
-
-/**
- * Private data of an tcg_pts_attr_dh_nonce_params_req_t object.
- */
-struct private_tcg_pts_attr_dh_nonce_params_req_t {
-
- /**
- * Public members of tcg_pts_attr_dh_nonce_params_req_t
- */
- tcg_pts_attr_dh_nonce_params_req_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Minimum acceptable length of nonce
- */
- u_int8_t min_nonce_len;
-
- /**
- * Diffie Hellman group set
- */
- pts_dh_group_t dh_groups;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_dh_nonce_params_req_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_dh_nonce_params_req_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_dh_nonce_params_req_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_dh_nonce_params_req_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_dh_nonce_params_req_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_DH_NONCE_PARAMS_REQ_SIZE);
- writer->write_uint8 (writer, PTS_DH_NONCE_PARAMS_REQ_RESERVED);
- writer->write_uint8 (writer, this->min_nonce_len);
- writer->write_uint16(writer, this->dh_groups);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_dh_nonce_params_req_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int8_t reserved;
- u_int16_t dh_groups;
-
- if (this->value.len < PTS_DH_NONCE_PARAMS_REQ_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Parameters Request");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint8(reader, &reserved);
- reader->read_uint8(reader, &this->min_nonce_len);
- reader->read_uint16(reader, &dh_groups);
- this->dh_groups = dh_groups;
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_dh_nonce_params_req_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_dh_nonce_params_req_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_min_nonce_len, u_int8_t,
- private_tcg_pts_attr_dh_nonce_params_req_t *this)
-{
- return this->min_nonce_len;
-}
-
-METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_dh_groups, pts_dh_group_t,
- private_tcg_pts_attr_dh_nonce_params_req_t *this)
-{
- return this->dh_groups;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
- pts_dh_group_t dh_groups)
-{
- private_tcg_pts_attr_dh_nonce_params_req_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_min_nonce_len = _get_min_nonce_len,
- .get_dh_groups = _get_dh_groups,
- },
- .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_REQ },
- .min_nonce_len = min_nonce_len,
- .dh_groups = dh_groups,
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value)
-{
- private_tcg_pts_attr_dh_nonce_params_req_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_min_nonce_len = _get_min_nonce_len,
- .get_dh_groups = _get_dh_groups,
- },
- .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_REQ },
- .value = chunk_clone(value),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h b/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
deleted file mode 100644
index 024648a..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_dh_nonce_params_req tcg_pts_attr_dh_nonce_params_req
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_
-#define TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_
-
-typedef struct tcg_pts_attr_dh_nonce_params_req_t
- tcg_pts_attr_dh_nonce_params_req_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-#include "pts/pts_dh_group.h"
-
-/**
- * Class implementing the TCG PTS DH Nonce Parameters Request Attribute
- */
-struct tcg_pts_attr_dh_nonce_params_req_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get Minimum nonce length
- *
- * @return Minimum acceptable length of nonce
- */
- u_int8_t (*get_min_nonce_len)(tcg_pts_attr_dh_nonce_params_req_t *this);
-
- /**
- * Get supported Diffie Hellman Groups
- *
- * @return Supported Diffie Hellman Groups
- */
- pts_dh_group_t (*get_dh_groups)(tcg_pts_attr_dh_nonce_params_req_t *this);
-};
-
-/**
- * Creates an tcg_pts_attr_dh_nonce_params_req_t object
- *
- * @param min_nonce_len Minimum acceptable length of nonce
- * @param dh_groups Initiator's supported DH groups
- */
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len,
- pts_dh_group_t dh_groups);
-
-/**
- * Creates an tcg_pts_attr_dh_nonce_params_req_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_DH_NONCE_PARAMS_REQ_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c b/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
deleted file mode 100644
index eb0d0e5..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_dh_nonce_params_resp.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_dh_nonce_params_resp_t
- private_tcg_pts_attr_dh_nonce_params_resp_t;
-
-/**
- * PTS DH Nonce Parameters Response
- * see section 3.8.2 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Nonce Len |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Selected D-H Group | Hash Algorithm Set |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | D-H Responder Nonce ... |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | D-H Responder Public Value ... |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- */
-
-#define PTS_DH_NONCE_PARAMS_RESP_SIZE 16
-#define PTS_DH_NONCE_PARAMS_RESP_RESERVED 0x0000
-
-/**
- * Private data of an tcg_pts_attr_dh_nonce_params_resp_t object.
- */
-struct private_tcg_pts_attr_dh_nonce_params_resp_t {
-
- /**
- * Public members of tcg_pts_attr_dh_nonce_params_resp_t
- */
- tcg_pts_attr_dh_nonce_params_resp_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Selected Diffie Hellman group
- */
- pts_dh_group_t dh_group;
-
- /**
- * Supported Hashing Algorithms
- */
- pts_meas_algorithms_t hash_algo_set;
-
- /**
- * DH Responder Nonce
- */
- chunk_t responder_nonce;
-
- /**
- * DH Responder Public Value
- */
- chunk_t responder_value;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_DH_NONCE_PARAMS_RESP_SIZE);
- writer->write_uint24(writer, PTS_DH_NONCE_PARAMS_RESP_RESERVED);
- writer->write_uint8 (writer, this->responder_nonce.len);
- writer->write_uint16(writer, this->dh_group);
- writer->write_uint16(writer, this->hash_algo_set);
- writer->write_data (writer, this->responder_nonce);
- writer->write_data (writer, this->responder_value);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int32_t reserved;
- u_int8_t nonce_len;
- u_int16_t dh_group, hash_algo_set;
-
- if (this->value.len < PTS_DH_NONCE_PARAMS_RESP_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for PTS DH Nonce Parameters Response");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint24(reader, &reserved);
- reader->read_uint8 (reader, &nonce_len);
- reader->read_uint16(reader, &dh_group);
- reader->read_uint16(reader, &hash_algo_set);
- reader->read_data(reader, nonce_len, &this->responder_nonce);
- reader->read_data(reader, reader->remaining(reader), &this->responder_value);
- this->dh_group = dh_group;
- this->hash_algo_set = hash_algo_set;
- this->responder_nonce = chunk_clone(this->responder_nonce);
- this->responder_value = chunk_clone(this->responder_value);
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this->responder_nonce.ptr);
- free(this->responder_value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_dh_group, pts_dh_group_t,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- return this->dh_group;
-}
-
-METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_hash_algo_set,
- pts_meas_algorithms_t, private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- return this->hash_algo_set;
-}
-
-METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_nonce, chunk_t,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- return this->responder_nonce;
-}
-
-METHOD(tcg_pts_attr_dh_nonce_params_resp_t, get_responder_value, chunk_t,
- private_tcg_pts_attr_dh_nonce_params_resp_t *this)
-{
- return this->responder_value;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
- pts_meas_algorithms_t hash_algo_set,
- chunk_t responder_nonce,
- chunk_t responder_value)
-{
- private_tcg_pts_attr_dh_nonce_params_resp_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_dh_group = _get_dh_group,
- .get_hash_algo_set = _get_hash_algo_set,
- .get_responder_nonce = _get_responder_nonce,
- .get_responder_value = _get_responder_value,
- },
- .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_RESP },
- .dh_group = dh_group,
- .hash_algo_set = hash_algo_set,
- .responder_nonce = chunk_clone(responder_nonce),
- .responder_value = responder_value,
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value)
-{
- private_tcg_pts_attr_dh_nonce_params_resp_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_dh_group = _get_dh_group,
- .get_hash_algo_set = _get_hash_algo_set,
- .get_responder_nonce = _get_responder_nonce,
- .get_responder_value = _get_responder_value,
- },
- .type = { PEN_TCG, TCG_PTS_DH_NONCE_PARAMS_RESP },
- .value = chunk_clone(value),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h b/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h
deleted file mode 100644
index 72046d2..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_dh_nonce_params_resp tcg_pts_attr_dh_nonce_params_resp
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_DH_NONCE_PARAMS_RESP_H_
-#define TCG_PTS_ATTR_DH_NONCE_PARAMS_RESP_H_
-
-typedef struct tcg_pts_attr_dh_nonce_params_resp_t
- tcg_pts_attr_dh_nonce_params_resp_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-#include "pts/pts_dh_group.h"
-#include "pts/pts_meas_algo.h"
-
-/**
- * Class implementing the TCG PTS DH Nonce Parameters Response Attribute
- */
-struct tcg_pts_attr_dh_nonce_params_resp_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get selected Diffie Hellman Group
- *
- * @return Selected Diffie Hellman Group
- */
- pts_dh_group_t (*get_dh_group)(tcg_pts_attr_dh_nonce_params_resp_t *this);
-
- /**
- * Get supported hash algorithms
- *
- * @return Hash algorithm set
- */
- pts_meas_algorithms_t (*get_hash_algo_set)(
- tcg_pts_attr_dh_nonce_params_resp_t *this);
-
- /**
- * Get DH Responder Nonce
- *
- * @return DH Responder Nonce
- */
- chunk_t (*get_responder_nonce)(tcg_pts_attr_dh_nonce_params_resp_t *this);
-
- /**
- * Get DH Responder Public Value
- *
- * @return DH Responder Public Value
- */
- chunk_t (*get_responder_value)(tcg_pts_attr_dh_nonce_params_resp_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_dh_nonce_params_resp_t object
- *
- * @param dh_group Selected DH group
- * @param hash_algo_set Set of supported hash algorithms
- * @param responder_nonce DH Responder Nonce
- * @param responder_value DH Responder Public value
- */
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create(pts_dh_group_t dh_group,
- pts_meas_algorithms_t hash_algo_set,
- chunk_t responder_nonce,
- chunk_t responder_value);
-
-/**
- * Creates an tcg_pts_attr_dh_nonce_params_resp_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_resp_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_DH_NONCE_PARAMS_RESP_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.c b/src/libpts/tcg/pts/tcg_pts_attr_file_meas.c
deleted file mode 100644
index b9095f5..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_file_meas.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <collections/linked_list.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_file_meas_t private_tcg_pts_attr_file_meas_t;
-
-/**
- * File Measurement
- * see section 3.19.2 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Number of Files included |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Number of Files included |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID | Measurement Length |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement #1 (Variable Length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Filename Length | Filename (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Filename (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement #2 (Variable Length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Filename Length | Filename (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Filename (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ...........................
- */
-
-#define PTS_FILE_MEAS_SIZE 12
-
-/**
- * Private data of an tcg_pts_attr_file_meas_t object.
- */
-struct private_tcg_pts_attr_file_meas_t {
-
- /**
- * Public members of tcg_pts_attr_file_meas_t
- */
- tcg_pts_attr_file_meas_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * PTS File Measurements
- */
- pts_file_meas_t *measurements;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_file_meas_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_file_meas_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_file_meas_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_file_meas_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_file_meas_t *this)
-{
- bio_writer_t *writer;
- enumerator_t *enumerator;
- u_int64_t number_of_files;
- u_int16_t request_id;
- char *filename;
- chunk_t measurement;
- bool first = TRUE;
-
- if (this->value.ptr)
- {
- return;
- }
- number_of_files = this->measurements->get_file_count(this->measurements);
- request_id = this->measurements->get_request_id(this->measurements);
-
- writer = bio_writer_create(PTS_FILE_MEAS_SIZE);
- writer->write_uint64(writer, number_of_files);
- writer->write_uint16(writer, request_id);
-
- enumerator = this->measurements->create_enumerator(this->measurements);
- while (enumerator->enumerate(enumerator, &filename, &measurement))
- {
- if (first)
- {
- writer->write_uint16(writer, measurement.len);
- first = FALSE;
- }
- writer->write_data (writer, measurement);
- writer->write_data16(writer, chunk_create(filename, strlen(filename)));
- }
- enumerator->destroy(enumerator);
-
- if (first)
- {
- /* no attached measurements */
- writer->write_uint16(writer, 0);
- }
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_file_meas_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int64_t number_of_files;
- u_int16_t request_id, meas_len;
- chunk_t measurement, filename;
- size_t len;
- char buf[BUF_LEN];
- status_t status = FAILED;
-
- if (this->value.len < PTS_FILE_MEAS_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for PTS file measurement header");
- *offset = 0;
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint64(reader, &number_of_files);
- reader->read_uint16(reader, &request_id);
- reader->read_uint16(reader, &meas_len);
- *offset = PTS_FILE_MEAS_SIZE;
-
- this->measurements = pts_file_meas_create(request_id);
-
- while (number_of_files--)
- {
- if (!reader->read_data(reader, meas_len, &measurement))
- {
- DBG1(DBG_TNC, "insufficient data for PTS file measurement");
- goto end;
- }
- *offset += meas_len;
-
- if (!reader->read_data16(reader, &filename))
- {
- DBG1(DBG_TNC, "insufficient data for filename");
- goto end;
- }
- *offset += 2 + filename.len;
-
- len = min(filename.len, BUF_LEN-1);
- memcpy(buf, filename.ptr, len);
- buf[len] = '\0';
- this->measurements->add(this->measurements, buf, measurement);
- }
- status = SUCCESS;
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_file_meas_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_file_meas_t *this)
-{
- if (ref_put(&this->ref))
- {
- DESTROY_IF(this->measurements);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_file_meas_t, get_measurements, pts_file_meas_t*,
- private_tcg_pts_attr_file_meas_t *this)
-{
- return this->measurements;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements)
-{
- private_tcg_pts_attr_file_meas_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_measurements = _get_measurements,
- },
- .type = { PEN_TCG, TCG_PTS_FILE_MEAS },
- .measurements = measurements,
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_file_meas_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_file_meas_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_measurements = _get_measurements,
- },
- .type = { PEN_TCG, TCG_PTS_FILE_MEAS },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.h b/src/libpts/tcg/pts/tcg_pts_attr_file_meas.h
deleted file mode 100644
index 4f155f0..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_file_meas.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_file_meas tcg_pts_attr_file_meas
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_FILE_MEAS_H_
-#define TCG_PTS_ATTR_FILE_MEAS_H_
-
-typedef struct tcg_pts_attr_file_meas_t tcg_pts_attr_file_meas_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-#include "pts/pts.h"
-#include "pts/pts_file_meas.h"
-
-/**
- * Class implementing the TCG PTS File Measurement attribute
- *
- */
-struct tcg_pts_attr_file_meas_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get PTS File Measurements
- *
- * @return PTS File Measurements
- */
- pts_file_meas_t* (*get_measurements)(tcg_pts_attr_file_meas_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_file_meas_t object
- *
- * @param measurements PTS File Measurements
- */
-pa_tnc_attr_t* tcg_pts_attr_file_meas_create(pts_file_meas_t *measurements);
-
-/**
- * Creates an tcg_pts_attr_file_meas_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_file_meas_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_FILE_MEAS_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c b/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c
deleted file mode 100644
index f263747..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_gen_attest_evid.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_gen_attest_evid_t
- private_tcg_pts_attr_gen_attest_evid_t;
-
-/**
- * Generate Attestation Evidence
- * see section 3.14.2 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- *
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- */
-
-#define PTS_GEN_ATTEST_EVID_SIZE 4
-#define PTS_GEN_ATTEST_EVID_RESERVED 0x00
-
-/**
- * Private data of an tcg_pts_attr_gen_attest_evid_t object.
- */
-struct private_tcg_pts_attr_gen_attest_evid_t {
-
- /**
- * Public members of tcg_pts_attr_gen_attest_evid_t
- */
- tcg_pts_attr_gen_attest_evid_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_gen_attest_evid_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_gen_attest_evid_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_gen_attest_evid_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_gen_attest_evid_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_gen_attest_evid_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_GEN_ATTEST_EVID_SIZE);
- writer->write_uint32 (writer, PTS_GEN_ATTEST_EVID_RESERVED);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_gen_attest_evid_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int32_t reserved;
-
- if (this->value.len < PTS_GEN_ATTEST_EVID_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Generate Attestation Evidence");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint32 (reader, &reserved);
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_gen_attest_evid_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_gen_attest_evid_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this);
- }
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create()
-{
- private_tcg_pts_attr_gen_attest_evid_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- },
- .type = { PEN_TCG, TCG_PTS_GEN_ATTEST_EVID },
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_gen_attest_evid_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_gen_attest_evid_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- },
- .type = { PEN_TCG, TCG_PTS_GEN_ATTEST_EVID },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h b/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h
deleted file mode 100644
index 38909b0..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_gen_attest_evid.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_gen_attest_evid tcg_pts_attr_gen_attest_evid
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_GEN_ATTEST_EVID_H_
-#define TCG_PTS_ATTR_GEN_ATTEST_EVID_H_
-
-typedef struct tcg_pts_attr_gen_attest_evid_t tcg_pts_attr_gen_attest_evid_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS Generate Attestation Evidence Attribute
- *
- */
-struct tcg_pts_attr_gen_attest_evid_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-};
-
-/**
- * Creates an tcg_pts_attr_gen_attest_evid_t object
- */
-pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create();
-
-/**
- * Creates an tcg_pts_attr_gen_attest_evid_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_gen_attest_evid_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_GEN_ATTEST_EVID_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.c b/src/libpts/tcg/pts/tcg_pts_attr_get_aik.c
deleted file mode 100644
index cf944d2..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_get_aik.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_get_aik_t private_tcg_pts_attr_get_aik_t;
-
-/**
- * Get Attestation Identity Key
- * see section 3.12 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define PTS_GET_AIK_SIZE 4
-#define PTS_GET_AIK_RESERVED 0x00000000
-
-/**
- * Private data of an tcg_pts_attr_get_aik_t object.
- */
-struct private_tcg_pts_attr_get_aik_t {
-
- /**
- * Public members of tcg_pts_attr_get_aik_t
- */
- tcg_pts_attr_get_aik_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_get_aik_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_get_aik_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_get_aik_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_get_aik_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_get_aik_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_GET_AIK_SIZE);
- writer->write_uint32 (writer, PTS_GET_AIK_RESERVED);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_get_aik_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int32_t reserved;
-
- if (this->value.len < PTS_GET_AIK_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Get AIK");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint32 (reader, &reserved);
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_get_aik_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_get_aik_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this);
- }
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_get_aik_create()
-{
- private_tcg_pts_attr_get_aik_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- },
- .type = { PEN_TCG, TCG_PTS_GET_AIK },
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_get_aik_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_get_aik_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- },
- .type = { PEN_TCG, TCG_PTS_GET_AIK },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.h b/src/libpts/tcg/pts/tcg_pts_attr_get_aik.h
deleted file mode 100644
index 120100e..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_get_aik.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_get_aik tcg_pts_attr_get_aik
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_GET_AIK_H_
-#define TCG_PTS_ATTR_GET_AIK_H_
-
-typedef struct tcg_pts_attr_get_aik_t tcg_pts_attr_get_aik_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS Get Attestation Identity Key Attribute
- *
- */
-struct tcg_pts_attr_get_aik_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-};
-
-/**
- * Creates an tcg_pts_attr_get_aik_t object
- */
-pa_tnc_attr_t* tcg_pts_attr_get_aik_create();
-
-/**
- * Creates an tcg_pts_attr_get_aik_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_get_aik_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_GET_AIK_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.c b/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
deleted file mode 100644
index 647c426..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_get_tpm_version_info.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_get_tpm_version_info_t
- private_tcg_pts_attr_get_tpm_version_info_t;
-
-/**
- * Get TPM Version Information
- * see section 3.10 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- *
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- */
-
-#define PTS_GET_TPM_VER_INFO_SIZE 4
-#define PTS_GET_TPM_VER_INFO_RESERVED 0x00
-
-/**
- * Private data of an tcg_pts_attr_get_tpm_version_info_t object.
- */
-struct private_tcg_pts_attr_get_tpm_version_info_t {
-
- /**
- * Public members of tcg_pts_attr_get_tpm_version_info_t
- */
- tcg_pts_attr_get_tpm_version_info_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_get_tpm_version_info_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_get_tpm_version_info_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_get_tpm_version_info_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_get_tpm_version_info_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_get_tpm_version_info_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_GET_TPM_VER_INFO_SIZE);
- writer->write_uint32 (writer, PTS_GET_TPM_VER_INFO_RESERVED);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_get_tpm_version_info_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int32_t reserved;
-
- if (this->value.len < PTS_GET_TPM_VER_INFO_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Get TPM Version Information");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint32 (reader, &reserved);
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_get_tpm_version_info_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_get_tpm_version_info_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this);
- }
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create()
-{
- private_tcg_pts_attr_get_tpm_version_info_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- },
- .type = { PEN_TCG, TCG_PTS_GET_TPM_VERSION_INFO },
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_get_tpm_version_info_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_get_tpm_version_info_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- },
- .type = { PEN_TCG, TCG_PTS_GET_TPM_VERSION_INFO },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.h b/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.h
deleted file mode 100644
index 711a1d5..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_get_tpm_version_info.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_get_tpm_version_info tcg_pts_attr_get_tpm_version_info
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_GET_TPM_VERSION_INFO_H_
-#define TCG_PTS_ATTR_GET_TPM_VERSION_INFO_H_
-
-typedef struct tcg_pts_attr_get_tpm_version_info_t
- tcg_pts_attr_get_tpm_version_info_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS Get TPM Version Info Attribute
- *
- */
-struct tcg_pts_attr_get_tpm_version_info_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-};
-
-/**
- * Creates an tcg_pts_attr_get_tpm_version_info_t object
- */
-pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create();
-
-/**
- * Creates an tcg_pts_attr_get_tpm_version_info_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_get_tpm_version_info_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_GET_TPM_VERSION_INFO_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c b/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c
deleted file mode 100644
index a4dac90..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_meas_algo.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_meas_algo_t private_tcg_pts_attr_meas_algo_t;
-
-/**
- * PTS Measurement Algorithm
- * see section 3.9.1 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Hash Algorithm Set |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- */
-
-#define PTS_MEAS_ALGO_SIZE 4
-#define PTS_MEAS_ALGO_RESERVED 0x0000
-
-/**
- * Private data of an tcg_pts_attr_meas_algo_t object.
- */
-struct private_tcg_pts_attr_meas_algo_t {
-
- /**
- * Public members of tcg_pts_attr_meas_algo_t
- */
- tcg_pts_attr_meas_algo_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Set of algorithms
- */
- pts_meas_algorithms_t algorithms;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_meas_algo_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_meas_algo_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_meas_algo_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_meas_algo_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_meas_algo_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_MEAS_ALGO_SIZE);
- writer->write_uint16(writer, PTS_MEAS_ALGO_RESERVED);
- writer->write_uint16(writer, this->algorithms);
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_meas_algo_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int16_t reserved, algorithms;
-
- if (this->value.len < PTS_MEAS_ALGO_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for PTS Measurement Algorithm");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint16(reader, &reserved);
- reader->read_uint16(reader, &algorithms);
- this->algorithms = algorithms;
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_meas_algo_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_meas_algo_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(tcg_pts_attr_meas_algo_t, get_algorithms, pts_meas_algorithms_t,
- private_tcg_pts_attr_meas_algo_t *this)
-{
- return this->algorithms;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms,
- bool selection)
-{
- private_tcg_pts_attr_meas_algo_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_algorithms = _get_algorithms,
- },
- .type = { PEN_TCG,
- selection ? TCG_PTS_MEAS_ALGO_SELECTION : TCG_PTS_MEAS_ALGO },
- .algorithms = algorithms,
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_meas_algo_create_from_data(chunk_t data,
- bool selection)
-{
- private_tcg_pts_attr_meas_algo_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_algorithms = _get_algorithms,
- },
- .type = { PEN_TCG,
- selection ? TCG_PTS_MEAS_ALGO_SELECTION : TCG_PTS_MEAS_ALGO },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h b/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h
deleted file mode 100644
index 88d1be0..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_meas_algo.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_meas_algo tcg_pts_attr_meas_algo
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_MEAS_ALGO_H_
-#define TCG_PTS_ATTR_MEAS_ALGO_H_
-
-typedef struct tcg_pts_attr_meas_algo_t tcg_pts_attr_meas_algo_t;
-
-#include "tcg/tcg_attr.h"
-#include "pts/pts_meas_algo.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG Measurement Algorithm Attribute
- *
- */
-struct tcg_pts_attr_meas_algo_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get PTS Measurement Algorithm Set
- *
- * @return set of algorithms
- */
- pts_meas_algorithms_t (*get_algorithms)(tcg_pts_attr_meas_algo_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_meas_algo_t object
- *
- * @param algorithms set of algorithms
- * @param selection TRUE if a selection
- */
-pa_tnc_attr_t* tcg_pts_attr_meas_algo_create(pts_meas_algorithms_t algorithms,
- bool selection);
-
-/**
- * Creates an tcg_pts_attr_meas_algo_t object from received data
- *
- * @param value unparsed attribute value
- * @param selection TRUE if a selection
- */
-pa_tnc_attr_t* tcg_pts_attr_meas_algo_create_from_data(chunk_t value,
- bool selection);
-
-#endif /** TCG_PTS_ATTR_MEAS_ALGO_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c b/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c
deleted file mode 100644
index 6473ea8..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_proto_caps.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_proto_caps_t private_tcg_pts_attr_proto_caps_t;
-
-/**
- * PTS Protocol Capabilities
- * see section 3.7 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved |C|V|D|T|X|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- */
-
-#define PTS_PROTO_CAPS_SIZE 4
-#define PTS_PROTO_CAPS_RESERVED 0x0000
-
-/**
- * Private data of an tcg_pts_attr_proto_caps_t object.
- */
-struct private_tcg_pts_attr_proto_caps_t {
-
- /**
- * Public members of tcg_pts_attr_proto_caps_t
- */
- tcg_pts_attr_proto_caps_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Set of flags
- */
- pts_proto_caps_flag_t flags;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_proto_caps_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_proto_caps_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_proto_caps_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_proto_caps_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_proto_caps_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_PROTO_CAPS_SIZE);
- writer->write_uint16(writer, PTS_PROTO_CAPS_RESERVED);
- writer->write_uint16(writer, this->flags);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_proto_caps_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int16_t reserved, flags;
-
- if (this->value.len < PTS_PROTO_CAPS_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for PTS Protocol Capabilities");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint16(reader, &reserved);
- reader->read_uint16(reader, &flags);
- this->flags = flags;
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_proto_caps_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_proto_caps_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(tcg_pts_attr_proto_caps_t, get_flags, pts_proto_caps_flag_t,
- private_tcg_pts_attr_proto_caps_t *this)
-{
- return this->flags;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags,
- bool request)
-{
- private_tcg_pts_attr_proto_caps_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_flags = _get_flags,
- },
- .type = { PEN_TCG,
- request ? TCG_PTS_REQ_PROTO_CAPS : TCG_PTS_PROTO_CAPS },
- .flags = flags,
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_proto_caps_create_from_data(chunk_t data,
- bool request)
-{
- private_tcg_pts_attr_proto_caps_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_flags = _get_flags,
- },
- .type = { PEN_TCG,
- request ? TCG_PTS_REQ_PROTO_CAPS : TCG_PTS_PROTO_CAPS },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h b/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h
deleted file mode 100644
index c2478da..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_proto_caps.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_proto_caps tcg_pts_attr_proto_caps
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_PROTO_CAPS_H_
-#define TCG_PTS_ATTR_PROTO_CAPS_H_
-
-typedef struct tcg_pts_attr_proto_caps_t tcg_pts_attr_proto_caps_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-#include "pts/pts_proto_caps.h"
-
-/**
- * Class implementing the TCG PTS Protocol Capabilities Attribute
- */
-struct tcg_pts_attr_proto_caps_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get PTS procol capabilities flags
- *
- * @return set of flags
- */
- pts_proto_caps_flag_t (*get_flags)(tcg_pts_attr_proto_caps_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_proto_caps_t object
- *
- * @param flags set of flags
- * @param request TRUE for a PTS protocol capabilities request
- */
-pa_tnc_attr_t* tcg_pts_attr_proto_caps_create(pts_proto_caps_flag_t flags,
- bool request);
-
-/**
- * Creates an tcg_pts_attr_proto_caps_t object from received data
- *
- * @param value unparsed attribute value
- * @param request TRUE for a PTS protocol capabilities request
- */
-pa_tnc_attr_t* tcg_pts_attr_proto_caps_create_from_data(chunk_t value,
- bool request);
-
-#endif /** TCG_PTS_ATTR_PROTO_CAPS_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
deleted file mode 100644
index c5a2f4b..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE /* for stdndup() */
-#include <string.h>
-
-#include "tcg_pts_attr_req_file_meas.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_req_file_meas_t private_tcg_pts_attr_req_file_meas_t;
-
-/**
- * Request File Measurement
- * see section 3.19.1 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Reserved | Request ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Delimiter |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Fully Qualified File Pathname (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define PTS_REQ_FILE_MEAS_SIZE 8
-#define PTS_REQ_FILE_MEAS_RESERVED 0x00
-#define PTS_REQ_FILE_MEAS_NO_FLAGS 0x00
-
-#define DIRECTORY_CONTENTS_FLAG (1<<7)
-
-/**
- * Private data of an tcg_pts_attr_req_file_meas_t object.
- */
-struct private_tcg_pts_attr_req_file_meas_t {
-
- /**
- * Public members of tcg_pts_attr_req_file_meas_t
- */
- tcg_pts_attr_req_file_meas_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Directory Contents flag
- */
- bool directory_flag;
-
- /**
- * Request ID
- */
- u_int16_t request_id;
-
- /**
- * UTF8 Encoding of Delimiter Character
- */
- u_int32_t delimiter;
-
- /**
- * Fully Qualified File Pathname
- */
- char *pathname;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_req_file_meas_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- u_int8_t flags = PTS_REQ_FILE_MEAS_NO_FLAGS;
- chunk_t pathname;
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- if (this->directory_flag)
- {
- flags |= DIRECTORY_CONTENTS_FLAG;
- }
- pathname = chunk_create(this->pathname, strlen(this->pathname));
-
- writer = bio_writer_create(PTS_REQ_FILE_MEAS_SIZE);
- writer->write_uint8 (writer, flags);
- writer->write_uint8 (writer, PTS_REQ_FILE_MEAS_RESERVED);
- writer->write_uint16(writer, this->request_id);
- writer->write_uint32(writer, this->delimiter);
- writer->write_data (writer, pathname);
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_req_file_meas_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int8_t flags;
- u_int8_t reserved;
- chunk_t pathname;
-
- if (this->value.len < PTS_REQ_FILE_MEAS_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Request File Measurement");
- *offset = 0;
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &flags);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint16(reader, &this->request_id);
- reader->read_uint32(reader, &this->delimiter);
- reader->read_data (reader, reader->remaining(reader), &pathname);
-
- this->directory_flag = (flags & DIRECTORY_CONTENTS_FLAG) !=
- PTS_REQ_FILE_MEAS_NO_FLAGS;
- this->pathname = strndup(pathname.ptr, pathname.len);
-
- reader->destroy(reader);
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->pathname);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_req_file_meas_t, get_directory_flag, bool,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- return this->directory_flag;
-}
-
-METHOD(tcg_pts_attr_req_file_meas_t, get_request_id, u_int16_t,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_pts_attr_req_file_meas_t, get_delimiter, u_int32_t,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- return this->delimiter;
-}
-
-METHOD(tcg_pts_attr_req_file_meas_t, get_pathname, char*,
- private_tcg_pts_attr_req_file_meas_t *this)
-{
- return this->pathname;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag,
- u_int16_t request_id,
- u_int32_t delimiter,
- char *pathname)
-{
- private_tcg_pts_attr_req_file_meas_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_directory_flag = _get_directory_flag,
- .get_request_id = _get_request_id,
- .get_delimiter = _get_delimiter,
- .get_pathname = _get_pathname,
- },
- .type = { PEN_TCG, TCG_PTS_REQ_FILE_MEAS },
- .directory_flag = directory_flag,
- .request_id = request_id,
- .delimiter = delimiter,
- .pathname = strdup(pathname),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_req_file_meas_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_directory_flag = _get_directory_flag,
- .get_request_id = _get_request_id,
- .get_delimiter = _get_delimiter,
- .get_pathname = _get_pathname,
- },
- .type = { PEN_TCG, TCG_PTS_REQ_FILE_MEAS },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h
deleted file mode 100644
index 135c088..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_req_file_meas tcg_pts_attr_req_file_meas
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_REQ_FILE_MEAS_H_
-#define TCG_PTS_ATTR_REQ_FILE_MEAS_H_
-
-typedef struct tcg_pts_attr_req_file_meas_t tcg_pts_attr_req_file_meas_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS Request File Measurement attribute
- *
- */
-struct tcg_pts_attr_req_file_meas_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get flag for PTS Request File Measurement
- *
- * @return Directory Contents flag
- */
- bool (*get_directory_flag)(tcg_pts_attr_req_file_meas_t *this);
-
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- u_int16_t (*get_request_id)(tcg_pts_attr_req_file_meas_t *this);
-
- /**
- * Get Delimiter
- *
- * @return UTF-8 encoding of a Delimiter Character
- */
- u_int32_t (*get_delimiter)(tcg_pts_attr_req_file_meas_t *this);
-
- /**
- * Get Fully Qualified File Pathname
- *
- * @return Pathname
- */
- char* (*get_pathname)(tcg_pts_attr_req_file_meas_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_req_file_meas_t object
- *
- * @param directory_flag Directory Contents Flag
- * @param request_id Request ID
- * @param delimiter Delimiter Character
- * @param pathname File Pathname
- */
-pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create(bool directory_flag,
- u_int16_t request_id,
- u_int32_t delimiter,
- char *pathname);
-
-/**
- * Creates an tcg_pts_attr_req_file_meas_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_REQ_FILE_MEAS_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
deleted file mode 100644
index 8d703af..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE /* for stdndup() */
-#include <string.h>
-
-#include "tcg_pts_attr_req_file_meta.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_req_file_meta_t private_tcg_pts_attr_req_file_meta_t;
-
-/**
- * Request File Metadata
- * see section 3.17.1 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Delimiter | Reserved |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Fully Qualified File Pathname (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define PTS_REQ_FILE_META_SIZE 4
-#define PTS_REQ_FILE_META_RESERVED 0x00
-#define PTS_REQ_FILE_META_NO_FLAGS 0x00
-
-#define DIRECTORY_CONTENTS_FLAG (1<<7)
-
-/**
- * Private data of an tcg_pts_attr_req_file_meta_t object.
- */
-struct private_tcg_pts_attr_req_file_meta_t {
-
- /**
- * Public members of tcg_pts_attr_req_file_meta_t
- */
- tcg_pts_attr_req_file_meta_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Directory Contents flag
- */
- bool directory_flag;
-
- /**
- * UTF8 Encoding of Delimiter Character
- */
- u_int8_t delimiter;
-
- /**
- * Fully Qualified File Pathname
- */
- char *pathname;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_req_file_meta_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- u_int8_t flags = PTS_REQ_FILE_META_NO_FLAGS;
- chunk_t pathname;
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- if (this->directory_flag)
- {
- flags |= DIRECTORY_CONTENTS_FLAG;
- }
- pathname = chunk_create(this->pathname, strlen(this->pathname));
-
- writer = bio_writer_create(PTS_REQ_FILE_META_SIZE);
- writer->write_uint8 (writer, flags);
- writer->write_uint8 (writer, this->delimiter);
- writer->write_uint16(writer, PTS_REQ_FILE_META_RESERVED);
-
- writer->write_data (writer, pathname);
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_req_file_meta_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int8_t flags;
- u_int16_t reserved;
- chunk_t pathname;
-
- if (this->value.len < PTS_REQ_FILE_META_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Request File Metadata");
- *offset = 0;
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &flags);
- reader->read_uint8 (reader, &this->delimiter);
- reader->read_uint16(reader, &reserved);
-
- reader->read_data (reader, reader->remaining(reader), &pathname);
-
- this->directory_flag = (flags & DIRECTORY_CONTENTS_FLAG) !=
- PTS_REQ_FILE_META_NO_FLAGS;
- this->pathname = strndup(pathname.ptr, pathname.len);
-
- reader->destroy(reader);
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->pathname);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(tcg_pts_attr_req_file_meta_t, get_directory_flag, bool,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- return this->directory_flag;
-}
-
-METHOD(tcg_pts_attr_req_file_meta_t, get_delimiter, u_int8_t,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- return this->delimiter;
-}
-
-METHOD(tcg_pts_attr_req_file_meta_t, get_pathname, char*,
- private_tcg_pts_attr_req_file_meta_t *this)
-{
- return this->pathname;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag,
- u_int8_t delimiter,
- char *pathname)
-{
- private_tcg_pts_attr_req_file_meta_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_directory_flag = _get_directory_flag,
- .get_delimiter = _get_delimiter,
- .get_pathname = _get_pathname,
- },
- .type = { PEN_TCG, TCG_PTS_REQ_FILE_META },
- .directory_flag = directory_flag,
- .delimiter = delimiter,
- .pathname = strdup(pathname),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_req_file_meta_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_directory_flag = _get_directory_flag,
- .get_delimiter = _get_delimiter,
- .get_pathname = _get_pathname,
- },
- .type = { PEN_TCG, TCG_PTS_REQ_FILE_META },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h
deleted file mode 100644
index 9aa1b93..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_req_file_meta tcg_pts_attr_req_file_meta
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_REQ_FILE_META_H_
-#define TCG_PTS_ATTR_REQ_FILE_META_H_
-
-typedef struct tcg_pts_attr_req_file_meta_t tcg_pts_attr_req_file_meta_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS Request File Metadata attribute
- *
- */
-struct tcg_pts_attr_req_file_meta_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get directory flag for PTS Request File Metadata
- *
- * @return Directory Contents flag
- */
- bool (*get_directory_flag)(tcg_pts_attr_req_file_meta_t *this);
-
- /**
- * Get Delimiter
- *
- * @return UTF-8 encoding of a Delimiter Character
- */
- u_int8_t (*get_delimiter)(tcg_pts_attr_req_file_meta_t *this);
-
- /**
- * Get Fully Qualified File Pathname
- *
- * @return Pathname
- */
- char* (*get_pathname)(tcg_pts_attr_req_file_meta_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_req_file_meta_t object
- *
- * @param directory_flag Directory Contents Flag
- * @param delimiter Delimiter Character
- * @param pathname File Pathname
- */
-pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create(bool directory_flag,
- u_int8_t delimiter,
- char *pathname);
-
-/**
- * Creates an tcg_pts_attr_req_file_meta_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_REQ_FILE_META_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
deleted file mode 100644
index e10845b..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c
+++ /dev/null
@@ -1,367 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_req_func_comp_evid.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <collections/linked_list.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_req_func_comp_evid_t private_tcg_pts_attr_req_func_comp_evid_t;
-
-/**
- * Request Functional Component Evidence
- * see section 3.14.1 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Sub-component Depth (for Component #1) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name #1 |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name #1 |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | ........ |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Sub-component Depth (for Component #N) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name #N |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name #N |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-/**
- * Component Functional Name Structure
- * (see section 5.1 of PTS Protocol: Binding to TNC IF-M Specification)
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name Vendor ID |Fam| Qualifier |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define PTS_REQ_FUNC_COMP_EVID_SIZE 12
-#define PTS_REQ_FUNC_COMP_FAMILY_MASK 0xC0
-
-/**
- * Private data of an tcg_pts_attr_req_func_comp_evid_t object.
- */
-struct private_tcg_pts_attr_req_func_comp_evid_t {
-
- /**
- * Public members of tcg_pts_attr_req_func_comp_evid_t
- */
- tcg_pts_attr_req_func_comp_evid_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * List of Functional Components
- */
- linked_list_t *list;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-typedef struct entry_t entry_t;
-
-/**
- * Functional component entry
- */
-struct entry_t {
- u_int8_t flags;
- u_int32_t depth;
- pts_comp_func_name_t *name;
-};
-
-/**
- * Enumerate functional component entries
- */
-static bool entry_filter(void *null, entry_t **entry, u_int8_t *flags,
- void *i2, u_int32_t *depth, void *i3,
- pts_comp_func_name_t **name)
-{
- *flags = (*entry)->flags;
- *depth = (*entry)->depth;
- *name = (*entry)->name;
-
- return TRUE;
-}
-
-/**
- * Free an entry_t object
- */
-static void free_entry(entry_t *this)
-{
- if (this)
- {
- this->name->destroy(this->name);
- free(this);
- }
-}
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_req_func_comp_evid_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_req_func_comp_evid_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_req_func_comp_evid_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_req_func_comp_evid_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_req_func_comp_evid_t *this)
-{
- bio_writer_t *writer;
- enumerator_t *enumerator;
- entry_t *entry;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_REQ_FUNC_COMP_EVID_SIZE);
-
- enumerator = this->list->create_enumerator(this->list);
- while (enumerator->enumerate(enumerator, &entry))
- {
- writer->write_uint8 (writer, entry->flags);
- writer->write_uint24(writer, entry->depth);
- writer->write_uint24(writer, entry->name->get_vendor_id(entry->name));
- writer->write_uint8 (writer, entry->name->get_qualifier(entry->name));
- writer->write_uint32(writer, entry->name->get_name(entry->name));
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_req_func_comp_evid_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int32_t depth, vendor_id, name;
- u_int8_t flags, fam_and_qualifier, qualifier;
- status_t status = FAILED;
- entry_t *entry = NULL;
-
- if (this->value.len < PTS_REQ_FUNC_COMP_EVID_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Request Functional "
- "Component Evidence");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
-
- while (reader->remaining(reader))
- {
- if (!reader->read_uint8(reader, &flags))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
- "Component Evidence Flags");
- goto end;
- }
- if (!reader->read_uint24(reader, &depth))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
- "Component Evidence Sub Component Depth");
- goto end;
- }
- if (!reader->read_uint24(reader, &vendor_id))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
- "Component Evidence Component Name Vendor ID");
- goto end;
- }
- if (!reader->read_uint8(reader, &fam_and_qualifier))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
- "Component Evidence Family and Qualifier");
- goto end;
- }
- if (fam_and_qualifier & PTS_REQ_FUNC_COMP_FAMILY_MASK)
- {
- DBG1(DBG_TNC, "the Functional Name Encoding Family "
- "is not Binary Enumeration");
- goto end;
- }
- if (!reader->read_uint32(reader, &name))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Request Functional "
- "Component Evidence Component Functional Name");
- goto end;
- }
- qualifier = fam_and_qualifier & ~PTS_REQ_FUNC_COMP_FAMILY_MASK;
-
- entry = malloc_thing(entry_t);
- entry->flags = flags;
- entry->depth = depth;
- entry->name = pts_comp_func_name_create(vendor_id, name, qualifier);
-
- this->list->insert_last(this->list, entry);
- }
- status = SUCCESS;
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_req_func_comp_evid_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_req_func_comp_evid_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->list->destroy_function(this->list, (void *)free_entry);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_req_func_comp_evid_t, add_component, void,
- private_tcg_pts_attr_req_func_comp_evid_t *this, u_int8_t flags,
- u_int32_t depth, pts_comp_func_name_t *name)
-{
- entry_t *entry;
-
- entry = malloc_thing(entry_t);
- entry->flags = flags;
- entry->depth = depth;
- entry->name = name->clone(name);
- this->list->insert_last(this->list, entry);
-}
-
-METHOD(tcg_pts_attr_req_func_comp_evid_t, get_count, int,
- private_tcg_pts_attr_req_func_comp_evid_t *this)
-{
- return this->list->get_count(this->list);
-}
-
-METHOD(tcg_pts_attr_req_func_comp_evid_t, create_enumerator, enumerator_t*,
- private_tcg_pts_attr_req_func_comp_evid_t *this)
-{
- return enumerator_create_filter(this->list->create_enumerator(this->list),
- (void*)entry_filter, NULL, NULL);
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create(void)
-{
- private_tcg_pts_attr_req_func_comp_evid_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add_component = _add_component,
- .get_count = _get_count,
- .create_enumerator = _create_enumerator,
- },
- .type = { PEN_TCG, TCG_PTS_REQ_FUNC_COMP_EVID },
- .list = linked_list_create(),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_req_func_comp_evid_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add_component = _add_component,
- .get_count = _get_count,
- .create_enumerator = _create_enumerator,
- },
- .type = { PEN_TCG, TCG_PTS_REQ_FUNC_COMP_EVID },
- .list = linked_list_create(),
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.h b/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
deleted file mode 100644
index 2c0b8a9..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_req_func_comp_evid tcg_pts_attr_req_func_comp_evid
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_REQ_FUNC_COMP_EVID_H_
-#define TCG_PTS_ATTR_REQ_FUNC_COMP_EVID_H_
-
-typedef struct tcg_pts_attr_req_func_comp_evid_t tcg_pts_attr_req_func_comp_evid_t;
-
-#include "tcg/tcg_attr.h"
-#include "pts/components/pts_comp_func_name.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS Request Functional Component Evidence attribute
- *
- */
-struct tcg_pts_attr_req_func_comp_evid_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Add a component to the Functional Component Evidence Request
- *
- * @param flags Component Evidence Request Flags
- * @param depth Sub-component Depth
- * @param name Functional Component Name
- */
- void (*add_component)(tcg_pts_attr_req_func_comp_evid_t *this,
- u_int8_t flags, u_int32_t depth,
- pts_comp_func_name_t *name);
-
- /**
- * Returns the number of Functional Component entries
- *
- * @return Number of entries
- */
- int (*get_count)(tcg_pts_attr_req_func_comp_evid_t *this);
-
- /**
- * Enumerator over Functional Component entries
- *
- * @return Entry enumerator
- */
- enumerator_t* (*create_enumerator)(tcg_pts_attr_req_func_comp_evid_t *this);
-
-};
-
-/**
- * Creates a tcg_pts_attr_req_func_comp_evid_t object
- */
-pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create(void);
-
-/**
- * Creates a tcg_pts_attr_req_func_comp_evid_t object from received data
- *
- * @param value Unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_req_func_comp_evid_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_REQ_FUNC_COMP_EVID_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c
deleted file mode 100644
index 40f380a..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.c
+++ /dev/null
@@ -1,511 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_simple_comp_evid.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-#include <time.h>
-
-typedef struct private_tcg_pts_attr_simple_comp_evid_t private_tcg_pts_attr_simple_comp_evid_t;
-
-/**
- * Simple Component Evidence
- * see section 3.15.1 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Sub-Component Depth |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Specific Functional Component |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Specific Functional Component |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measure. Type | Extended into PCR |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Hash Algorithm | PCR Transform | Reserved |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Measurement Date/Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Optional Policy URI Length | Opt. Verification Policy URI ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional Verification Policy URI ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Optional PCR Length | Optional PCR Before Value ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional PCR Before Value (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional PCR After Value (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Component Measurement (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-/**
- * Specific Functional Component -> Component Functional Name Structure
- * see section 5.1 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name Vendor ID |Fam| Qualifier |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Component Functional Name |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- */
-
-#define PTS_SIMPLE_COMP_EVID_SIZE 40
-#define PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE 20
-#define PTS_SIMPLE_COMP_EVID_RESERVED 0x00
-#define PTS_SIMPLE_COMP_EVID_FAMILY_MASK 0xC0
-#define PTS_SIMPLE_COMP_EVID_VALIDATION_MASK 0x60
-#define PTS_SIMPLE_COMP_EVID_MEAS_TYPE (1<<7)
-#define PTS_SIMPLE_COMP_EVID_FLAG_PCR (1<<7)
-
-static char *utc_undefined_time_str = "0000-00-00T00:00:00Z";
-
-/**
- * Private data of an tcg_pts_attr_simple_comp_evid_t object.
- */
-struct private_tcg_pts_attr_simple_comp_evid_t {
-
- /**
- * Public members of tcg_pts_attr_simple_comp_evid_t
- */
- tcg_pts_attr_simple_comp_evid_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * PTS Component Evidence
- */
- pts_comp_evidence_t *evidence;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_simple_comp_evid_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-/**
- * Convert time_t to Simple Component Evidence UTS string format
- */
-void measurement_time_to_utc(time_t measurement_time, chunk_t *utc_time)
-{
- struct tm t;
-
- if (measurement_time == UNDEFINED_TIME)
- {
- utc_time->ptr = utc_undefined_time_str;
- }
- else
- {
- gmtime_r(&measurement_time, &t);
- sprintf(utc_time->ptr, "%04d-%02d-%02dT%02d:%02d:%02dZ",
- t.tm_year + 1900, t.tm_mon + 1, t.tm_mday,
- t.tm_hour, t.tm_min, t.tm_sec);
- }
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- bio_writer_t *writer;
- bool has_pcr_info;
- char utc_time_buf[25], *policy_uri;
- u_int8_t flags;
- u_int16_t len;
- u_int32_t depth, extended_pcr;
- pts_comp_func_name_t *name;
- pts_meas_algorithms_t hash_algorithm;
- pts_pcr_transform_t transform;
- pts_comp_evid_validation_t validation;
- time_t measurement_time;
- chunk_t measurement, utc_time, pcr_before, pcr_after;
-
- if (this->value.ptr)
- {
- return;
- }
-
- /* Extract parameters from comp_evidence_t object */
- name = this->evidence->get_comp_func_name(this->evidence,
- &depth);
- measurement = this->evidence->get_measurement(this->evidence,
- &extended_pcr, &hash_algorithm, &transform,
- &measurement_time);
- has_pcr_info = this->evidence->get_pcr_info(this->evidence,
- &pcr_before, &pcr_after);
- validation = this->evidence->get_validation(this->evidence,
- &policy_uri);
-
- /* Determine the flags to set*/
- flags = validation;
- if (has_pcr_info)
- {
- flags |= PTS_SIMPLE_COMP_EVID_FLAG_PCR;
- }
-
- utc_time = chunk_create(utc_time_buf, PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE);
- measurement_time_to_utc(measurement_time, &utc_time);
-
- writer = bio_writer_create(PTS_SIMPLE_COMP_EVID_SIZE);
-
- writer->write_uint8 (writer, flags);
- writer->write_uint24(writer, depth);
- writer->write_uint24(writer, name->get_vendor_id(name));
- writer->write_uint8 (writer, name->get_qualifier(name));
- writer->write_uint32(writer, name->get_name(name));
- writer->write_uint8 (writer, PTS_SIMPLE_COMP_EVID_MEAS_TYPE);
- writer->write_uint24(writer, extended_pcr);
- writer->write_uint16(writer, hash_algorithm);
- writer->write_uint8 (writer, transform);
- writer->write_uint8 (writer, PTS_SIMPLE_COMP_EVID_RESERVED);
- writer->write_data (writer, utc_time);
-
- /* Optional fields */
- if (validation == PTS_COMP_EVID_VALIDATION_FAILED ||
- validation == PTS_COMP_EVID_VALIDATION_PASSED)
- {
- len = strlen(policy_uri);
- writer->write_uint16(writer, len);
- writer->write_data (writer, chunk_create(policy_uri, len));
- }
- if (has_pcr_info)
- {
- writer->write_uint16(writer, pcr_before.len);
- writer->write_data (writer, pcr_before);
- writer->write_data (writer, pcr_after);
- }
-
- writer->write_data(writer, measurement);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
-static const int tm_leap_1970 = 477;
-
-/**
- * Convert Simple Component Evidence UTS string format to time_t
- */
-bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time)
-{
- int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs;
- int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
-
- if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len))
- {
- *measurement_time = 0;
- return TRUE;
- }
- if (sscanf(utc_time.ptr, "%4d-%2d-%2dT%2d:%2d:%2dZ",
- &tm_year, &tm_mon, &tm_day, &tm_hour, &tm_min, &tm_sec) != 6)
- {
- return FALSE;
- }
-
- /* representation of months as 0..11 */
- tm_mon--;
-
- /* representation of days as 0..30 */
- tm_day--;
-
- /* number of leap years between last year and 1970? */
- tm_leap_4 = (tm_year - 1) / 4;
- tm_leap_100 = tm_leap_4 / 25;
- tm_leap_400 = tm_leap_100 / 4;
- tm_leap = tm_leap_4 - tm_leap_100 + tm_leap_400 - tm_leap_1970;
-
- /* if date later then February, is the current year a leap year? */
- if (tm_mon > 1 && (tm_year % 4 == 0) &&
- (tm_year % 100 != 0 || tm_year % 400 == 0))
- {
- tm_leap++;
- }
- tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
- tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec;
-
- *measurement_time = tm_secs;
- return TRUE;
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_simple_comp_evid_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- pts_comp_func_name_t *name;
- u_int8_t flags, fam_and_qualifier, qualifier, reserved;
- u_int8_t measurement_type, transform, validation;
- u_int16_t hash_algorithm, len;
- u_int32_t depth, vendor_id, comp_name, extended_pcr;
- chunk_t measurement, utc_time, policy_uri, pcr_before, pcr_after;
- time_t measurement_time;
- bool has_pcr_info = FALSE, has_validation = FALSE;
- status_t status = FAILED;
-
- if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Simple Component Evidence");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
-
- reader->read_uint8 (reader, &flags);
- reader->read_uint24(reader, &depth);
- reader->read_uint24(reader, &vendor_id);
- reader->read_uint8 (reader, &fam_and_qualifier);
- reader->read_uint32(reader, &comp_name);
- reader->read_uint8 (reader, &measurement_type);
- reader->read_uint24(reader, &extended_pcr);
- reader->read_uint16(reader, &hash_algorithm);
- reader->read_uint8 (reader, &transform);
- reader->read_uint8 (reader, &reserved);
- reader->read_data (reader, PTS_SIMPLE_COMP_EVID_MEAS_TIME_SIZE, &utc_time);
-
- if (measurement_type != PTS_SIMPLE_COMP_EVID_MEAS_TYPE)
- {
- DBG1(DBG_TNC, "unsupported Measurement Type in "
- "Simple Component Evidence");
- *offset = 12;
- reader->destroy(reader);
- return FAILED;
- }
- if (!measurement_time_from_utc(&measurement_time, utc_time))
- {
- DBG1(DBG_TNC, "invalid Measurement Time field in "
- "Simple Component Evidence");
- *offset = 20;
- reader->destroy(reader);
- return FAILED;
- }
- validation = flags & PTS_SIMPLE_COMP_EVID_VALIDATION_MASK;
- qualifier = fam_and_qualifier & ~PTS_SIMPLE_COMP_EVID_FAMILY_MASK;
-
- /* Is optional Policy URI field included? */
- if (validation == PTS_COMP_EVID_VALIDATION_FAILED ||
- validation == PTS_COMP_EVID_VALIDATION_PASSED)
- {
- if (!reader->read_uint16(reader, &len))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
- "Verification Policy URI Length");
- goto end;
- }
- if (!reader->read_data(reader, len, &policy_uri))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
- "Verification Policy URI");
- goto end;
- }
- has_validation = TRUE;
- }
-
- /* Are optional PCR value fields included? */
- if (flags & PTS_SIMPLE_COMP_EVID_FLAG_PCR)
- {
- if (!reader->read_uint16(reader, &len))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
- "PCR Value length");
- goto end;
- }
- if (!reader->read_data(reader, len, &pcr_before))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
- "PCR Before Value");
- goto end;
- }
- if (!reader->read_data(reader, len, &pcr_after))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Component Evidence "
- "PCR After Value");
- goto end;
- }
- has_pcr_info = TRUE;
- }
-
- /* Measurement field comes at the very end */
- reader->read_data(reader,reader->remaining(reader), &measurement);
- reader->destroy(reader);
-
- /* Create Component Functional Name object */
- name = pts_comp_func_name_create(vendor_id, comp_name, qualifier);
-
- /* Create Component Evidence object */
- measurement = chunk_clone(measurement);
- this->evidence = pts_comp_evidence_create(name, depth, extended_pcr,
- hash_algorithm, transform,
- measurement_time, measurement);
-
- /* Add options */
- if (has_validation)
- {
- char buf[BUF_LEN];
- size_t len;
-
- len = min(policy_uri.len, BUF_LEN-1);
- memcpy(buf, policy_uri.ptr, len);
- buf[len] = '\0';
- this->evidence->set_validation(this->evidence, validation, buf);
- }
- if (has_pcr_info)
- {
- pcr_before = chunk_clone(pcr_before);
- pcr_after = chunk_clone(pcr_after);
- this->evidence->set_pcr_info(this->evidence, pcr_before, pcr_after);
- }
-
- return SUCCESS;
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- if (ref_put(&this->ref))
- {
- DESTROY_IF(this->evidence);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_simple_comp_evid_t, get_comp_evidence, pts_comp_evidence_t*,
- private_tcg_pts_attr_simple_comp_evid_t *this)
-{
- return this->evidence;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid)
-{
- private_tcg_pts_attr_simple_comp_evid_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_comp_evidence = _get_comp_evidence,
- },
- .type = { PEN_TCG, TCG_PTS_SIMPLE_COMP_EVID },
- .evidence = evid,
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_simple_comp_evid_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_comp_evidence = _get_comp_evidence,
- },
- .type = { PEN_TCG, TCG_PTS_SIMPLE_COMP_EVID },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h b/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h
deleted file mode 100644
index 628fad6..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_simple_comp_evid.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_simple_comp_evid tcg_pts_attr_simple_comp_evid
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_
-#define TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_
-
-typedef struct tcg_pts_attr_simple_comp_evid_t tcg_pts_attr_simple_comp_evid_t;
-
-#include "tcg/tcg_attr.h"
-#include "pts/components/pts_comp_evidence.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS Simple Component Evidence attribute
- *
- */
-struct tcg_pts_attr_simple_comp_evid_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get Component Evidence
- *
- * @return Component Evidence
- */
- pts_comp_evidence_t* (*get_comp_evidence)(tcg_pts_attr_simple_comp_evid_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_simple_comp_evid_t object
- *
- * @param evid Component Evidence
- */
-pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create(pts_comp_evidence_t *evid);
-
-/**
- * Creates an tcg_pts_attr_simple_comp_evid_t object from received data
- *
- * @param value Unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_simple_comp_evid_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_SIMPLE_COMP_EVID_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.c
deleted file mode 100644
index baadd94..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.c
+++ /dev/null
@@ -1,383 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_simple_evid_final.h"
-#include "pts/pts_simple_evid_final.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_simple_evid_final_t;
-
-/**
- * Simple Evidence Final
- * see section 3.15.2 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Flags | Reserved | Optional Composite Hash Alg |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Optional TPM PCR Composite Length |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional TPM PCR Composite (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Optional TPM Quote Signature Length |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional TPM Quote Signature (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Optional Evidence Signature (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define PTS_SIMPLE_EVID_FINAL_SIZE 2
-#define PTS_SIMPLE_EVID_FINAL_RESERVED 0x00
-#define PTS_SIMPLE_EVID_FINAL_FLAG_MASK 0xC0
-/**
- * Private data of an tcg_pts_attr_simple_evid_final_t object.
- */
-struct private_tcg_pts_attr_simple_evid_final_t {
-
- /**
- * Public members of tcg_pts_attr_simple_evid_final_t
- */
- tcg_pts_attr_simple_evid_final_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Set of flags for Simple Evidence Final
- */
- u_int8_t flags;
-
- /**
- * Optional Composite Hash Algorithm
- */
- pts_meas_algorithms_t comp_hash_algorithm;
-
- /**
- * Optional TPM PCR Composite
- */
- chunk_t pcr_comp;
-
- /**
- * Optional TPM Quote Signature
- */
- chunk_t tpm_quote_sig;
-
- /**
- * Is Evidence Signature included?
- */
- bool has_evid_sig;
-
- /**
- * Optional Evidence Signature
- */
- chunk_t evid_sig;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_simple_evid_final_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this->pcr_comp.ptr);
- free(this->tpm_quote_sig.ptr);
- free(this->evid_sig.ptr);
- free(this);
- }
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_simple_evid_final_t *this)
-{
- bio_writer_t *writer;
- u_int8_t flags;
-
- if (this->value.ptr)
- {
- return;
- }
- flags = this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK;
-
- if (this->has_evid_sig)
- {
- flags |= PTS_SIMPLE_EVID_FINAL_EVID_SIG;
- }
-
- writer = bio_writer_create(PTS_SIMPLE_EVID_FINAL_SIZE);
- writer->write_uint8 (writer, flags);
- writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED);
-
- /** Optional Composite Hash Algorithm field is always present
- * Field has value of all zeroes if not used.
- * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
- */
- writer->write_uint16(writer, this->comp_hash_algorithm);
-
- /* Optional fields */
- if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
- {
- writer->write_uint32 (writer, this->pcr_comp.len);
- writer->write_data (writer, this->pcr_comp);
-
- writer->write_uint32 (writer, this->tpm_quote_sig.len);
- writer->write_data (writer, this->tpm_quote_sig);
- }
-
- if (this->has_evid_sig)
- {
- writer->write_data (writer, this->evid_sig);
- }
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_simple_evid_final_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int8_t flags, reserved;
- u_int16_t algorithm;
- u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len;
- status_t status = FAILED;
-
- if (this->value.len < PTS_SIMPLE_EVID_FINAL_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for Simple Evidence Final");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
-
- reader->read_uint8(reader, &flags);
- reader->read_uint8(reader, &reserved);
-
- this->flags = flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK;
-
- this->has_evid_sig = (flags & PTS_SIMPLE_EVID_FINAL_EVID_SIG) != 0;
-
- /** Optional Composite Hash Algorithm field is always present
- * Field has value of all zeroes if not used.
- * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011
- */
-
- reader->read_uint16(reader, &algorithm);
- this->comp_hash_algorithm = algorithm;
-
- /* Optional Composite Hash Algorithm and TPM PCR Composite fields */
- if (this->flags != PTS_SIMPLE_EVID_FINAL_NO)
- {
- if (!reader->read_uint32(reader, &pcr_comp_len))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
- "PCR Composite Length");
- goto end;
- }
- if (!reader->read_data(reader, pcr_comp_len, &this->pcr_comp))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
- "PCR Composite");
- goto end;
- }
- this->pcr_comp = chunk_clone(this->pcr_comp);
-
- if (!reader->read_uint32(reader, &tpm_quote_sig_len))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
- "TPM Quote Singature Length");
- goto end;
- }
- if (!reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig))
- {
- DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final "
- "TPM Quote Singature");
- goto end;
- }
- this->tpm_quote_sig = chunk_clone(this->tpm_quote_sig);
- }
-
- /* Optional Evidence Signature field */
- if (this->has_evid_sig)
- {
- evid_sig_len = reader->remaining(reader);
- reader->read_data(reader, evid_sig_len, &this->evid_sig);
- this->evid_sig = chunk_clone(this->evid_sig);
- }
-
- reader->destroy(reader);
- return SUCCESS;
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, u_int8_t,
- private_tcg_pts_attr_simple_evid_final_t *this,
- pts_meas_algorithms_t *comp_hash_algo, chunk_t *pcr_comp, chunk_t *tpm_quote_sig)
-{
- if (comp_hash_algo)
- {
- *comp_hash_algo = this->comp_hash_algorithm;
- }
- if (pcr_comp)
- {
- *pcr_comp = this->pcr_comp;
- }
- if (tpm_quote_sig)
- {
- *tpm_quote_sig = this->tpm_quote_sig;
- }
- return this->flags;
-}
-
-METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool,
- private_tcg_pts_attr_simple_evid_final_t *this, chunk_t *evid_sig)
-{
- if (evid_sig)
- {
- *evid_sig = this->evid_sig;
- }
- return this->has_evid_sig;
-}
-
-METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void,
- private_tcg_pts_attr_simple_evid_final_t *this, chunk_t evid_sig)
-{
- this->evid_sig = evid_sig;
- this->has_evid_sig = TRUE;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags,
- pts_meas_algorithms_t comp_hash_algorithm,
- chunk_t pcr_comp, chunk_t tpm_quote_sig)
-{
- private_tcg_pts_attr_simple_evid_final_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_quote_info = _get_quote_info,
- .get_evid_sig = _get_evid_sig,
- .set_evid_sig = _set_evid_sig,
- },
- .type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL },
- .flags = flags,
- .comp_hash_algorithm = comp_hash_algorithm,
- .pcr_comp = pcr_comp,
- .tpm_quote_sig = tpm_quote_sig,
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_simple_evid_final_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_quote_info = _get_quote_info,
- .get_evid_sig = _get_evid_sig,
- .set_evid_sig = _set_evid_sig,
- },
- .type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.h b/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.h
deleted file mode 100644
index 1fac2e1..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_simple_evid_final.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_simple_evid_final tcg_pts_attr_simple_evid_final
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_
-#define TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_
-
-typedef struct tcg_pts_attr_simple_evid_final_t tcg_pts_attr_simple_evid_final_t;
-
-#include "tcg/tcg_attr.h"
-#include "tcg_pts_attr_meas_algo.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS Simple Evidence Final attribute
- *
- */
-struct tcg_pts_attr_simple_evid_final_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get Optional PCR Composite and TPM Quote Signature
- *
- * @param comp_hash_algo Optional Composite Hash Algorithm
- * @param pcr_comp Optional PCR Composite
- * @param tpm_quote sig Optional TPM Quote Signature
- * @return PTS_SIMPLE_EVID_FINAL flags
- */
- u_int8_t (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this,
- pts_meas_algorithms_t *comp_hash_algo,
- chunk_t *pcr_comp, chunk_t *tpm_quote_sig);
-
- /**
- * Get Optional Evidence Signature
- *
- * @param evid_sig Optional Evidence Signature
- * @return TRUE if Evidence Signature is available
- */
- bool (*get_evid_sig)(tcg_pts_attr_simple_evid_final_t *this,
- chunk_t *evid_sig);
-
- /**
- * Set Optional Evidence Signature
- *
- * @param vid_sig Optional Evidence Signature
- */
- void (*set_evid_sig)(tcg_pts_attr_simple_evid_final_t *this,
- chunk_t evid_sig);
-
-};
-
-/**
- * Creates an tcg_pts_attr_simple_evid_final_t object
- *
- * @param flags Set of flags
- * @param comp_hash_algorithm Composite Hash Algorithm
- * @param pcr_comp Optional TPM PCR Composite
- * @param tpm_quote_sign Optional TPM Quote Signature
- */
-pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create(
- u_int8_t flags,
- pts_meas_algorithms_t comp_hash_algorithm,
- chunk_t pcr_comp,
- chunk_t tpm_quote_sign);
-
-/**
- * Creates an tcg_pts_attr_simple_evid_final_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_SIMPLE_EVID_FINAL_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c b/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c
deleted file mode 100644
index b776cb6..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_pts_attr_tpm_version_info.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_tpm_version_info_t private_tcg_pts_attr_tpm_version_info_t;
-
-/**
- * TPM Version Information
- * see section 3.11 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- *
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | TPM Version Information (Variable Length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * see TPM Structure Specification Part 2, section 21.6: TPM_CAP_VERSION_INFO
- */
-
-#define PTS_TPM_VER_INFO_SIZE 4
-
-/**
- * Private data of an tcg_pts_attr_tpm_version_info_t object.
- */
-struct private_tcg_pts_attr_tpm_version_info_t {
-
- /**
- * Public members of tcg_pts_attr_tpm_version_info_t
- */
- tcg_pts_attr_tpm_version_info_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * TPM Version Information
- */
- chunk_t tpm_version_info;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_tpm_version_info_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_tpm_version_info_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_tpm_version_info_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_tpm_version_info_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_tpm_version_info_t *this)
-{
- bio_writer_t *writer;
-
- if (this->value.ptr)
- {
- return;
- }
- writer = bio_writer_create(PTS_TPM_VER_INFO_SIZE);
- writer->write_data(writer, this->tpm_version_info);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_tpm_version_info_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
-
- if (this->value.len < PTS_TPM_VER_INFO_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for TPM Version Information");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_data (reader, this->value.len, &this->tpm_version_info);
- this->tpm_version_info = chunk_clone(this->tpm_version_info);
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_tpm_version_info_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_tpm_version_info_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->value.ptr);
- free(this->tpm_version_info.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_tpm_version_info_t, get_tpm_version_info, chunk_t,
- private_tcg_pts_attr_tpm_version_info_t *this)
-{
- return this->tpm_version_info;
-}
-
-METHOD(tcg_pts_attr_tpm_version_info_t, set_tpm_version_info, void,
- private_tcg_pts_attr_tpm_version_info_t *this,
- chunk_t tpm_version_info)
-{
- this->tpm_version_info = tpm_version_info;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info)
-{
- private_tcg_pts_attr_tpm_version_info_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_tpm_version_info = _get_tpm_version_info,
- .set_tpm_version_info = _set_tpm_version_info,
- },
- .type = { PEN_TCG, TCG_PTS_TPM_VERSION_INFO },
- .tpm_version_info = chunk_clone(tpm_version_info),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_tpm_version_info_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_tpm_version_info_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_tpm_version_info = _get_tpm_version_info,
- .set_tpm_version_info = _set_tpm_version_info,
- },
- .type = { PEN_TCG, TCG_PTS_TPM_VERSION_INFO },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h b/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h
deleted file mode 100644
index e03b57f..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_tpm_version_info.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_tpm_version_info tcg_pts_attr_tpm_version_info
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_TPM_VERSION_INFO_H_
-#define TCG_PTS_ATTR_TPM_VERSION_INFO_H_
-
-typedef struct tcg_pts_attr_tpm_version_info_t tcg_pts_attr_tpm_version_info_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG PTS TPM Version Info Attribute
- *
- */
-struct tcg_pts_attr_tpm_version_info_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get TPM Version Info
- *
- * @return TPM version info
- */
- chunk_t (*get_tpm_version_info)(tcg_pts_attr_tpm_version_info_t *this);
-
- /**
- * Set TPM Version Info
- *
- * @param tpm_version_info TPM version info
- */
- void (*set_tpm_version_info)(tcg_pts_attr_tpm_version_info_t *this,
- chunk_t tpm_version_info);
-};
-
-/**
- * Creates an tcg_pts_attr_tpm_version_info_t object
- *
- * @param tpm_version_info TPM version info
- */
-pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create(chunk_t tpm_version_info);
-
-/**
- * Creates an tcg_pts_attr_tpm_version_info_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_tpm_version_info_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_TPM_VERSION_INFO_H_ @}*/
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
deleted file mode 100644
index eff64c2..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c
+++ /dev/null
@@ -1,350 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE /* for stdndup() */
-#include <string.h>
-
-#include "tcg_pts_attr_unix_file_meta.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <collections/linked_list.h>
-#include <utils/debug.h>
-
-typedef struct private_tcg_pts_attr_file_meta_t private_tcg_pts_attr_file_meta_t;
-
-/**
- * Unix-Style File Metadata
- * see section 3.17.3 of PTS Protocol: Binding to TNC IF-M Specification
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Number of Files included |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Number of Files included |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File metadata Length | Type | Reserved |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File Size |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File Size |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File Create Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File Create Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last Modify Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last Modify Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last Access Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last Access Time |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File Owner ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File Owner ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File Group ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | File Group ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ~ Filename (Variable Length) ~
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * ...........................
- */
-
-#define PTS_FILE_META_SIZE 8
-#define PTS_FILE_MEAS_RESERVED 0x00
-#define PTS_FILE_METADATA_SIZE 52
-
-/**
- * Private data of an tcg_pts_attr_file_meta_t object.
- */
-struct private_tcg_pts_attr_file_meta_t {
-
- /**
- * Public members of tcg_pts_attr_file_meta_t
- */
- tcg_pts_attr_file_meta_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * PTS File Metadata
- */
- pts_file_meta_t *metadata;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_pts_attr_file_meta_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_pts_attr_file_meta_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_pts_attr_file_meta_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_pts_attr_file_meta_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_pts_attr_file_meta_t *this)
-{
- bio_writer_t *writer;
- enumerator_t *enumerator;
- pts_file_metadata_t *entry;
- u_int64_t number_of_files;
-
- if (this->value.ptr)
- {
- return;
- }
- number_of_files = this->metadata->get_file_count(this->metadata);
- writer = bio_writer_create(PTS_FILE_META_SIZE);
-
- writer->write_uint64(writer, number_of_files);
-
- enumerator = this->metadata->create_enumerator(this->metadata);
- while (enumerator->enumerate(enumerator, &entry))
- {
- writer->write_uint16(writer, PTS_FILE_METADATA_SIZE +
- strlen(entry->filename));
- writer->write_uint8 (writer, entry->type);
- writer->write_uint8 (writer, PTS_FILE_MEAS_RESERVED);
- writer->write_uint64(writer, entry->filesize);
- writer->write_uint64(writer, entry->created);
- writer->write_uint64(writer, entry->modified);
- writer->write_uint64(writer, entry->accessed);
- writer->write_uint64(writer, entry->owner);
- writer->write_uint64(writer, entry->group);
- writer->write_data (writer, chunk_create(entry->filename,
- strlen(entry->filename)));
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_pts_attr_file_meta_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- pts_file_metadata_t *entry;
- u_int8_t type, reserved;
- u_int16_t len;
- u_int64_t number_of_files, filesize, created, modified, accessed;
- u_int64_t owner, group;
- chunk_t filename;
- status_t status = FAILED;
-
- if (this->value.len < PTS_FILE_META_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for PTS Unix-Style file metadata header");
- *offset = 0;
- return FAILED;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint64(reader, &number_of_files);
-
- this->metadata = pts_file_meta_create();
-
- while (number_of_files--)
- {
- if (!reader->read_uint16(reader, &len))
- {
- DBG1(DBG_TNC, "insufficient data for PTS file metadata length");
- goto end;
- }
- if (!reader->read_uint8(reader, &type))
- {
- DBG1(DBG_TNC, "insufficient data for file type");
- goto end;
- }
- if (!reader->read_uint8(reader, &reserved))
- {
- DBG1(DBG_TNC, "insufficient data for reserved field");
- goto end;
- }
- if (!reader->read_uint64(reader, &filesize))
- {
- DBG1(DBG_TNC, "insufficient data for file size");
- goto end;
- }
- if (!reader->read_uint64(reader, &created))
- {
- DBG1(DBG_TNC, "insufficient data for file create time");
- goto end;
- }
- if (!reader->read_uint64(reader, &modified))
- {
- DBG1(DBG_TNC, "insufficient data for last modify time");
- goto end;
- }
- if (!reader->read_uint64(reader, &accessed))
- {
- DBG1(DBG_TNC, "insufficient data for last access time");
- goto end;
- }
- if (!reader->read_uint64(reader, &owner))
- {
- DBG1(DBG_TNC, "insufficient data for owner id");
- goto end;
- }
- if (!reader->read_uint64(reader, &group))
- {
- DBG1(DBG_TNC, "insufficient data for group id");
- goto end;
- }
- if (!reader->read_data(reader, len - PTS_FILE_METADATA_SIZE, &filename))
- {
- DBG1(DBG_TNC, "insufficient data for filename");
- goto end;
- }
-
- entry = malloc_thing(pts_file_metadata_t);
- entry->type = type;
- entry->filesize = filesize;
- entry->created = created;
- entry->modified = modified;
- entry->accessed = accessed;
- entry->owner = owner;
- entry->group = group;
- entry->filename = strndup(filename.ptr, filename.len);
-
- this->metadata->add(this->metadata, entry);
- }
- status = SUCCESS;
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_pts_attr_file_meta_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_pts_attr_file_meta_t *this)
-{
- if (ref_put(&this->ref))
- {
- DESTROY_IF(this->metadata);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_pts_attr_file_meta_t, get_metadata, pts_file_meta_t*,
- private_tcg_pts_attr_file_meta_t *this)
-{
- return this->metadata;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata)
-{
- private_tcg_pts_attr_file_meta_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_metadata = _get_metadata,
- },
- .type = { PEN_TCG, TCG_PTS_UNIX_FILE_META },
- .metadata = metadata,
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_pts_attr_unix_file_meta_create_from_data(chunk_t data)
-{
- private_tcg_pts_attr_file_meta_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_metadata = _get_metadata,
- },
- .type = { PEN_TCG, TCG_PTS_UNIX_FILE_META },
- .value = chunk_clone(data),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h b/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h
deleted file mode 100644
index 2118d39..0000000
--- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_pts_attr_unix_file_meta tcg_pts_attr_unix_file_meta
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_PTS_ATTR_UNIX_FILE_META_H_
-#define TCG_PTS_ATTR_UNIX_FILE_META_H_
-
-typedef struct tcg_pts_attr_file_meta_t tcg_pts_attr_file_meta_t;
-
-#include "tcg/tcg_attr.h"
-#include "pa_tnc/pa_tnc_attr.h"
-#include "pts/pts.h"
-#include "pts/pts_file_meta.h"
-
-/**
- * Class implementing the TCG PTS File Measurement attribute
- *
- */
-struct tcg_pts_attr_file_meta_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get PTS File Metadata
- *
- * @return PTS File Metadata
- */
- pts_file_meta_t* (*get_metadata)(tcg_pts_attr_file_meta_t *this);
-
-};
-
-/**
- * Creates an tcg_pts_attr_file_meta_t object
- *
- * @param metadata PTS File Metadata
- */
-pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create(pts_file_meta_t *metadata);
-
-/**
- * Creates an tcg_pts_attr_file_meta_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_pts_attr_unix_file_meta_create_from_data(chunk_t value);
-
-#endif /** TCG_PTS_ATTR_UNIX_FILE_META_H_ @}*/
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_req.c b/src/libpts/tcg/swid/tcg_swid_attr_req.c
deleted file mode 100644
index c403d06..0000000
--- a/src/libpts/tcg/swid/tcg_swid_attr_req.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_req.h"
-
-#include "swid/swid_tag_id.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t;
-
-/**
- * SWID Request
- * see section 4.7 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * |Reserved |C|S|R| Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Earliest EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Creator Length | Tag Creator (variable length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Unique Software ID Length |Unique Software ID (var length)|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define SWID_REQ_RESERVED_MASK 0x03
-
-/**
- * Private data of an tcg_swid_attr_req_t object.
- */
-struct private_tcg_swid_attr_req_t {
-
- /**
- * Public members of tcg_swid_attr_req_t
- */
- tcg_swid_attr_req_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * SWID request flags
- */
- u_int8_t flags;
-
- /**
- * Request ID
- */
- u_int32_t request_id;
-
- /**
- * Earliest EID
- */
- u_int32_t earliest_eid;
-
- /**
- * List of Target Tag Identifiers
- */
- swid_inventory_t *targets;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_req_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_req_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_req_t *this)
-{
- bio_writer_t *writer;
- chunk_t tag_creator, unique_sw_id;
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_REQ_MIN_SIZE);
- writer->write_uint8 (writer, this->flags);
- writer->write_uint24(writer, this->targets->get_count(this->targets));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->earliest_eid);
-
- enumerator = this->targets->create_enumerator(this->targets);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- writer->write_data16(writer, tag_creator);
- writer->write_data16(writer, unique_sw_id);
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_req_t *this, u_int32_t *offset)
-{
- bio_reader_t *reader;
- u_int32_t tag_id_count;
- chunk_t tag_creator, unique_sw_id;
- swid_tag_id_t *tag_id;
-
- if (this->value.len < TCG_SWID_REQ_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for SWID Request");
- *offset = 0;
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &this->flags);
- reader->read_uint24(reader, &tag_id_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->earliest_eid);
-
- if (this->request_id == 0)
- {
- *offset = 4;
- return FAILED;
- }
- *offset = TCG_SWID_REQ_MIN_SIZE;
-
- this->flags &= SWID_REQ_RESERVED_MASK;
-
- while (tag_id_count--)
- {
- if (!reader->read_data16(reader, &tag_creator))
- {
- DBG1(DBG_TNC, "insufficient data for Tag Creator field");
- return FAILED;
- }
- *offset += 2 + tag_creator.len;
-
- if (!reader->read_data16(reader, &unique_sw_id))
- {
- DBG1(DBG_TNC, "insufficient data for Unique Software ID");
- return FAILED;
- }
- *offset += 2 + unique_sw_id.len;
-
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty);
- this->targets->add(this->targets, tag_id);
- }
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_req_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_req_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->targets->destroy(this->targets);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_req_t, get_flags, u_int8_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->flags;
-}
-
-METHOD(tcg_swid_attr_req_t, get_request_id, u_int32_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_req_t, get_earliest_eid, u_int32_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->earliest_eid;
-}
-
-METHOD(tcg_swid_attr_req_t, add_target, void,
- private_tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id)
-{
- this->targets->add(this->targets, tag_id);
-}
-
-METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*,
- private_tcg_swid_attr_req_t *this)
-{
- return this->targets;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
- u_int32_t eid)
-{
- private_tcg_swid_attr_req_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_flags = _get_flags,
- .get_request_id = _get_request_id,
- .get_earliest_eid = _get_earliest_eid,
- .add_target = _add_target,
- .get_targets = _get_targets,
- },
- .type = { PEN_TCG, TCG_SWID_REQUEST },
- .flags = flags & SWID_REQ_RESERVED_MASK,
- .request_id = request_id,
- .earliest_eid = eid,
- .targets = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(chunk_t data)
-{
- private_tcg_swid_attr_req_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_flags = _get_flags,
- .get_request_id = _get_request_id,
- .get_earliest_eid = _get_earliest_eid,
- .add_target = _add_target,
- .get_targets = _get_targets,
- },
- .type = { PEN_TCG, TCG_SWID_REQUEST },
- .value = chunk_clone(data),
- .targets = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_req.h b/src/libpts/tcg/swid/tcg_swid_attr_req.h
deleted file mode 100644
index 59b597d..0000000
--- a/src/libpts/tcg/swid/tcg_swid_attr_req.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_req tcg_swid_attr_req
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_REQ_H_
-#define TCG_SWID_ATTR_REQ_H_
-
-#define TCG_SWID_REQ_MIN_SIZE 12
-
-typedef struct tcg_swid_attr_req_t tcg_swid_attr_req_t;
-typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t;
-
-enum tcg_swid_attr_req_flag_t {
- TCG_SWID_ATTR_REQ_FLAG_NONE = 0,
- TCG_SWID_ATTR_REQ_FLAG_R = (1 << 0),
- TCG_SWID_ATTR_REQ_FLAG_S = (1 << 1),
- TCG_SWID_ATTR_REQ_FLAG_C = (1 << 2)
-};
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag_id.h"
-#include "swid/swid_inventory.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG SWID Request attribute
- */
-struct tcg_swid_attr_req_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get SWID request flags
- *
- * @return Flags
- */
- u_int8_t (*get_flags)(tcg_swid_attr_req_t *this);
-
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- u_int32_t (*get_request_id)(tcg_swid_attr_req_t *this);
-
- /**
- * Get Earliest EID
- *
- * @return Event ID
- */
- u_int32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this);
-
- /**
- * Add Tag ID
- *
- * @param tag_id SWID Tag ID (is not cloned by constructor!)
- */
- void (*add_target)(tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id);
-
- /**
- * Create Tag ID enumerator
- *
- * @return Get a list of target tag IDs
- */
- swid_inventory_t* (*get_targets)(tcg_swid_attr_req_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_req_t object
- *
- * @param flags Sets the C|S|R flags
- * @param request_id Request ID
- * @param eid Earliest Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id,
- u_int32_t eid);
-
-/**
- * Creates an tcg_swid_attr_req_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(chunk_t value);
-
-#endif /** TCG_SWID_ATTR_REQ_H_ @}*/
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c
deleted file mode 100644
index 33aa16d..0000000
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_tag_id_inv.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-
-typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_inv_t;
-
-/**
- * SWID Tag Identifier Inventory
- * see section 4.8 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID Copy |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | EID Epoch |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Creator Length | Tag Creator (variable length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Unique Software ID Length |Unique Software ID (var length)|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag File Path Length | Tag File Path (var. length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define TCG_SWID_TAG_ID_INV_RESERVED 0x00
-
-/**
- * Private data of an tcg_swid_attr_tag_id_inv_t object.
- */
-struct private_tcg_swid_attr_tag_id_inv_t {
-
- /**
- * Public members of tcg_swid_attr_tag_id_inv_t
- */
- tcg_swid_attr_tag_id_inv_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Request ID
- */
- uint32_t request_id;
-
- /**
- * Event ID Epoch
- */
- uint32_t eid_epoch;
-
- /**
- * Last Event ID
- */
- uint32_t last_eid;
-
- /**
- * SWID Tag ID Inventory
- */
- swid_inventory_t *inventory;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_tag_id_inv_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- bio_writer_t *writer;
- swid_tag_id_t *tag_id;
- chunk_t tag_creator, unique_sw_id, tag_file_path;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE);
- writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED);
- writer->write_uint24(writer, this->inventory->get_count(this->inventory));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->eid_epoch);
- writer->write_uint32(writer, this->last_eid);
-
- enumerator = this->inventory->create_enumerator(this->inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
- writer->write_data16(writer, tag_creator);
- writer->write_data16(writer, unique_sw_id);
- writer->write_data16(writer, tag_file_path);
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
-{
- bio_reader_t *reader;
- uint32_t tag_id_count;
- uint8_t reserved;
- chunk_t tag_creator, unique_sw_id, tag_file_path;
- swid_tag_id_t *tag_id;
-
- if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for SWID Tag Identifier Inventory");
- *offset = 0;
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint24(reader, &tag_id_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->eid_epoch);
- reader->read_uint32(reader, &this->last_eid);
- *offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
-
- while (tag_id_count--)
- {
- if (!reader->read_data16(reader, &tag_creator))
- {
- DBG1(DBG_TNC, "insufficient data for Tag Creator field");
- return FAILED;
- }
- *offset += 2 + tag_creator.len;
-
- if (!reader->read_data16(reader, &unique_sw_id))
- {
- DBG1(DBG_TNC, "insufficient data for Unique Software ID");
- return FAILED;
- }
- *offset += 2 + unique_sw_id.len;
-
- if (!reader->read_data16(reader, &tag_file_path))
- {
- DBG1(DBG_TNC, "insufficient data for Tag File Path");
- return FAILED;
- }
- *offset += 2 + tag_file_path.len;
-
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
- this->inventory->add(this->inventory, tag_id);
- }
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->inventory->destroy(this->inventory);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, add, void,
- private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
-{
- this->inventory->add(this->inventory, tag_id);
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
- private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch)
-{
- if (eid_epoch)
- {
- *eid_epoch = this->eid_epoch;
- }
- return this->last_eid;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->inventory;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid)
-{
- private_tcg_swid_attr_tag_id_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_inventory = _get_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
- .request_id = request_id,
- .eid_epoch = eid_epoch,
- .last_eid = eid,
- .inventory = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data)
-{
- private_tcg_swid_attr_tag_id_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_inventory = _get_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
- .value = chunk_clone(data),
- .inventory = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h
deleted file mode 100644
index c4ade90..0000000
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_tag_id_inv tcg_swid_attr_tag_id_inv
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_TAG_ID_INV_H_
-#define TCG_SWID_ATTR_TAG_ID_INV_H_
-
-typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t;
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag_id.h"
-#include "swid/swid_inventory.h"
-
-#include <pa_tnc/pa_tnc_attr.h>
-
-#define TCG_SWID_TAG_ID_INV_MIN_SIZE 16
-
-/**
- * Class implementing the TCG SWID Tag Identifier Inventory attribute
- *
- */
-struct tcg_swid_attr_tag_id_inv_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Add a Tag ID to the attribute
- *
- * @param tag_id SWID Tag ID to be added
- */
- void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
-
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
-
- /**
- * Get Last Event ID
- *
- * @param eid_epoch Event ID Epoch
- * @return Last Event ID
- */
- uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
- uint32_t *eid_epoch);
-
- /**
- * Get Inventory of SWID tag IDs
- *
- * @result SWID Tag ID Inventory
- */
- swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_tag_id_inv_t object
- *
- * @param request_id Copy of the Request ID
- * @param eid_epoch Event ID Epoch
- * @param eid Last Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid);
-
-/**
- * Creates an tcg_swid_attr_tag_id_inv_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(chunk_t value);
-
-#endif /** TCG_SWID_ATTR_TAG_ID_INV_H_ @}*/
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c
deleted file mode 100644
index fbb94c6..0000000
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c
+++ /dev/null
@@ -1,319 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_tag_inv.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-
-typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
-
-/**
- * SWID Tag Inventory
- * see section 4.10 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID Copy |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | EID Epoch |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag File Path Length | Tag File Path (var length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Length |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag (Variable) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define TCG_SWID_TAG_INV_RESERVED 0x00
-
-/**
- * Private data of an tcg_swid_attr_tag_inv_t object.
- */
-struct private_tcg_swid_attr_tag_inv_t {
-
- /**
- * Public members of tcg_swid_attr_tag_inv_t
- */
- tcg_swid_attr_tag_inv_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Attribute value
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Request ID
- */
- uint32_t request_id;
-
- /**
- * Event ID Epoch
- */
- uint32_t eid_epoch;
-
- /**
- * Last Event ID
- */
- uint32_t last_eid;
-
- /**
- * SWID Tag Inventory
- */
- swid_inventory_t *inventory;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_tag_inv_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- bio_writer_t *writer;
- swid_tag_t *tag;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE);
- writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED);
- writer->write_uint24(writer, this->inventory->get_count(this->inventory));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->eid_epoch);
- writer->write_uint32(writer, this->last_eid);
-
- enumerator = this->inventory->create_enumerator(this->inventory);
- while (enumerator->enumerate(enumerator, &tag))
- {
- writer->write_data16(writer, tag->get_tag_file_path(tag));
- writer->write_data32(writer, tag->get_encoding(tag));
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
-{
- bio_reader_t *reader;
- uint32_t tag_count;
- uint8_t reserved;
- chunk_t tag_encoding, tag_file_path;
- swid_tag_t *tag;
-
- if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for SWID Tag Inventory");
- *offset = 0;
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint24(reader, &tag_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->eid_epoch);
- reader->read_uint32(reader, &this->last_eid);
- *offset = TCG_SWID_TAG_INV_MIN_SIZE;
-
- while (tag_count--)
- {
- if (!reader->read_data16(reader, &tag_file_path))
- {
- DBG1(DBG_TNC, "insufficient data for Tag File Path");
- return FAILED;
- }
- *offset += 2 + tag_file_path.len;
-
- if (!reader->read_data32(reader, &tag_encoding))
- {
- DBG1(DBG_TNC, "insufficient data for Tag");
- return FAILED;
- }
- *offset += 4 + tag_encoding.len;
-
- tag = swid_tag_create(tag_encoding, tag_file_path);
- this->inventory->add(this->inventory, tag);
- }
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->inventory->destroy(this->inventory);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, add, void,
- private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
-{
- this->inventory->add(this->inventory, tag);
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
- private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch)
-{
- if (eid_epoch)
- {
- *eid_epoch = this->eid_epoch;
- }
- return this->last_eid;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->inventory;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
- uint32_t eid_epoch, uint32_t eid)
-{
- private_tcg_swid_attr_tag_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_inventory = _get_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
- .request_id = request_id,
- .eid_epoch = eid_epoch,
- .last_eid = eid,
- .inventory = swid_inventory_create(TRUE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data)
-{
- private_tcg_swid_attr_tag_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_inventory = _get_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
- .value = chunk_clone(data),
- .inventory = swid_inventory_create(TRUE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h
deleted file mode 100644
index 69966c7..0000000
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_tag_inv tcg_swid_attr_tag_inv
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_TAG_INV_H_
-#define TCG_SWID_ATTR_TAG_INV_H_
-
-typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t;
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag.h"
-#include "swid/swid_inventory.h"
-
-#include <pa_tnc/pa_tnc_attr.h>
-
-#define TCG_SWID_TAG_INV_MIN_SIZE 16
-
-/**
- * Class implementing the TCG SWID Tag Inventory attribute
- *
- */
-struct tcg_swid_attr_tag_inv_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Add a Tag ID to the attribute
- *
- * @param tag SWID Tag to be added
- */
- void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
-
- /**
- * Get Last Event ID
- *
- * @param eid_epoch Event ID Epoch
- * @return Last Event ID
- */
- uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
- uint32_t *eid_epoch);
-
- /**
- * Get Inventory of SWID tags
- *
- * @result SWID Tag Inventory
- */
- swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_tag_inv_t object
- *
- * @param request_id Copy of the Request ID
- * @param eid_epoch Event ID Epoch
- * @param eid Last Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid);
-
-/**
- * Creates an tcg_swid_attr_tag_inv_t object from received data
- *
- * @param value unparsed attribute value
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(chunk_t value);
-
-#endif /** TCG_SWID_ATTR_TAG_INV_H_ @}*/
diff --git a/src/libpts/tcg/tcg_attr.c b/src/libpts/tcg/tcg_attr.c
deleted file mode 100644
index f9c6c46..0000000
--- a/src/libpts/tcg/tcg_attr.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_attr.h"
-#include "tcg/pts/tcg_pts_attr_proto_caps.h"
-#include "tcg/pts/tcg_pts_attr_dh_nonce_params_req.h"
-#include "tcg/pts/tcg_pts_attr_dh_nonce_params_resp.h"
-#include "tcg/pts/tcg_pts_attr_dh_nonce_finish.h"
-#include "tcg/pts/tcg_pts_attr_meas_algo.h"
-#include "tcg/pts/tcg_pts_attr_get_tpm_version_info.h"
-#include "tcg/pts/tcg_pts_attr_tpm_version_info.h"
-#include "tcg/pts/tcg_pts_attr_get_aik.h"
-#include "tcg/pts/tcg_pts_attr_aik.h"
-#include "tcg/pts/tcg_pts_attr_req_func_comp_evid.h"
-#include "tcg/pts/tcg_pts_attr_gen_attest_evid.h"
-#include "tcg/pts/tcg_pts_attr_simple_comp_evid.h"
-#include "tcg/pts/tcg_pts_attr_simple_evid_final.h"
-#include "tcg/pts/tcg_pts_attr_req_file_meas.h"
-#include "tcg/pts/tcg_pts_attr_file_meas.h"
-#include "tcg/pts/tcg_pts_attr_req_file_meta.h"
-#include "tcg/pts/tcg_pts_attr_unix_file_meta.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
-
-ENUM_BEGIN(tcg_attr_names, TCG_SCAP_REFERENCES,
- TCG_SCAP_SUMMARY_RESULTS,
- "SCAP References",
- "SCAP Capabilities and Inventory",
- "SCAP Content",
- "SCAP Assessment",
- "SCAP Results",
- "SCAP Summary Results");
-ENUM_NEXT(tcg_attr_names, TCG_SWID_REQUEST,
- TCG_SWID_TAG_EVENTS,
- TCG_SCAP_SUMMARY_RESULTS,
- "SWID Request",
- "SWID Tag Identifier Inventory",
- "SWID Tag Identifier Events",
- "SWID Tag Inventory",
- "SWID Tag Events");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FUNC_COMP_EVID,
- TCG_PTS_REQ_FUNC_COMP_EVID,
- TCG_SWID_TAG_EVENTS,
- "Request Functional Component Evidence");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_GEN_ATTEST_EVID,
- TCG_PTS_GEN_ATTEST_EVID,
- TCG_PTS_REQ_FUNC_COMP_EVID,
- "Generate Attestation Evidence");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_SIMPLE_COMP_EVID,
- TCG_PTS_SIMPLE_COMP_EVID,
- TCG_PTS_GEN_ATTEST_EVID,
- "Simple Component Evidence");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_SIMPLE_EVID_FINAL,
- TCG_PTS_SIMPLE_EVID_FINAL,
- TCG_PTS_SIMPLE_COMP_EVID,
- "Simple Evidence Final");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_VERIFICATION_RESULT,
- TCG_PTS_VERIFICATION_RESULT,
- TCG_PTS_SIMPLE_EVID_FINAL,
- "Verification Result");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_INTEG_REPORT,
- TCG_PTS_INTEG_REPORT,
- TCG_PTS_VERIFICATION_RESULT,
- "Integrity Report");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FILE_META,
- TCG_PTS_REQ_FILE_META,
- TCG_PTS_INTEG_REPORT,
- "Request File Metadata");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_WIN_FILE_META,
- TCG_PTS_WIN_FILE_META,
- TCG_PTS_REQ_FILE_META,
- "Windows-Style File Metadata");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_UNIX_FILE_META,
- TCG_PTS_UNIX_FILE_META,
- TCG_PTS_WIN_FILE_META,
- "Unix-Style File Metadata");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_REGISTRY_VALUE,
- TCG_PTS_REQ_REGISTRY_VALUE,
- TCG_PTS_UNIX_FILE_META,
- "Request Registry Value");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_REGISTRY_VALUE,
- TCG_PTS_REGISTRY_VALUE,
- TCG_PTS_REQ_REGISTRY_VALUE,
- "Registry Value");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FILE_MEAS,
- TCG_PTS_REQ_FILE_MEAS,
- TCG_PTS_REGISTRY_VALUE,
- "Request File Measurement");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_FILE_MEAS,
- TCG_PTS_FILE_MEAS,
- TCG_PTS_REQ_FILE_MEAS,
- "File Measurement");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_INTEG_MEAS_LOG,
- TCG_PTS_REQ_INTEG_MEAS_LOG,
- TCG_PTS_FILE_MEAS,
- "Request Integrity Measurement Log");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_INTEG_MEAS_LOG,
- TCG_PTS_INTEG_MEAS_LOG,
- TCG_PTS_REQ_INTEG_MEAS_LOG,
- "Integrity Measurement Log");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_PROTO_CAPS,
- TCG_PTS_REQ_PROTO_CAPS,
- TCG_PTS_INTEG_MEAS_LOG,
- "Request PTS Protocol Capabilities");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_PROTO_CAPS,
- TCG_PTS_PROTO_CAPS,
- TCG_PTS_REQ_PROTO_CAPS,
- "PTS Protocol Capabilities");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_DH_NONCE_PARAMS_REQ,
- TCG_PTS_DH_NONCE_PARAMS_REQ,
- TCG_PTS_PROTO_CAPS,
- "DH Nonce Parameters Request");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_DH_NONCE_PARAMS_RESP,
- TCG_PTS_DH_NONCE_PARAMS_RESP,
- TCG_PTS_DH_NONCE_PARAMS_REQ,
- "DH Nonce Parameters Response");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_DH_NONCE_FINISH,
- TCG_PTS_DH_NONCE_FINISH,
- TCG_PTS_DH_NONCE_PARAMS_RESP,
- "DH Nonce Finish");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_MEAS_ALGO,
- TCG_PTS_MEAS_ALGO,
- TCG_PTS_DH_NONCE_FINISH,
- "PTS Measurement Algorithm Request");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_MEAS_ALGO_SELECTION,
- TCG_PTS_MEAS_ALGO_SELECTION,
- TCG_PTS_MEAS_ALGO,
- "PTS Measurement Algorithm");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_GET_TPM_VERSION_INFO,
- TCG_PTS_GET_TPM_VERSION_INFO,
- TCG_PTS_MEAS_ALGO_SELECTION,
- "Get TPM Version Information");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_TPM_VERSION_INFO,
- TCG_PTS_TPM_VERSION_INFO,
- TCG_PTS_GET_TPM_VERSION_INFO,
- "TPM Version Information");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_TEMPL_REF_MANI_SET_META,
- TCG_PTS_REQ_TEMPL_REF_MANI_SET_META,
- TCG_PTS_TPM_VERSION_INFO,
- "Request Template Reference Manifest Set Metadata");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_TEMPL_REF_MANI_SET_META,
- TCG_PTS_TEMPL_REF_MANI_SET_META,
- TCG_PTS_REQ_TEMPL_REF_MANI_SET_META,
- "Template Reference Manifest Set Metadata");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_UPDATE_TEMPL_REF_MANI,
- TCG_PTS_UPDATE_TEMPL_REF_MANI,
- TCG_PTS_TEMPL_REF_MANI_SET_META,
- "Update Template Reference Manifest");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_GET_AIK,
- TCG_PTS_GET_AIK,
- TCG_PTS_UPDATE_TEMPL_REF_MANI,
- "Get Attestation Identity Key");
-ENUM_NEXT(tcg_attr_names, TCG_PTS_AIK,
- TCG_PTS_AIK,
- TCG_PTS_GET_AIK,
- "Attestation Identity Key");
-ENUM_END(tcg_attr_names, TCG_PTS_AIK);
-
-/**
- * See header
- */
-pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value)
-{
- switch (type)
- {
- case TCG_SWID_REQUEST:
- return tcg_swid_attr_req_create_from_data(value);
- case TCG_SWID_TAG_ID_INVENTORY:
- return tcg_swid_attr_tag_id_inv_create_from_data(value);
- case TCG_SWID_TAG_INVENTORY:
- return tcg_swid_attr_tag_inv_create_from_data(value);
- case TCG_PTS_REQ_PROTO_CAPS:
- return tcg_pts_attr_proto_caps_create_from_data(value, TRUE);
- case TCG_PTS_PROTO_CAPS:
- return tcg_pts_attr_proto_caps_create_from_data(value, FALSE);
- case TCG_PTS_DH_NONCE_PARAMS_REQ:
- return tcg_pts_attr_dh_nonce_params_req_create_from_data(value);
- case TCG_PTS_DH_NONCE_PARAMS_RESP:
- return tcg_pts_attr_dh_nonce_params_resp_create_from_data(value);
- case TCG_PTS_DH_NONCE_FINISH:
- return tcg_pts_attr_dh_nonce_finish_create_from_data(value);
- case TCG_PTS_MEAS_ALGO:
- return tcg_pts_attr_meas_algo_create_from_data(value, FALSE);
- case TCG_PTS_MEAS_ALGO_SELECTION:
- return tcg_pts_attr_meas_algo_create_from_data(value, TRUE);
- case TCG_PTS_GET_TPM_VERSION_INFO:
- return tcg_pts_attr_get_tpm_version_info_create_from_data(value);
- case TCG_PTS_TPM_VERSION_INFO:
- return tcg_pts_attr_tpm_version_info_create_from_data(value);
- case TCG_PTS_GET_AIK:
- return tcg_pts_attr_get_aik_create_from_data(value);
- case TCG_PTS_AIK:
- return tcg_pts_attr_aik_create_from_data(value);
- case TCG_PTS_REQ_FUNC_COMP_EVID:
- return tcg_pts_attr_req_func_comp_evid_create_from_data(value);
- case TCG_PTS_GEN_ATTEST_EVID:
- return tcg_pts_attr_gen_attest_evid_create_from_data(value);
- case TCG_PTS_SIMPLE_COMP_EVID:
- return tcg_pts_attr_simple_comp_evid_create_from_data(value);
- case TCG_PTS_SIMPLE_EVID_FINAL:
- return tcg_pts_attr_simple_evid_final_create_from_data(value);
- case TCG_PTS_REQ_FILE_MEAS:
- return tcg_pts_attr_req_file_meas_create_from_data(value);
- case TCG_PTS_FILE_MEAS:
- return tcg_pts_attr_file_meas_create_from_data(value);
- case TCG_PTS_REQ_FILE_META:
- return tcg_pts_attr_req_file_meta_create_from_data(value);
- case TCG_PTS_UNIX_FILE_META:
- return tcg_pts_attr_unix_file_meta_create_from_data(value);
- /* unsupported TCG/SWID attributes */
- case TCG_SWID_TAG_ID_EVENTS:
- case TCG_SWID_TAG_EVENTS:
- /* unsupported TCG/PTS attributes */
- case TCG_PTS_REQ_TEMPL_REF_MANI_SET_META:
- case TCG_PTS_TEMPL_REF_MANI_SET_META:
- case TCG_PTS_UPDATE_TEMPL_REF_MANI:
- case TCG_PTS_VERIFICATION_RESULT:
- case TCG_PTS_INTEG_REPORT:
- case TCG_PTS_WIN_FILE_META:
- case TCG_PTS_REQ_REGISTRY_VALUE:
- case TCG_PTS_REGISTRY_VALUE:
- case TCG_PTS_REQ_INTEG_MEAS_LOG:
- case TCG_PTS_INTEG_MEAS_LOG:
- default:
- return NULL;
- }
-}
diff --git a/src/libpts/tcg/tcg_attr.h b/src/libpts/tcg/tcg_attr.h
deleted file mode 100644
index 085dae6..0000000
--- a/src/libpts/tcg/tcg_attr.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (C) 2011 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_attr tcg_attr
- * @{ @ingroup libpts
- */
-
-#ifndef TCG_ATTR_H_
-#define TCG_ATTR_H_
-
-#include <pa_tnc/pa_tnc_attr.h>
-#include <library.h>
-
-typedef enum tcg_attr_t tcg_attr_t;
-
-/**
- * TCG PTS IF-M Attributes (section 4 of PTS PROTO: Binding to TNC IF-M)
- */
-enum tcg_attr_t {
-
- /* SCAP Attributes */
- TCG_SCAP_REFERENCES = 0x00000001,
- TCG_SCAP_CAPS_AND_INVENTORY = 0x00000002,
- TCG_SCAP_CONTENT = 0x00000003,
- TCG_SCAP_ASSESSMENT = 0x00000004,
- TCG_SCAP_RESULTS = 0x00000005,
- TCG_SCAP_SUMMARY_RESULTS = 0x00000006,
-
- /* SWID Attributes */
- TCG_SWID_REQUEST = 0x00000011,
- TCG_SWID_TAG_ID_INVENTORY = 0x00000012,
- TCG_SWID_TAG_ID_EVENTS = 0x00000013,
- TCG_SWID_TAG_INVENTORY = 0x00000014,
- TCG_SWID_TAG_EVENTS = 0x00000015,
-
- /* PTS Protocol Negotiations */
- TCG_PTS_REQ_PROTO_CAPS = 0x01000000,
- TCG_PTS_PROTO_CAPS = 0x02000000,
- TCG_PTS_DH_NONCE_PARAMS_REQ = 0x03000000,
- TCG_PTS_DH_NONCE_PARAMS_RESP = 0x04000000,
- TCG_PTS_DH_NONCE_FINISH = 0x05000000,
- TCG_PTS_MEAS_ALGO = 0x06000000,
- TCG_PTS_MEAS_ALGO_SELECTION = 0x07000000,
- TCG_PTS_GET_TPM_VERSION_INFO = 0x08000000,
- TCG_PTS_TPM_VERSION_INFO = 0x09000000,
- TCG_PTS_REQ_TEMPL_REF_MANI_SET_META = 0x0A000000,
- TCG_PTS_TEMPL_REF_MANI_SET_META = 0x0B000000,
- TCG_PTS_UPDATE_TEMPL_REF_MANI = 0x0C000000,
- TCG_PTS_GET_AIK = 0x0D000000,
- TCG_PTS_AIK = 0x0E000000,
-
- /* PTS-based Attestation Evidence */
- TCG_PTS_REQ_FUNC_COMP_EVID = 0x00100000,
- TCG_PTS_GEN_ATTEST_EVID = 0x00200000,
- TCG_PTS_SIMPLE_COMP_EVID = 0x00300000,
- TCG_PTS_SIMPLE_EVID_FINAL = 0x00400000,
- TCG_PTS_VERIFICATION_RESULT = 0x00500000,
- TCG_PTS_INTEG_REPORT = 0x00600000,
- TCG_PTS_REQ_FILE_META = 0x00700000,
- TCG_PTS_WIN_FILE_META = 0x00800000,
- TCG_PTS_UNIX_FILE_META = 0x00900000,
- TCG_PTS_REQ_REGISTRY_VALUE = 0x00A00000,
- TCG_PTS_REGISTRY_VALUE = 0x00B00000,
- TCG_PTS_REQ_FILE_MEAS = 0x00C00000,
- TCG_PTS_FILE_MEAS = 0x00D00000,
- TCG_PTS_REQ_INTEG_MEAS_LOG = 0x00E00000,
- TCG_PTS_INTEG_MEAS_LOG = 0x00F00000,
-};
-
-/**
- * enum name for tcg_attr_t.
- */
-extern enum_name_t *tcg_attr_names;
-
-/**
- * Create a TCG PA-TNC attribute from data
- *
- * @param type attribute type
- * @param value attribute value
- */
-pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value);
-
-#endif /** TCG_ATTR_H_ @}*/
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index ff380ce..74cd808 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 76c9f96..faaae70 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -228,6 +228,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -288,6 +289,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -353,6 +355,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -400,6 +404,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index cbfb8c0..a169919 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -228,6 +228,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -288,6 +289,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -353,6 +355,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -400,6 +404,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index 3ddd42f..9b775f9 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -37,7 +37,7 @@ selectors/traffic_selector.c settings/settings.c settings/settings_types.c \
settings/settings_parser.c settings/settings_lexer.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \
utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \
-utils/parser_helper.c utils/test.c utils/utils/strerror.c
+utils/parser_helper.c utils/test.c utils/process.c utils/utils/strerror.c
libstrongswan_la_SOURCES += \
threading/thread.c \
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 3fb57de..0083ffe 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -35,7 +35,7 @@ selectors/traffic_selector.c settings/settings.c settings/settings_types.c \
settings/settings_parser.y settings/settings_lexer.l \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \
utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \
-utils/parser_helper.c utils/test.c utils/utils/strerror.c
+utils/parser_helper.c utils/test.c utils/process.c utils/utils/strerror.c
if !USE_WINDOWS
libstrongswan_la_SOURCES += \
@@ -102,7 +102,7 @@ utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \
utils/leak_detective.h utils/printf_hook/printf_hook.h \
utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/windows.h \
-utils/utils/strerror.h
+utils/process.h utils/utils/strerror.h
endif
library.lo : $(top_builddir)/config.status
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 9e8cd3e..40678cb 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -334,9 +334,9 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \
utils/identification.c utils/lexparser.c utils/optionsfrom.c \
utils/capabilities.c utils/backtrace.c utils/parser_helper.c \
- utils/test.c utils/utils/strerror.c threading/thread.c \
- threading/thread_value.c threading/mutex.c threading/rwlock.c \
- threading/spinlock.c threading/semaphore.c \
+ utils/test.c utils/process.c utils/utils/strerror.c \
+ threading/thread.c threading/thread_value.c threading/mutex.c \
+ threading/rwlock.c threading/spinlock.c threading/semaphore.c \
networking/streams/stream_unix.c \
networking/streams/stream_service_unix.c \
threading/windows/thread.c threading/windows/thread_value.c \
@@ -412,10 +412,10 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
utils/utils.lo utils/chunk.lo utils/debug.lo utils/enum.lo \
utils/identification.lo utils/lexparser.lo \
utils/optionsfrom.lo utils/capabilities.lo utils/backtrace.lo \
- utils/parser_helper.lo utils/test.lo utils/utils/strerror.lo \
- $(am__objects_1) $(am__objects_2) $(am__objects_3) \
- $(am__objects_4) $(am__objects_5) $(am__objects_6) \
- $(am__objects_7)
+ utils/parser_helper.lo utils/test.lo utils/process.lo \
+ utils/utils/strerror.lo $(am__objects_1) $(am__objects_2) \
+ $(am__objects_3) $(am__objects_4) $(am__objects_5) \
+ $(am__objects_6) $(am__objects_7)
libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
@@ -549,7 +549,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
utils/printf_hook/printf_hook_vstr.h \
utils/printf_hook/printf_hook_builtin.h utils/parser_helper.h \
utils/test.h utils/integrity_checker.h utils/windows.h \
- utils/utils/strerror.h
+ utils/process.h utils/utils/strerror.h
HEADERS = $(nobase_strongswan_include_HEADERS) $(noinst_HEADERS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
@@ -648,6 +648,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -708,6 +709,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -773,6 +775,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -820,6 +824,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -875,9 +883,10 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \
utils/identification.c utils/lexparser.c utils/optionsfrom.c \
utils/capabilities.c utils/backtrace.c utils/parser_helper.c \
- utils/test.c utils/utils/strerror.c $(am__append_1) \
- $(am__append_3) $(am__append_8) $(am__append_11) \
- $(am__append_12) $(am__append_14) $(am__append_16)
+ utils/test.c utils/process.c utils/utils/strerror.c \
+ $(am__append_1) $(am__append_3) $(am__append_8) \
+ $(am__append_11) $(am__append_12) $(am__append_14) \
+ $(am__append_16)
# private header files
noinst_HEADERS = \
@@ -931,7 +940,7 @@ settings/settings_types.h
@USE_DEV_HEADERS_TRUE at utils/leak_detective.h utils/printf_hook/printf_hook.h \
@USE_DEV_HEADERS_TRUE at utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \
@USE_DEV_HEADERS_TRUE at utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/windows.h \
- at USE_DEV_HEADERS_TRUE@utils/utils/strerror.h
+ at USE_DEV_HEADERS_TRUE@utils/process.h utils/utils/strerror.h
libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) \
$(BFDLIB) $(UNWINDLIB) $(am__append_2) $(am__append_4) \
@@ -1457,6 +1466,8 @@ utils/backtrace.lo: utils/$(am__dirstamp) \
utils/parser_helper.lo: utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/test.lo: utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp)
+utils/process.lo: utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
utils/utils/$(am__dirstamp):
@$(MKDIR_P) utils/utils
@: > utils/utils/$(am__dirstamp)
@@ -1707,6 +1718,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/lexparser.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/optionsfrom.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/parser_helper.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/process.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/test.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/utils.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at utils/$(DEPDIR)/windows.Plo at am__quote@
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 05be574..dca12bd 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -123,6 +123,24 @@ chunk_t asn1_build_known_oid(int n)
return oid;
}
+/**
+ * Returns the number of bytes required to encode the given OID node
+ */
+static int bytes_required(u_int val)
+{
+ int shift, required = 1;
+
+ /* sufficient to handle 32 bit node numbers */
+ for (shift = 28; shift; shift -= 7)
+ {
+ if (val >> shift)
+ { /* do not encode leading zeroes */
+ required++;
+ }
+ }
+ return required;
+}
+
/*
* Defined in header.
*/
@@ -132,14 +150,15 @@ chunk_t asn1_oid_from_string(char *str)
size_t buf_len = 64;
u_char buf[buf_len];
char *end;
- int i = 0, pos = 0, shift;
- u_int val, shifted_val, first = 0;
+ int i = 0, pos = 0, req, shift;
+ u_int val, first = 0;
enumerator = enumerator_create_token(str, ".", "");
while (enumerator->enumerate(enumerator, &str))
{
val = strtoul(str, &end, 10);
- if (end == str || pos > buf_len-4)
+ req = bytes_required(val);
+ if (end == str || pos + req > buf_len)
{
pos = 0;
break;
@@ -153,15 +172,9 @@ chunk_t asn1_oid_from_string(char *str)
buf[pos++] = first * 40 + val;
break;
default:
- shift = 28; /* sufficient to handle 32 bit node numbers */
- while (shift)
+ for (shift = (req - 1) * 7; shift; shift -= 7)
{
- shifted_val = val >> shift;
- shift -= 7;
- if (shifted_val) /* do not encode leading zeroes */
- {
- buf[pos++] = 0x80 | (shifted_val & 0x7F);
- }
+ buf[pos++] = 0x80 | ((val >> shift) & 0x7F);
}
buf[pos++] = val & 0x7F;
}
diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c
index 8d61911..61c696b 100644
--- a/src/libstrongswan/collections/array.c
+++ b/src/libstrongswan/collections/array.c
@@ -361,16 +361,16 @@ bool array_remove(array_t *array, int idx, void *data)
{
return FALSE;
}
+ if (idx < 0)
+ {
+ idx = array_count(array) - 1;
+ }
if (idx > array_count(array) / 2)
{
remove_tail(array, idx);
}
else
{
- if (idx < 0)
- {
- idx = array_count(array) - 1;
- }
remove_head(array, idx);
}
if (array->head + array->tail > ARRAY_MAX_UNUSED)
diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h
index ce702eb..0659c70 100644
--- a/src/libstrongswan/collections/array.h
+++ b/src/libstrongswan/collections/array.h
@@ -100,6 +100,11 @@ enumerator_t* array_create_enumerator(array_t *array);
/**
* Remove an element at enumerator position.
*
+ * @warning For **value based** arrays don't use the pointer returned by
+ * enumerate() anymore after calling this function. For performance reasons
+ * that pointer will point to internal data structures that get modified when
+ * this function is called.
+ *
* @param array array to remove element in
* @param enumerator enumerator position, from array_create_enumerator()
*/
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index aeeb419..db08c6b 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -998,8 +998,8 @@ METHOD(auth_cfg_t, purge, void,
{
if (!keep_ca || entry->type != AUTH_RULE_CA_CERT)
{
- array_remove_at(this->entries, enumerator);
destroy_entry_value(entry);
+ array_remove_at(this->entries, enumerator);
}
}
enumerator->destroy(enumerator);
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 3ec0714..b0c8e48 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -1279,7 +1279,7 @@ METHOD(credential_manager_t, add_validator, void,
private_credential_manager_t *this, cert_validator_t *vdtr)
{
this->lock->write_lock(this->lock);
- this->sets->insert_last(this->validators, vdtr);
+ this->validators->insert_last(this->validators, vdtr);
this->lock->unlock(this->lock);
}
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 5c1d08d..87c9b21 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -66,6 +66,7 @@ static struct {
} dh_params[] = {
{
.group = MODP_768_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -74,10 +75,10 @@ static struct {
0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1024_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -88,10 +89,10 @@ static struct {
0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1536_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -106,10 +107,10 @@ static struct {
0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_2048_BIT, .opt_exp = 48, .public = {
+ .exp_len = 48,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -128,10 +129,10 @@ static struct {
0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_3072_BIT, .opt_exp = 48, .public = {
+ .exp_len = 48,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -158,10 +159,10 @@ static struct {
0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_4096_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -196,10 +197,10 @@ static struct {
0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_6144_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -250,10 +251,10 @@ static struct {
0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_8192_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
@@ -320,10 +321,10 @@ static struct {
0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1024_160, .opt_exp = 20, .public = {
+ .exp_len = 20,
.subgroup = chunk_from_chars(
0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D,
0x49,0x46,0x23,0x53),
@@ -348,6 +349,7 @@ static struct {
},
}, {
.group = MODP_2048_224, .opt_exp = 28, .public = {
+ .exp_len = 28,
.subgroup = chunk_from_chars(
0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A,
0x47,0x38,0xCE,0xBC,0xBF,0x38,0x9A,0x99,0xB3,0x63,0x71,0xEB),
@@ -388,6 +390,7 @@ static struct {
},
},{
.group = MODP_2048_256, .opt_exp = 32, .public = {
+ .exp_len = 32,
.subgroup = chunk_from_chars(
0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2,
0x99,0xB1,0xA4,0x7D,0x1E,0xB3,0x75,0x0B,0xA3,0x08,0xB0,0xFE,0x64,0xF5,0xFB,0xD3),
@@ -430,6 +433,23 @@ static struct {
};
/**
+ * See header.
+ */
+void diffie_hellman_init()
+{
+ int i;
+
+ if (lib->settings->get_int(lib->settings,
+ "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns))
+ {
+ for (i = 0; i < countof(dh_params); i++)
+ {
+ dh_params[i].public.exp_len = dh_params[i].public.prime.len;
+ }
+ }
+}
+
+/**
* Described in header.
*/
diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 00d7003..105db22 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -149,8 +149,16 @@ struct diffie_hellman_params_t {
};
/**
+ * Initialize diffie hellman parameters during startup.
+ */
+void diffie_hellman_init();
+
+/**
* Get the parameters associated with the specified diffie hellman group.
*
+ * Before calling this method, use diffie_hellman_init() to initialize the
+ * DH group table. This is usually done by library_init().
+ *
* @param group DH group
* @return The parameters or NULL, if the group is not supported
*/
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index e3ad164..dc73ccc 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -29,6 +29,10 @@
#define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
+#ifndef STRONGSWAN_CONF
+#define STRONGSWAN_CONF NULL
+#endif
+
typedef struct private_library_t private_library_t;
/**
@@ -149,6 +153,7 @@ void library_deinit()
utils_deinit();
threads_deinit();
+ free(this->public.conf);
free((void*)this->public.ns);
free(this);
lib = NULL;
@@ -258,6 +263,7 @@ bool library_init(char *settings, const char *namespace)
.get = _get,
.set = _set,
.ns = strdup(namespace ?: "libstrongswan"),
+ .conf = strdupnull(settings ?: (getenv("STRONGSWAN_CONF") ?: STRONGSWAN_CONF)),
},
.ref = 1,
);
@@ -304,13 +310,7 @@ bool library_init(char *settings, const char *namespace)
this->objects = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 4);
-#ifdef STRONGSWAN_CONF
- if (!settings)
- {
- settings = STRONGSWAN_CONF;
- }
-#endif
- this->public.settings = settings_create(settings);
+ this->public.settings = settings_create(this->public.conf);
/* all namespace settings may fall back to libstrongswan */
lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan");
@@ -351,5 +351,7 @@ bool library_init(char *settings, const char *namespace)
#endif /* INTEGRITY_TEST */
}
+ diffie_hellman_init();
+
return !this->integrity_failed;
}
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 37a83fa..2bd5e35 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -147,6 +147,11 @@ struct library_t {
const char *ns;
/**
+ * Main configuration file passed to library_init(), the default, or NULL
+ */
+ char *conf;
+
+ /**
* Printf hook registering facility
*/
printf_hook_t *printf_hook;
diff --git a/src/libstrongswan/networking/packet.h b/src/libstrongswan/networking/packet.h
index a96a4b8..1492dd0 100644
--- a/src/libstrongswan/networking/packet.h
+++ b/src/libstrongswan/networking/packet.h
@@ -29,6 +29,11 @@ typedef struct packet_t packet_t;
#include <networking/host.h>
/**
+ * Maximum packet size we handle by default
+ */
+#define PACKET_MAX_DEFAULT 10000
+
+/**
* Abstraction of an IP/UDP-Packet, contains data, sender and receiver.
*/
struct packet_t {
diff --git a/src/libstrongswan/networking/streams/stream_service.c b/src/libstrongswan/networking/streams/stream_service.c
index 7358c58..09138c7 100644
--- a/src/libstrongswan/networking/streams/stream_service.c
+++ b/src/libstrongswan/networking/streams/stream_service.c
@@ -68,6 +68,11 @@ struct private_stream_service_t {
u_int active;
/**
+ * Currently running jobs
+ */
+ u_int running;
+
+ /**
* mutex to lock active counter
*/
mutex_t *mutex;
@@ -76,8 +81,29 @@ struct private_stream_service_t {
* Condvar to wait for callback termination
*/
condvar_t *condvar;
+
+ /**
+ * TRUE when the service is terminated
+ */
+ bool terminated;
+
+ /**
+ * Reference counter
+ */
+ refcount_t ref;
};
+static void destroy_service(private_stream_service_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ close(this->fd);
+ this->mutex->destroy(this->mutex);
+ this->condvar->destroy(this->condvar);
+ free(this);
+ }
+}
+
/**
* Data to pass to async accept job
*/
@@ -93,6 +119,11 @@ typedef struct {
} async_data_t;
/**
+ * Forward declaration
+ */
+static bool watch(private_stream_service_t *this, int fd, watcher_event_t event);
+
+/**
* Clean up accept data
*/
static void destroy_async_data(async_data_t *data)
@@ -100,14 +131,15 @@ static void destroy_async_data(async_data_t *data)
private_stream_service_t *this = data->this;
this->mutex->lock(this->mutex);
- if (this->active-- == this->cncrncy)
+ if (this->active-- == this->cncrncy && !this->terminated)
{
/* leaving concurrency limit, restart accept()ing. */
- this->public.on_accept(&this->public, this->cb, this->data,
- this->prio, this->cncrncy);
+ lib->watcher->add(lib->watcher, this->fd,
+ WATCHER_READ, (watcher_cb_t)watch, this);
}
this->condvar->signal(this->condvar);
this->mutex->unlock(this->mutex);
+ destroy_service(this);
if (data->fd != -1)
{
@@ -117,19 +149,45 @@ static void destroy_async_data(async_data_t *data)
}
/**
+ * Reduce running counter
+ */
+CALLBACK(reduce_running, void,
+ async_data_t *data)
+{
+ private_stream_service_t *this = data->this;
+
+ this->mutex->lock(this->mutex);
+ this->running--;
+ this->condvar->signal(this->condvar);
+ this->mutex->unlock(this->mutex);
+}
+
+/**
* Async processing of accepted connection
*/
static job_requeue_t accept_async(async_data_t *data)
{
+ private_stream_service_t *this = data->this;
stream_t *stream;
+ this->mutex->lock(this->mutex);
+ if (this->terminated)
+ {
+ this->mutex->unlock(this->mutex);
+ return JOB_REQUEUE_NONE;
+ }
+ this->running++;
+ this->mutex->unlock(this->mutex);
+
stream = stream_create_from_fd(data->fd);
if (stream)
{
/* FD is now owned by stream, don't close it during cleanup */
data->fd = -1;
+ thread_cleanup_push(reduce_running, data);
thread_cleanup_push((void*)stream->destroy, stream);
thread_cleanup_pop(!data->cb(data->data, stream));
+ thread_cleanup_pop(TRUE);
}
return JOB_REQUEUE_NONE;
}
@@ -149,7 +207,7 @@ static bool watch(private_stream_service_t *this, int fd, watcher_event_t event)
.this = this,
);
- if (data->fd != -1)
+ if (data->fd != -1 && !this->terminated)
{
this->mutex->lock(this->mutex);
if (++this->active == this->cncrncy)
@@ -158,6 +216,7 @@ static bool watch(private_stream_service_t *this, int fd, watcher_event_t event)
keep = FALSE;
}
this->mutex->unlock(this->mutex);
+ ref_get(&this->ref);
lib->processor->queue_job(lib->processor,
(job_t*)callback_job_create_with_prio((void*)accept_async, data,
@@ -177,6 +236,12 @@ METHOD(stream_service_t, on_accept, void,
{
this->mutex->lock(this->mutex);
+ if (this->terminated)
+ {
+ this->mutex->unlock(this->mutex);
+ return;
+ }
+
/* wait for all callbacks to return */
while (this->active)
{
@@ -208,11 +273,15 @@ METHOD(stream_service_t, on_accept, void,
METHOD(stream_service_t, destroy, void,
private_stream_service_t *this)
{
- on_accept(this, NULL, NULL, this->prio, this->cncrncy);
- close(this->fd);
- this->mutex->destroy(this->mutex);
- this->condvar->destroy(this->condvar);
- free(this);
+ this->mutex->lock(this->mutex);
+ lib->watcher->remove(lib->watcher, this->fd);
+ this->terminated = TRUE;
+ while (this->running)
+ {
+ this->condvar->wait(this->condvar, this->mutex);
+ }
+ this->mutex->unlock(this->mutex);
+ destroy_service(this);
}
/**
@@ -231,6 +300,7 @@ stream_service_t *stream_service_create_from_fd(int fd)
.prio = JOB_PRIO_MEDIUM,
.mutex = mutex_create(MUTEX_TYPE_RECURSIVE),
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+ .ref = 1,
);
return &this->public;
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index eb148e7..425e8f1 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index dfe4117..11dcf29 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index c338356..279000d 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index d009baf..c8e8112 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 396f3a0..33e5958 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index a148931..43bdf1f 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index cb7965a..7c56740 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 34cc2aa..3946936 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 8582937..4b397e8 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index c34d349..2e221c8 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 620cf74..7653c19 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -86,6 +86,7 @@ METHOD(fetcher_t, fetch, status_t,
private_curl_fetcher_t *this, char *uri, void *userdata)
{
char error[CURL_ERROR_SIZE], *enc_uri;
+ CURLcode curl_status;
status_t status;
long result = 0;
cb_data_t data = {
@@ -123,7 +124,8 @@ METHOD(fetcher_t, fetch, status_t,
}
DBG2(DBG_LIB, " sending http request to '%s'...", uri);
- switch (curl_easy_perform(this->curl))
+ curl_status = curl_easy_perform(this->curl);
+ switch (curl_status)
{
case CURLE_UNSUPPORTED_PROTOCOL:
status = NOT_SUPPORTED;
@@ -138,7 +140,8 @@ METHOD(fetcher_t, fetch, status_t,
status = (result >= 200 && result < 300) ? SUCCESS : FAILED;
break;
default:
- DBG1(DBG_LIB, "libcurl http request failed: %s", error);
+ DBG1(DBG_LIB, "libcurl http request failed [%d]: %s", curl_status,
+ error);
status = FAILED;
break;
}
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 062fe12..8929667 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -32,8 +32,107 @@ struct private_curl_plugin_t {
* public functions
*/
curl_plugin_t public;
+
+ /**
+ * Supported features, CURL protocols + 1
+ */
+ plugin_feature_t *features;
+
+ /**
+ * Number of supported features
+ */
+ int count;
};
+/**
+ * Append a feature to supported feature list
+ */
+static void add_feature(private_curl_plugin_t *this, plugin_feature_t f)
+{
+ this->features = realloc(this->features, ++this->count * sizeof(f));
+ this->features[this->count - 1] = f;
+}
+
+/**
+ * Try to add a feature, and the appropriate SSL dependencies
+ */
+static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
+ char *proto, plugin_feature_t f)
+{
+ /* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
+ if (strpfx(ssl, "OpenSSL"))
+ {
+ add_feature(this, f);
+ add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading"));
+ }
+ else if (strpfx(ssl, "GnuTLS"))
+ {
+ add_feature(this, f);
+ add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
+ }
+ else if (strpfx(ssl, "NSS"))
+ {
+ add_feature(this, f);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled",
+ ssl, proto);
+ }
+}
+
+/**
+ * Get supported protocols, build plugin feature set
+ */
+static bool query_protocols(private_curl_plugin_t *this)
+{
+
+ struct {
+ /* protocol we are interested in, suffixed with "://" */
+ char *name;
+ /* require SSL library initialization? */
+ bool ssl;
+ } protos[] = {
+ { "file://", FALSE, },
+ { "http://", FALSE, },
+ { "https://", TRUE, },
+ { "ftp://", FALSE, },
+ };
+ curl_version_info_data *info;
+ char *name;
+ int i, j;
+
+ add_feature(this, PLUGIN_REGISTER(FETCHER, curl_fetcher_create));
+
+ info = curl_version_info(CURLVERSION_NOW);
+
+ for (i = 0; info->protocols[i]; i++)
+ {
+ for (j = 0; j < countof(protos); j++)
+ {
+ name = protos[j].name;
+ if (strlen(info->protocols[i]) == strlen(name) - strlen("://"))
+ {
+ if (strneq(info->protocols[i], name,
+ strlen(name) - strlen("://")))
+ {
+ if (protos[j].ssl)
+ {
+ add_feature_with_ssl(this, info->ssl_version, name,
+ PLUGIN_PROVIDE(FETCHER, name));
+ }
+ else
+ {
+ add_feature(this, PLUGIN_PROVIDE(FETCHER, name));
+ }
+ }
+ }
+ }
+ }
+
+ return this->count > 1;
+}
+
METHOD(plugin_t, get_name, char*,
private_curl_plugin_t *this)
{
@@ -43,21 +142,15 @@ METHOD(plugin_t, get_name, char*,
METHOD(plugin_t, get_features, int,
private_curl_plugin_t *this, plugin_feature_t *features[])
{
- static plugin_feature_t f[] = {
- PLUGIN_REGISTER(FETCHER, curl_fetcher_create),
- PLUGIN_PROVIDE(FETCHER, "file://"),
- PLUGIN_PROVIDE(FETCHER, "http://"),
- PLUGIN_PROVIDE(FETCHER, "https://"),
- PLUGIN_PROVIDE(FETCHER, "ftp://"),
- };
- *features = f;
- return countof(f);
+ *features = this->features;
+ return this->count;
}
METHOD(plugin_t, destroy, void,
private_curl_plugin_t *this)
{
curl_global_cleanup();
+ free(this->features);
free(this);
}
@@ -79,7 +172,12 @@ plugin_t *curl_plugin_create()
},
);
- res = curl_global_init(CURL_GLOBAL_NOTHING);
+ res = curl_global_init(CURL_GLOBAL_SSL);
+ if (res != CURLE_OK)
+ {
+ /* no SSL support? Try without */
+ res = curl_global_init(CURL_GLOBAL_NOTHING);
+ }
if (res != CURLE_OK)
{
DBG1(DBG_LIB, "global libcurl initializing failed: %s",
@@ -87,6 +185,13 @@ plugin_t *curl_plugin_create()
destroy(this);
return NULL;
}
+
+ if (!query_protocols(this))
+ {
+ DBG1(DBG_LIB, "no usable CURL protocols found, curl disabled");
+ destroy(this);
+ return NULL;
+ }
+
return &this->public.plugin;
}
-
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 2f8eb85..0025a2b 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index bd6e64b..0b30923 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index cc146d8..64ae665 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index 4e0e86c..511bfc3 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 90990cf..0c7d22d 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index f4254bb..480c083 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -58,6 +58,8 @@ METHOD(plugin_t, get_features, int,
private_gcrypt_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
+ /* we provide threading-safe initialization of libgcrypt */
+ PLUGIN_PROVIDE(CUSTOM, "gcrypt-threading"),
/* crypters */
PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index c13f4e5..eab4a00 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index cdfa94c..bf34e4c 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index 2a968b8..17faa56 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index b8e1b49..332a587 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 3de733c..91fe8c4 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 1636b96..ba6cb0c 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index ebd0d90..bca4562 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index f75fbe2..0d15d7c 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index fa10c83..e57a367 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 6f0a3bf..ac0db01 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -242,6 +242,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -302,6 +303,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -367,6 +369,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -414,6 +418,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 12f2642..bc7884c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -181,17 +181,7 @@ METHOD(private_key_t, decrypt, bool,
METHOD(private_key_t, get_keysize, int,
private_openssl_ec_private_key_t *this)
{
- switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
- {
- case NID_X9_62_prime256v1:
- return 256;
- case NID_secp384r1:
- return 384;
- case NID_secp521r1:
- return 521;
- default:
- return 0;
- }
+ return EC_GROUP_get_degree(EC_KEY_get0_group(this->ec));
}
METHOD(private_key_t, get_type, key_type_t,
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index 382c554..21dcb01 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -179,17 +179,7 @@ METHOD(public_key_t, encrypt, bool,
METHOD(public_key_t, get_keysize, int,
private_openssl_ec_public_key_t *this)
{
- switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
- {
- case NID_X9_62_prime256v1:
- return 256;
- case NID_secp384r1:
- return 384;
- case NID_secp521r1:
- return 521;
- default:
- return 0;
- }
+ return EC_GROUP_get_degree(EC_KEY_get0_group(this->ec));
}
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index a426cdc..e48efe3 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -266,6 +266,8 @@ METHOD(plugin_t, get_features, int,
private_openssl_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
+ /* we provide OpenSSL threading callbacks */
+ PLUGIN_PROVIDE(CUSTOM, "openssl-threading"),
/* crypters */
PLUGIN_REGISTER(CRYPTER, openssl_crypter_create),
#ifndef OPENSSL_NO_AES
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 39ee773..4bd9587 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 28d0f84..f9c5b9b 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 29387a3..8e351c2 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index edaa8c3..445bc2d 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 55df269..34e8d0c 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index f4d399c..d90cd35 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index 4b60cad..f6534f0 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -236,6 +236,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -296,6 +297,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -361,6 +363,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -408,6 +412,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index bf0a0cc..0756db8 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index c23f2f0..1fec1b3 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -218,6 +218,16 @@ typedef struct {
char *name;
/**
+ * Optional reload function for features
+ */
+ bool (*reload)(void *data);
+
+ /**
+ * User data to pass to reload function
+ */
+ void *reload_data;
+
+ /**
* Static plugin features
*/
plugin_feature_t *features;
@@ -242,6 +252,16 @@ METHOD(plugin_t, get_static_features, int,
return this->count;
}
+METHOD(plugin_t, static_reload, bool,
+ static_features_t *this)
+{
+ if (this->reload)
+ {
+ return this->reload(this->reload_data);
+ }
+ return FALSE;
+}
+
METHOD(plugin_t, static_destroy, void,
static_features_t *this)
{
@@ -254,7 +274,8 @@ METHOD(plugin_t, static_destroy, void,
* Create a wrapper around static plugin features.
*/
static plugin_t *static_features_create(const char *name,
- plugin_feature_t features[], int count)
+ plugin_feature_t features[], int count,
+ bool (*reload)(void*), void *reload_data)
{
static_features_t *this;
@@ -262,9 +283,12 @@ static plugin_t *static_features_create(const char *name,
.public = {
.get_name = _get_static_name,
.get_features = _get_static_features,
+ .reload = _static_reload,
.destroy = _static_destroy,
},
.name = strdup(name),
+ .reload = reload,
+ .reload_data = reload_data,
.features = calloc(count, sizeof(plugin_feature_t)),
.count = count,
);
@@ -904,12 +928,13 @@ static void purge_plugins(private_plugin_loader_t *this)
METHOD(plugin_loader_t, add_static_features, void,
private_plugin_loader_t *this, const char *name,
- plugin_feature_t features[], int count, bool critical)
+ plugin_feature_t features[], int count, bool critical,
+ bool (*reload)(void*), void *reload_data)
{
plugin_entry_t *entry;
plugin_t *plugin;
- plugin = static_features_create(name, features, count);
+ plugin = static_features_create(name, features, count, reload, reload_data);
INIT(entry,
.plugin = plugin,
diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h
index fec57ce..6be6a90 100644
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@@ -44,6 +44,9 @@ struct plugin_loader_t {
* If critical is TRUE load() will fail if any of the added features could
* not be loaded.
*
+ * If a reload callback function is given, it gets invoked for the
+ * registered feature set when reload() is invoked on the plugin_loader.
+ *
* @note The name should be unique otherwise a plugin with the same name is
* not loaded.
*
@@ -51,10 +54,13 @@ struct plugin_loader_t {
* @param features array of plugin features
* @param count number of features in the array
* @param critical TRUE if the features are critical
+ * @param reload feature reload callback, or NULL
+ * @param reload_data user data to pass to reload callback
*/
void (*add_static_features) (plugin_loader_t *this, const char *name,
struct plugin_feature_t *features, int count,
- bool critical);
+ bool critical, bool (*reload)(void*),
+ void *reload_data);
/**
* Load a list of plugins.
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index 2dc355b..fcdbe94 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index e90c321..fb6c9ae 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index dd49ea6..d84b1ba 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index 44dce24..967e862 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index cb185e7..1274826 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index f07b768..70a98b0 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index ab95f8a..f7d11be 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index ef85abd..ee96f08 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -233,6 +233,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -293,6 +294,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -358,6 +360,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -405,6 +409,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index f7be0e4..b9f949b 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index ed86fca..b66302e 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index f517eb4..8d7c667 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -249,6 +249,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -309,6 +310,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -374,6 +376,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -421,6 +425,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index 1668917..02f4ccd 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in
index 4e4fd57..fb87917 100644
--- a/src/libstrongswan/plugins/winhttp/Makefile.in
+++ b/src/libstrongswan/plugins/winhttp/Makefile.in
@@ -235,6 +235,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -295,6 +296,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -360,6 +362,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -407,6 +411,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 02f2b2b..23a6b3b 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 3c3fa07..ffcee54 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c
index 3518dfd..d4de2a9 100644
--- a/src/libstrongswan/processing/watcher.c
+++ b/src/libstrongswan/processing/watcher.c
@@ -52,9 +52,9 @@ struct private_watcher_t {
bool pending;
/**
- * Is watcher running?
+ * Running state of watcher
*/
- bool running;
+ watcher_state_t state;
/**
* Lock to access FD list
@@ -239,7 +239,7 @@ static void activate_all(private_watcher_t *this)
entry->in_callback = 0;
}
enumerator->destroy(enumerator);
- this->running = FALSE;
+ this->state = WATCHER_STOPPED;
this->condvar->broadcast(this->condvar);
this->mutex->unlock(this->mutex);
}
@@ -263,10 +263,14 @@ static job_requeue_t watch(private_watcher_t *this)
if (this->fds->get_count(this->fds) == 0)
{
- this->running = FALSE;
+ this->state = WATCHER_STOPPED;
this->mutex->unlock(this->mutex);
return JOB_REQUEUE_NONE;
}
+ if (this->state == WATCHER_QUEUED)
+ {
+ this->state = WATCHER_RUNNING;
+ }
if (this->notify[0] != -1)
{
@@ -407,9 +411,9 @@ METHOD(watcher_t, add, void,
this->mutex->lock(this->mutex);
this->fds->insert_last(this->fds, entry);
- if (!this->running)
+ if (this->state == WATCHER_STOPPED)
{
- this->running = TRUE;
+ this->state = WATCHER_QUEUED;
lib->processor->queue_job(lib->processor,
(job_t*)callback_job_create_with_prio((void*)watch, this,
NULL, (callback_job_cancel_t)return_false, JOB_PRIO_CRITICAL));
@@ -437,7 +441,7 @@ METHOD(watcher_t, remove_, void,
{
if (entry->fd == fd)
{
- if (this->running && entry->in_callback)
+ if (this->state != WATCHER_STOPPED && entry->in_callback)
{
is_in_callback = TRUE;
break;
@@ -458,6 +462,18 @@ METHOD(watcher_t, remove_, void,
this->mutex->unlock(this->mutex);
}
+METHOD(watcher_t, get_state, watcher_state_t,
+ private_watcher_t *this)
+{
+ watcher_state_t state;
+
+ this->mutex->lock(this->mutex);
+ state = this->state;
+ this->mutex->unlock(this->mutex);
+
+ return state;
+}
+
METHOD(watcher_t, destroy, void,
private_watcher_t *this)
{
@@ -535,6 +551,7 @@ watcher_t *watcher_create()
.public = {
.add = _add,
.remove = _remove_,
+ .get_state = _get_state,
.destroy = _destroy,
},
.fds = linked_list_create(),
@@ -542,6 +559,7 @@ watcher_t *watcher_create()
.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
.jobs = linked_list_create(),
.notify = {-1, -1},
+ .state = WATCHER_STOPPED,
);
if (!create_notify(this))
diff --git a/src/libstrongswan/processing/watcher.h b/src/libstrongswan/processing/watcher.h
index 6e158ce..f07cabf 100644
--- a/src/libstrongswan/processing/watcher.h
+++ b/src/libstrongswan/processing/watcher.h
@@ -23,6 +23,7 @@
typedef struct watcher_t watcher_t;
typedef enum watcher_event_t watcher_event_t;
+typedef enum watcher_state_t watcher_state_t;
#include <library.h>
@@ -57,6 +58,18 @@ enum watcher_event_t {
};
/**
+ * State the watcher currently is in
+ */
+enum watcher_state_t {
+ /** no watcher thread running or queued */
+ WATCHER_STOPPED = 0,
+ /** a job has been queued for watching, but not yet started */
+ WATCHER_QUEUED,
+ /** a watcher thread is active, dispatching socket events */
+ WATCHER_RUNNING,
+};
+
+/**
* Watch multiple file descriptors using select().
*/
struct watcher_t {
@@ -86,6 +99,13 @@ struct watcher_t {
void (*remove)(watcher_t *this, int fd);
/**
+ * Get the current watcher state
+ *
+ * @return currently active watcher state
+ */
+ watcher_state_t (*get_state)(watcher_t *this);
+
+ /**
* Destroy a watcher_t.
*/
void (*destroy)(watcher_t *this);
diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index e235e3c..acf9160 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -856,7 +856,7 @@ static bool load_files_internal(private_settings_t *this, section_t *parent,
if (pattern == NULL || !pattern[0])
{ /* TODO: Clear parent if merge is FALSE? */
- return FALSE;
+ return TRUE;
}
section = settings_section_create(NULL);
diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c
index 23e552d..be805ef 100644
--- a/src/libstrongswan/settings/settings_parser.c
+++ b/src/libstrongswan/settings/settings_parser.c
@@ -1716,13 +1716,11 @@ bool settings_parser_parse_file(section_t *root, char *name)
helper->file_include(helper, name);
if (!settings_parser_open_next_file(helper))
{
-#ifdef STRONGSWAN_CONF
- if (streq(name, STRONGSWAN_CONF))
+ if (lib->conf && streq(name, lib->conf))
{
DBG2(DBG_CFG, "failed to open config file '%s'", name);
}
else
-#endif
{
DBG1(DBG_CFG, "failed to open config file '%s'", name);
}
diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y
index b79faf6..d95a24b 100644
--- a/src/libstrongswan/settings/settings_parser.y
+++ b/src/libstrongswan/settings/settings_parser.y
@@ -259,13 +259,11 @@ bool settings_parser_parse_file(section_t *root, char *name)
helper->file_include(helper, name);
if (!settings_parser_open_next_file(helper))
{
-#ifdef STRONGSWAN_CONF
- if (streq(name, STRONGSWAN_CONF))
+ if (lib->conf && streq(name, lib->conf))
{
DBG2(DBG_CFG, "failed to open config file '%s'", name);
}
else
-#endif
{
DBG1(DBG_CFG, "failed to open config file '%s'", name);
}
diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index e8e8090..7ecba19 100644
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -30,6 +30,7 @@ tests_SOURCES = tests.h tests.c \
suites/test_hashtable.c \
suites/test_identification.c \
suites/test_threading.c \
+ suites/test_process.c \
suites/test_watcher.c \
suites/test_stream.c \
suites/test_fetch_http.c \
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 1d2d5eb..3268b54 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -126,6 +126,7 @@ am_tests_OBJECTS = tests-tests.$(OBJEXT) \
suites/tests-test_hashtable.$(OBJEXT) \
suites/tests-test_identification.$(OBJEXT) \
suites/tests-test_threading.$(OBJEXT) \
+ suites/tests-test_process.$(OBJEXT) \
suites/tests-test_watcher.$(OBJEXT) \
suites/tests-test_stream.$(OBJEXT) \
suites/tests-test_fetch_http.$(OBJEXT) \
@@ -265,6 +266,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -325,6 +327,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -390,6 +393,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -437,6 +442,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -472,6 +481,7 @@ tests_SOURCES = tests.h tests.c \
suites/test_hashtable.c \
suites/test_identification.c \
suites/test_threading.c \
+ suites/test_process.c \
suites/test_watcher.c \
suites/test_stream.c \
suites/test_fetch_http.c \
@@ -595,6 +605,8 @@ suites/tests-test_identification.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_threading.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
+suites/tests-test_process.$(OBJEXT): suites/$(am__dirstamp) \
+ suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_watcher.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
suites/tests-test_stream.$(OBJEXT): suites/$(am__dirstamp) \
@@ -671,6 +683,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_ntru.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_pen.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_printf.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_process.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_rsa.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_settings.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tests-test_stream.Po at am__quote@
@@ -880,6 +893,20 @@ suites/tests-test_threading.obj: suites/test_threading.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi`
+suites/tests-test_process.o: suites/test_process.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_process.o -MD -MP -MF suites/$(DEPDIR)/tests-test_process.Tpo -c -o suites/tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_process.Tpo suites/$(DEPDIR)/tests-test_process.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/tests-test_process.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_process.o `test -f 'suites/test_process.c' || echo '$(srcdir)/'`suites/test_process.c
+
+suites/tests-test_process.obj: suites/test_process.c
+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_process.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_process.Tpo -c -o suites/tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi`
+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_process.Tpo suites/$(DEPDIR)/tests-test_process.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_process.c' object='suites/tests-test_process.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_process.obj `if test -f 'suites/test_process.c'; then $(CYGPATH_W) 'suites/test_process.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_process.c'; fi`
+
suites/tests-test_watcher.o: suites/test_watcher.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po
diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c
index b33d70e..d71e010 100644
--- a/src/libstrongswan/tests/suites/test_chunk.c
+++ b/src/libstrongswan/tests/suites/test_chunk.c
@@ -784,6 +784,51 @@ START_TEST(test_chunk_hash_static)
END_TEST
/*******************************************************************************
+ * test for chunk_internet_checksum[_inc]()
+ */
+
+START_TEST(test_chunk_internet_checksum)
+{
+ chunk_t chunk;
+ u_int16_t sum;
+
+ chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06,
+ 0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e,0x2b);
+
+ sum = chunk_internet_checksum(chunk);
+ ck_assert_int_eq(0x442e, ntohs(sum));
+
+ sum = chunk_internet_checksum(chunk_create(chunk.ptr, 10));
+ sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+10, 10), sum);
+ ck_assert_int_eq(0x442e, ntohs(sum));
+
+ /* need to compensate for even/odd alignment */
+ sum = chunk_internet_checksum(chunk_create(chunk.ptr, 9));
+ sum = ntohs(sum);
+ sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+9, 11), sum);
+ sum = ntohs(sum);
+ ck_assert_int_eq(0x442e, ntohs(sum));
+
+ chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06,
+ 0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e);
+
+ sum = chunk_internet_checksum(chunk);
+ ck_assert_int_eq(0x4459, ntohs(sum));
+
+ sum = chunk_internet_checksum(chunk_create(chunk.ptr, 10));
+ sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+10, 9), sum);
+ ck_assert_int_eq(0x4459, ntohs(sum));
+
+ /* need to compensate for even/odd alignment */
+ sum = chunk_internet_checksum(chunk_create(chunk.ptr, 9));
+ sum = ntohs(sum);
+ sum = chunk_internet_checksum_inc(chunk_create(chunk.ptr+9, 10), sum);
+ sum = ntohs(sum);
+ ck_assert_int_eq(0x4459, ntohs(sum));
+}
+END_TEST
+
+/*******************************************************************************
* test for chunk_map and friends
*/
@@ -1018,6 +1063,10 @@ Suite *chunk_suite_create()
tcase_add_test(tc, test_chunk_hash_static);
suite_add_tcase(s, tc);
+ tc = tcase_create("chunk_internet_checksum");
+ tcase_add_test(tc, test_chunk_internet_checksum);
+ suite_add_tcase(s, tc);
+
tc = tcase_create("chunk_map");
tcase_add_test(tc, test_chunk_map);
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/suites/test_process.c b/src/libstrongswan/tests/suites/test_process.c
new file mode 100644
index 0000000..9b1c575
--- /dev/null
+++ b/src/libstrongswan/tests/suites/test_process.c
@@ -0,0 +1,227 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <unistd.h>
+
+#include <utils/process.h>
+
+START_TEST(test_retval_true)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\cmd.exe",
+ "/C",
+ "exit 0",
+#else
+ "/bin/sh",
+ "-c",
+ "true",
+#endif
+ NULL
+ };
+ int retval;
+
+ process = process_start(argv, NULL, NULL, NULL, NULL, TRUE);
+ ck_assert(process != NULL);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 0);
+}
+END_TEST
+
+START_TEST(test_retval_false)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\cmd.exe",
+ "/C",
+ "exit 1",
+#else
+ "/bin/sh",
+ "-c",
+ "false",
+#endif
+ NULL
+ };
+ int retval;
+
+ process = process_start(argv, NULL, NULL, NULL, NULL, TRUE);
+ ck_assert(process != NULL);
+ ck_assert(process->wait(process, &retval));
+ ck_assert(retval != 0);
+}
+END_TEST
+
+START_TEST(test_not_found)
+{
+ process_t *process;
+ char *argv[] = {
+ "/bin/does-not-exist",
+ NULL
+ };
+
+ process = process_start(argv, NULL, NULL, NULL, NULL, TRUE);
+ /* both is acceptable behavior */
+ ck_assert(process == NULL || !process->wait(process, NULL));
+}
+END_TEST
+
+START_TEST(test_echo)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\more.com",
+#else
+ "/bin/sh",
+ "-c",
+ "cat",
+#endif
+ NULL
+ };
+ int retval, in, out;
+ char *msg = "test";
+ char buf[strlen(msg) + 1];
+
+ memset(buf, 0, strlen(msg) + 1);
+
+ process = process_start(argv, NULL, &in, &out, NULL, TRUE);
+ ck_assert(process != NULL);
+ ck_assert_int_eq(write(in, msg, strlen(msg)), strlen(msg));
+ ck_assert(close(in) == 0);
+ ck_assert_int_eq(read(out, buf, strlen(msg) + 1), strlen(msg));
+ ck_assert_str_eq(buf, msg);
+ ck_assert(close(out) == 0);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 0);
+}
+END_TEST
+
+START_TEST(test_echo_err)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\cmd.exe",
+ "/C",
+ "1>&2 C:\\Windows\\system32\\more.com",
+#else
+ "/bin/sh",
+ "-c",
+ "1>&2 cat",
+#endif
+ NULL
+ };
+ int retval, in, err;
+ char *msg = "a longer test message";
+ char buf[strlen(msg) + 1];
+
+ memset(buf, 0, strlen(msg) + 1);
+
+ process = process_start(argv, NULL, &in, NULL, &err, TRUE);
+ ck_assert(process != NULL);
+ ck_assert_int_eq(write(in, msg, strlen(msg)), strlen(msg));
+ ck_assert(close(in) == 0);
+ ck_assert_int_eq(read(err, buf, strlen(msg) + 1), strlen(msg));
+ ck_assert_str_eq(buf, msg);
+ ck_assert(close(err) == 0);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 0);
+}
+END_TEST
+
+START_TEST(test_env)
+{
+ process_t *process;
+ char *argv[] = {
+#ifdef WIN32
+ "C:\\Windows\\system32\\cmd.exe",
+ "/C",
+ "echo %A% %B%",
+#else
+ "/bin/sh",
+ "-c",
+ "/bin/echo -n $A $B",
+#endif
+ NULL
+ };
+ char *envp[] = {
+ "A=atest",
+ "B=bstring",
+ NULL
+ };
+ int retval, out;
+ char buf[64] = {};
+
+ process = process_start(argv, envp, NULL, &out, NULL, TRUE);
+ ck_assert(process != NULL);
+ ck_assert(read(out, buf, sizeof(buf)) > 0);
+#ifdef WIN32
+ ck_assert_str_eq(buf, "atest bstring\r\n");
+#else
+ ck_assert_str_eq(buf, "atest bstring");
+#endif
+ ck_assert(close(out) == 0);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 0);
+}
+END_TEST
+
+START_TEST(test_shell)
+{
+ process_t *process;
+ int retval;
+
+ process = process_start_shell(NULL, NULL, NULL, NULL, "exit %d", 3);
+ ck_assert(process != NULL);
+ ck_assert(process->wait(process, &retval));
+ ck_assert_int_eq(retval, 3);
+}
+END_TEST
+
+Suite *process_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("process");
+
+ tc = tcase_create("return values");
+ tcase_add_test(tc, test_retval_true);
+ tcase_add_test(tc, test_retval_false);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("not found");
+ tcase_add_test(tc, test_not_found);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("echo");
+ tcase_add_test(tc, test_echo);
+ tcase_add_test(tc, test_echo_err);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("env");
+ tcase_add_test(tc, test_env);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("shell");
+ tcase_add_test(tc, test_shell);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c
index 0526d9d..47e4484 100644
--- a/src/libstrongswan/tests/suites/test_threading.c
+++ b/src/libstrongswan/tests/suites/test_threading.c
@@ -980,7 +980,8 @@ START_TEST(test_detach)
sched_yield();
}
/* no checks done here, but we check that thread state gets cleaned
- * up with leak detective. */
+ * up with leak detective. give the threads time to clean up. */
+ usleep(10000);
}
END_TEST
@@ -1015,7 +1016,8 @@ START_TEST(test_detach_exit)
sched_yield();
}
/* no checks done here, but we check that thread state gets cleaned
- * up with leak detective. */
+ * up with leak detective. give the threads time to clean up. */
+ usleep(10000);
}
END_TEST
diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c
index 8f2e985..b773028 100644
--- a/src/libstrongswan/tests/test_runner.c
+++ b/src/libstrongswan/tests/test_runner.c
@@ -58,41 +58,58 @@ static void destroy_suite(test_suite_t *suite)
}
/**
- * Removes and destroys test suites that are not selected.
+ * Filter loaded test suites, either remove suites listed (exclude=TRUE), or all
+ * that are not listed (exclude=FALSE).
*/
-static void filter_suites(array_t *loaded)
+static void apply_filter(array_t *loaded, char *filter, bool exclude)
{
enumerator_t *enumerator, *names;
- hashtable_t *selected;
+ hashtable_t *listed;
test_suite_t *suite;
- char *suites, *name;
+ char *name;
- suites = getenv("TESTS_SUITES");
- if (!suites)
- {
- return;
- }
- selected = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8);
- names = enumerator_create_token(suites, ",", " ");
+ listed = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8);
+ names = enumerator_create_token(filter, ",", " ");
while (names->enumerate(names, &name))
{
- selected->put(selected, name, name);
+ listed->put(listed, name, name);
}
enumerator = array_create_enumerator(loaded);
while (enumerator->enumerate(enumerator, &suite))
{
- if (!selected->get(selected, suite->name))
+ if ((exclude && listed->get(listed, suite->name)) ||
+ (!exclude && !listed->get(listed, suite->name)))
{
array_remove_at(loaded, enumerator);
destroy_suite(suite);
}
}
enumerator->destroy(enumerator);
- selected->destroy(selected);
+ listed->destroy(listed);
names->destroy(names);
}
/**
+ * Removes and destroys test suites that are not selected or
+ * explicitly excluded.
+ */
+static void filter_suites(array_t *loaded)
+{
+ char *filter;
+
+ filter = getenv("TESTS_SUITES");
+ if (filter)
+ {
+ apply_filter(loaded, filter, FALSE);
+ }
+ filter = getenv("TESTS_SUITES_EXCLUDE");
+ if (filter)
+ {
+ apply_filter(loaded, filter, TRUE);
+ }
+}
+
+/**
* Load all available test suites, or optionally only selected ones.
*/
static array_t *load_suites(test_configuration_t configs[],
diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h
index de87a1f..7250f8a 100644
--- a/src/libstrongswan/tests/test_runner.h
+++ b/src/libstrongswan/tests/test_runner.h
@@ -70,6 +70,7 @@ struct test_configuration_t {
* - TESTS_VERBOSITY: Numerical loglevel for debug log
* - TESTS_STRONGSWAN_CONF: Specify a path to a custom strongswan.conf
* - TESTS_SUITES: Run specific test suites only
+ * - TESTS_SUITES_EXCLUDE: Don't run specific test suites
* - TESTS_REDUCED_KEYLENGTHS: Test minimal keylengths for public key tests only
*
* @param name name of test runner
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index ab0f642..5862278 100644
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -24,6 +24,7 @@ TEST_SUITE(hashtable_suite_create)
TEST_SUITE(array_suite_create)
TEST_SUITE(identification_suite_create)
TEST_SUITE(threading_suite_create)
+TEST_SUITE(process_suite_create)
TEST_SUITE(watcher_suite_create)
TEST_SUITE(stream_suite_create)
TEST_SUITE(utils_suite_create)
diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c
index f86e781..10cf045 100644
--- a/src/libstrongswan/threading/mutex.c
+++ b/src/libstrongswan/threading/mutex.c
@@ -23,6 +23,7 @@
#include <library.h>
#include <utils/debug.h>
+#include "thread.h"
#include "condvar.h"
#include "mutex.h"
#include "lock_profiler.h"
@@ -70,7 +71,7 @@ struct private_r_mutex_t {
/**
* thread which currently owns mutex
*/
- pthread_t thread;
+ thread_t *thread;
/**
* times the current thread locked the mutex
@@ -125,16 +126,16 @@ METHOD(mutex_t, unlock, void,
METHOD(mutex_t, lock_r, void,
private_r_mutex_t *this)
{
- pthread_t self = pthread_self();
+ thread_t *self = thread_current();
- if (pthread_equal(this->thread, self))
+ if (cas_ptr(&this->thread, self, self))
{
this->times++;
}
else
{
lock(&this->generic);
- this->thread = self;
+ cas_ptr(&this->thread, NULL, self);
this->times = 1;
}
}
@@ -144,7 +145,7 @@ METHOD(mutex_t, unlock_r, void,
{
if (--this->times == 0)
{
- memset(&this->thread, 0, sizeof(this->thread));
+ cas_ptr(&this->thread, thread_current(), NULL);
unlock(&this->generic);
}
}
@@ -220,14 +221,15 @@ METHOD(condvar_t, wait_, void,
if (mutex->recursive)
{
private_r_mutex_t* recursive = (private_r_mutex_t*)mutex;
+ thread_t *self = thread_current();
u_int times;
/* keep track of the number of times this thread locked the mutex */
times = recursive->times;
/* mutex owner gets cleared during condvar wait */
- memset(&recursive->thread, 0, sizeof(recursive->thread));
+ cas_ptr(&recursive->thread, self, NULL);
pthread_cond_wait(&this->condvar, &mutex->mutex);
- recursive->thread = pthread_self();
+ cas_ptr(&recursive->thread, NULL, self);
recursive->times = times;
}
else
@@ -253,13 +255,14 @@ METHOD(condvar_t, timed_wait_abs, bool,
if (mutex->recursive)
{
private_r_mutex_t* recursive = (private_r_mutex_t*)mutex;
+ thread_t *self = thread_current();
u_int times;
times = recursive->times;
- memset(&recursive->thread, 0, sizeof(recursive->thread));
+ cas_ptr(&recursive->thread, self, NULL);
timed_out = pthread_cond_timedwait(&this->condvar, &mutex->mutex,
&ts) == ETIMEDOUT;
- recursive->thread = pthread_self();
+ cas_ptr(&recursive->thread, NULL, self);
recursive->times = times;
}
else
diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h
index 8d3c30e..6abb834 100644
--- a/src/libstrongswan/threading/thread.h
+++ b/src/libstrongswan/threading/thread.h
@@ -189,4 +189,32 @@ void threads_init();
*/
void threads_deinit();
+
+#ifdef __APPLE__
+
+/*
+ * While select() is a cancellation point, it seems that OS X does not honor
+ * pending cancellation points when entering the function. We manually test for
+ * and honor pending cancellation requests, but this obviously can't prevent
+ * some race conditions where the the cancellation happens after the check,
+ * but before the select.
+ */
+static inline int precancellable_select(int nfds, fd_set *restrict readfds,
+ fd_set *restrict writefds, fd_set *restrict errorfds,
+ struct timeval *restrict timeout)
+{
+ if (thread_cancelability(TRUE))
+ {
+ thread_cancellation_point();
+ }
+ else
+ {
+ thread_cancelability(FALSE);
+ }
+ return select(nfds, readfds, writefds, errorfds, timeout);
+}
+#define select precancellable_select
+
+#endif /* __APPLE__ */
+
#endif /** THREADING_THREAD_H_ @} */
diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c
index e694cae..6dd68d6 100644
--- a/src/libstrongswan/utils/backtrace.c
+++ b/src/libstrongswan/utils/backtrace.c
@@ -319,6 +319,7 @@ static bfd_entry_t *get_bfd_entry(char *filename)
if (size == 0)
{
size = bfd_get_dynamic_symtab_upper_bound(entry->abfd);
+ dynamic = TRUE;
}
if (size >= 0)
{
diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c
index 1a9674f..4b24b37 100644
--- a/src/libstrongswan/utils/chunk.c
+++ b/src/libstrongswan/utils/chunk.c
@@ -990,6 +990,37 @@ u_int32_t chunk_hash_static(chunk_t chunk)
/**
* Described in header.
*/
+u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum)
+{
+ u_int32_t sum = ntohs(~checksum);
+
+ while (data.len > 1)
+ {
+ sum += untoh16(data.ptr);
+ data = chunk_skip(data, 2);
+ }
+ if (data.len)
+ {
+ sum += (u_int16_t)*data.ptr << 8;
+ }
+ while (sum >> 16)
+ {
+ sum = (sum & 0xffff) + (sum >> 16);
+ }
+ return htons(~sum);
+}
+
+/**
+ * Described in header.
+ */
+u_int16_t chunk_internet_checksum(chunk_t data)
+{
+ return chunk_internet_checksum_inc(data, 0xffff);
+}
+
+/**
+ * Described in header.
+ */
int chunk_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
const void *const *args)
{
diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h
index 9951ff3..48405b7 100644
--- a/src/libstrongswan/utils/chunk.h
+++ b/src/libstrongswan/utils/chunk.h
@@ -412,6 +412,31 @@ u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash);
u_int64_t chunk_mac(chunk_t chunk, u_char *key);
/**
+ * Calculate the Internet Checksum according to RFC 1071 for the given chunk.
+ *
+ * If the result is used with chunk_internet_checksum_inc() and the data length
+ * is not a multiple of 16 bit the checksum bytes have to be swapped to
+ * compensate the even/odd alignment.
+ *
+ * @param data data to process
+ * @return checksum (one's complement, network order)
+ */
+u_int16_t chunk_internet_checksum(chunk_t data);
+
+/**
+ * Extend the given Internet Checksum (one's complement, in network byte order)
+ * with the given data.
+ *
+ * If data is not a multiple of 16 bits the checksum may have to be swapped to
+ * compensate even/odd alignment (see chunk_internet_checksum()).
+ *
+ * @param data data to process
+ * @param checksum previous checksum (one's complement, network order)
+ * @return checksum (one's complement, network order)
+ */
+u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum);
+
+/**
* printf hook function for chunk_t.
*
* Arguments are:
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index a2bca19..bc8432a 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -561,6 +561,8 @@ char *whitelist[] = {
"ECDSA_do_sign_ex",
"ECDSA_verify",
"RSA_new_method",
+ /* OpenSSL libssl */
+ "SSL_COMP_get_compression_methods",
/* NSPR */
"PR_CallOnce",
/* libapr */
diff --git a/src/libstrongswan/utils/process.c b/src/libstrongswan/utils/process.c
new file mode 100644
index 0000000..c863bdd
--- /dev/null
+++ b/src/libstrongswan/utils/process.c
@@ -0,0 +1,592 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/* vasprintf() */
+#define _GNU_SOURCE
+#include "process.h"
+
+#include <library.h>
+#include <utils/debug.h>
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+typedef struct private_process_t private_process_t;
+
+/**
+ * Ends of a pipe()
+ */
+enum {
+ PIPE_READ = 0,
+ PIPE_WRITE = 1,
+ PIPE_ENDS,
+};
+
+#ifndef WIN32
+
+#include <unistd.h>
+#include <errno.h>
+#include <sys/wait.h>
+#include <signal.h>
+
+/**
+ * Private data of an process_t object.
+ */
+struct private_process_t {
+
+ /**
+ * Public process_t interface.
+ */
+ process_t public;
+
+ /**
+ * child stdin pipe
+ */
+ int in[PIPE_ENDS];
+
+ /**
+ * child stdout pipe
+ */
+ int out[PIPE_ENDS];
+
+ /**
+ * child stderr pipe
+ */
+ int err[PIPE_ENDS];
+
+ /**
+ * child process
+ */
+ int pid;
+};
+
+/**
+ * Close a file descriptor if it is not -1
+ */
+static void close_if(int *fd)
+{
+ if (*fd != -1)
+ {
+ close(*fd);
+ *fd = -1;
+ }
+}
+
+/**
+ * Destroy a process structure, close all pipes
+ */
+static void process_destroy(private_process_t *this)
+{
+ close_if(&this->in[PIPE_READ]);
+ close_if(&this->in[PIPE_WRITE]);
+ close_if(&this->out[PIPE_READ]);
+ close_if(&this->out[PIPE_WRITE]);
+ close_if(&this->err[PIPE_READ]);
+ close_if(&this->err[PIPE_WRITE]);
+ free(this);
+}
+
+METHOD(process_t, wait_, bool,
+ private_process_t *this, int *code)
+{
+ int status, ret;
+
+ ret = waitpid(this->pid, &status, 0);
+ process_destroy(this);
+ if (ret == -1)
+ {
+ return FALSE;
+ }
+ if (!WIFEXITED(status))
+ {
+ return FALSE;
+ }
+ if (code)
+ {
+ *code = WEXITSTATUS(status);
+ }
+ return TRUE;
+}
+
+/**
+ * See header
+ */
+process_t* process_start(char *const argv[], char *const envp[],
+ int *in, int *out, int *err, bool close_all)
+{
+ private_process_t *this;
+ char *empty[] = { NULL };
+
+ INIT(this,
+ .public = {
+ .wait = _wait_,
+ },
+ .in = { -1, -1 },
+ .out = { -1, -1 },
+ .err = { -1, -1 },
+ );
+
+ if (in && pipe(this->in) != 0)
+ {
+ DBG1(DBG_LIB, "creating stdin pipe failed: %s", strerror(errno));
+ process_destroy(this);
+ return NULL;
+ }
+ if (out && pipe(this->out) != 0)
+ {
+ DBG1(DBG_LIB, "creating stdout pipe failed: %s", strerror(errno));
+ process_destroy(this);
+ return NULL;
+ }
+ if (err && pipe(this->err) != 0)
+ {
+ DBG1(DBG_LIB, "creating stderr pipe failed: %s", strerror(errno));
+ process_destroy(this);
+ return NULL;
+ }
+
+ this->pid = fork();
+ switch (this->pid)
+ {
+ case -1:
+ DBG1(DBG_LIB, "forking process failed: %s", strerror(errno));
+ process_destroy(this);
+ return NULL;
+ case 0:
+ /* child */
+ close_if(&this->in[PIPE_WRITE]);
+ close_if(&this->out[PIPE_READ]);
+ close_if(&this->err[PIPE_READ]);
+ if (this->in[PIPE_READ] != -1)
+ {
+ if (dup2(this->in[PIPE_READ], 0) == -1)
+ {
+ raise(SIGKILL);
+ }
+ }
+ if (this->out[PIPE_WRITE] != -1)
+ {
+ if (dup2(this->out[PIPE_WRITE], 1) == -1)
+ {
+ raise(SIGKILL);
+ }
+ }
+ if (this->err[PIPE_WRITE] != -1)
+ {
+ if (dup2(this->err[PIPE_WRITE], 2) == -1)
+ {
+ raise(SIGKILL);
+ }
+ }
+ if (close_all)
+ {
+ closefrom(3);
+ }
+ if (execve(argv[0], argv, envp ?: empty) == -1)
+ {
+ raise(SIGKILL);
+ }
+ /* not reached */
+ default:
+ /* parent */
+ close_if(&this->in[PIPE_READ]);
+ close_if(&this->out[PIPE_WRITE]);
+ close_if(&this->err[PIPE_WRITE]);
+ if (in)
+ {
+ *in = this->in[PIPE_WRITE];
+ this->in[PIPE_WRITE] = -1;
+ }
+ if (out)
+ {
+ *out = this->out[PIPE_READ];
+ this->out[PIPE_READ] = -1;
+ }
+ if (err)
+ {
+ *err = this->err[PIPE_READ];
+ this->err[PIPE_READ] = -1;
+ }
+ return &this->public;
+ }
+}
+
+/**
+ * See header
+ */
+process_t* process_start_shell(char *const envp[], int *in, int *out, int *err,
+ char *fmt, ...)
+{
+ char *argv[] = {
+ "/bin/sh",
+ "-c",
+ NULL,
+ NULL
+ };
+ process_t *process;
+ va_list args;
+ int len;
+
+ va_start(args, fmt);
+ len = vasprintf(&argv[2], fmt, args);
+ va_end(args);
+ if (len < 0)
+ {
+ return NULL;
+ }
+
+ process = process_start(argv, envp, in, out, err, TRUE);
+ free(argv[2]);
+ return process;
+}
+
+#else /* WIN32 */
+
+/**
+ * Private data of an process_t object.
+ */
+struct private_process_t {
+
+ /**
+ * Public process_t interface.
+ */
+ process_t public;
+
+ /**
+ * child stdin pipe
+ */
+ HANDLE in[PIPE_ENDS];
+
+ /**
+ * child stdout pipe
+ */
+ HANDLE out[PIPE_ENDS];
+
+ /**
+ * child stderr pipe
+ */
+ HANDLE err[PIPE_ENDS];
+
+ /**
+ * child process information
+ */
+ PROCESS_INFORMATION pi;
+};
+
+/**
+ * Clean up state associated to child process
+ */
+static void process_destroy(private_process_t *this)
+{
+ if (this->in[PIPE_READ])
+ {
+ CloseHandle(this->in[PIPE_READ]);
+ }
+ if (this->in[PIPE_WRITE])
+ {
+ CloseHandle(this->in[PIPE_WRITE]);
+ }
+ if (this->out[PIPE_READ])
+ {
+ CloseHandle(this->out[PIPE_READ]);
+ }
+ if (this->out[PIPE_WRITE])
+ {
+ CloseHandle(this->out[PIPE_WRITE]);
+ }
+ if (this->err[PIPE_READ])
+ {
+ CloseHandle(this->err[PIPE_READ]);
+ }
+ if (this->err[PIPE_WRITE])
+ {
+ CloseHandle(this->err[PIPE_WRITE]);
+ }
+ if (this->pi.hProcess)
+ {
+ CloseHandle(this->pi.hProcess);
+ CloseHandle(this->pi.hThread);
+ }
+ free(this);
+}
+
+METHOD(process_t, wait_, bool,
+ private_process_t *this, int *code)
+{
+ DWORD ec;
+
+ if (WaitForSingleObject(this->pi.hProcess, INFINITE) != WAIT_OBJECT_0)
+ {
+ DBG1(DBG_LIB, "waiting for child process failed: 0x%08x",
+ GetLastError());
+ process_destroy(this);
+ return FALSE;
+ }
+ if (code)
+ {
+ if (!GetExitCodeProcess(this->pi.hProcess, &ec))
+ {
+ DBG1(DBG_LIB, "getting child process exit code failed: 0x%08x",
+ GetLastError());
+ process_destroy(this);
+ return FALSE;
+ }
+ *code = ec;
+ }
+ process_destroy(this);
+ return TRUE;
+}
+
+/**
+ * Append a command line argument to buf, optionally quoted
+ */
+static void append_arg(char *buf, u_int len, char *arg, char *quote)
+{
+ char *space = "";
+ int current;
+
+ current = strlen(buf);
+ if (current)
+ {
+ space = " ";
+ }
+ snprintf(buf + current, len - current, "%s%s%s%s", space, quote, arg, quote);
+}
+
+/**
+ * Append a null-terminate env string to buf
+ */
+static void append_env(char *buf, u_int len, char *env)
+{
+ char *pos = buf;
+ int current;
+
+ while (TRUE)
+ {
+ pos += strlen(pos);
+ if (!pos[1])
+ {
+ if (pos == buf)
+ {
+ current = 0;
+ }
+ else
+ {
+ current = pos - buf + 1;
+ }
+ snprintf(buf + current, len - current, "%s", env);
+ break;
+ }
+ pos++;
+ }
+}
+
+/**
+ * See header
+ */
+process_t* process_start(char *const argv[], char *const envp[],
+ int *in, int *out, int *err, bool close_all)
+{
+ private_process_t *this;
+ char arg[32768], env[32768];
+ SECURITY_ATTRIBUTES sa = {
+ .nLength = sizeof(SECURITY_ATTRIBUTES),
+ .bInheritHandle = TRUE,
+ };
+ STARTUPINFO sui = {
+ .cb = sizeof(STARTUPINFO),
+ };
+ int i;
+
+ memset(arg, 0, sizeof(arg));
+ memset(env, 0, sizeof(env));
+
+ for (i = 0; argv[i]; i++)
+ {
+ if (!strchr(argv[i], ' '))
+ { /* no spaces, fine for appending */
+ append_arg(arg, sizeof(arg) - 1, argv[i], "");
+ }
+ else if (argv[i][0] == '"' &&
+ argv[i][strlen(argv[i]) - 1] == '"' &&
+ strchr(argv[i] + 1, '"') == argv[i] + strlen(argv[i]) - 1)
+ { /* already properly quoted */
+ append_arg(arg, sizeof(arg) - 1, argv[i], "");
+ }
+ else if (strchr(argv[i], ' ') && !strchr(argv[i], '"'))
+ { /* spaces, but no quotes; append quoted */
+ append_arg(arg, sizeof(arg) - 1, argv[i], "\"");
+ }
+ else
+ {
+ DBG1(DBG_LIB, "invalid command line argument: %s", argv[i]);
+ return NULL;
+ }
+ }
+ if (envp)
+ {
+ for (i = 0; envp[i]; i++)
+ {
+ append_env(env, sizeof(env) - 1, envp[i]);
+ }
+ }
+
+ INIT(this,
+ .public = {
+ .wait = _wait_,
+ },
+ );
+
+ if (in)
+ {
+ sui.dwFlags = STARTF_USESTDHANDLES;
+ if (!CreatePipe(&this->in[PIPE_READ], &this->in[PIPE_WRITE], &sa, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ if (!SetHandleInformation(this->in[PIPE_WRITE], HANDLE_FLAG_INHERIT, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ sui.hStdInput = this->in[PIPE_READ];
+ *in = _open_osfhandle((uintptr_t)this->in[PIPE_WRITE], 0);
+ if (*in == -1)
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ }
+ if (out)
+ {
+ sui.dwFlags = STARTF_USESTDHANDLES;
+ if (!CreatePipe(&this->out[PIPE_READ], &this->out[PIPE_WRITE], &sa, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ if (!SetHandleInformation(this->out[PIPE_READ], HANDLE_FLAG_INHERIT, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ sui.hStdOutput = this->out[PIPE_WRITE];
+ *out = _open_osfhandle((uintptr_t)this->out[PIPE_READ], 0);
+ if (*out == -1)
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ }
+ if (err)
+ {
+ sui.dwFlags = STARTF_USESTDHANDLES;
+ if (!CreatePipe(&this->err[PIPE_READ], &this->err[PIPE_WRITE], &sa, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ if (!SetHandleInformation(this->err[PIPE_READ], HANDLE_FLAG_INHERIT, 0))
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ sui.hStdError = this->err[PIPE_WRITE];
+ *err = _open_osfhandle((uintptr_t)this->err[PIPE_READ], 0);
+ if (*err == -1)
+ {
+ process_destroy(this);
+ return NULL;
+ }
+ }
+
+ if (!CreateProcess(argv[0], arg, NULL, NULL, TRUE,
+ NORMAL_PRIORITY_CLASS, env, NULL, &sui, &this->pi))
+ {
+ DBG1(DBG_LIB, "creating process '%s' failed: 0x%08x",
+ argv[0], GetLastError());
+ process_destroy(this);
+ return NULL;
+ }
+
+ /* close child process end of pipes */
+ if (this->in[PIPE_READ])
+ {
+ CloseHandle(this->in[PIPE_READ]);
+ this->in[PIPE_READ] = NULL;
+ }
+ if (this->out[PIPE_WRITE])
+ {
+ CloseHandle(this->out[PIPE_WRITE]);
+ this->out[PIPE_WRITE] = NULL;
+ }
+ if (this->err[PIPE_WRITE])
+ {
+ CloseHandle(this->err[PIPE_WRITE]);
+ this->err[PIPE_WRITE] = NULL;
+ }
+ /* our side gets closed over the osf_handle closed by caller */
+ this->in[PIPE_WRITE] = NULL;
+ this->out[PIPE_READ] = NULL;
+ this->err[PIPE_READ] = NULL;
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+process_t* process_start_shell(char *const envp[], int *in, int *out, int *err,
+ char *fmt, ...)
+{
+ char path[MAX_PATH], *exe = "system32\\cmd.exe";
+ char *argv[] = {
+ path,
+ "/C",
+ NULL,
+ NULL
+ };
+ process_t *process;
+ va_list args;
+ int len;
+
+ len = GetSystemWindowsDirectory(path, sizeof(path));
+ if (len == 0 || len >= sizeof(path) - strlen(exe))
+ {
+ DBG1(DBG_LIB, "resolving Windows directory failed: 0x%08x",
+ GetLastError());
+ return NULL;
+ }
+ if (path[len + 1] != '\\')
+ {
+ strncat(path, "\\", sizeof(path) - len++);
+ }
+ strncat(path, exe, sizeof(path) - len);
+
+ va_start(args, fmt);
+ len = vasprintf(&argv[2], fmt, args);
+ va_end(args);
+ if (len < 0)
+ {
+ return NULL;
+ }
+
+ process = process_start(argv, envp, in, out, err, TRUE);
+ free(argv[2]);
+ return process;
+}
+
+#endif /* WIN32 */
diff --git a/src/libstrongswan/utils/process.h b/src/libstrongswan/utils/process.h
new file mode 100644
index 0000000..8171920
--- /dev/null
+++ b/src/libstrongswan/utils/process.h
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup process process
+ * @{ @ingroup utils
+ */
+
+#ifndef PROCESS_H_
+#define PROCESS_H_
+
+#include <utils/utils.h>
+
+typedef struct process_t process_t;
+
+/**
+ * Child process spawning abstraction
+ */
+struct process_t {
+
+ /**
+ * Wait for a started process to terminate.
+ *
+ * The process object gets destroyed by this call, regardless of the
+ * return value.
+ *
+ * The returned code is the exit code, not the status returned by waitpid().
+ * If the program could not be executed or has terminated abnormally
+ * (by signals etc.), FALSE is returned.
+ *
+ * @param code process exit code, set only if TRUE returned
+ * @return TRUE if program exited normally through exit()
+ */
+ bool (*wait)(process_t *this, int *code);
+};
+
+/**
+ * Spawn a child process with redirected I/O.
+ *
+ * Forks the current process, optionally redirects stdin/out/err to the current
+ * process, and executes the provided program with arguments.
+ *
+ * The process to execute is specified as argv[0], followed by the process
+ * arguments, followed by NULL. envp[] has a NULL terminated list of arguments
+ * to invoke the process with.
+ *
+ * If any of in/out/err is given, stdin/out/err from the child process get
+ * connected over pipe()s to the caller. If close_all is TRUE, all other
+ * open file descriptors get closed, regardless of any CLOEXEC setting.
+ *
+ * A caller must close all of the returned file descriptors to avoid file
+ * descriptor leaks.
+ *
+ * A non-NULL return value does not guarantee that the process has been
+ * invoked successfully.
+ *
+ * @param argv NULL terminated process arguments, with argv[0] as program
+ * @param envp NULL terminated list of environment variables
+ * @param in pipe fd returned for redirecting data to child stdin
+ * @param out pipe fd returned to redirect child stdout data to
+ * @param err pipe fd returned to redirect child stderr data to
+ * @param close_all close all open file descriptors above 2 before execve()
+ * @return process, NULL on failure
+ */
+process_t* process_start(char *const argv[], char *const envp[],
+ int *in, int *out, int *err, bool close_all);
+
+/**
+ * Spawn a command in a shell child process.
+ *
+ * Same as process_start(), but passes a single command to a shell, such as
+ * "sh -c". See process_start() for I/O redirection notes.
+ *
+ * @param envp NULL terminated list of environment variables
+ * @param in pipe fd returned for redirecting data to child stdin
+ * @param out pipe fd returned to redirect child stdout data to
+ * @param err pipe fd returned to redirect child stderr data to
+ * @param fmt printf format string for command
+ * @param ... arguments for fmt
+ * @return process, NULL on failure
+ */
+process_t* process_start_shell(char *const envp[], int *in, int *out, int *err,
+ char *fmt, ...);
+
+#endif /** PROCESS_H_ @}*/
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index 1b822dd..da253cc 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -60,6 +60,20 @@
#define BUF_LEN 512
/**
+ * Build assertion macro for integer expressions, evaluates to 0
+ */
+#define BUILD_ASSERT(x) (sizeof(char[(x) ? 0 : -1]))
+
+/**
+ * Build time check to assert a is an array, evaluates to 0
+ *
+ * The address of an array element has a pointer type, which is not compatible
+ * to the array type.
+ */
+#define BUILD_ASSERT_ARRAY(a) \
+ BUILD_ASSERT(!__builtin_types_compatible_p(typeof(a), typeof(&(a)[0])))
+
+/**
* General purpose boolean type.
*/
#ifdef HAVE_STDBOOL_H
@@ -342,7 +356,8 @@ static inline void *memset_noop(void *s, int c, size_t n)
/**
* Get the number of elements in an array
*/
-#define countof(array) (sizeof(array)/sizeof(array[0]))
+#define countof(array) (sizeof(array)/sizeof((array)[0]) \
+ + BUILD_ASSERT_ARRAY(array))
/**
* Ignore result of functions tagged with warn_unused_result attributes
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 85f13d0..426d8bc 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -284,6 +284,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -344,6 +345,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -409,6 +411,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -456,6 +460,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in
index bbc3649..2e44fb4 100644
--- a/src/libtls/tests/Makefile.in
+++ b/src/libtls/tests/Makefile.in
@@ -229,6 +229,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -289,6 +290,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -354,6 +356,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -401,6 +405,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtls/tls_aead.c b/src/libtls/tls_aead.c
index 1d0779d..67cfd3a 100644
--- a/src/libtls/tls_aead.c
+++ b/src/libtls/tls_aead.c
@@ -82,6 +82,7 @@ METHOD(tls_aead_t, encrypt, bool,
assoc = chunk_from_thing(hdr);
if (!this->aead->encrypt(this->aead, plain, assoc, iv, NULL))
{
+ chunk_free(&encrypted);
return FALSE;
}
chunk_free(data);
diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c
index 5e4d33e..80b0db3 100644
--- a/src/libtls/tls_aead_expl.c
+++ b/src/libtls/tls_aead_expl.c
@@ -91,7 +91,6 @@ METHOD(tls_aead_t, encrypt, bool,
/* encrypt inline */
if (!this->crypter->encrypt(this->crypter, *data, iv, NULL))
{
- free(data->ptr);
return FALSE;
}
/* prepend IV */
@@ -106,6 +105,7 @@ METHOD(tls_aead_t, decrypt, bool,
chunk_t assoc, mac, iv;
u_int8_t bs, padlen;
sigheader_t hdr;
+ size_t i;
iv.len = this->crypter->get_iv_size(this->crypter);
if (data->len < iv.len)
@@ -126,6 +126,13 @@ METHOD(tls_aead_t, decrypt, bool,
padlen = data->ptr[data->len - 1];
if (padlen < data->len)
{ /* If padding looks valid, remove it */
+ for (i = data->len - padlen - 1; i < data->len - 1; i++)
+ {
+ if (data->ptr[i] != padlen)
+ {
+ return FALSE;
+ }
+ }
data->len -= padlen + 1;
}
diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c
index fb14026..d529ceb 100644
--- a/src/libtls/tls_aead_impl.c
+++ b/src/libtls/tls_aead_impl.c
@@ -100,6 +100,7 @@ METHOD(tls_aead_t, decrypt, bool,
chunk_t assoc, mac, iv;
u_int8_t bs, padlen;
sigheader_t hdr;
+ size_t i;
bs = this->crypter->get_block_size(this->crypter);
if (data->len < bs || data->len < this->iv.len || data->len % bs)
@@ -116,6 +117,13 @@ METHOD(tls_aead_t, decrypt, bool,
padlen = data->ptr[data->len - 1];
if (padlen < data->len)
{ /* If padding looks valid, remove it */
+ for (i = data->len - padlen - 1; i < data->len - 1; i++)
+ {
+ if (data->ptr[i] != padlen)
+ {
+ return FALSE;
+ }
+ }
data->len -= padlen + 1;
}
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index d3c0196..b0bfdf2 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -289,6 +289,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -349,6 +350,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -414,6 +416,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -461,6 +465,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index 3ba06f9..2b76aab 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index 97c05c1..06e7b04 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -238,6 +238,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -298,6 +299,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -363,6 +365,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -410,6 +414,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index adbbf6c..8910fe7 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index 92f3b08..ea6ac55 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -247,6 +247,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -307,6 +308,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -372,6 +374,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -419,6 +423,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index 230440b..90c8047 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -248,6 +248,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -308,6 +309,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -373,6 +375,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -420,6 +424,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index ee3f72d..6a03df9 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -237,6 +237,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -297,6 +298,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -362,6 +364,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -409,6 +413,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index ee54a68..efa06b9 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -199,6 +199,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -259,6 +260,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -324,6 +326,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -371,6 +375,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index 0057526..79ee9c7 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -251,6 +251,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -311,6 +312,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -376,6 +378,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -423,6 +427,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index a895b02..3de9153 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -240,6 +240,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -300,6 +301,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -365,6 +367,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -412,6 +416,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 8349a77..5f7a1bc 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -249,6 +249,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -309,6 +310,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -374,6 +376,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -421,6 +425,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index 4c0efd5..c288015 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -187,6 +187,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -247,6 +248,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -312,6 +314,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -359,6 +363,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index 54a1a84..4f753a0 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -234,6 +234,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -294,6 +295,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -359,6 +361,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -406,6 +410,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index efbba98..7ee25c0 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -204,6 +204,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -264,6 +265,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -329,6 +331,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -376,6 +380,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index 8b41ae2..a8d45b5 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -227,7 +227,7 @@ static void init()
options = options_create();
lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features,
- countof(features), TRUE);
+ countof(features), TRUE, NULL, NULL);
if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS)))
{
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 27a6b82..6a947ef 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -231,6 +231,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -291,6 +292,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -356,6 +358,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -403,6 +407,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 8beb47c..88d362f 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -277,6 +277,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -337,6 +338,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -402,6 +404,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -449,6 +453,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 17dca66..de9099a 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -658,6 +658,7 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg,
static void confread_free_ca(starter_ca_t *ca)
{
free_args(KW_CA_NAME, KW_CA_LAST, (char *)ca);
+ free(ca);
}
/*
@@ -668,6 +669,7 @@ static void confread_free_conn(starter_conn_t *conn)
free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left);
free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right);
free_args(KW_CONN_NAME, KW_CONN_LAST, (char *)conn);
+ free(conn);
}
/*
@@ -686,7 +688,6 @@ void confread_free(starter_config_t *cfg)
conn = conn->next;
confread_free_conn(conn_aux);
- free(conn_aux);
}
while (ca != NULL)
@@ -695,7 +696,6 @@ void confread_free(starter_config_t *cfg)
ca = ca->next;
confread_free_ca(ca_aux);
- free(ca_aux);
}
free(cfg);
@@ -746,6 +746,9 @@ starter_config_t* confread_load(const char *file)
if (cfg->err > previous_err)
{
+ total_err = cfg->err - previous_err;
+ DBG1(DBG_APP, "# ignored ca '%s' due to %d parsing error%s", name,
+ total_err, (total_err > 1) ? "s" : "");
confread_free_ca(ca);
cfg->non_fatal_err += cfg->err - previous_err;
cfg->err = previous_err;
@@ -784,6 +787,9 @@ starter_config_t* confread_load(const char *file)
if (cfg->err > previous_err)
{
+ total_err = cfg->err - previous_err;
+ DBG1(DBG_APP, "# ignored conn '%s' due to %d parsing error%s", name,
+ total_err, (total_err > 1) ? "s" : "");
confread_free_conn(conn);
cfg->non_fatal_err += cfg->err - previous_err;
cfg->err = previous_err;
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index d981f6c..5d95305 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -201,6 +201,15 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb)
default:
/* father */
_charon_pid = pid;
+ while (attach_gdb)
+ {
+ /* wait indefinitely if gdb is attached */
+ usleep(10000);
+ if (stat(pid_file, &stb) == 0)
+ {
+ return 0;
+ }
+ }
for (i = 0; i < 500 && _charon_pid; i++)
{
/* wait for charon for a maximum of 500 x 20 ms = 10 s */
diff --git a/src/starter/starter.c b/src/starter/starter.c
index ef57808..74b5b52 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -261,10 +261,14 @@ static void fatal_signal_handler(int signal)
#ifdef GENERATE_SELFCERT
static void generate_selfcert()
{
+ const char *secrets_file;
struct stat stb;
+ secrets_file = lib->settings->get_str(lib->settings,
+ "charon.plugins.stroke.secrets_file", SECRETS_FILE);
+
/* if ipsec.secrets file is missing then generate RSA default key pair */
- if (stat(SECRETS_FILE, &stb) != 0)
+ if (stat(secrets_file, &stb) != 0)
{
mode_t oldmask;
FILE *f;
@@ -302,7 +306,7 @@ static void generate_selfcert()
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
- f = fopen(SECRETS_FILE, "w");
+ f = fopen(secrets_file, "w");
if (f)
{
fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
@@ -310,7 +314,7 @@ static void generate_selfcert()
fprintf(f, ": RSA myKey.der\n");
fclose(f);
}
- ignore_result(chown(SECRETS_FILE, uid, gid));
+ ignore_result(chown(secrets_file, uid, gid));
umask(oldmask);
}
}
@@ -485,7 +489,8 @@ int main (int argc, char **argv)
}
if (!config_file)
{
- config_file = CONFIG_FILE;
+ config_file = lib->settings->get_str(lib->settings,
+ "starter.config_file", CONFIG_FILE);
}
init_log("ipsec_starter");
@@ -612,7 +617,6 @@ int main (int argc, char **argv)
int fnull;
close_log();
- closefrom(3);
fnull = open("/dev/null", O_RDWR);
if (fnull >= 0)
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index c72f23e..d42a0d2 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -229,6 +229,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -289,6 +290,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -354,6 +356,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -401,6 +405,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 1741b64..9c041df 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -203,6 +203,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -263,6 +264,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -328,6 +330,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -375,6 +379,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index 385737a..b84d705 100644
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -10,12 +10,14 @@ swanctl_SOURCES = \
commands/list_conns.c \
commands/list_certs.c \
commands/list_pools.c \
- commands/load_conns.c \
- commands/load_creds.c \
- commands/load_pools.c \
+ commands/load_all.c \
+ commands/load_conns.c commands/load_conns.h \
+ commands/load_creds.c commands/load_creds.h \
+ commands/load_pools.c commands/load_pools.h \
commands/log.c \
commands/version.c \
commands/stats.c \
+ commands/reload_settings.c \
swanctl.c swanctl.h
swanctl_LDADD = \
@@ -44,7 +46,7 @@ CLEANFILES = $(man_MANS)
swanctl.conf.5.main: swanctl.opt
$(AM_V_GEN) \
- $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man $< > $(srcdir)/$@
+ $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man swanctl.opt > $(srcdir)/$@
swanctl.conf.5: swanctl.conf.5.head swanctl.conf.5.main swanctl.conf.5.tail
$(AM_V_GEN) \
@@ -54,7 +56,7 @@ maintainer-clean-local:
cd $(srcdir) && rm -f swanctl.conf swanctl.conf.5.main
install-data-local: swanctl.conf
- test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)"
+ test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true
test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true
test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true
test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true
diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in
index 1491597..649e6d8 100644
--- a/src/swanctl/Makefile.in
+++ b/src/swanctl/Makefile.in
@@ -108,10 +108,11 @@ am_swanctl_OBJECTS = command.$(OBJEXT) commands/initiate.$(OBJEXT) \
commands/terminate.$(OBJEXT) commands/install.$(OBJEXT) \
commands/list_sas.$(OBJEXT) commands/list_pols.$(OBJEXT) \
commands/list_conns.$(OBJEXT) commands/list_certs.$(OBJEXT) \
- commands/list_pools.$(OBJEXT) commands/load_conns.$(OBJEXT) \
- commands/load_creds.$(OBJEXT) commands/load_pools.$(OBJEXT) \
- commands/log.$(OBJEXT) commands/version.$(OBJEXT) \
- commands/stats.$(OBJEXT) swanctl.$(OBJEXT)
+ commands/list_pools.$(OBJEXT) commands/load_all.$(OBJEXT) \
+ commands/load_conns.$(OBJEXT) commands/load_creds.$(OBJEXT) \
+ commands/load_pools.$(OBJEXT) commands/log.$(OBJEXT) \
+ commands/version.$(OBJEXT) commands/stats.$(OBJEXT) \
+ commands/reload_settings.$(OBJEXT) swanctl.$(OBJEXT)
swanctl_OBJECTS = $(am_swanctl_OBJECTS)
swanctl_DEPENDENCIES = \
$(top_builddir)/src/libcharon/plugins/vici/libvici.la \
@@ -243,6 +244,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -303,6 +305,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -368,6 +371,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -415,6 +420,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
@@ -434,12 +443,14 @@ swanctl_SOURCES = \
commands/list_conns.c \
commands/list_certs.c \
commands/list_pools.c \
- commands/load_conns.c \
- commands/load_creds.c \
- commands/load_pools.c \
+ commands/load_all.c \
+ commands/load_conns.c commands/load_conns.h \
+ commands/load_creds.c commands/load_creds.h \
+ commands/load_pools.c commands/load_pools.h \
commands/log.c \
commands/version.c \
commands/stats.c \
+ commands/reload_settings.c \
swanctl.c swanctl.h
swanctl_LDADD = \
@@ -571,6 +582,8 @@ commands/list_certs.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/list_pools.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
+commands/load_all.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
commands/load_conns.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/load_creds.$(OBJEXT): commands/$(am__dirstamp) \
@@ -583,6 +596,8 @@ commands/version.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
commands/stats.$(OBJEXT): commands/$(am__dirstamp) \
commands/$(DEPDIR)/$(am__dirstamp)
+commands/reload_settings.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
swanctl$(EXEEXT): $(swanctl_OBJECTS) $(swanctl_DEPENDENCIES) $(EXTRA_swanctl_DEPENDENCIES)
@rm -f swanctl$(EXEEXT)
@@ -604,10 +619,12 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/list_pols.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/list_pools.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/list_sas.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/load_all.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/load_conns.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/load_creds.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/load_pools.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/log.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/reload_settings.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/stats.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/terminate.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at commands/$(DEPDIR)/version.Po at am__quote@
@@ -955,7 +972,7 @@ swanctl.o : $(top_builddir)/config.status
swanctl.conf.5.main: swanctl.opt
$(AM_V_GEN) \
- $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man $< > $(srcdir)/$@
+ $(PYTHON) $(top_srcdir)/conf/format-options.py -n -f man swanctl.opt > $(srcdir)/$@
swanctl.conf.5: swanctl.conf.5.head swanctl.conf.5.main swanctl.conf.5.tail
$(AM_V_GEN) \
@@ -965,7 +982,7 @@ maintainer-clean-local:
cd $(srcdir) && rm -f swanctl.conf swanctl.conf.5.main
install-data-local: swanctl.conf
- test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)"
+ test -e "$(DESTDIR)$(swanctldir)" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)" || true
test -e "$(DESTDIR)$(swanctldir)/x509" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509" || true
test -e "$(DESTDIR)$(swanctldir)/x509ca" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ca" || true
test -e "$(DESTDIR)$(swanctldir)/x509aa" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509aa" || true
diff --git a/src/swanctl/command.c b/src/swanctl/command.c
index e488273..1c079ec 100644
--- a/src/swanctl/command.c
+++ b/src/swanctl/command.c
@@ -220,7 +220,7 @@ int command_usage(char *error, ...)
{
for (i = 0; i < MAX_COMMANDS && cmds[i].cmd; i++)
{
- fprintf(out, " swanctl --%-10s (-%c) %s\n",
+ fprintf(out, " swanctl --%-15s (-%c) %s\n",
cmds[i].cmd, cmds[i].op, cmds[i].description);
}
}
@@ -267,9 +267,10 @@ static int call_command(command_t *cmd)
conn = vici_connect(uri);
if (!conn)
{
+ ret = errno;
command_usage("connecting to '%s' URI failed: %s",
uri ?: "default", strerror(errno));
- return errno;
+ return ret;
}
ret = cmd->call(conn);
vici_disconnect(conn);
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index 8510fa4..2d78a24 100644
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -27,7 +27,7 @@
/**
* Maximum number of commands (+1).
*/
-#define MAX_COMMANDS 16
+#define MAX_COMMANDS 18
/**
* Maximum number of options in a command (+3)
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
index 080dc41..eb7b6ad 100644
--- a/src/swanctl/commands/initiate.c
+++ b/src/swanctl/commands/initiate.c
@@ -71,8 +71,9 @@ static int initiate(vici_conn_t *conn)
if (vici_register(conn, "control-log", log_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("initiate");
if (child)
@@ -87,8 +88,9 @@ static int initiate(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "initiate request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/install.c b/src/swanctl/commands/install.c
index e8727d5..59c5c24 100644
--- a/src/swanctl/commands/install.c
+++ b/src/swanctl/commands/install.c
@@ -55,8 +55,9 @@ static int manage_policy(vici_conn_t *conn, char *label)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "%s request failed: %s\n", label, strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_certs.c b/src/swanctl/commands/list_certs.c
index bee5fda..ecb6528 100644
--- a/src/swanctl/commands/list_certs.c
+++ b/src/swanctl/commands/list_certs.c
@@ -590,6 +590,7 @@ static int list_certs(vici_conn_t *conn)
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *subject = NULL, *type = NULL;
+ int ret;
while (TRUE)
{
@@ -621,9 +622,10 @@ static int list_certs(vici_conn_t *conn)
}
if (vici_register(conn, "list-cert", list_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for certificates failed: %s\n",
strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("list-certs");
if (type)
@@ -637,8 +639,9 @@ static int list_certs(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "list-certs request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index ec5da4b..31ab9c4 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -183,6 +183,7 @@ static int list_conns(vici_conn_t *conn)
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg;
+ int ret;
while (TRUE)
{
@@ -205,16 +206,18 @@ static int list_conns(vici_conn_t *conn)
}
if (vici_register(conn, "list-conn", list_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for connections failed: %s\n",
strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("list-conns");
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "list-conns request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_pols.c b/src/swanctl/commands/list_pols.c
index 2317b25..f2ae221 100644
--- a/src/swanctl/commands/list_pols.c
+++ b/src/swanctl/commands/list_pols.c
@@ -116,6 +116,7 @@ static int list_pols(vici_conn_t *conn)
bool trap = FALSE, drop = FALSE, pass = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL;
+ int ret;
while (TRUE)
{
@@ -154,9 +155,10 @@ static int list_pols(vici_conn_t *conn)
}
if (vici_register(conn, "list-policy", list_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for policies failed: %s\n",
strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("list-policies");
if (child)
@@ -178,8 +180,9 @@ static int list_pols(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "list-policies request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_pools.c b/src/swanctl/commands/list_pools.c
index 17ea539..1557716 100644
--- a/src/swanctl/commands/list_pools.c
+++ b/src/swanctl/commands/list_pools.c
@@ -68,8 +68,9 @@ static int list_pools(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "get-pools request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index 80c279c..35e7469 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -283,7 +283,7 @@ static int list_sas(vici_conn_t *conn)
bool noblock = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *ike = NULL;
- int ike_id = 0;
+ int ike_id = 0, ret;
while (TRUE)
{
@@ -315,8 +315,9 @@ static int list_sas(vici_conn_t *conn)
}
if (vici_register(conn, "list-sa", list_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for SAs failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("list-sas");
if (ike)
@@ -334,8 +335,9 @@ static int list_sas(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "list-sas request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
new file mode 100644
index 0000000..f47fee5
--- /dev/null
+++ b/src/swanctl/commands/load_all.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "command.h"
+#include "swanctl.h"
+#include "load_creds.h"
+#include "load_pools.h"
+#include "load_conns.h"
+
+static int load_all(vici_conn_t *conn)
+{
+ bool clear = FALSE, noprompt = FALSE;
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ int ret = 0;
+ char *arg;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'c':
+ clear = TRUE;
+ continue;
+ case 'n':
+ noprompt = TRUE;
+ continue;
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-all option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ if (ret == 0)
+ {
+ ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
+ }
+ if (ret == 0)
+ {
+ ret = load_pools_cfg(conn, format, cfg);
+ }
+ if (ret == 0)
+ {
+ ret = load_conns_cfg(conn, format, cfg);
+ }
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+ command_register((command_t) {
+ load_all, 'q', "load-all", "load credentials, pools and connections",
+ {"[--raw|--pretty] [--clear] [--noprompt]"},
+ {
+ {"help", 'h', 0, "show usage information"},
+ {"clear", 'c', 0, "clear previously loaded credentials"},
+ {"noprompt", 'n', 0, "do not prompt for passwords"},
+ {"raw", 'r', 0, "dump raw response message"},
+ {"pretty", 'P', 0, "dump raw response message in pretty print"},
+ }
+ });
+}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index 7383f7a..de30d8e 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -20,6 +20,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_conns.h"
/**
* Check if we should handle a key as a list of comma separated values
@@ -319,41 +320,16 @@ static bool unload_conn(vici_conn_t *conn, char *name,
return ret;
}
-static int load_conns(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg)
{
u_int found = 0, loaded = 0, unloaded = 0;
- command_format_options_t format = COMMAND_FORMAT_NONE;
- char *arg, *section;
+ char *section;
enumerator_t *enumerator;
linked_list_t *conns;
- settings_t *cfg;
-
- while (TRUE)
- {
- switch (command_getopt(&arg))
- {
- case 'h':
- return command_usage(NULL);
- case 'P':
- format |= COMMAND_FORMAT_PRETTY;
- /* fall through to raw */
- case 'r':
- format |= COMMAND_FORMAT_RAW;
- continue;
- case EOF:
- break;
- default:
- return command_usage("invalid --load-conns option");
- }
- break;
- }
-
- cfg = settings_create(SWANCTL_CONF);
- if (!cfg)
- {
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
- return EINVAL;
- }
conns = list_conns(conn, format);
@@ -369,8 +345,6 @@ static int load_conns(vici_conn_t *conn)
}
enumerator->destroy(enumerator);
- cfg->destroy(cfg);
-
/* unload all connection in daemon, but not in file */
while (conns->remove_first(conns, (void**)§ion) == SUCCESS)
{
@@ -402,6 +376,47 @@ static int load_conns(vici_conn_t *conn)
return EINVAL;
}
+static int load_conns(vici_conn_t *conn)
+{
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ char *arg;
+ int ret;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-conns option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ ret = load_conns_cfg(conn, format, cfg);
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
/**
* Register the command.
*/
diff --git a/src/swanctl/commands/load_conns.h b/src/swanctl/commands/load_conns.h
new file mode 100644
index 0000000..1e7abde
--- /dev/null
+++ b/src/swanctl/commands/load_conns.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all connections from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ */
+int load_conns_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg);
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index f77084c..86ee3c1 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -21,6 +21,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_creds.h"
#include <credentials/sets/mem_cred.h>
#include <credentials/sets/callback_cred.h>
@@ -484,13 +485,50 @@ static bool clear_creds(vici_conn_t *conn, command_format_options_t format)
return TRUE;
}
+/**
+ * See header.
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg, bool clear, bool noprompt)
+{
+ enumerator_t *enumerator;
+ char *section;
+
+ if (clear)
+ {
+ if (!clear_creds(conn, format))
+ {
+ return ECONNREFUSED;
+ }
+ }
+
+ load_certs(conn, format, "x509", SWANCTL_X509DIR);
+ load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
+ load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
+ load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
+ load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
+
+ load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
+ load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
+ load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
+
+ enumerator = cfg->create_section_enumerator(cfg, "secrets");
+ while (enumerator->enumerate(enumerator, §ion))
+ {
+ load_secret(conn, cfg, section, format);
+ }
+ enumerator->destroy(enumerator);
+
+ return 0;
+}
+
static int load_creds(vici_conn_t *conn)
{
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
- enumerator_t *enumerator;
settings_t *cfg;
- char *arg, *section;
+ char *arg;
+ int ret;
while (TRUE)
{
@@ -518,14 +556,6 @@ static int load_creds(vici_conn_t *conn)
break;
}
- if (clear)
- {
- if (!clear_creds(conn, format))
- {
- return ECONNREFUSED;
- }
- }
-
cfg = settings_create(SWANCTL_CONF);
if (!cfg)
{
@@ -533,26 +563,11 @@ static int load_creds(vici_conn_t *conn)
return EINVAL;
}
- load_certs(conn, format, "x509", SWANCTL_X509DIR);
- load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
- load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
- load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
- load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
-
- load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
- load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
- load_keys(conn, format, noprompt, cfg, "any", SWANCTL_PKCS8DIR);
-
- enumerator = cfg->create_section_enumerator(cfg, "secrets");
- while (enumerator->enumerate(enumerator, §ion))
- {
- load_secret(conn, cfg, section, format);
- }
- enumerator->destroy(enumerator);
+ ret = load_creds_cfg(conn, format, cfg, clear, noprompt);
cfg->destroy(cfg);
- return 0;
+ return ret;
}
/**
@@ -562,7 +577,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
load_creds, 's', "load-creds", "(re-)load credentials",
- {"[--raw|--pretty]"},
+ {"[--raw|--pretty] [--clear] [--noprompt]"},
{
{"help", 'h', 0, "show usage information"},
{"clear", 'c', 0, "clear previously loaded credentials"},
diff --git a/src/swanctl/commands/load_creds.h b/src/swanctl/commands/load_creds.h
new file mode 100644
index 0000000..7f689ad
--- /dev/null
+++ b/src/swanctl/commands/load_creds.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all credentials from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ * @param clear TRUE to clear existing credentials
+ * @param noprompt TRUE to skip any password prompt
+ */
+int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg, bool clear, bool noprompt);
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index 0ec56cc..d7fbd13 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -20,6 +20,7 @@
#include "command.h"
#include "swanctl.h"
+#include "load_pools.h"
/**
* Add a vici list from a comma separated string value
@@ -192,41 +193,16 @@ static bool unload_pool(vici_conn_t *conn, char *name,
return ret;
}
-static int load_pools(vici_conn_t *conn)
+/**
+ * See header.
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg)
{
- command_format_options_t format = COMMAND_FORMAT_NONE;
u_int found = 0, loaded = 0, unloaded = 0;
- char *arg, *section;
+ char *section;
enumerator_t *enumerator;
linked_list_t *pools;
- settings_t *cfg;
-
- while (TRUE)
- {
- switch (command_getopt(&arg))
- {
- case 'h':
- return command_usage(NULL);
- case 'P':
- format |= COMMAND_FORMAT_PRETTY;
- /* fall through to raw */
- case 'r':
- format |= COMMAND_FORMAT_RAW;
- continue;
- case EOF:
- break;
- default:
- return command_usage("invalid --load-pools option");
- }
- break;
- }
-
- cfg = settings_create(SWANCTL_CONF);
- if (!cfg)
- {
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
- return EINVAL;
- }
pools = list_pools(conn, format);
@@ -242,8 +218,6 @@ static int load_pools(vici_conn_t *conn)
}
enumerator->destroy(enumerator);
- cfg->destroy(cfg);
-
/* unload all pools in daemon, but not in file */
while (pools->remove_first(pools, (void**)§ion) == SUCCESS)
{
@@ -275,6 +249,47 @@ static int load_pools(vici_conn_t *conn)
return EINVAL;
}
+static int load_pools(vici_conn_t *conn)
+{
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+ settings_t *cfg;
+ char *arg;
+ int ret;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --load-pools option");
+ }
+ break;
+ }
+
+ cfg = settings_create(SWANCTL_CONF);
+ if (!cfg)
+ {
+ fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ return EINVAL;
+ }
+
+ ret = load_pools_cfg(conn, format, cfg);
+
+ cfg->destroy(cfg);
+
+ return ret;
+}
+
/**
* Register the command.
*/
@@ -282,7 +297,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
load_pools, 'a', "load-pools", "(re-)load pool configuration",
- {"[--raw|--pretty"},
+ {"[--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
diff --git a/src/swanctl/commands/load_pools.h b/src/swanctl/commands/load_pools.h
new file mode 100644
index 0000000..f424db9
--- /dev/null
+++ b/src/swanctl/commands/load_pools.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+/**
+ * Load all pool definitions from configuration file
+ *
+ * @param conn vici connection to load to
+ * @param format output format
+ * @param cfg configuration to load from
+ */
+int load_pools_cfg(vici_conn_t *conn, command_format_options_t format,
+ settings_t *cfg);
diff --git a/src/swanctl/commands/log.c b/src/swanctl/commands/log.c
index 99ba328..d7082bf 100644
--- a/src/swanctl/commands/log.c
+++ b/src/swanctl/commands/log.c
@@ -50,6 +50,7 @@ static int logcmd(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg;
+ int ret;
while (TRUE)
{
@@ -73,8 +74,9 @@ static int logcmd(vici_conn_t *conn)
if (vici_register(conn, "log", log_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
wait_sigint();
diff --git a/src/swanctl/commands/reload_settings.c b/src/swanctl/commands/reload_settings.c
new file mode 100644
index 0000000..efad130
--- /dev/null
+++ b/src/swanctl/commands/reload_settings.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "command.h"
+
+#include <errno.h>
+
+static int reload_settings(vici_conn_t *conn)
+{
+ vici_req_t *req;
+ vici_res_t *res;
+ char *arg;
+ int ret = 0;
+ command_format_options_t format = COMMAND_FORMAT_NONE;
+
+ while (TRUE)
+ {
+ switch (command_getopt(&arg))
+ {
+ case 'h':
+ return command_usage(NULL);
+ case 'P':
+ format |= COMMAND_FORMAT_PRETTY;
+ /* fall through to raw */
+ case 'r':
+ format |= COMMAND_FORMAT_RAW;
+ continue;
+ case EOF:
+ break;
+ default:
+ return command_usage("invalid --reload-settings option");
+ }
+ break;
+ }
+
+ req = vici_begin("reload-settings");
+ res = vici_submit(req, conn);
+ if (!res)
+ {
+ ret = errno;
+ fprintf(stderr, "reload-settings request failed: %s\n", strerror(errno));
+ return ret;
+ }
+ if (format & COMMAND_FORMAT_RAW)
+ {
+ vici_dump(res, "reload-settings reply",
+ format & COMMAND_FORMAT_PRETTY, stdout);
+ }
+ else
+ {
+ if (!streq(vici_find_str(res, "no", "success"), "yes"))
+ {
+ fprintf(stderr, "reload-settings failed: %s\n",
+ vici_find_str(res, "", "errmsg"));
+ ret = 1;
+ }
+ }
+ vici_free_res(res);
+ return ret;
+}
+
+/**
+ * Register the command.
+ */
+static void __attribute__ ((constructor))reg()
+{
+ command_register((command_t) {
+ reload_settings, 'r', "reload-settings", "reload daemon strongswan.conf",
+ {"[--raw|--pretty]"},
+ {
+ {"help", 'h', 0, "show usage information"},
+ {"raw", 'r', 0, "dump raw response message"},
+ {"pretty", 'P', 0, "dump raw response message in pretty print"},
+ }
+ });
+}
diff --git a/src/swanctl/commands/stats.c b/src/swanctl/commands/stats.c
index b5425f5..a28ca83 100644
--- a/src/swanctl/commands/stats.c
+++ b/src/swanctl/commands/stats.c
@@ -23,6 +23,7 @@ static int stats(vici_conn_t *conn)
vici_res_t *res;
char *arg;
command_format_options_t format = COMMAND_FORMAT_NONE;
+ int ret;
while (TRUE)
{
@@ -48,8 +49,9 @@ static int stats(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "stats request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c
index 689ba4d..8b3233c 100644
--- a/src/swanctl/commands/terminate.c
+++ b/src/swanctl/commands/terminate.c
@@ -80,8 +80,9 @@ static int terminate(vici_conn_t *conn)
if (vici_register(conn, "control-log", log_cb, &format) != 0)
{
+ ret = errno;
fprintf(stderr, "registering for log failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
req = vici_begin("terminate");
if (child)
@@ -108,8 +109,9 @@ static int terminate(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "terminate request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/commands/version.c b/src/swanctl/commands/version.c
index 4f24a0f..0c499e4 100644
--- a/src/swanctl/commands/version.c
+++ b/src/swanctl/commands/version.c
@@ -24,6 +24,7 @@ static int version(vici_conn_t *conn)
char *arg;
bool daemon = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
+ int ret;
while (TRUE)
{
@@ -58,8 +59,9 @@ static int version(vici_conn_t *conn)
res = vici_submit(req, conn);
if (!res)
{
+ ret = errno;
fprintf(stderr, "version request failed: %s\n", strerror(errno));
- return errno;
+ return ret;
}
if (format & COMMAND_FORMAT_RAW)
{
diff --git a/src/swanctl/swanctl.8.in b/src/swanctl/swanctl.8.in
index d7abae6..543c10a 100644
--- a/src/swanctl/swanctl.8.in
+++ b/src/swanctl/swanctl.8.in
@@ -62,6 +62,9 @@ list stored certificates
.B "\-A, \-\-list\-pools"
list loaded pool configurations
.TP
+.B "\-q, \-\-load\-all"
+(re\-)load credentials, pools and connections
+.TP
.B "\-c, \-\-load\-conns"
(re\-)load connection configuration
.TP
@@ -74,6 +77,12 @@ list loaded pool configurations
.B "\-T, \-\-log"
trace logging output
.TP
+.B "\-S, \-\-stats"
+show daemon infos and statistics
+.TP
+.B "\-r, \-\-reload-settings"
+reload strongswan.conf(5) configuration
+.TP
.B "\-v, \-\-version"
show daemon version information
.TP
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf
index 8cff81f..0808cf5 100644
--- a/src/swanctl/swanctl.conf
+++ b/src/swanctl/swanctl.conf
@@ -49,7 +49,7 @@
# Send certificate requests payloads (yes or no).
# send_certreq = yes
- # Send certificate payloads (yes, no or ifasked).
+ # Send certificate payloads (always, never or ifasked).
# send_cert = ifasked
# Number of retransmission sequences to perform during initial connect.
@@ -113,7 +113,7 @@
# Comma separated list of CA certificates to accept for
# authentication.
- # cacert =
+ # cacerts =
# Certificate revocation policy, (strict, ifuri or relaxed).
# revocation = relaxed
diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main
index 3d0b0e8..8943b62 100644
--- a/src/swanctl/swanctl.conf.5.main
+++ b/src/swanctl/swanctl.conf.5.main
@@ -181,11 +181,12 @@ default of
.RI "" "ifasked" ""
the daemon sends certificate payloads only if certificate
requests have been received.
-.RI "" "no" ""
-disables sending of certificate payloads,
-.RI "" "yes" ""
-always sends certificate payloads whenever certificate authentication is
-used.
+.RI "" "never" ""
+disables sending of certificate payloads
+altogether,
+.RI "" "always" ""
+causes certificate payloads to be sent unconditionally
+whenever certificate authentication is used.
.TP
.BR connections.<conn>.keyingtries " [1]"
@@ -221,6 +222,14 @@ To compare connections for uniqueness, the remote IKE identity is used. If EAP
or XAuth authentication is involved, the EAP\-Identity or XAuth username is used
to enforce the uniqueness policy instead.
+On initiators this setting specifies whether an INITIAL_CONTACT notify is sent
+during IKE_AUTH if no existing connection is found with the remote peer
+(determined by the identities of the first authentication round). Only if set to
+.RI "" "keep" ""
+or
+.RI "" "replace" ""
+will the client send a notify.
+
.TP
.BR connections.<conn>.reauth_time " [0s]"
Time to schedule IKE reauthentication. IKE reauthentication recreates the
@@ -409,7 +418,7 @@ directory, or
an absolute path.
.TP
-.BR connections.<conn>.remote<suffix>.cacert " []"
+.BR connections.<conn>.remote<suffix>.cacerts " []"
Comma separated list of CA certificates to accept for authentication. The
certificates may use a relative path from the
.RB "" "swanctl" ""
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index e136ffb..f1e47a9 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -161,13 +161,13 @@ connections.<conn>.send_certreq = yes
of the initial IKE packets.
connections.<conn>.send_cert = ifasked
- Send certificate payloads (_yes_, _no_ or _ifasked_).
+ Send certificate payloads (_always_, _never_ or _ifasked_).
Send certificate payloads when using certificate authentication. With the
default of _ifasked_ the daemon sends certificate payloads only if
- certificate requests have been received. _no_ disables sending of
- certificate payloads, _yes_ always sends certificate payloads whenever
- certificate authentication is used.
+ certificate requests have been received. _never_ disables sending of
+ certificate payloads altogether, _always_ causes certificate payloads to be
+ sent unconditionally whenever certificate authentication is used.
connections.<conn>.keyingtries = 1
Number of retransmission sequences to perform during initial connect.
@@ -194,6 +194,11 @@ connections.<conn>.unique = no
EAP or XAuth authentication is involved, the EAP-Identity or XAuth username
is used to enforce the uniqueness policy instead.
+ On initiators this setting specifies whether an INITIAL_CONTACT notify is
+ sent during IKE_AUTH if no existing connection is found with the remote
+ peer (determined by the identities of the first authentication round).
+ Only if set to _keep_ or _replace_ will the client send a notify.
+
connections.<conn>.reauth_time = 0s
Time to schedule IKE reauthentication.
@@ -349,7 +354,7 @@ connections.<conn>.remote<suffix>.certs =
The certificates may use a relative path from the **swanctl** _x509_
directory, or an absolute path.
-connections.<conn>.remote<suffix>.cacert =
+connections.<conn>.remote<suffix>.cacerts =
Comma separated list of CA certificates to accept for authentication.
Comma separated list of CA certificates to accept for authentication.
diff --git a/testing/Makefile.in b/testing/Makefile.in
index ced07a4..c151a87 100644
--- a/testing/Makefile.in
+++ b/testing/Makefile.in
@@ -148,6 +148,7 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GEM = @GEM@
GENHTML = @GENHTML@
GPERF = @GPERF@
GPRBUILD = @GPRBUILD@
@@ -208,6 +209,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
RUBYINCLUDE = @RUBYINCLUDE@
RUBYLIB = @RUBYLIB@
SED = @SED@
@@ -273,6 +275,8 @@ ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
libdir = @libdir@
libexecdir = @libexecdir@
linux_headers = @linux_headers@
@@ -320,6 +324,10 @@ strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
target_alias = @target_alias@
diff --git a/testing/config/kernel/config-3.16 b/testing/config/kernel/config-3.16
new file mode 100644
index 0000000..cd4c956
--- /dev/null
+++ b/testing/config/kernel/config-3.16
@@ -0,0 +1,2097 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/x86 3.16.1 Kernel Configuration
+#
+CONFIG_64BIT=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_INSTRUCTION_DECODER=y
+CONFIG_OUTPUT_FORMAT="elf64-x86-64"
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_LATENCYTOP_SUPPORT=y
+CONFIG_MMU=y
+CONFIG_NEED_DMA_MAP_STATE=y
+CONFIG_NEED_SG_DMA_LENGTH=y
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
+CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
+CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
+CONFIG_ZONE_DMA32=y
+CONFIG_AUDIT_ARCH=y
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
+CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
+CONFIG_ARCH_SUPPORTS_UPROBES=y
+CONFIG_FIX_EARLYCON_MEM=y
+CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
+
+#
+# General setup
+#
+CONFIG_BROKEN_ON_SMP=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+CONFIG_CROSS_COMPILE=""
+# CONFIG_COMPILE_TEST is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
+CONFIG_HAVE_KERNEL_GZIP=y
+CONFIG_HAVE_KERNEL_BZIP2=y
+CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
+CONFIG_HAVE_KERNEL_LZO=y
+CONFIG_HAVE_KERNEL_LZ4=y
+CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
+# CONFIG_KERNEL_XZ is not set
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+CONFIG_CROSS_MEMORY_ATTACH=y
+# CONFIG_FHANDLE is not set
+CONFIG_USELIB=y
+# CONFIG_AUDIT is not set
+CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_GENERIC_IRQ_LEGACY_ALLOC_HWIRQ=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_ARCH_CLOCKSOURCE_DATA=y
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+# CONFIG_TASKSTATS is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_TINY_RCU=y
+# CONFIG_PREEMPT_RCU is not set
+# CONFIG_RCU_STALL_COMMON is not set
+# CONFIG_TREE_RCU_TRACE is not set
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y
+# CONFIG_CGROUPS is not set
+# CONFIG_CHECKPOINT_RESTORE is not set
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_USER_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+# CONFIG_SCHED_AUTOGROUP is not set
+# CONFIG_SYSFS_DEPRECATED is not set
+# CONFIG_RELAY is not set
+# CONFIG_BLK_DEV_INITRD is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+# CONFIG_EXPERT is not set
+CONFIG_SGETMASK_SYSCALL=y
+CONFIG_SYSFS_SYSCALL=y
+# CONFIG_SYSCTL_SYSCALL is not set
+CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
+CONFIG_PRINTK=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_PCI_QUIRKS=y
+# CONFIG_EMBEDDED is not set
+CONFIG_HAVE_PERF_EVENTS=y
+
+#
+# Kernel Performance Events And Counters
+#
+CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_COMPAT_BRK=y
+CONFIG_SLAB=y
+# CONFIG_SLUB is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_OPROFILE_NMI_TIMER=y
+# CONFIG_JUMP_LABEL is not set
+# CONFIG_UPROBES is not set
+# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_OPTPROBES=y
+CONFIG_HAVE_KPROBES_ON_FTRACE=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_DMA_API_DEBUG=y
+CONFIG_HAVE_HW_BREAKPOINT=y
+CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
+CONFIG_HAVE_USER_RETURN_NOTIFIER=y
+CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_PERF_REGS=y
+CONFIG_HAVE_PERF_USER_STACK_DUMP=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
+CONFIG_HAVE_CMPXCHG_LOCAL=y
+CONFIG_HAVE_CMPXCHG_DOUBLE=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_HAVE_CC_STACKPROTECTOR=y
+CONFIG_CC_STACKPROTECTOR=y
+# CONFIG_CC_STACKPROTECTOR_NONE is not set
+CONFIG_CC_STACKPROTECTOR_REGULAR=y
+# CONFIG_CC_STACKPROTECTOR_STRONG is not set
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
+CONFIG_HAVE_ARCH_SOFT_DIRTY=y
+CONFIG_MODULES_USE_ELF_RELA=y
+CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
+
+#
+# GCOV-based kernel profiling
+#
+# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
+CONFIG_SLABINFO=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+# CONFIG_MODULES is not set
+CONFIG_BLOCK=y
+# CONFIG_BLK_DEV_BSG is not set
+# CONFIG_BLK_DEV_BSGLIB is not set
+# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_CMDLINE_PARSER is not set
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_EFI_PARTITION=y
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_DEADLINE=y
+CONFIG_IOSCHED_CFQ=y
+# CONFIG_DEFAULT_DEADLINE is not set
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
+CONFIG_ARCH_USE_QUEUE_RWLOCK=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_ZONE_DMA=y
+# CONFIG_SMP is not set
+CONFIG_X86_MPPARSE=y
+CONFIG_X86_EXTENDED_PLATFORM=y
+# CONFIG_X86_GOLDFISH is not set
+# CONFIG_X86_INTEL_LPSS is not set
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+# CONFIG_HYPERVISOR_GUEST is not set
+CONFIG_NO_BOOTMEM=y
+# CONFIG_MEMTEST is not set
+# CONFIG_MK8 is not set
+# CONFIG_MPSC is not set
+CONFIG_MCORE2=y
+# CONFIG_MATOM is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_INTERNODE_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_USE_PPRO_CHECKSUM=y
+CONFIG_X86_P6_NOP=y
+CONFIG_X86_TSC=y
+CONFIG_X86_CMPXCHG64=y
+CONFIG_X86_CMOV=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=64
+CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR=y
+CONFIG_HPET_TIMER=y
+CONFIG_DMI=y
+CONFIG_GART_IOMMU=y
+# CONFIG_CALGARY_IOMMU is not set
+CONFIG_SWIOTLB=y
+CONFIG_IOMMU_HELPER=y
+CONFIG_NR_CPUS=1
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
+# CONFIG_I8K is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_MICROCODE_INTEL_EARLY is not set
+# CONFIG_MICROCODE_AMD_EARLY is not set
+# CONFIG_X86_MSR is not set
+# CONFIG_X86_CPUID is not set
+CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
+CONFIG_ARCH_DMA_ADDR_T_64BIT=y
+CONFIG_DIRECT_GBPAGES=y
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_ARCH_MEMORY_PROBE=y
+CONFIG_ARCH_PROC_KCORE_TEXT=y
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_SPARSEMEM_MANUAL=y
+CONFIG_SPARSEMEM=y
+CONFIG_HAVE_MEMORY_PRESENT=y
+CONFIG_SPARSEMEM_EXTREME=y
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
+CONFIG_SPARSEMEM_VMEMMAP=y
+CONFIG_HAVE_MEMBLOCK=y
+CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_ARCH_DISCARD_MEMBLOCK=y
+CONFIG_MEMORY_ISOLATION=y
+CONFIG_HAVE_BOOTMEM_INFO_NODE=y
+CONFIG_MEMORY_HOTPLUG=y
+CONFIG_MEMORY_HOTPLUG_SPARSE=y
+CONFIG_MEMORY_HOTREMOVE=y
+CONFIG_PAGEFLAGS_EXTENDED=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
+# CONFIG_COMPACTION is not set
+CONFIG_MIGRATION=y
+CONFIG_PHYS_ADDR_T_64BIT=y
+CONFIG_ZONE_DMA_FLAG=1
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+# CONFIG_KSM is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+# CONFIG_TRANSPARENT_HUGEPAGE is not set
+CONFIG_NEED_PER_CPU_KM=y
+# CONFIG_CLEANCACHE is not set
+# CONFIG_FRONTSWAP is not set
+# CONFIG_CMA is not set
+# CONFIG_ZBUD is not set
+# CONFIG_ZSMALLOC is not set
+CONFIG_GENERIC_EARLY_IOREMAP=y
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW=64
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+CONFIG_X86_PAT=y
+CONFIG_ARCH_USES_PG_UNCACHED=y
+CONFIG_ARCH_RANDOM=y
+CONFIG_X86_SMAP=y
+# CONFIG_EFI is not set
+CONFIG_SECCOMP=y
+# CONFIG_HZ_100 is not set
+CONFIG_HZ_250=y
+# CONFIG_HZ_300 is not set
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=250
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x1000000
+CONFIG_RELOCATABLE=y
+# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_PM_SLEEP=y
+# CONFIG_PM_AUTOSLEEP is not set
+# CONFIG_PM_WAKELOCKS is not set
+# CONFIG_PM_RUNTIME is not set
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_SLEEP=y
+# CONFIG_ACPI_PROCFS_POWER is not set
+# CONFIG_ACPI_EC_DEBUGFS is not set
+CONFIG_ACPI_AC=y
+CONFIG_ACPI_BATTERY=y
+CONFIG_ACPI_BUTTON=y
+CONFIG_ACPI_FAN=y
+# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_PROCESSOR=y
+# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
+CONFIG_ACPI_THERMAL=y
+# CONFIG_ACPI_CUSTOM_DSDT is not set
+# CONFIG_ACPI_DEBUG is not set
+# CONFIG_ACPI_PCI_SLOT is not set
+CONFIG_X86_PM_TIMER=y
+# CONFIG_ACPI_CONTAINER is not set
+# CONFIG_ACPI_HOTPLUG_MEMORY is not set
+# CONFIG_ACPI_SBS is not set
+# CONFIG_ACPI_HED is not set
+# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
+# CONFIG_ACPI_APEI is not set
+# CONFIG_SFI is not set
+
+#
+# CPU Frequency scaling
+#
+# CONFIG_CPU_FREQ is not set
+
+#
+# CPU Idle
+#
+CONFIG_CPU_IDLE=y
+# CONFIG_CPU_IDLE_MULTIPLE_DRIVERS is not set
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
+# CONFIG_INTEL_IDLE is not set
+
+#
+# Memory power savings
+#
+# CONFIG_I7300_IDLE is not set
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+CONFIG_PCI_DIRECT=y
+# CONFIG_PCI_MMCONFIG is not set
+CONFIG_PCI_DOMAINS=y
+# CONFIG_PCIEPORTBUS is not set
+CONFIG_PCI_MSI=y
+# CONFIG_PCI_DEBUG is not set
+# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
+# CONFIG_PCI_STUB is not set
+CONFIG_HT_IRQ=y
+# CONFIG_PCI_IOV is not set
+# CONFIG_PCI_PRI is not set
+# CONFIG_PCI_PASID is not set
+# CONFIG_PCI_IOAPIC is not set
+CONFIG_PCI_LABEL=y
+
+#
+# PCI host controller drivers
+#
+CONFIG_ISA_DMA_API=y
+CONFIG_AMD_NB=y
+# CONFIG_PCCARD is not set
+# CONFIG_HOTPLUG_PCI is not set
+# CONFIG_RAPIDIO is not set
+# CONFIG_X86_SYSFB is not set
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_HAVE_AOUT is not set
+# CONFIG_BINFMT_MISC is not set
+CONFIG_COREDUMP=y
+# CONFIG_IA32_EMULATION is not set
+CONFIG_X86_DEV_DMA_OPS=y
+CONFIG_IOSF_MBI=y
+CONFIG_NET=y
+
+#
+# Networking options
+#
+CONFIG_PACKET=y
+# CONFIG_PACKET_DIAG is not set
+CONFIG_UNIX=y
+# CONFIG_UNIX_DIAG is not set
+CONFIG_XFRM=y
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_XFRM_STATISTICS=y
+CONFIG_XFRM_IPCOMP=y
+CONFIG_NET_KEY=y
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+# CONFIG_IP_MULTICAST is not set
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_MULTIPLE_TABLES=y
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+# CONFIG_IP_PNP is not set
+# CONFIG_NET_IPIP is not set
+# CONFIG_NET_IPGRE_DEMUX is not set
+CONFIG_NET_IP_TUNNEL=y
+# CONFIG_SYN_COOKIES is not set
+# CONFIG_NET_IPVTI is not set
+CONFIG_INET_AH=y
+CONFIG_INET_ESP=y
+CONFIG_INET_IPCOMP=y
+CONFIG_INET_XFRM_TUNNEL=y
+CONFIG_INET_TUNNEL=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=y
+CONFIG_INET_XFRM_MODE_TUNNEL=y
+CONFIG_INET_XFRM_MODE_BEET=y
+# CONFIG_INET_LRO is not set
+CONFIG_INET_DIAG=y
+CONFIG_INET_TCP_DIAG=y
+# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_DEFAULT_TCP_CONG="cubic"
+# CONFIG_TCP_MD5SIG is not set
+CONFIG_IPV6=y
+# CONFIG_IPV6_ROUTER_PREF is not set
+CONFIG_IPV6_OPTIMISTIC_DAD=y
+CONFIG_INET6_AH=y
+CONFIG_INET6_ESP=y
+CONFIG_INET6_IPCOMP=y
+CONFIG_IPV6_MIP6=y
+CONFIG_INET6_XFRM_TUNNEL=y
+CONFIG_INET6_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_TRANSPORT=y
+CONFIG_INET6_XFRM_MODE_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_BEET=y
+# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
+# CONFIG_IPV6_VTI is not set
+# CONFIG_IPV6_SIT is not set
+CONFIG_IPV6_TUNNEL=y
+CONFIG_IPV6_GRE=y
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_NETWORK_SECMARK is not set
+# CONFIG_NET_PTP_CLASSIFY is not set
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+CONFIG_NETFILTER=y
+# CONFIG_NETFILTER_DEBUG is not set
+CONFIG_NETFILTER_ADVANCED=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_NETLINK=y
+# CONFIG_NETFILTER_NETLINK_ACCT is not set
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+# CONFIG_NF_CONNTRACK_TIMEOUT is not set
+# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+CONFIG_NF_CT_PROTO_UDPLITE=y
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+CONFIG_NF_CONNTRACK_SANE=y
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
+CONFIG_NF_CT_NETLINK=y
+# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+# CONFIG_NF_NAT_AMANDA is not set
+# CONFIG_NF_NAT_FTP is not set
+# CONFIG_NF_NAT_IRC is not set
+# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT_TFTP is not set
+# CONFIG_NF_TABLES is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
+# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
+# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+# CONFIG_NETFILTER_XT_MATCH_CPU is not set
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
+# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
+CONFIG_NETFILTER_XT_MATCH_L2TP=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+# CONFIG_NETFILTER_XT_MATCH_OSF is not set
+# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+# CONFIG_NETFILTER_XT_MATCH_TIME is not set
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+# CONFIG_IP_SET_HASH_IPMARK is not set
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
+# CONFIG_IP_SET_HASH_NETPORTNET is not set
+CONFIG_IP_SET_HASH_NET=y
+# CONFIG_IP_SET_HASH_NETNET is not set
+CONFIG_IP_SET_HASH_NETPORT=y
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+CONFIG_IP_SET_LIST_SET=y
+# CONFIG_IP_VS is not set
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+# CONFIG_IP_NF_MATCH_RPFILTER is not set
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+# CONFIG_IP_NF_TARGET_SYNPROXY is not set
+CONFIG_IP_NF_TARGET_ULOG=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+# CONFIG_NF_NAT_PPTP is not set
+# CONFIG_NF_NAT_H323 is not set
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+# CONFIG_IP6_NF_MATCH_RPFILTER is not set
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
+CONFIG_IP6_NF_FILTER=y
+CONFIG_IP6_NF_TARGET_REJECT=y
+# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
+CONFIG_IP6_NF_MANGLE=y
+CONFIG_IP6_NF_RAW=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_IP6_NF_TARGET_MASQUERADE=y
+CONFIG_IP6_NF_TARGET_NPT=y
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_RDS is not set
+# CONFIG_TIPC is not set
+# CONFIG_ATM is not set
+CONFIG_L2TP=y
+# CONFIG_L2TP_V3 is not set
+# CONFIG_BRIDGE is not set
+CONFIG_HAVE_NET_DSA=y
+# CONFIG_VLAN_8021Q is not set
+# CONFIG_DECNET is not set
+# CONFIG_LLC2 is not set
+# CONFIG_IPX is not set
+# CONFIG_ATALK is not set
+# CONFIG_X25 is not set
+# CONFIG_LAPB is not set
+# CONFIG_PHONET is not set
+# CONFIG_IEEE802154 is not set
+# CONFIG_NET_SCHED is not set
+# CONFIG_DCB is not set
+# CONFIG_BATMAN_ADV is not set
+# CONFIG_OPENVSWITCH is not set
+# CONFIG_VSOCKETS is not set
+# CONFIG_NETLINK_MMAP is not set
+# CONFIG_NETLINK_DIAG is not set
+# CONFIG_NET_MPLS_GSO is not set
+# CONFIG_HSR is not set
+CONFIG_NET_RX_BUSY_POLL=y
+CONFIG_BQL=y
+
+#
+# Network testing
+#
+# CONFIG_NET_PKTGEN is not set
+# CONFIG_HAMRADIO is not set
+# CONFIG_CAN is not set
+# CONFIG_IRDA is not set
+# CONFIG_BT is not set
+# CONFIG_AF_RXRPC is not set
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+# CONFIG_CFG80211 is not set
+# CONFIG_LIB80211 is not set
+
+#
+# CFG80211 needs to be enabled for MAC80211
+#
+# CONFIG_WIMAX is not set
+# CONFIG_RFKILL is not set
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+# CONFIG_NET_9P_DEBUG is not set
+# CONFIG_CAIF is not set
+# CONFIG_CEPH_LIB is not set
+# CONFIG_NFC is not set
+CONFIG_HAVE_BPF_JIT=y
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER=y
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+# CONFIG_DEVTMPFS is not set
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
+CONFIG_FW_LOADER=y
+CONFIG_FIRMWARE_IN_KERNEL=y
+CONFIG_EXTRA_FIRMWARE=""
+CONFIG_FW_LOADER_USER_HELPER=y
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_SYS_HYPERVISOR is not set
+# CONFIG_GENERIC_CPU_DEVICES is not set
+CONFIG_GENERIC_CPU_AUTOPROBE=y
+# CONFIG_DMA_SHARED_BUFFER is not set
+
+#
+# Bus devices
+#
+# CONFIG_CONNECTOR is not set
+# CONFIG_MTD is not set
+CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+# CONFIG_PARPORT is not set
+CONFIG_PNP=y
+CONFIG_PNP_DEBUG_MESSAGES=y
+
+#
+# Protocols
+#
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+# CONFIG_BLK_DEV_NULL_BLK is not set
+# CONFIG_BLK_DEV_FD is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
+# CONFIG_BLK_CPQ_CISS_DA is not set
+# CONFIG_BLK_DEV_DAC960 is not set
+# CONFIG_BLK_DEV_UMEM is not set
+# CONFIG_BLK_DEV_COW_COMMON is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+# CONFIG_BLK_DEV_DRBD is not set
+CONFIG_BLK_DEV_NBD=y
+# CONFIG_BLK_DEV_NVME is not set
+# CONFIG_BLK_DEV_SKD is not set
+# CONFIG_BLK_DEV_SX8 is not set
+# CONFIG_BLK_DEV_RAM is not set
+# CONFIG_CDROM_PKTCDVD is not set
+# CONFIG_ATA_OVER_ETH is not set
+CONFIG_VIRTIO_BLK=y
+# CONFIG_BLK_DEV_HD is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BLK_DEV_RSXX is not set
+
+#
+# Misc devices
+#
+# CONFIG_SENSORS_LIS3LV02D is not set
+# CONFIG_DUMMY_IRQ is not set
+# CONFIG_IBM_ASM is not set
+# CONFIG_PHANTOM is not set
+# CONFIG_SGI_IOC4 is not set
+# CONFIG_TIFM_CORE is not set
+# CONFIG_ENCLOSURE_SERVICES is not set
+# CONFIG_HP_ILO is not set
+# CONFIG_SRAM is not set
+# CONFIG_C2PORT is not set
+
+#
+# EEPROM support
+#
+# CONFIG_EEPROM_93CX6 is not set
+# CONFIG_CB710_CORE is not set
+
+#
+# Texas Instruments shared transport line discipline
+#
+
+#
+# Altera FPGA firmware download module
+#
+# CONFIG_VMWARE_VMCI is not set
+
+#
+# Intel MIC Host Driver
+#
+# CONFIG_INTEL_MIC_HOST is not set
+
+#
+# Intel MIC Card Driver
+#
+# CONFIG_INTEL_MIC_CARD is not set
+# CONFIG_GENWQE is not set
+# CONFIG_ECHO is not set
+CONFIG_HAVE_IDE=y
+# CONFIG_IDE is not set
+
+#
+# SCSI device support
+#
+CONFIG_SCSI_MOD=y
+# CONFIG_RAID_ATTRS is not set
+# CONFIG_SCSI is not set
+# CONFIG_SCSI_DMA is not set
+# CONFIG_SCSI_NETLINK is not set
+# CONFIG_ATA is not set
+# CONFIG_MD is not set
+# CONFIG_FUSION is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+# CONFIG_FIREWIRE is not set
+# CONFIG_FIREWIRE_NOSY is not set
+# CONFIG_I2O is not set
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+# CONFIG_BONDING is not set
+CONFIG_DUMMY=y
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_TEAM is not set
+# CONFIG_MACVLAN is not set
+# CONFIG_VXLAN is not set
+# CONFIG_NETCONSOLE is not set
+# CONFIG_NETPOLL is not set
+# CONFIG_NET_POLL_CONTROLLER is not set
+CONFIG_TUN=y
+# CONFIG_VETH is not set
+CONFIG_VIRTIO_NET=y
+# CONFIG_NLMON is not set
+# CONFIG_ARCNET is not set
+
+#
+# CAIF transport drivers
+#
+# CONFIG_VHOST_NET is not set
+
+#
+# Distributed Switch Architecture drivers
+#
+# CONFIG_NET_DSA_MV88E6XXX is not set
+# CONFIG_NET_DSA_MV88E6060 is not set
+# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
+# CONFIG_NET_DSA_MV88E6131 is not set
+# CONFIG_NET_DSA_MV88E6123_61_65 is not set
+CONFIG_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_VORTEX is not set
+# CONFIG_TYPHOON is not set
+CONFIG_NET_VENDOR_ADAPTEC=y
+# CONFIG_ADAPTEC_STARFIRE is not set
+CONFIG_NET_VENDOR_ALTEON=y
+# CONFIG_ACENIC is not set
+# CONFIG_ALTERA_TSE is not set
+CONFIG_NET_VENDOR_AMD=y
+# CONFIG_AMD8111_ETH is not set
+# CONFIG_PCNET32 is not set
+# CONFIG_NET_VENDOR_ARC is not set
+CONFIG_NET_VENDOR_ATHEROS=y
+# CONFIG_ATL2 is not set
+# CONFIG_ATL1 is not set
+# CONFIG_ATL1E is not set
+# CONFIG_ATL1C is not set
+# CONFIG_ALX is not set
+CONFIG_NET_VENDOR_BROADCOM=y
+# CONFIG_B44 is not set
+# CONFIG_BNX2 is not set
+# CONFIG_CNIC is not set
+# CONFIG_TIGON3 is not set
+# CONFIG_BNX2X is not set
+CONFIG_NET_VENDOR_BROCADE=y
+# CONFIG_BNA is not set
+# CONFIG_NET_CALXEDA_XGMAC is not set
+CONFIG_NET_VENDOR_CHELSIO=y
+# CONFIG_CHELSIO_T1 is not set
+# CONFIG_CHELSIO_T3 is not set
+# CONFIG_CHELSIO_T4 is not set
+# CONFIG_CHELSIO_T4VF is not set
+CONFIG_NET_VENDOR_CISCO=y
+# CONFIG_ENIC is not set
+# CONFIG_CX_ECAT is not set
+# CONFIG_DNET is not set
+CONFIG_NET_VENDOR_DEC=y
+# CONFIG_NET_TULIP is not set
+CONFIG_NET_VENDOR_DLINK=y
+# CONFIG_DL2K is not set
+# CONFIG_SUNDANCE is not set
+CONFIG_NET_VENDOR_EMULEX=y
+# CONFIG_BE2NET is not set
+CONFIG_NET_VENDOR_EXAR=y
+# CONFIG_S2IO is not set
+# CONFIG_VXGE is not set
+CONFIG_NET_VENDOR_HP=y
+# CONFIG_HP100 is not set
+CONFIG_NET_VENDOR_INTEL=y
+# CONFIG_E100 is not set
+# CONFIG_E1000 is not set
+# CONFIG_E1000E is not set
+# CONFIG_IGB is not set
+# CONFIG_IGBVF is not set
+# CONFIG_IXGB is not set
+# CONFIG_IXGBE is not set
+# CONFIG_IXGBEVF is not set
+# CONFIG_I40E is not set
+# CONFIG_I40EVF is not set
+CONFIG_NET_VENDOR_I825XX=y
+# CONFIG_IP1000 is not set
+# CONFIG_JME is not set
+CONFIG_NET_VENDOR_MARVELL=y
+# CONFIG_MVMDIO is not set
+# CONFIG_SKGE is not set
+# CONFIG_SKY2 is not set
+CONFIG_NET_VENDOR_MELLANOX=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX4_CORE is not set
+# CONFIG_MLX5_CORE is not set
+CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8851_MLL is not set
+# CONFIG_KSZ884X_PCI is not set
+CONFIG_NET_VENDOR_MYRI=y
+# CONFIG_MYRI10GE is not set
+# CONFIG_FEALNX is not set
+CONFIG_NET_VENDOR_NATSEMI=y
+# CONFIG_NATSEMI is not set
+# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_8390=y
+# CONFIG_NE2K_PCI is not set
+CONFIG_NET_VENDOR_NVIDIA=y
+# CONFIG_FORCEDETH is not set
+CONFIG_NET_VENDOR_OKI=y
+# CONFIG_ETHOC is not set
+CONFIG_NET_PACKET_ENGINE=y
+# CONFIG_HAMACHI is not set
+# CONFIG_YELLOWFIN is not set
+CONFIG_NET_VENDOR_QLOGIC=y
+# CONFIG_QLA3XXX is not set
+# CONFIG_QLCNIC is not set
+# CONFIG_QLGE is not set
+# CONFIG_NETXEN_NIC is not set
+CONFIG_NET_VENDOR_REALTEK=y
+# CONFIG_8139CP is not set
+# CONFIG_8139TOO is not set
+# CONFIG_R8169 is not set
+# CONFIG_SH_ETH is not set
+CONFIG_NET_VENDOR_RDC=y
+# CONFIG_R6040 is not set
+CONFIG_NET_VENDOR_SAMSUNG=y
+# CONFIG_SXGBE_ETH is not set
+CONFIG_NET_VENDOR_SEEQ=y
+CONFIG_NET_VENDOR_SILAN=y
+# CONFIG_SC92031 is not set
+CONFIG_NET_VENDOR_SIS=y
+# CONFIG_SIS900 is not set
+# CONFIG_SIS190 is not set
+# CONFIG_SFC is not set
+CONFIG_NET_VENDOR_SMSC=y
+# CONFIG_EPIC100 is not set
+# CONFIG_SMSC911X is not set
+# CONFIG_SMSC9420 is not set
+CONFIG_NET_VENDOR_STMICRO=y
+# CONFIG_STMMAC_ETH is not set
+CONFIG_NET_VENDOR_SUN=y
+# CONFIG_HAPPYMEAL is not set
+# CONFIG_SUNGEM is not set
+# CONFIG_CASSINI is not set
+# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_TEHUTI=y
+# CONFIG_TEHUTI is not set
+CONFIG_NET_VENDOR_TI=y
+# CONFIG_TLAN is not set
+CONFIG_NET_VENDOR_VIA=y
+# CONFIG_VIA_RHINE is not set
+# CONFIG_VIA_VELOCITY is not set
+CONFIG_NET_VENDOR_WIZNET=y
+# CONFIG_WIZNET_W5100 is not set
+# CONFIG_WIZNET_W5300 is not set
+# CONFIG_FDDI is not set
+# CONFIG_HIPPI is not set
+# CONFIG_NET_SB1000 is not set
+# CONFIG_PHYLIB is not set
+# CONFIG_PPP is not set
+# CONFIG_SLIP is not set
+CONFIG_WLAN=y
+# CONFIG_PRISM54 is not set
+# CONFIG_HOSTAP is not set
+# CONFIG_WL_TI is not set
+
+#
+# Enable WiMAX (Networking options) to see the WiMAX drivers
+#
+# CONFIG_WAN is not set
+# CONFIG_VMXNET3 is not set
+# CONFIG_ISDN is not set
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
+# CONFIG_INPUT_SPARSEKMAP is not set
+# CONFIG_INPUT_MATRIXKMAP is not set
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_JOYDEV is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_EVBUG is not set
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=y
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_SENTELIC is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+# CONFIG_MOUSE_SERIAL is not set
+# CONFIG_MOUSE_APPLETOUCH is not set
+# CONFIG_MOUSE_BCM5974 is not set
+# CONFIG_MOUSE_VSXXXAA is not set
+# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_JOYSTICK is not set
+# CONFIG_INPUT_TABLET is not set
+# CONFIG_INPUT_TOUCHSCREEN is not set
+# CONFIG_INPUT_MISC is not set
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=y
+# CONFIG_SERIO_CT82C710 is not set
+# CONFIG_SERIO_PCIPS2 is not set
+CONFIG_SERIO_LIBPS2=y
+# CONFIG_SERIO_RAW is not set
+# CONFIG_SERIO_ALTERA_PS2 is not set
+# CONFIG_SERIO_PS2MULT is not set
+# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_GAMEPORT is not set
+
+#
+# Character devices
+#
+CONFIG_TTY=y
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_VT_CONSOLE_SLEEP=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_UNIX98_PTYS=y
+# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
+CONFIG_LEGACY_PTYS=y
+CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_SERIAL_NONSTANDARD is not set
+# CONFIG_NOZOMI is not set
+# CONFIG_N_GSM is not set
+# CONFIG_TRACE_SINK is not set
+CONFIG_DEVKMEM=y
+
+#
+# Serial drivers
+#
+# CONFIG_SERIAL_8250 is not set
+
+#
+# Non-8250 serial port support
+#
+# CONFIG_SERIAL_MFD_HSU is not set
+# CONFIG_SERIAL_JSM is not set
+# CONFIG_SERIAL_SCCNXP is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_ARC is not set
+# CONFIG_SERIAL_RP2 is not set
+# CONFIG_SERIAL_FSL_LPUART is not set
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+# CONFIG_IPMI_HANDLER is not set
+# CONFIG_HW_RANDOM is not set
+# CONFIG_NVRAM is not set
+# CONFIG_R3964 is not set
+# CONFIG_APPLICOM is not set
+# CONFIG_MWAVE is not set
+# CONFIG_RAW_DRIVER is not set
+# CONFIG_HPET is not set
+# CONFIG_HANGCHECK_TIMER is not set
+# CONFIG_TCG_TPM is not set
+# CONFIG_TELCLOCK is not set
+CONFIG_DEVPORT=y
+# CONFIG_I2C is not set
+# CONFIG_SPI is not set
+# CONFIG_SPMI is not set
+# CONFIG_HSI is not set
+
+#
+# PPS support
+#
+# CONFIG_PPS is not set
+
+#
+# PPS generators support
+#
+
+#
+# PTP clock support
+#
+# CONFIG_PTP_1588_CLOCK is not set
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
+# CONFIG_GPIOLIB is not set
+# CONFIG_W1 is not set
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+# CONFIG_PDA_POWER is not set
+# CONFIG_TEST_POWER is not set
+# CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
+# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_CHARGER_MAX8903 is not set
+# CONFIG_POWER_RESET is not set
+# CONFIG_POWER_AVS is not set
+CONFIG_HWMON=y
+# CONFIG_HWMON_VID is not set
+# CONFIG_HWMON_DEBUG_CHIP is not set
+
+#
+# Native drivers
+#
+# CONFIG_SENSORS_ABITUGURU is not set
+# CONFIG_SENSORS_ABITUGURU3 is not set
+# CONFIG_SENSORS_K8TEMP is not set
+# CONFIG_SENSORS_K10TEMP is not set
+# CONFIG_SENSORS_FAM15H_POWER is not set
+# CONFIG_SENSORS_APPLESMC is not set
+# CONFIG_SENSORS_I5K_AMB is not set
+# CONFIG_SENSORS_F71805F is not set
+# CONFIG_SENSORS_F71882FG is not set
+# CONFIG_SENSORS_CORETEMP is not set
+# CONFIG_SENSORS_IT87 is not set
+# CONFIG_SENSORS_MAX197 is not set
+# CONFIG_SENSORS_PC87360 is not set
+# CONFIG_SENSORS_PC87427 is not set
+# CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_NCT6683 is not set
+# CONFIG_SENSORS_NCT6775 is not set
+# CONFIG_SENSORS_SIS5595 is not set
+# CONFIG_SENSORS_SMSC47M1 is not set
+# CONFIG_SENSORS_SMSC47B397 is not set
+# CONFIG_SENSORS_SCH56XX_COMMON is not set
+# CONFIG_SENSORS_VIA_CPUTEMP is not set
+# CONFIG_SENSORS_VIA686A is not set
+# CONFIG_SENSORS_VT1211 is not set
+# CONFIG_SENSORS_VT8231 is not set
+# CONFIG_SENSORS_W83627HF is not set
+# CONFIG_SENSORS_W83627EHF is not set
+
+#
+# ACPI drivers
+#
+# CONFIG_SENSORS_ACPI_POWER is not set
+# CONFIG_SENSORS_ATK0110 is not set
+CONFIG_THERMAL=y
+CONFIG_THERMAL_HWMON=y
+CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
+# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
+CONFIG_THERMAL_GOV_STEP_WISE=y
+# CONFIG_THERMAL_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_EMULATION is not set
+# CONFIG_INTEL_POWERCLAMP is not set
+# CONFIG_ACPI_INT3403_THERMAL is not set
+# CONFIG_INTEL_SOC_DTS_THERMAL is not set
+
+#
+# Texas Instruments thermal drivers
+#
+# CONFIG_WATCHDOG is not set
+CONFIG_SSB_POSSIBLE=y
+
+#
+# Sonics Silicon Backplane
+#
+# CONFIG_SSB is not set
+CONFIG_BCMA_POSSIBLE=y
+
+#
+# Broadcom specific AMBA
+#
+# CONFIG_BCMA is not set
+
+#
+# Multifunction device drivers
+#
+# CONFIG_MFD_CORE is not set
+# CONFIG_MFD_CS5535 is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_HTC_PASIC3 is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_KEMPLD is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_TMIO is not set
+# CONFIG_MFD_VX855 is not set
+# CONFIG_REGULATOR is not set
+# CONFIG_MEDIA_SUPPORT is not set
+
+#
+# Graphics support
+#
+# CONFIG_AGP is not set
+CONFIG_VGA_ARB=y
+CONFIG_VGA_ARB_MAX_GPUS=16
+# CONFIG_VGA_SWITCHEROO is not set
+
+#
+# Direct Rendering Manager
+#
+# CONFIG_DRM is not set
+
+#
+# Frame buffer Devices
+#
+# CONFIG_FB is not set
+# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
+# CONFIG_VGASTATE is not set
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_SOUND=y
+# CONFIG_SOUND_OSS_CORE is not set
+# CONFIG_SND is not set
+# CONFIG_SOUND_PRIME is not set
+
+#
+# HID support
+#
+CONFIG_HID=y
+# CONFIG_HID_BATTERY_STRENGTH is not set
+# CONFIG_HIDRAW is not set
+# CONFIG_UHID is not set
+CONFIG_HID_GENERIC=y
+
+#
+# Special HID drivers
+#
+CONFIG_HID_A4TECH=y
+# CONFIG_HID_ACRUX is not set
+CONFIG_HID_APPLE=y
+# CONFIG_HID_AUREAL is not set
+CONFIG_HID_BELKIN=y
+CONFIG_HID_CHERRY=y
+CONFIG_HID_CHICONY=y
+CONFIG_HID_CYPRESS=y
+# CONFIG_HID_DRAGONRISE is not set
+# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
+CONFIG_HID_EZKEY=y
+# CONFIG_HID_KEYTOUCH is not set
+# CONFIG_HID_KYE is not set
+# CONFIG_HID_UCLOGIC is not set
+# CONFIG_HID_WALTOP is not set
+# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
+# CONFIG_HID_TWINHAN is not set
+CONFIG_HID_KENSINGTON=y
+# CONFIG_HID_LCPOWER is not set
+# CONFIG_HID_LENOVO_TPKBD is not set
+CONFIG_HID_LOGITECH=y
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+# CONFIG_LOGIG940_FF is not set
+# CONFIG_LOGIWHEELS_FF is not set
+# CONFIG_HID_MAGICMOUSE is not set
+CONFIG_HID_MICROSOFT=y
+CONFIG_HID_MONTEREY=y
+# CONFIG_HID_MULTITOUCH is not set
+# CONFIG_HID_ORTEK is not set
+# CONFIG_HID_PANTHERLORD is not set
+# CONFIG_HID_PETALYNX is not set
+# CONFIG_HID_PICOLCD is not set
+# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_SAITEK is not set
+# CONFIG_HID_SAMSUNG is not set
+# CONFIG_HID_SPEEDLINK is not set
+# CONFIG_HID_STEELSERIES is not set
+# CONFIG_HID_SUNPLUS is not set
+# CONFIG_HID_RMI is not set
+# CONFIG_HID_GREENASIA is not set
+# CONFIG_HID_SMARTJOYPLUS is not set
+# CONFIG_HID_TIVO is not set
+# CONFIG_HID_TOPSEED is not set
+# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_XINMO is not set
+# CONFIG_HID_ZEROPLUS is not set
+# CONFIG_HID_ZYDACRON is not set
+# CONFIG_HID_SENSOR_HUB is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+# CONFIG_USB is not set
+
+#
+# USB port drivers
+#
+
+#
+# USB Physical Layer drivers
+#
+# CONFIG_USB_PHY is not set
+# CONFIG_NOP_USB_XCEIV is not set
+# CONFIG_SAMSUNG_USB2PHY is not set
+# CONFIG_SAMSUNG_USB3PHY is not set
+# CONFIG_USB_GADGET is not set
+# CONFIG_UWB is not set
+# CONFIG_MMC is not set
+# CONFIG_MEMSTICK is not set
+# CONFIG_NEW_LEDS is not set
+# CONFIG_ACCESSIBILITY is not set
+# CONFIG_INFINIBAND is not set
+# CONFIG_EDAC is not set
+CONFIG_RTC_LIB=y
+# CONFIG_RTC_CLASS is not set
+# CONFIG_DMADEVICES is not set
+# CONFIG_AUXDISPLAY is not set
+# CONFIG_UIO is not set
+# CONFIG_VIRT_DRIVERS is not set
+CONFIG_VIRTIO=y
+
+#
+# Virtio drivers
+#
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_BALLOON=y
+CONFIG_VIRTIO_MMIO=y
+# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
+
+#
+# Microsoft Hyper-V guest support
+#
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACERHDF is not set
+# CONFIG_ASUS_LAPTOP is not set
+# CONFIG_DELL_SMO8800 is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_HP_WIRELESS is not set
+# CONFIG_THINKPAD_ACPI is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ACPI_WMI is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_PVPANIC is not set
+# CONFIG_CHROME_PLATFORMS is not set
+
+#
+# SOC (System On Chip) specific Drivers
+#
+
+#
+# Hardware Spinlock drivers
+#
+CONFIG_CLKEVT_I8253=y
+CONFIG_I8253_LOCK=y
+CONFIG_CLKBLD_I8253=y
+# CONFIG_SH_TIMER_CMT is not set
+# CONFIG_SH_TIMER_MTU2 is not set
+# CONFIG_SH_TIMER_TMU is not set
+# CONFIG_EM_TIMER_STI is not set
+# CONFIG_MAILBOX is not set
+CONFIG_IOMMU_SUPPORT=y
+# CONFIG_AMD_IOMMU is not set
+# CONFIG_INTEL_IOMMU is not set
+# CONFIG_IRQ_REMAP is not set
+
+#
+# Remoteproc drivers
+#
+# CONFIG_STE_MODEM_RPROC is not set
+
+#
+# Rpmsg drivers
+#
+# CONFIG_PM_DEVFREQ is not set
+# CONFIG_EXTCON is not set
+# CONFIG_MEMORY is not set
+# CONFIG_IIO is not set
+# CONFIG_NTB is not set
+# CONFIG_VME_BUS is not set
+# CONFIG_PWM is not set
+# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
+# CONFIG_FMC is not set
+
+#
+# PHY Subsystem
+#
+# CONFIG_GENERIC_PHY is not set
+# CONFIG_BCM_KONA_USB2_PHY is not set
+# CONFIG_PHY_SAMSUNG_USB2 is not set
+# CONFIG_POWERCAP is not set
+# CONFIG_MCB is not set
+
+#
+# Firmware Drivers
+#
+# CONFIG_EDD is not set
+CONFIG_FIRMWARE_MEMMAP=y
+# CONFIG_DELL_RBU is not set
+# CONFIG_DCDBAS is not set
+CONFIG_DMIID=y
+# CONFIG_DMI_SYSFS is not set
+CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
+# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# File systems
+#
+CONFIG_DCACHE_WORD_ACCESS=y
+CONFIG_EXT2_FS=y
+# CONFIG_EXT2_FS_XATTR is not set
+# CONFIG_EXT2_FS_XIP is not set
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
+# CONFIG_EXT3_FS_XATTR is not set
+# CONFIG_EXT4_FS is not set
+CONFIG_JBD=y
+CONFIG_REISERFS_FS=y
+# CONFIG_REISERFS_CHECK is not set
+# CONFIG_REISERFS_PROC_INFO is not set
+# CONFIG_REISERFS_FS_XATTR is not set
+# CONFIG_JFS_FS is not set
+# CONFIG_XFS_FS is not set
+# CONFIG_GFS2_FS is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_NILFS2_FS is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_FILE_LOCKING=y
+CONFIG_FSNOTIFY=y
+CONFIG_DNOTIFY=y
+CONFIG_INOTIFY_USER=y
+# CONFIG_FANOTIFY is not set
+CONFIG_QUOTA=y
+# CONFIG_QUOTA_NETLINK_INTERFACE is not set
+CONFIG_PRINT_QUOTA_WARNING=y
+# CONFIG_QUOTA_DEBUG is not set
+# CONFIG_QFMT_V1 is not set
+# CONFIG_QFMT_V2 is not set
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS4_FS=y
+# CONFIG_FUSE_FS is not set
+
+#
+# Caches
+#
+# CONFIG_FSCACHE is not set
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+# CONFIG_ZISOFS is not set
+# CONFIG_UDF_FS is not set
+
+#
+# DOS/FAT/NT Filesystems
+#
+# CONFIG_MSDOS_FS is not set
+# CONFIG_VFAT_FS is not set
+# CONFIG_NTFS_FS is not set
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_PROC_PAGE_MONITOR=y
+CONFIG_KERNFS=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_TMPFS_XATTR is not set
+# CONFIG_HUGETLBFS is not set
+# CONFIG_HUGETLB_PAGE is not set
+# CONFIG_CONFIGFS_FS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_LOGFS is not set
+# CONFIG_CRAMFS is not set
+# CONFIG_SQUASHFS is not set
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+# CONFIG_F2FS_FS is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+# CONFIG_NFS_FS is not set
+# CONFIG_NFSD is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_NCP_FS is not set
+# CONFIG_CODA_FS is not set
+# CONFIG_AFS_FS is not set
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+# CONFIG_9P_FS_SECURITY is not set
+CONFIG_NLS=y
+CONFIG_NLS_DEFAULT="iso8859-1"
+# CONFIG_NLS_CODEPAGE_437 is not set
+# CONFIG_NLS_CODEPAGE_737 is not set
+# CONFIG_NLS_CODEPAGE_775 is not set
+# CONFIG_NLS_CODEPAGE_850 is not set
+# CONFIG_NLS_CODEPAGE_852 is not set
+# CONFIG_NLS_CODEPAGE_855 is not set
+# CONFIG_NLS_CODEPAGE_857 is not set
+# CONFIG_NLS_CODEPAGE_860 is not set
+# CONFIG_NLS_CODEPAGE_861 is not set
+# CONFIG_NLS_CODEPAGE_862 is not set
+# CONFIG_NLS_CODEPAGE_863 is not set
+# CONFIG_NLS_CODEPAGE_864 is not set
+# CONFIG_NLS_CODEPAGE_865 is not set
+# CONFIG_NLS_CODEPAGE_866 is not set
+# CONFIG_NLS_CODEPAGE_869 is not set
+# CONFIG_NLS_CODEPAGE_936 is not set
+# CONFIG_NLS_CODEPAGE_950 is not set
+# CONFIG_NLS_CODEPAGE_932 is not set
+# CONFIG_NLS_CODEPAGE_949 is not set
+# CONFIG_NLS_CODEPAGE_874 is not set
+# CONFIG_NLS_ISO8859_8 is not set
+# CONFIG_NLS_CODEPAGE_1250 is not set
+# CONFIG_NLS_CODEPAGE_1251 is not set
+# CONFIG_NLS_ASCII is not set
+# CONFIG_NLS_ISO8859_1 is not set
+# CONFIG_NLS_ISO8859_2 is not set
+# CONFIG_NLS_ISO8859_3 is not set
+# CONFIG_NLS_ISO8859_4 is not set
+# CONFIG_NLS_ISO8859_5 is not set
+# CONFIG_NLS_ISO8859_6 is not set
+# CONFIG_NLS_ISO8859_7 is not set
+# CONFIG_NLS_ISO8859_9 is not set
+# CONFIG_NLS_ISO8859_13 is not set
+# CONFIG_NLS_ISO8859_14 is not set
+# CONFIG_NLS_ISO8859_15 is not set
+# CONFIG_NLS_KOI8_R is not set
+# CONFIG_NLS_KOI8_U is not set
+# CONFIG_NLS_MAC_ROMAN is not set
+# CONFIG_NLS_MAC_CELTIC is not set
+# CONFIG_NLS_MAC_CENTEURO is not set
+# CONFIG_NLS_MAC_CROATIAN is not set
+# CONFIG_NLS_MAC_CYRILLIC is not set
+# CONFIG_NLS_MAC_GAELIC is not set
+# CONFIG_NLS_MAC_GREEK is not set
+# CONFIG_NLS_MAC_ICELAND is not set
+# CONFIG_NLS_MAC_INUIT is not set
+# CONFIG_NLS_MAC_ROMANIAN is not set
+# CONFIG_NLS_MAC_TURKISH is not set
+# CONFIG_NLS_UTF8 is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+
+#
+# printk and dmesg options
+#
+# CONFIG_PRINTK_TIME is not set
+CONFIG_DEFAULT_MESSAGE_LOGLEVEL=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
+
+#
+# Compile-time checks and compiler options
+#
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_FRAME_WARN=1024
+# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_ARCH_WANT_FRAME_POINTERS=y
+CONFIG_FRAME_POINTER=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_DEBUG_KERNEL=y
+
+#
+# Memory Debugging
+#
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_DEBUG_OBJECTS is not set
+# CONFIG_DEBUG_SLAB is not set
+CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
+# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_MEMORY_INIT=y
+CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_HAVE_ARCH_KMEMCHECK=y
+# CONFIG_DEBUG_SHIRQ is not set
+
+#
+# Debug Lockups and Hangs
+#
+# CONFIG_LOCKUP_DETECTOR is not set
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
+# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
+CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_ON_OOPS_VALUE=0
+CONFIG_PANIC_TIMEOUT=0
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_TIMER_STATS is not set
+
+#
+# Lock Debugging (spinlocks, mutexes, etc...)
+#
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_RT_MUTEX_TESTER is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
+# CONFIG_DEBUG_KOBJECT is not set
+CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_PI_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
+
+#
+# RCU Debugging
+#
+# CONFIG_SPARSE_RCU_POINTER is not set
+# CONFIG_TORTURE_TEST is not set
+# CONFIG_RCU_TORTURE_TEST is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
+# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
+CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
+CONFIG_HAVE_FENTRY=y
+CONFIG_HAVE_C_RECORDMCOUNT=y
+CONFIG_TRACING_SUPPORT=y
+CONFIG_FTRACE=y
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_SCHED_TRACER is not set
+# CONFIG_ENABLE_DEFAULT_TRACERS is not set
+# CONFIG_FTRACE_SYSCALLS is not set
+# CONFIG_TRACER_SNAPSHOT is not set
+CONFIG_BRANCH_PROFILE_NONE=y
+# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
+# CONFIG_PROFILE_ALL_BRANCHES is not set
+# CONFIG_STACK_TRACER is not set
+# CONFIG_BLK_DEV_IO_TRACE is not set
+# CONFIG_UPROBE_EVENT is not set
+# CONFIG_PROBE_EVENTS is not set
+# CONFIG_MMIOTRACE is not set
+# CONFIG_TRACEPOINT_BENCHMARK is not set
+
+#
+# Runtime Testing
+#
+# CONFIG_TEST_LIST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_ATOMIC64_SELFTEST is not set
+# CONFIG_TEST_STRING_HELPERS is not set
+# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_DMA_API_DEBUG is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
+# CONFIG_STRICT_DEVMEM is not set
+CONFIG_X86_VERBOSE_BOOTUP=y
+CONFIG_EARLY_PRINTK=y
+# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP is not set
+CONFIG_DEBUG_RODATA=y
+CONFIG_DEBUG_RODATA_TEST=y
+CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
+# CONFIG_IOMMU_DEBUG is not set
+# CONFIG_IOMMU_STRESS is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
+# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
+
+#
+# Security options
+#
+# CONFIG_KEYS is not set
+# CONFIG_SECURITY_DMESG_RESTRICT is not set
+# CONFIG_SECURITY is not set
+# CONFIG_SECURITYFS is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=y
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=y
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_PCOMP=y
+CONFIG_CRYPTO_PCOMP2=y
+CONFIG_CRYPTO_MANAGER=y
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
+CONFIG_CRYPTO_GF128MUL=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_CRYPTD=y
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_ABLK_HELPER=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_SEQIV=y
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_CTR=y
+# CONFIG_CRYPTO_CTS is not set
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+CONFIG_CRYPTO_XTS=y
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_CMAC=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=y
+# CONFIG_CRYPTO_VMAC is not set
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=y
+# CONFIG_CRYPTO_CRC32C_INTEL is not set
+# CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_PCLMUL is not set
+# CONFIG_CRYPTO_CRCT10DIF is not set
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_MD4=y
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=y
+CONFIG_CRYPTO_RMD128=y
+CONFIG_CRYPTO_RMD160=y
+CONFIG_CRYPTO_RMD256=y
+CONFIG_CRYPTO_RMD320=y
+CONFIG_CRYPTO_SHA1=y
+# CONFIG_CRYPTO_SHA1_SSSE3 is not set
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_TGR192=y
+CONFIG_CRYPTO_WP512=y
+# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=y
+CONFIG_CRYPTO_ARC4=y
+CONFIG_CRYPTO_BLOWFISH=y
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
+CONFIG_CRYPTO_CAMELLIA=y
+CONFIG_CRYPTO_CAMELLIA_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
+CONFIG_CRYPTO_CAST_COMMON=y
+CONFIG_CRYPTO_CAST5=y
+CONFIG_CRYPTO_CAST5_AVX_X86_64=y
+CONFIG_CRYPTO_CAST6=y
+CONFIG_CRYPTO_CAST6_AVX_X86_64=y
+CONFIG_CRYPTO_DES=y
+CONFIG_CRYPTO_FCRYPT=y
+CONFIG_CRYPTO_KHAZAD=y
+CONFIG_CRYPTO_SALSA20=y
+CONFIG_CRYPTO_SALSA20_X86_64=y
+CONFIG_CRYPTO_SEED=y
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y
+CONFIG_CRYPTO_TEA=y
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=y
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=y
+CONFIG_CRYPTO_ZLIB=y
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_LZ4=y
+CONFIG_CRYPTO_LZ4HC=y
+
+#
+# Random Number Generation
+#
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+# CONFIG_CRYPTO_HW is not set
+CONFIG_HAVE_KVM=y
+CONFIG_VIRTUALIZATION=y
+# CONFIG_KVM is not set
+# CONFIG_BINARY_PRINTF is not set
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=y
+CONFIG_GENERIC_STRNCPY_FROM_USER=y
+CONFIG_GENERIC_STRNLEN_USER=y
+CONFIG_GENERIC_NET_UTILS=y
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_PCI_IOMAP=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_GENERIC_IO=y
+CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_CRC_CCITT=y
+CONFIG_CRC16=y
+# CONFIG_CRC_T10DIF is not set
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC32=y
+# CONFIG_CRC32_SELFTEST is not set
+CONFIG_CRC32_SLICEBY8=y
+# CONFIG_CRC32_SLICEBY4 is not set
+# CONFIG_CRC32_SARWATE is not set
+# CONFIG_CRC32_BIT is not set
+CONFIG_CRC7=y
+CONFIG_LIBCRC32C=y
+# CONFIG_CRC8 is not set
+# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set
+# CONFIG_RANDOM32_SELFTEST is not set
+CONFIG_ZLIB_INFLATE=y
+CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_COMPRESS=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=y
+CONFIG_LZ4HC_COMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
+# CONFIG_XZ_DEC is not set
+# CONFIG_XZ_DEC_BCJ is not set
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT_MAP=y
+CONFIG_HAS_DMA=y
+CONFIG_DQL=y
+CONFIG_NLATTR=y
+CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
+CONFIG_AVERAGE=y
+# CONFIG_CORDIC is not set
+# CONFIG_DDR is not set
diff --git a/testing/config/kernel/config-3.17 b/testing/config/kernel/config-3.17
new file mode 100644
index 0000000..cfb06e3
--- /dev/null
+++ b/testing/config/kernel/config-3.17
@@ -0,0 +1,2135 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/x86 3.17.0 Kernel Configuration
+#
+CONFIG_64BIT=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_INSTRUCTION_DECODER=y
+CONFIG_OUTPUT_FORMAT="elf64-x86-64"
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_LATENCYTOP_SUPPORT=y
+CONFIG_MMU=y
+CONFIG_NEED_DMA_MAP_STATE=y
+CONFIG_NEED_SG_DMA_LENGTH=y
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
+CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
+CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
+CONFIG_ZONE_DMA32=y
+CONFIG_AUDIT_ARCH=y
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
+CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
+CONFIG_ARCH_SUPPORTS_UPROBES=y
+CONFIG_FIX_EARLYCON_MEM=y
+CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
+
+#
+# General setup
+#
+CONFIG_BROKEN_ON_SMP=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+CONFIG_CROSS_COMPILE=""
+# CONFIG_COMPILE_TEST is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
+CONFIG_HAVE_KERNEL_GZIP=y
+CONFIG_HAVE_KERNEL_BZIP2=y
+CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
+CONFIG_HAVE_KERNEL_LZO=y
+CONFIG_HAVE_KERNEL_LZ4=y
+CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
+# CONFIG_KERNEL_XZ is not set
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+CONFIG_CROSS_MEMORY_ATTACH=y
+# CONFIG_FHANDLE is not set
+CONFIG_USELIB=y
+# CONFIG_AUDIT is not set
+CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_GENERIC_IRQ_LEGACY_ALLOC_HWIRQ=y
+CONFIG_IRQ_DOMAIN=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_ARCH_CLOCKSOURCE_DATA=y
+CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+# CONFIG_TASKSTATS is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_TINY_RCU=y
+# CONFIG_PREEMPT_RCU is not set
+# CONFIG_RCU_STALL_COMMON is not set
+# CONFIG_TREE_RCU_TRACE is not set
+CONFIG_BUILD_BIN2C=y
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y
+# CONFIG_CGROUPS is not set
+# CONFIG_CHECKPOINT_RESTORE is not set
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_USER_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+# CONFIG_SCHED_AUTOGROUP is not set
+# CONFIG_SYSFS_DEPRECATED is not set
+# CONFIG_RELAY is not set
+# CONFIG_BLK_DEV_INITRD is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+# CONFIG_EXPERT is not set
+CONFIG_SGETMASK_SYSCALL=y
+CONFIG_SYSFS_SYSCALL=y
+# CONFIG_SYSCTL_SYSCALL is not set
+CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
+CONFIG_PRINTK=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_PCI_QUIRKS=y
+# CONFIG_EMBEDDED is not set
+CONFIG_HAVE_PERF_EVENTS=y
+
+#
+# Kernel Performance Events And Counters
+#
+CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_COMPAT_BRK=y
+CONFIG_SLAB=y
+# CONFIG_SLUB is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_OPROFILE_NMI_TIMER=y
+# CONFIG_JUMP_LABEL is not set
+# CONFIG_UPROBES is not set
+# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_OPTPROBES=y
+CONFIG_HAVE_KPROBES_ON_FTRACE=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_ATTRS=y
+CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_DMA_API_DEBUG=y
+CONFIG_HAVE_HW_BREAKPOINT=y
+CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
+CONFIG_HAVE_USER_RETURN_NOTIFIER=y
+CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_PERF_REGS=y
+CONFIG_HAVE_PERF_USER_STACK_DUMP=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
+CONFIG_HAVE_CMPXCHG_LOCAL=y
+CONFIG_HAVE_CMPXCHG_DOUBLE=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_HAVE_CC_STACKPROTECTOR=y
+CONFIG_CC_STACKPROTECTOR=y
+# CONFIG_CC_STACKPROTECTOR_NONE is not set
+CONFIG_CC_STACKPROTECTOR_REGULAR=y
+# CONFIG_CC_STACKPROTECTOR_STRONG is not set
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
+CONFIG_HAVE_ARCH_SOFT_DIRTY=y
+CONFIG_MODULES_USE_ELF_RELA=y
+CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
+
+#
+# GCOV-based kernel profiling
+#
+# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
+CONFIG_SLABINFO=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+# CONFIG_MODULES is not set
+CONFIG_BLOCK=y
+# CONFIG_BLK_DEV_BSG is not set
+# CONFIG_BLK_DEV_BSGLIB is not set
+# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_CMDLINE_PARSER is not set
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_EFI_PARTITION=y
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_DEADLINE=y
+CONFIG_IOSCHED_CFQ=y
+# CONFIG_DEFAULT_DEADLINE is not set
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
+CONFIG_ARCH_USE_QUEUE_RWLOCK=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_ZONE_DMA=y
+# CONFIG_SMP is not set
+CONFIG_X86_MPPARSE=y
+CONFIG_X86_EXTENDED_PLATFORM=y
+# CONFIG_X86_GOLDFISH is not set
+# CONFIG_X86_INTEL_LPSS is not set
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+# CONFIG_HYPERVISOR_GUEST is not set
+CONFIG_NO_BOOTMEM=y
+# CONFIG_MEMTEST is not set
+# CONFIG_MK8 is not set
+# CONFIG_MPSC is not set
+CONFIG_MCORE2=y
+# CONFIG_MATOM is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_INTERNODE_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_USE_PPRO_CHECKSUM=y
+CONFIG_X86_P6_NOP=y
+CONFIG_X86_TSC=y
+CONFIG_X86_CMPXCHG64=y
+CONFIG_X86_CMOV=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=64
+CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR=y
+CONFIG_HPET_TIMER=y
+CONFIG_DMI=y
+CONFIG_GART_IOMMU=y
+# CONFIG_CALGARY_IOMMU is not set
+CONFIG_SWIOTLB=y
+CONFIG_IOMMU_HELPER=y
+CONFIG_NR_CPUS=1
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
+# CONFIG_I8K is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_MICROCODE_INTEL_EARLY is not set
+# CONFIG_MICROCODE_AMD_EARLY is not set
+# CONFIG_X86_MSR is not set
+# CONFIG_X86_CPUID is not set
+CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
+CONFIG_ARCH_DMA_ADDR_T_64BIT=y
+CONFIG_DIRECT_GBPAGES=y
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_ARCH_MEMORY_PROBE=y
+CONFIG_ARCH_PROC_KCORE_TEXT=y
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_SPARSEMEM_MANUAL=y
+CONFIG_SPARSEMEM=y
+CONFIG_HAVE_MEMORY_PRESENT=y
+CONFIG_SPARSEMEM_EXTREME=y
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
+CONFIG_SPARSEMEM_VMEMMAP=y
+CONFIG_HAVE_MEMBLOCK=y
+CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_ARCH_DISCARD_MEMBLOCK=y
+CONFIG_MEMORY_ISOLATION=y
+CONFIG_HAVE_BOOTMEM_INFO_NODE=y
+CONFIG_MEMORY_HOTPLUG=y
+CONFIG_MEMORY_HOTPLUG_SPARSE=y
+CONFIG_MEMORY_HOTREMOVE=y
+CONFIG_PAGEFLAGS_EXTENDED=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
+# CONFIG_COMPACTION is not set
+CONFIG_MIGRATION=y
+CONFIG_PHYS_ADDR_T_64BIT=y
+CONFIG_ZONE_DMA_FLAG=1
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+# CONFIG_KSM is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+# CONFIG_TRANSPARENT_HUGEPAGE is not set
+CONFIG_NEED_PER_CPU_KM=y
+# CONFIG_CLEANCACHE is not set
+# CONFIG_FRONTSWAP is not set
+# CONFIG_CMA is not set
+# CONFIG_ZPOOL is not set
+# CONFIG_ZBUD is not set
+# CONFIG_ZSMALLOC is not set
+CONFIG_GENERIC_EARLY_IOREMAP=y
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW=64
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+CONFIG_X86_PAT=y
+CONFIG_ARCH_USES_PG_UNCACHED=y
+CONFIG_ARCH_RANDOM=y
+CONFIG_X86_SMAP=y
+# CONFIG_EFI is not set
+CONFIG_SECCOMP=y
+# CONFIG_HZ_100 is not set
+CONFIG_HZ_250=y
+# CONFIG_HZ_300 is not set
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=250
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x1000000
+CONFIG_RELOCATABLE=y
+# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_PM_SLEEP=y
+# CONFIG_PM_AUTOSLEEP is not set
+# CONFIG_PM_WAKELOCKS is not set
+# CONFIG_PM_RUNTIME is not set
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
+CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
+CONFIG_ACPI_SLEEP=y
+# CONFIG_ACPI_PROCFS_POWER is not set
+# CONFIG_ACPI_EC_DEBUGFS is not set
+CONFIG_ACPI_AC=y
+CONFIG_ACPI_BATTERY=y
+CONFIG_ACPI_BUTTON=y
+CONFIG_ACPI_FAN=y
+# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_PROCESSOR=y
+# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
+CONFIG_ACPI_THERMAL=y
+# CONFIG_ACPI_CUSTOM_DSDT is not set
+# CONFIG_ACPI_DEBUG is not set
+# CONFIG_ACPI_PCI_SLOT is not set
+CONFIG_X86_PM_TIMER=y
+# CONFIG_ACPI_CONTAINER is not set
+# CONFIG_ACPI_HOTPLUG_MEMORY is not set
+# CONFIG_ACPI_SBS is not set
+# CONFIG_ACPI_HED is not set
+# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
+CONFIG_HAVE_ACPI_APEI=y
+CONFIG_HAVE_ACPI_APEI_NMI=y
+# CONFIG_ACPI_APEI is not set
+# CONFIG_SFI is not set
+
+#
+# CPU Frequency scaling
+#
+# CONFIG_CPU_FREQ is not set
+
+#
+# CPU Idle
+#
+CONFIG_CPU_IDLE=y
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
+# CONFIG_INTEL_IDLE is not set
+
+#
+# Memory power savings
+#
+# CONFIG_I7300_IDLE is not set
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+CONFIG_PCI_DIRECT=y
+# CONFIG_PCI_MMCONFIG is not set
+CONFIG_PCI_DOMAINS=y
+# CONFIG_PCIEPORTBUS is not set
+CONFIG_PCI_MSI=y
+# CONFIG_PCI_DEBUG is not set
+# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
+# CONFIG_PCI_STUB is not set
+CONFIG_HT_IRQ=y
+# CONFIG_PCI_IOV is not set
+# CONFIG_PCI_PRI is not set
+# CONFIG_PCI_PASID is not set
+# CONFIG_PCI_IOAPIC is not set
+CONFIG_PCI_LABEL=y
+
+#
+# PCI host controller drivers
+#
+CONFIG_ISA_DMA_API=y
+CONFIG_AMD_NB=y
+# CONFIG_PCCARD is not set
+# CONFIG_HOTPLUG_PCI is not set
+# CONFIG_RAPIDIO is not set
+# CONFIG_X86_SYSFB is not set
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_HAVE_AOUT is not set
+# CONFIG_BINFMT_MISC is not set
+CONFIG_COREDUMP=y
+# CONFIG_IA32_EMULATION is not set
+CONFIG_X86_DEV_DMA_OPS=y
+CONFIG_IOSF_MBI=y
+CONFIG_PMC_ATOM=y
+CONFIG_NET=y
+
+#
+# Networking options
+#
+CONFIG_PACKET=y
+# CONFIG_PACKET_DIAG is not set
+CONFIG_UNIX=y
+# CONFIG_UNIX_DIAG is not set
+CONFIG_XFRM=y
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_XFRM_STATISTICS=y
+CONFIG_XFRM_IPCOMP=y
+CONFIG_NET_KEY=y
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+# CONFIG_IP_MULTICAST is not set
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_MULTIPLE_TABLES=y
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+# CONFIG_IP_PNP is not set
+# CONFIG_NET_IPIP is not set
+# CONFIG_NET_IPGRE_DEMUX is not set
+CONFIG_NET_IP_TUNNEL=y
+# CONFIG_SYN_COOKIES is not set
+# CONFIG_NET_IPVTI is not set
+CONFIG_NET_UDP_TUNNEL=y
+CONFIG_INET_AH=y
+CONFIG_INET_ESP=y
+CONFIG_INET_IPCOMP=y
+CONFIG_INET_XFRM_TUNNEL=y
+CONFIG_INET_TUNNEL=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=y
+CONFIG_INET_XFRM_MODE_TUNNEL=y
+CONFIG_INET_XFRM_MODE_BEET=y
+# CONFIG_INET_LRO is not set
+CONFIG_INET_DIAG=y
+CONFIG_INET_TCP_DIAG=y
+# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_DEFAULT_TCP_CONG="cubic"
+# CONFIG_TCP_MD5SIG is not set
+CONFIG_IPV6=y
+# CONFIG_IPV6_ROUTER_PREF is not set
+CONFIG_IPV6_OPTIMISTIC_DAD=y
+CONFIG_INET6_AH=y
+CONFIG_INET6_ESP=y
+CONFIG_INET6_IPCOMP=y
+CONFIG_IPV6_MIP6=y
+CONFIG_INET6_XFRM_TUNNEL=y
+CONFIG_INET6_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_TRANSPORT=y
+CONFIG_INET6_XFRM_MODE_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_BEET=y
+# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
+# CONFIG_IPV6_VTI is not set
+# CONFIG_IPV6_SIT is not set
+CONFIG_IPV6_TUNNEL=y
+CONFIG_IPV6_GRE=y
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_NETWORK_SECMARK is not set
+# CONFIG_NET_PTP_CLASSIFY is not set
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+CONFIG_NETFILTER=y
+# CONFIG_NETFILTER_DEBUG is not set
+CONFIG_NETFILTER_ADVANCED=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_NETLINK=y
+# CONFIG_NETFILTER_NETLINK_ACCT is not set
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_LOG_COMMON=y
+CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+# CONFIG_NF_CONNTRACK_TIMEOUT is not set
+# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+CONFIG_NF_CT_PROTO_UDPLITE=y
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+CONFIG_NF_CONNTRACK_SANE=y
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
+CONFIG_NF_CT_NETLINK=y
+# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+# CONFIG_NF_NAT_AMANDA is not set
+# CONFIG_NF_NAT_FTP is not set
+# CONFIG_NF_NAT_IRC is not set
+# CONFIG_NF_NAT_SIP is not set
+# CONFIG_NF_NAT_TFTP is not set
+# CONFIG_NF_TABLES is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
+# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_NAT=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
+# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+# CONFIG_NETFILTER_XT_MATCH_CPU is not set
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
+# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
+CONFIG_NETFILTER_XT_MATCH_L2TP=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+# CONFIG_NETFILTER_XT_MATCH_OSF is not set
+# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+# CONFIG_NETFILTER_XT_MATCH_TIME is not set
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+# CONFIG_IP_SET_HASH_IPMARK is not set
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
+# CONFIG_IP_SET_HASH_NETPORTNET is not set
+CONFIG_IP_SET_HASH_NET=y
+# CONFIG_IP_SET_HASH_NETNET is not set
+CONFIG_IP_SET_HASH_NETPORT=y
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+CONFIG_IP_SET_LIST_SET=y
+# CONFIG_IP_VS is not set
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+# CONFIG_NF_LOG_ARP is not set
+CONFIG_NF_LOG_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+# CONFIG_NF_NAT_PPTP is not set
+# CONFIG_NF_NAT_H323 is not set
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+# CONFIG_IP_NF_MATCH_RPFILTER is not set
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+# CONFIG_IP_NF_TARGET_SYNPROXY is not set
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+CONFIG_NF_LOG_IPV6=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+# CONFIG_IP6_NF_MATCH_RPFILTER is not set
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
+CONFIG_IP6_NF_FILTER=y
+CONFIG_IP6_NF_TARGET_REJECT=y
+# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
+CONFIG_IP6_NF_MANGLE=y
+CONFIG_IP6_NF_RAW=y
+# CONFIG_IP6_NF_NAT is not set
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_RDS is not set
+# CONFIG_TIPC is not set
+# CONFIG_ATM is not set
+CONFIG_L2TP=y
+# CONFIG_L2TP_V3 is not set
+# CONFIG_BRIDGE is not set
+CONFIG_HAVE_NET_DSA=y
+# CONFIG_VLAN_8021Q is not set
+# CONFIG_DECNET is not set
+# CONFIG_LLC2 is not set
+# CONFIG_IPX is not set
+# CONFIG_ATALK is not set
+# CONFIG_X25 is not set
+# CONFIG_LAPB is not set
+# CONFIG_PHONET is not set
+# CONFIG_6LOWPAN is not set
+# CONFIG_IEEE802154 is not set
+# CONFIG_NET_SCHED is not set
+# CONFIG_DCB is not set
+# CONFIG_BATMAN_ADV is not set
+# CONFIG_OPENVSWITCH is not set
+# CONFIG_VSOCKETS is not set
+# CONFIG_NETLINK_MMAP is not set
+# CONFIG_NETLINK_DIAG is not set
+# CONFIG_NET_MPLS_GSO is not set
+# CONFIG_HSR is not set
+CONFIG_NET_RX_BUSY_POLL=y
+CONFIG_BQL=y
+
+#
+# Network testing
+#
+# CONFIG_NET_PKTGEN is not set
+# CONFIG_HAMRADIO is not set
+# CONFIG_CAN is not set
+# CONFIG_IRDA is not set
+# CONFIG_BT is not set
+# CONFIG_AF_RXRPC is not set
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+# CONFIG_CFG80211 is not set
+# CONFIG_LIB80211 is not set
+
+#
+# CFG80211 needs to be enabled for MAC80211
+#
+# CONFIG_WIMAX is not set
+# CONFIG_RFKILL is not set
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+# CONFIG_NET_9P_DEBUG is not set
+# CONFIG_CAIF is not set
+# CONFIG_CEPH_LIB is not set
+# CONFIG_NFC is not set
+CONFIG_HAVE_BPF_JIT=y
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER=y
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+# CONFIG_DEVTMPFS is not set
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
+CONFIG_FW_LOADER=y
+CONFIG_FIRMWARE_IN_KERNEL=y
+CONFIG_EXTRA_FIRMWARE=""
+# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_SYS_HYPERVISOR is not set
+# CONFIG_GENERIC_CPU_DEVICES is not set
+CONFIG_GENERIC_CPU_AUTOPROBE=y
+# CONFIG_DMA_SHARED_BUFFER is not set
+
+#
+# Bus devices
+#
+# CONFIG_CONNECTOR is not set
+# CONFIG_MTD is not set
+CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+# CONFIG_PARPORT is not set
+CONFIG_PNP=y
+CONFIG_PNP_DEBUG_MESSAGES=y
+
+#
+# Protocols
+#
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+# CONFIG_BLK_DEV_NULL_BLK is not set
+# CONFIG_BLK_DEV_FD is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
+# CONFIG_BLK_CPQ_CISS_DA is not set
+# CONFIG_BLK_DEV_DAC960 is not set
+# CONFIG_BLK_DEV_UMEM is not set
+# CONFIG_BLK_DEV_COW_COMMON is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+# CONFIG_BLK_DEV_DRBD is not set
+CONFIG_BLK_DEV_NBD=y
+# CONFIG_BLK_DEV_NVME is not set
+# CONFIG_BLK_DEV_SKD is not set
+# CONFIG_BLK_DEV_SX8 is not set
+# CONFIG_BLK_DEV_RAM is not set
+# CONFIG_CDROM_PKTCDVD is not set
+# CONFIG_ATA_OVER_ETH is not set
+CONFIG_VIRTIO_BLK=y
+# CONFIG_BLK_DEV_HD is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BLK_DEV_RSXX is not set
+
+#
+# Misc devices
+#
+# CONFIG_SENSORS_LIS3LV02D is not set
+# CONFIG_DUMMY_IRQ is not set
+# CONFIG_IBM_ASM is not set
+# CONFIG_PHANTOM is not set
+# CONFIG_SGI_IOC4 is not set
+# CONFIG_TIFM_CORE is not set
+# CONFIG_ENCLOSURE_SERVICES is not set
+# CONFIG_HP_ILO is not set
+# CONFIG_SRAM is not set
+# CONFIG_C2PORT is not set
+
+#
+# EEPROM support
+#
+# CONFIG_EEPROM_93CX6 is not set
+# CONFIG_CB710_CORE is not set
+
+#
+# Texas Instruments shared transport line discipline
+#
+
+#
+# Altera FPGA firmware download module
+#
+# CONFIG_VMWARE_VMCI is not set
+
+#
+# Intel MIC Bus Driver
+#
+# CONFIG_INTEL_MIC_BUS is not set
+
+#
+# Intel MIC Host Driver
+#
+
+#
+# Intel MIC Card Driver
+#
+# CONFIG_GENWQE is not set
+# CONFIG_ECHO is not set
+CONFIG_HAVE_IDE=y
+# CONFIG_IDE is not set
+
+#
+# SCSI device support
+#
+CONFIG_SCSI_MOD=y
+# CONFIG_RAID_ATTRS is not set
+# CONFIG_SCSI is not set
+# CONFIG_SCSI_DMA is not set
+# CONFIG_SCSI_NETLINK is not set
+# CONFIG_ATA is not set
+# CONFIG_MD is not set
+# CONFIG_FUSION is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+# CONFIG_FIREWIRE is not set
+# CONFIG_FIREWIRE_NOSY is not set
+# CONFIG_I2O is not set
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+# CONFIG_BONDING is not set
+CONFIG_DUMMY=y
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_TEAM is not set
+# CONFIG_MACVLAN is not set
+# CONFIG_VXLAN is not set
+# CONFIG_NETCONSOLE is not set
+# CONFIG_NETPOLL is not set
+# CONFIG_NET_POLL_CONTROLLER is not set
+CONFIG_TUN=y
+# CONFIG_VETH is not set
+CONFIG_VIRTIO_NET=y
+# CONFIG_NLMON is not set
+# CONFIG_ARCNET is not set
+
+#
+# CAIF transport drivers
+#
+# CONFIG_VHOST_NET is not set
+
+#
+# Distributed Switch Architecture drivers
+#
+# CONFIG_NET_DSA_MV88E6XXX is not set
+# CONFIG_NET_DSA_MV88E6060 is not set
+# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
+# CONFIG_NET_DSA_MV88E6131 is not set
+# CONFIG_NET_DSA_MV88E6123_61_65 is not set
+CONFIG_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_VORTEX is not set
+# CONFIG_TYPHOON is not set
+CONFIG_NET_VENDOR_ADAPTEC=y
+# CONFIG_ADAPTEC_STARFIRE is not set
+CONFIG_NET_VENDOR_ALTEON=y
+# CONFIG_ACENIC is not set
+# CONFIG_ALTERA_TSE is not set
+CONFIG_NET_VENDOR_AMD=y
+# CONFIG_AMD8111_ETH is not set
+# CONFIG_PCNET32 is not set
+# CONFIG_NET_XGENE is not set
+# CONFIG_NET_VENDOR_ARC is not set
+CONFIG_NET_VENDOR_ATHEROS=y
+# CONFIG_ATL2 is not set
+# CONFIG_ATL1 is not set
+# CONFIG_ATL1E is not set
+# CONFIG_ATL1C is not set
+# CONFIG_ALX is not set
+CONFIG_NET_VENDOR_BROADCOM=y
+# CONFIG_B44 is not set
+# CONFIG_BNX2 is not set
+# CONFIG_CNIC is not set
+# CONFIG_TIGON3 is not set
+# CONFIG_BNX2X is not set
+CONFIG_NET_VENDOR_BROCADE=y
+# CONFIG_BNA is not set
+CONFIG_NET_VENDOR_CHELSIO=y
+# CONFIG_CHELSIO_T1 is not set
+# CONFIG_CHELSIO_T3 is not set
+# CONFIG_CHELSIO_T4 is not set
+# CONFIG_CHELSIO_T4VF is not set
+CONFIG_NET_VENDOR_CISCO=y
+# CONFIG_ENIC is not set
+# CONFIG_CX_ECAT is not set
+# CONFIG_DNET is not set
+CONFIG_NET_VENDOR_DEC=y
+# CONFIG_NET_TULIP is not set
+CONFIG_NET_VENDOR_DLINK=y
+# CONFIG_DL2K is not set
+# CONFIG_SUNDANCE is not set
+CONFIG_NET_VENDOR_EMULEX=y
+# CONFIG_BE2NET is not set
+CONFIG_NET_VENDOR_EXAR=y
+# CONFIG_S2IO is not set
+# CONFIG_VXGE is not set
+CONFIG_NET_VENDOR_HP=y
+# CONFIG_HP100 is not set
+CONFIG_NET_VENDOR_INTEL=y
+# CONFIG_E100 is not set
+# CONFIG_E1000 is not set
+# CONFIG_E1000E is not set
+# CONFIG_IGB is not set
+# CONFIG_IGBVF is not set
+# CONFIG_IXGB is not set
+# CONFIG_IXGBE is not set
+# CONFIG_IXGBEVF is not set
+# CONFIG_I40E is not set
+# CONFIG_I40EVF is not set
+CONFIG_NET_VENDOR_I825XX=y
+# CONFIG_IP1000 is not set
+# CONFIG_JME is not set
+CONFIG_NET_VENDOR_MARVELL=y
+# CONFIG_MVMDIO is not set
+# CONFIG_SKGE is not set
+# CONFIG_SKY2 is not set
+CONFIG_NET_VENDOR_MELLANOX=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX4_CORE is not set
+# CONFIG_MLX5_CORE is not set
+CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8851_MLL is not set
+# CONFIG_KSZ884X_PCI is not set
+CONFIG_NET_VENDOR_MYRI=y
+# CONFIG_MYRI10GE is not set
+# CONFIG_FEALNX is not set
+CONFIG_NET_VENDOR_NATSEMI=y
+# CONFIG_NATSEMI is not set
+# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_8390=y
+# CONFIG_NE2K_PCI is not set
+CONFIG_NET_VENDOR_NVIDIA=y
+# CONFIG_FORCEDETH is not set
+CONFIG_NET_VENDOR_OKI=y
+# CONFIG_ETHOC is not set
+CONFIG_NET_PACKET_ENGINE=y
+# CONFIG_HAMACHI is not set
+# CONFIG_YELLOWFIN is not set
+CONFIG_NET_VENDOR_QLOGIC=y
+# CONFIG_QLA3XXX is not set
+# CONFIG_QLCNIC is not set
+# CONFIG_QLGE is not set
+# CONFIG_NETXEN_NIC is not set
+CONFIG_NET_VENDOR_REALTEK=y
+# CONFIG_8139CP is not set
+# CONFIG_8139TOO is not set
+# CONFIG_R8169 is not set
+CONFIG_NET_VENDOR_RDC=y
+# CONFIG_R6040 is not set
+CONFIG_NET_VENDOR_SAMSUNG=y
+# CONFIG_SXGBE_ETH is not set
+CONFIG_NET_VENDOR_SEEQ=y
+CONFIG_NET_VENDOR_SILAN=y
+# CONFIG_SC92031 is not set
+CONFIG_NET_VENDOR_SIS=y
+# CONFIG_SIS900 is not set
+# CONFIG_SIS190 is not set
+# CONFIG_SFC is not set
+CONFIG_NET_VENDOR_SMSC=y
+# CONFIG_EPIC100 is not set
+# CONFIG_SMSC911X is not set
+# CONFIG_SMSC9420 is not set
+CONFIG_NET_VENDOR_STMICRO=y
+# CONFIG_STMMAC_ETH is not set
+CONFIG_NET_VENDOR_SUN=y
+# CONFIG_HAPPYMEAL is not set
+# CONFIG_SUNGEM is not set
+# CONFIG_CASSINI is not set
+# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_TEHUTI=y
+# CONFIG_TEHUTI is not set
+CONFIG_NET_VENDOR_TI=y
+# CONFIG_TLAN is not set
+CONFIG_NET_VENDOR_VIA=y
+# CONFIG_VIA_RHINE is not set
+# CONFIG_VIA_VELOCITY is not set
+CONFIG_NET_VENDOR_WIZNET=y
+# CONFIG_WIZNET_W5100 is not set
+# CONFIG_WIZNET_W5300 is not set
+# CONFIG_FDDI is not set
+# CONFIG_HIPPI is not set
+# CONFIG_NET_SB1000 is not set
+# CONFIG_PHYLIB is not set
+# CONFIG_PPP is not set
+# CONFIG_SLIP is not set
+
+#
+# Host-side USB support is needed for USB Network Adapter support
+#
+CONFIG_WLAN=y
+# CONFIG_PRISM54 is not set
+# CONFIG_HOSTAP is not set
+# CONFIG_WL_TI is not set
+
+#
+# Enable WiMAX (Networking options) to see the WiMAX drivers
+#
+# CONFIG_WAN is not set
+# CONFIG_VMXNET3 is not set
+# CONFIG_ISDN is not set
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
+# CONFIG_INPUT_SPARSEKMAP is not set
+# CONFIG_INPUT_MATRIXKMAP is not set
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_JOYDEV is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_EVBUG is not set
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=y
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_SENTELIC is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+# CONFIG_MOUSE_SERIAL is not set
+# CONFIG_MOUSE_APPLETOUCH is not set
+# CONFIG_MOUSE_BCM5974 is not set
+# CONFIG_MOUSE_VSXXXAA is not set
+# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_JOYSTICK is not set
+# CONFIG_INPUT_TABLET is not set
+# CONFIG_INPUT_TOUCHSCREEN is not set
+# CONFIG_INPUT_MISC is not set
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=y
+# CONFIG_SERIO_CT82C710 is not set
+# CONFIG_SERIO_PCIPS2 is not set
+CONFIG_SERIO_LIBPS2=y
+# CONFIG_SERIO_RAW is not set
+# CONFIG_SERIO_ALTERA_PS2 is not set
+# CONFIG_SERIO_PS2MULT is not set
+# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_GAMEPORT is not set
+
+#
+# Character devices
+#
+CONFIG_TTY=y
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_VT_CONSOLE_SLEEP=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_UNIX98_PTYS=y
+# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
+CONFIG_LEGACY_PTYS=y
+CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_SERIAL_NONSTANDARD is not set
+# CONFIG_NOZOMI is not set
+# CONFIG_N_GSM is not set
+# CONFIG_TRACE_SINK is not set
+CONFIG_DEVKMEM=y
+
+#
+# Serial drivers
+#
+# CONFIG_SERIAL_8250 is not set
+
+#
+# Non-8250 serial port support
+#
+# CONFIG_SERIAL_MFD_HSU is not set
+# CONFIG_SERIAL_JSM is not set
+# CONFIG_SERIAL_SCCNXP is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_ARC is not set
+# CONFIG_SERIAL_RP2 is not set
+# CONFIG_SERIAL_FSL_LPUART is not set
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+# CONFIG_IPMI_HANDLER is not set
+# CONFIG_HW_RANDOM is not set
+# CONFIG_NVRAM is not set
+# CONFIG_R3964 is not set
+# CONFIG_APPLICOM is not set
+# CONFIG_MWAVE is not set
+# CONFIG_RAW_DRIVER is not set
+# CONFIG_HPET is not set
+# CONFIG_HANGCHECK_TIMER is not set
+# CONFIG_TCG_TPM is not set
+# CONFIG_TELCLOCK is not set
+CONFIG_DEVPORT=y
+
+#
+# I2C support
+#
+# CONFIG_I2C is not set
+# CONFIG_SPI is not set
+# CONFIG_SPMI is not set
+# CONFIG_HSI is not set
+
+#
+# PPS support
+#
+# CONFIG_PPS is not set
+
+#
+# PPS generators support
+#
+
+#
+# PTP clock support
+#
+# CONFIG_PTP_1588_CLOCK is not set
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
+# CONFIG_GPIOLIB is not set
+# CONFIG_W1 is not set
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+# CONFIG_PDA_POWER is not set
+# CONFIG_TEST_POWER is not set
+# CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
+# CONFIG_BATTERY_BQ27x00 is not set
+# CONFIG_CHARGER_MAX8903 is not set
+# CONFIG_POWER_RESET is not set
+# CONFIG_POWER_AVS is not set
+CONFIG_HWMON=y
+# CONFIG_HWMON_VID is not set
+# CONFIG_HWMON_DEBUG_CHIP is not set
+
+#
+# Native drivers
+#
+# CONFIG_SENSORS_ABITUGURU is not set
+# CONFIG_SENSORS_ABITUGURU3 is not set
+# CONFIG_SENSORS_K8TEMP is not set
+# CONFIG_SENSORS_K10TEMP is not set
+# CONFIG_SENSORS_FAM15H_POWER is not set
+# CONFIG_SENSORS_APPLESMC is not set
+# CONFIG_SENSORS_I5K_AMB is not set
+# CONFIG_SENSORS_F71805F is not set
+# CONFIG_SENSORS_F71882FG is not set
+# CONFIG_SENSORS_CORETEMP is not set
+# CONFIG_SENSORS_IT87 is not set
+# CONFIG_SENSORS_MAX197 is not set
+# CONFIG_SENSORS_PC87360 is not set
+# CONFIG_SENSORS_PC87427 is not set
+# CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_NCT6683 is not set
+# CONFIG_SENSORS_NCT6775 is not set
+# CONFIG_SENSORS_SIS5595 is not set
+# CONFIG_SENSORS_SMSC47M1 is not set
+# CONFIG_SENSORS_SMSC47B397 is not set
+# CONFIG_SENSORS_SCH56XX_COMMON is not set
+# CONFIG_SENSORS_VIA_CPUTEMP is not set
+# CONFIG_SENSORS_VIA686A is not set
+# CONFIG_SENSORS_VT1211 is not set
+# CONFIG_SENSORS_VT8231 is not set
+# CONFIG_SENSORS_W83627HF is not set
+# CONFIG_SENSORS_W83627EHF is not set
+
+#
+# ACPI drivers
+#
+# CONFIG_SENSORS_ACPI_POWER is not set
+# CONFIG_SENSORS_ATK0110 is not set
+CONFIG_THERMAL=y
+CONFIG_THERMAL_HWMON=y
+CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
+# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
+CONFIG_THERMAL_GOV_STEP_WISE=y
+# CONFIG_THERMAL_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_EMULATION is not set
+# CONFIG_INTEL_POWERCLAMP is not set
+# CONFIG_ACPI_INT3403_THERMAL is not set
+# CONFIG_INTEL_SOC_DTS_THERMAL is not set
+
+#
+# Texas Instruments thermal drivers
+#
+# CONFIG_WATCHDOG is not set
+CONFIG_SSB_POSSIBLE=y
+
+#
+# Sonics Silicon Backplane
+#
+# CONFIG_SSB is not set
+CONFIG_BCMA_POSSIBLE=y
+
+#
+# Broadcom specific AMBA
+#
+# CONFIG_BCMA is not set
+
+#
+# Multifunction device drivers
+#
+# CONFIG_MFD_CORE is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_HTC_PASIC3 is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_KEMPLD is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_TMIO is not set
+# CONFIG_MFD_VX855 is not set
+# CONFIG_REGULATOR is not set
+# CONFIG_MEDIA_SUPPORT is not set
+
+#
+# Graphics support
+#
+# CONFIG_AGP is not set
+CONFIG_VGA_ARB=y
+CONFIG_VGA_ARB_MAX_GPUS=16
+# CONFIG_VGA_SWITCHEROO is not set
+
+#
+# Direct Rendering Manager
+#
+# CONFIG_DRM is not set
+
+#
+# Frame buffer Devices
+#
+# CONFIG_FB is not set
+# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
+# CONFIG_VGASTATE is not set
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_SOUND=y
+# CONFIG_SOUND_OSS_CORE is not set
+# CONFIG_SND is not set
+# CONFIG_SOUND_PRIME is not set
+
+#
+# HID support
+#
+CONFIG_HID=y
+# CONFIG_HID_BATTERY_STRENGTH is not set
+# CONFIG_HIDRAW is not set
+# CONFIG_UHID is not set
+CONFIG_HID_GENERIC=y
+
+#
+# Special HID drivers
+#
+CONFIG_HID_A4TECH=y
+# CONFIG_HID_ACRUX is not set
+CONFIG_HID_APPLE=y
+# CONFIG_HID_AUREAL is not set
+CONFIG_HID_BELKIN=y
+CONFIG_HID_CHERRY=y
+CONFIG_HID_CHICONY=y
+CONFIG_HID_CYPRESS=y
+# CONFIG_HID_DRAGONRISE is not set
+# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
+CONFIG_HID_EZKEY=y
+# CONFIG_HID_KEYTOUCH is not set
+# CONFIG_HID_KYE is not set
+# CONFIG_HID_UCLOGIC is not set
+# CONFIG_HID_WALTOP is not set
+# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
+# CONFIG_HID_TWINHAN is not set
+CONFIG_HID_KENSINGTON=y
+# CONFIG_HID_LCPOWER is not set
+# CONFIG_HID_LENOVO is not set
+CONFIG_HID_LOGITECH=y
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+# CONFIG_LOGIG940_FF is not set
+# CONFIG_LOGIWHEELS_FF is not set
+# CONFIG_HID_MAGICMOUSE is not set
+CONFIG_HID_MICROSOFT=y
+CONFIG_HID_MONTEREY=y
+# CONFIG_HID_MULTITOUCH is not set
+# CONFIG_HID_ORTEK is not set
+# CONFIG_HID_PANTHERLORD is not set
+# CONFIG_HID_PETALYNX is not set
+# CONFIG_HID_PICOLCD is not set
+# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_SAITEK is not set
+# CONFIG_HID_SAMSUNG is not set
+# CONFIG_HID_SPEEDLINK is not set
+# CONFIG_HID_STEELSERIES is not set
+# CONFIG_HID_SUNPLUS is not set
+# CONFIG_HID_RMI is not set
+# CONFIG_HID_GREENASIA is not set
+# CONFIG_HID_SMARTJOYPLUS is not set
+# CONFIG_HID_TIVO is not set
+# CONFIG_HID_TOPSEED is not set
+# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_WACOM is not set
+# CONFIG_HID_XINMO is not set
+# CONFIG_HID_ZEROPLUS is not set
+# CONFIG_HID_ZYDACRON is not set
+# CONFIG_HID_SENSOR_HUB is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+# CONFIG_USB is not set
+
+#
+# USB port drivers
+#
+
+#
+# USB Physical Layer drivers
+#
+# CONFIG_USB_PHY is not set
+# CONFIG_NOP_USB_XCEIV is not set
+# CONFIG_SAMSUNG_USB2PHY is not set
+# CONFIG_SAMSUNG_USB3PHY is not set
+# CONFIG_USB_GADGET is not set
+# CONFIG_UWB is not set
+# CONFIG_MMC is not set
+# CONFIG_MEMSTICK is not set
+# CONFIG_NEW_LEDS is not set
+# CONFIG_ACCESSIBILITY is not set
+# CONFIG_INFINIBAND is not set
+# CONFIG_EDAC is not set
+CONFIG_RTC_LIB=y
+# CONFIG_RTC_CLASS is not set
+# CONFIG_DMADEVICES is not set
+# CONFIG_AUXDISPLAY is not set
+# CONFIG_UIO is not set
+# CONFIG_VIRT_DRIVERS is not set
+CONFIG_VIRTIO=y
+
+#
+# Virtio drivers
+#
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_BALLOON=y
+CONFIG_VIRTIO_MMIO=y
+# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
+
+#
+# Microsoft Hyper-V guest support
+#
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACERHDF is not set
+# CONFIG_ASUS_LAPTOP is not set
+# CONFIG_DELL_SMO8800 is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_HP_WIRELESS is not set
+# CONFIG_THINKPAD_ACPI is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ACPI_WMI is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_TOSHIBA_HAPS is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_PVPANIC is not set
+# CONFIG_CHROME_PLATFORMS is not set
+
+#
+# SOC (System On Chip) specific Drivers
+#
+
+#
+# Hardware Spinlock drivers
+#
+
+#
+# Clock Source drivers
+#
+CONFIG_CLKEVT_I8253=y
+CONFIG_I8253_LOCK=y
+CONFIG_CLKBLD_I8253=y
+# CONFIG_SH_TIMER_CMT is not set
+# CONFIG_SH_TIMER_MTU2 is not set
+# CONFIG_SH_TIMER_TMU is not set
+# CONFIG_EM_TIMER_STI is not set
+# CONFIG_MAILBOX is not set
+CONFIG_IOMMU_SUPPORT=y
+# CONFIG_AMD_IOMMU is not set
+# CONFIG_INTEL_IOMMU is not set
+# CONFIG_IRQ_REMAP is not set
+
+#
+# Remoteproc drivers
+#
+# CONFIG_STE_MODEM_RPROC is not set
+
+#
+# Rpmsg drivers
+#
+# CONFIG_PM_DEVFREQ is not set
+# CONFIG_EXTCON is not set
+# CONFIG_MEMORY is not set
+# CONFIG_IIO is not set
+# CONFIG_NTB is not set
+# CONFIG_VME_BUS is not set
+# CONFIG_PWM is not set
+# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
+# CONFIG_FMC is not set
+
+#
+# PHY Subsystem
+#
+# CONFIG_GENERIC_PHY is not set
+# CONFIG_BCM_KONA_USB2_PHY is not set
+# CONFIG_POWERCAP is not set
+# CONFIG_MCB is not set
+# CONFIG_THUNDERBOLT is not set
+
+#
+# Firmware Drivers
+#
+# CONFIG_EDD is not set
+CONFIG_FIRMWARE_MEMMAP=y
+# CONFIG_DELL_RBU is not set
+# CONFIG_DCDBAS is not set
+CONFIG_DMIID=y
+# CONFIG_DMI_SYSFS is not set
+CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
+# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# File systems
+#
+CONFIG_DCACHE_WORD_ACCESS=y
+CONFIG_EXT2_FS=y
+# CONFIG_EXT2_FS_XATTR is not set
+# CONFIG_EXT2_FS_XIP is not set
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
+# CONFIG_EXT3_FS_XATTR is not set
+# CONFIG_EXT4_FS is not set
+CONFIG_JBD=y
+CONFIG_REISERFS_FS=y
+# CONFIG_REISERFS_CHECK is not set
+# CONFIG_REISERFS_PROC_INFO is not set
+# CONFIG_REISERFS_FS_XATTR is not set
+# CONFIG_JFS_FS is not set
+# CONFIG_XFS_FS is not set
+# CONFIG_GFS2_FS is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_NILFS2_FS is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_FILE_LOCKING=y
+CONFIG_FSNOTIFY=y
+CONFIG_DNOTIFY=y
+CONFIG_INOTIFY_USER=y
+# CONFIG_FANOTIFY is not set
+CONFIG_QUOTA=y
+# CONFIG_QUOTA_NETLINK_INTERFACE is not set
+CONFIG_PRINT_QUOTA_WARNING=y
+# CONFIG_QUOTA_DEBUG is not set
+# CONFIG_QFMT_V1 is not set
+# CONFIG_QFMT_V2 is not set
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS4_FS=y
+# CONFIG_FUSE_FS is not set
+
+#
+# Caches
+#
+# CONFIG_FSCACHE is not set
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+# CONFIG_ZISOFS is not set
+# CONFIG_UDF_FS is not set
+
+#
+# DOS/FAT/NT Filesystems
+#
+# CONFIG_MSDOS_FS is not set
+# CONFIG_VFAT_FS is not set
+# CONFIG_NTFS_FS is not set
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_PROC_PAGE_MONITOR=y
+CONFIG_KERNFS=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_TMPFS_XATTR is not set
+# CONFIG_HUGETLBFS is not set
+# CONFIG_HUGETLB_PAGE is not set
+# CONFIG_CONFIGFS_FS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_LOGFS is not set
+# CONFIG_CRAMFS is not set
+# CONFIG_SQUASHFS is not set
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+# CONFIG_F2FS_FS is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+# CONFIG_NFS_FS is not set
+# CONFIG_NFSD is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_NCP_FS is not set
+# CONFIG_CODA_FS is not set
+# CONFIG_AFS_FS is not set
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+# CONFIG_9P_FS_SECURITY is not set
+CONFIG_NLS=y
+CONFIG_NLS_DEFAULT="iso8859-1"
+# CONFIG_NLS_CODEPAGE_437 is not set
+# CONFIG_NLS_CODEPAGE_737 is not set
+# CONFIG_NLS_CODEPAGE_775 is not set
+# CONFIG_NLS_CODEPAGE_850 is not set
+# CONFIG_NLS_CODEPAGE_852 is not set
+# CONFIG_NLS_CODEPAGE_855 is not set
+# CONFIG_NLS_CODEPAGE_857 is not set
+# CONFIG_NLS_CODEPAGE_860 is not set
+# CONFIG_NLS_CODEPAGE_861 is not set
+# CONFIG_NLS_CODEPAGE_862 is not set
+# CONFIG_NLS_CODEPAGE_863 is not set
+# CONFIG_NLS_CODEPAGE_864 is not set
+# CONFIG_NLS_CODEPAGE_865 is not set
+# CONFIG_NLS_CODEPAGE_866 is not set
+# CONFIG_NLS_CODEPAGE_869 is not set
+# CONFIG_NLS_CODEPAGE_936 is not set
+# CONFIG_NLS_CODEPAGE_950 is not set
+# CONFIG_NLS_CODEPAGE_932 is not set
+# CONFIG_NLS_CODEPAGE_949 is not set
+# CONFIG_NLS_CODEPAGE_874 is not set
+# CONFIG_NLS_ISO8859_8 is not set
+# CONFIG_NLS_CODEPAGE_1250 is not set
+# CONFIG_NLS_CODEPAGE_1251 is not set
+# CONFIG_NLS_ASCII is not set
+# CONFIG_NLS_ISO8859_1 is not set
+# CONFIG_NLS_ISO8859_2 is not set
+# CONFIG_NLS_ISO8859_3 is not set
+# CONFIG_NLS_ISO8859_4 is not set
+# CONFIG_NLS_ISO8859_5 is not set
+# CONFIG_NLS_ISO8859_6 is not set
+# CONFIG_NLS_ISO8859_7 is not set
+# CONFIG_NLS_ISO8859_9 is not set
+# CONFIG_NLS_ISO8859_13 is not set
+# CONFIG_NLS_ISO8859_14 is not set
+# CONFIG_NLS_ISO8859_15 is not set
+# CONFIG_NLS_KOI8_R is not set
+# CONFIG_NLS_KOI8_U is not set
+# CONFIG_NLS_MAC_ROMAN is not set
+# CONFIG_NLS_MAC_CELTIC is not set
+# CONFIG_NLS_MAC_CENTEURO is not set
+# CONFIG_NLS_MAC_CROATIAN is not set
+# CONFIG_NLS_MAC_CYRILLIC is not set
+# CONFIG_NLS_MAC_GAELIC is not set
+# CONFIG_NLS_MAC_GREEK is not set
+# CONFIG_NLS_MAC_ICELAND is not set
+# CONFIG_NLS_MAC_INUIT is not set
+# CONFIG_NLS_MAC_ROMANIAN is not set
+# CONFIG_NLS_MAC_TURKISH is not set
+# CONFIG_NLS_UTF8 is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+
+#
+# printk and dmesg options
+#
+# CONFIG_PRINTK_TIME is not set
+CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
+
+#
+# Compile-time checks and compiler options
+#
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+# CONFIG_DEBUG_INFO_SPLIT is not set
+# CONFIG_DEBUG_INFO_DWARF4 is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_FRAME_WARN=1024
+# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_ARCH_WANT_FRAME_POINTERS=y
+CONFIG_FRAME_POINTER=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_DEBUG_KERNEL=y
+
+#
+# Memory Debugging
+#
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_DEBUG_OBJECTS is not set
+# CONFIG_DEBUG_SLAB is not set
+CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
+# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_MEMORY_INIT=y
+CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_HAVE_ARCH_KMEMCHECK=y
+# CONFIG_DEBUG_SHIRQ is not set
+
+#
+# Debug Lockups and Hangs
+#
+# CONFIG_LOCKUP_DETECTOR is not set
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
+# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
+CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_ON_OOPS_VALUE=0
+CONFIG_PANIC_TIMEOUT=0
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_TIMER_STATS is not set
+
+#
+# Lock Debugging (spinlocks, mutexes, etc...)
+#
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
+# CONFIG_STACKTRACE is not set
+# CONFIG_DEBUG_KOBJECT is not set
+CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_PI_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
+
+#
+# RCU Debugging
+#
+# CONFIG_SPARSE_RCU_POINTER is not set
+# CONFIG_TORTURE_TEST is not set
+# CONFIG_RCU_TORTURE_TEST is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
+# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
+CONFIG_HAVE_FENTRY=y
+CONFIG_HAVE_C_RECORDMCOUNT=y
+CONFIG_TRACING_SUPPORT=y
+CONFIG_FTRACE=y
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_SCHED_TRACER is not set
+# CONFIG_ENABLE_DEFAULT_TRACERS is not set
+# CONFIG_FTRACE_SYSCALLS is not set
+# CONFIG_TRACER_SNAPSHOT is not set
+CONFIG_BRANCH_PROFILE_NONE=y
+# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
+# CONFIG_PROFILE_ALL_BRANCHES is not set
+# CONFIG_STACK_TRACER is not set
+# CONFIG_BLK_DEV_IO_TRACE is not set
+# CONFIG_UPROBE_EVENT is not set
+# CONFIG_PROBE_EVENTS is not set
+# CONFIG_MMIOTRACE is not set
+# CONFIG_TRACEPOINT_BENCHMARK is not set
+
+#
+# Runtime Testing
+#
+# CONFIG_TEST_LIST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_ATOMIC64_SELFTEST is not set
+# CONFIG_TEST_STRING_HELPERS is not set
+# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_TEST_RHASHTABLE is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_DMA_API_DEBUG is not set
+# CONFIG_TEST_FIRMWARE is not set
+# CONFIG_TEST_UDELAY is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
+# CONFIG_STRICT_DEVMEM is not set
+CONFIG_X86_VERBOSE_BOOTUP=y
+CONFIG_EARLY_PRINTK=y
+# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_X86_PTDUMP is not set
+CONFIG_DEBUG_RODATA=y
+CONFIG_DEBUG_RODATA_TEST=y
+CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
+# CONFIG_IOMMU_DEBUG is not set
+# CONFIG_IOMMU_STRESS is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
+# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
+
+#
+# Security options
+#
+# CONFIG_KEYS is not set
+# CONFIG_SECURITY_DMESG_RESTRICT is not set
+# CONFIG_SECURITY is not set
+# CONFIG_SECURITYFS is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=y
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=y
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_PCOMP=y
+CONFIG_CRYPTO_PCOMP2=y
+CONFIG_CRYPTO_MANAGER=y
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
+CONFIG_CRYPTO_GF128MUL=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_CRYPTD=y
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_ABLK_HELPER=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_SEQIV=y
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=y
+CONFIG_CRYPTO_CTR=y
+# CONFIG_CRYPTO_CTS is not set
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+CONFIG_CRYPTO_XTS=y
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_CMAC=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=y
+# CONFIG_CRYPTO_VMAC is not set
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=y
+# CONFIG_CRYPTO_CRC32C_INTEL is not set
+# CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_PCLMUL is not set
+# CONFIG_CRYPTO_CRCT10DIF is not set
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_MD4=y
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=y
+CONFIG_CRYPTO_RMD128=y
+CONFIG_CRYPTO_RMD160=y
+CONFIG_CRYPTO_RMD256=y
+CONFIG_CRYPTO_RMD320=y
+CONFIG_CRYPTO_SHA1=y
+# CONFIG_CRYPTO_SHA1_SSSE3 is not set
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_TGR192=y
+CONFIG_CRYPTO_WP512=y
+# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=y
+CONFIG_CRYPTO_ARC4=y
+CONFIG_CRYPTO_BLOWFISH=y
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
+CONFIG_CRYPTO_CAMELLIA=y
+CONFIG_CRYPTO_CAMELLIA_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
+CONFIG_CRYPTO_CAST_COMMON=y
+CONFIG_CRYPTO_CAST5=y
+CONFIG_CRYPTO_CAST5_AVX_X86_64=y
+CONFIG_CRYPTO_CAST6=y
+CONFIG_CRYPTO_CAST6_AVX_X86_64=y
+CONFIG_CRYPTO_DES=y
+# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set
+CONFIG_CRYPTO_FCRYPT=y
+CONFIG_CRYPTO_KHAZAD=y
+CONFIG_CRYPTO_SALSA20=y
+CONFIG_CRYPTO_SALSA20_X86_64=y
+CONFIG_CRYPTO_SEED=y
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y
+CONFIG_CRYPTO_TEA=y
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=y
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=y
+CONFIG_CRYPTO_ZLIB=y
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_LZ4=y
+CONFIG_CRYPTO_LZ4HC=y
+
+#
+# Random Number Generation
+#
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+# CONFIG_CRYPTO_DRBG_MENU is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+# CONFIG_CRYPTO_HW is not set
+CONFIG_HAVE_KVM=y
+CONFIG_VIRTUALIZATION=y
+# CONFIG_KVM is not set
+# CONFIG_BINARY_PRINTF is not set
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=y
+CONFIG_GENERIC_STRNCPY_FROM_USER=y
+CONFIG_GENERIC_STRNLEN_USER=y
+CONFIG_GENERIC_NET_UTILS=y
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_PCI_IOMAP=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_GENERIC_IO=y
+CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
+CONFIG_CRC_CCITT=y
+CONFIG_CRC16=y
+# CONFIG_CRC_T10DIF is not set
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC32=y
+# CONFIG_CRC32_SELFTEST is not set
+CONFIG_CRC32_SLICEBY8=y
+# CONFIG_CRC32_SLICEBY4 is not set
+# CONFIG_CRC32_SARWATE is not set
+# CONFIG_CRC32_BIT is not set
+CONFIG_CRC7=y
+CONFIG_LIBCRC32C=y
+# CONFIG_CRC8 is not set
+# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set
+# CONFIG_RANDOM32_SELFTEST is not set
+CONFIG_ZLIB_INFLATE=y
+CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_COMPRESS=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=y
+CONFIG_LZ4HC_COMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
+# CONFIG_XZ_DEC is not set
+# CONFIG_XZ_DEC_BCJ is not set
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT_MAP=y
+CONFIG_HAS_DMA=y
+CONFIG_DQL=y
+CONFIG_NLATTR=y
+CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
+CONFIG_AVERAGE=y
+# CONFIG_CORDIC is not set
+# CONFIG_DDR is not set
+CONFIG_ARCH_HAS_SG_CHAIN=y
diff --git a/testing/config/kvm/alice.xml b/testing/config/kvm/alice.xml
index 620ce51..0bf1eb5 100644
--- a/testing/config/kvm/alice.xml
+++ b/testing/config/kvm/alice.xml
@@ -7,7 +7,7 @@
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<kernel>/var/run/kvm-swan-kernel</kernel>
- <cmdline>root=/dev/vda1 loglevel=1</cmdline>
+ <cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
<features>
@@ -53,7 +53,7 @@
<target port='0'/>
</serial>
<console type='pty'>
- <target type='serial' port='0'/>
+ <target type='virtio' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
diff --git a/testing/config/kvm/bob.xml b/testing/config/kvm/bob.xml
index caa1631..f2425b2 100644
--- a/testing/config/kvm/bob.xml
+++ b/testing/config/kvm/bob.xml
@@ -7,7 +7,7 @@
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<kernel>/var/run/kvm-swan-kernel</kernel>
- <cmdline>root=/dev/vda1 loglevel=1</cmdline>
+ <cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
<features>
@@ -46,7 +46,7 @@
<target port='0'/>
</serial>
<console type='pty'>
- <target type='serial' port='0'/>
+ <target type='virtio' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
diff --git a/testing/config/kvm/carol.xml b/testing/config/kvm/carol.xml
index 8f768ff..51a7d83 100644
--- a/testing/config/kvm/carol.xml
+++ b/testing/config/kvm/carol.xml
@@ -7,7 +7,7 @@
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<kernel>/var/run/kvm-swan-kernel</kernel>
- <cmdline>root=/dev/vda1 loglevel=1</cmdline>
+ <cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
<features>
@@ -46,7 +46,7 @@
<target port='0'/>
</serial>
<console type='pty'>
- <target type='serial' port='0'/>
+ <target type='virtio' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
diff --git a/testing/config/kvm/dave.xml b/testing/config/kvm/dave.xml
index 3ae1da0..9e26b96 100644
--- a/testing/config/kvm/dave.xml
+++ b/testing/config/kvm/dave.xml
@@ -7,7 +7,7 @@
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<kernel>/var/run/kvm-swan-kernel</kernel>
- <cmdline>root=/dev/vda1 loglevel=1</cmdline>
+ <cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
<features>
@@ -46,7 +46,7 @@
<target port='0'/>
</serial>
<console type='pty'>
- <target type='serial' port='0'/>
+ <target type='virtio' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
diff --git a/testing/config/kvm/moon.xml b/testing/config/kvm/moon.xml
index 975e3ce..a7ea6e1 100644
--- a/testing/config/kvm/moon.xml
+++ b/testing/config/kvm/moon.xml
@@ -7,7 +7,7 @@
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<kernel>/var/run/kvm-swan-kernel</kernel>
- <cmdline>root=/dev/vda1 loglevel=1</cmdline>
+ <cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
<features>
@@ -53,7 +53,7 @@
<target port='0'/>
</serial>
<console type='pty'>
- <target type='serial' port='0'/>
+ <target type='virtio' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
diff --git a/testing/config/kvm/sun.xml b/testing/config/kvm/sun.xml
index 9d05027..b7ddec9 100644
--- a/testing/config/kvm/sun.xml
+++ b/testing/config/kvm/sun.xml
@@ -7,7 +7,7 @@
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<kernel>/var/run/kvm-swan-kernel</kernel>
- <cmdline>root=/dev/vda1 loglevel=1</cmdline>
+ <cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
<features>
@@ -53,7 +53,7 @@
<target port='0'/>
</serial>
<console type='pty'>
- <target type='serial' port='0'/>
+ <target type='virtio' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
diff --git a/testing/config/kvm/venus.xml b/testing/config/kvm/venus.xml
index 7a65ace..acc0d36 100644
--- a/testing/config/kvm/venus.xml
+++ b/testing/config/kvm/venus.xml
@@ -7,7 +7,7 @@
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<kernel>/var/run/kvm-swan-kernel</kernel>
- <cmdline>root=/dev/vda1 loglevel=1</cmdline>
+ <cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
<features>
@@ -46,7 +46,7 @@
<target port='0'/>
</serial>
<console type='pty'>
- <target type='serial' port='0'/>
+ <target type='virtio' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
diff --git a/testing/config/kvm/winnetou.xml b/testing/config/kvm/winnetou.xml
index 9410c73..9dbf3a5 100644
--- a/testing/config/kvm/winnetou.xml
+++ b/testing/config/kvm/winnetou.xml
@@ -7,7 +7,7 @@
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<kernel>/var/run/kvm-swan-kernel</kernel>
- <cmdline>root=/dev/vda1 loglevel=1</cmdline>
+ <cmdline>root=/dev/vda1 loglevel=1 console=hvc0</cmdline>
<boot dev='hd'/>
</os>
<features>
@@ -46,7 +46,7 @@
<target port='0'/>
</serial>
<console type='pty'>
- <target type='serial' port='0'/>
+ <target type='virtio' port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
diff --git a/testing/hosts/alice/etc/ipsec.d/certs/aliceCert.pem b/testing/hosts/alice/etc/ipsec.d/certs/aliceCert.pem
index 49fe4b8..fc19567 100644
--- a/testing/hosts/alice/etc/ipsec.d/certs/aliceCert.pem
+++ b/testing/hosts/alice/etc/ipsec.d/certs/aliceCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBGTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEHzCCAwegAwIBAgIBLTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMDcyNFoXDTE0MDgyNjEwMDcyNFowVzELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NTQzNloXDTE5MDgyNjE0NTQzNlowVzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANiNakgR5pct0NqirfPJEb9e3YZkYHvqZ/RUJ6Ea9ZGE
-8KuQxGAHuLWqaf/3GrL/LYIs1fTJ7JTNMu+PSec8kf9I5AxItPzb+uSwI9hXQxhl
-NJ8V+Zjs9Q3GX/59wS3DcHF4i8b88I/f7aLGwHOoRyT/UZPXPGIrHS9UWh/50//Q
-/GLreivoW65Cfj7oNi3wMTYwZB5MyPY5q9MRcYyEPa0GNM0GzzYfIEkQz8nuSL/q
-WQrmLmlS6Ktw5L3HXsUaKinGt0xI7jLGWh4ysnrjMNxKzRt2LITqSPtoTTR2JB6a
-5/6544mB2FGErpSd/LgGTmwzOgloZLpsQgsN6xjpUvsCAwEAAaOCAQYwggECMAkG
-A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQF2gQgjAL0KEcKz2x3LQZm
-E9qGPDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
+BQADggEPADCCAQoCggEBALRsk/ip4ejQVynEGmvF9+qh2MIS2Ci3q1s+7VAx47i4
+vu2uPBxb064ahyFw4xG08nz4ewTLw7sgrxhz7Ymi8VHY39Y1wVkUFjwNF4+JbL2v
+B2prFnf1ewNmaa3hbyRJzu4Aja8oTW0RKY2o7cMi0ryTZo9Xon7q1cLdHZb4BW/a
+TYzKcLo7FsmjgvbqWKVTolrI0726XPLCe1u+cvBkAY1OlpjjO1pWiJ3JJ/cG1oRA
+8PxgNLupX36UBRtxw1Lrovip7uOKrShabQ+lzTSA4+F5gB8Q4VgK1zikNMWl7dIF
+qsP10QcVrnkRGAOE398fXZ1YoAoCmOqCvgsXW7y3k1cCAwEAAaOCAQYwggECMAkG
+A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBT7NcHfcw4VcO5WuhtuHPfz
+rkj82TBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0
cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu
Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBWv4PhHGVpiLF5M3Rn
-qQLSoRFjKqn3N9We81RWwVRpBzwoUEaHizelaVct9FJg6t7Fk/D8F0wag5EFKlcg
-KQ8fd/0qLE393uwGb4Dvql2w49NFFDUsk5FC+pMUDAYsWHyFu26WKY5kfaMwNMNJ
-HK6e4m6+Wmoy5ulkatwDJRDqkyG11YJ/p0n0HAG1DBJoL9079U+xQxT+9a2f7TaO
-B/UbQNOvOgqaddk5uUDTjqnY/bltbAAuuI1ZNMrPCCNUorcdhySJb1tlF/JXTTB6
-N60XqYRYnk5T1yftNU0AA26ggskv4MMDwgYCGsyZuCX9vW+XsArRQJ5fsSZDiO7R
-8FT2
+L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBLXRISCSOxF4ln8+ub
+oaHTs1JvfCFKCQ3vORWjrntd8v8SQ92xGRBrT5oCataVTiPbQwphdScOl377YUQU
+EGDOSpbNRD0Au5Z1VryP/02B401TSbrpZ7DZyAnxSsR6Dz8lbCtW1GLCpEzFdxNS
+Vi5j30k8yeCAy1VIYCCPsqNQpziIFYuzrQ87x0P1U9W0xUE0GHWDa79LRkkTv8uJ
+wJ4RKMk8HHnac7ws9ybrhT8sv3oXAv8LRN4zFTq+YRWOm8hH/0BhGMKRi6SzvdK1
+i853cG4N7I2B60msO2n0lDkPAgH8EBE6IRpd2DdrXH6UyEwEAiJrdGWRMNJpD7OI
+XSh6
-----END CERTIFICATE-----
diff --git a/testing/hosts/alice/etc/ipsec.d/private/aliceKey.pem b/testing/hosts/alice/etc/ipsec.d/private/aliceKey.pem
index 51f9c0d..2951205 100644
--- a/testing/hosts/alice/etc/ipsec.d/private/aliceKey.pem
+++ b/testing/hosts/alice/etc/ipsec.d/private/aliceKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA2I1qSBHmly3Q2qKt88kRv17dhmRge+pn9FQnoRr1kYTwq5DE
-YAe4tapp//casv8tgizV9MnslM0y749J5zyR/0jkDEi0/Nv65LAj2FdDGGU0nxX5
-mOz1DcZf/n3BLcNwcXiLxvzwj9/tosbAc6hHJP9Rk9c8YisdL1RaH/nT/9D8Yut6
-K+hbrkJ+Pug2LfAxNjBkHkzI9jmr0xFxjIQ9rQY0zQbPNh8gSRDPye5Iv+pZCuYu
-aVLoq3DkvcdexRoqKca3TEjuMsZaHjKyeuMw3ErNG3YshOpI+2hNNHYkHprn/rnj
-iYHYUYSulJ38uAZObDM6CWhkumxCCw3rGOlS+wIDAQABAoIBAFh3/ZGP7pqYlxib
-GWHdJSj/gpTi8R/utaV1s/L3ZpearhAJRpDM1sMw6bkupHO4GEl0M7ybudFYu5Ru
-/4w+jI60oqX6FiavYCKJazt4+uo+fm73tU6qj7qe7pyzl3YwwAE7dC9JKqY8n4K+
-m+UkPFx7CkLRzdN1NakeVut1TwzU/cUtAV8iY1yEtw/KyiyL/I7aJ3zZ1pg+5kRS
-JLKDrRlf0xQ+I7AY12XrSimbLqxmyVmWq74Fm/YAWGgvi/Nx04Zg/C4wp4A+izFt
-N8zWjktY1brRrCnRfUEcevv5hPqFxfOPFmB9x7mX/8eH5v2T+XR9swoF92xWHxQ5
-7tcB4NECgYEA69dBy4God5TW1FyT7DbgKHd7BVtOVLjsbQxc8UNBN/mHemUGMs1v
-lemW0ZPddU2/rqd3jlZuP4zv/6D9OZ0omi8auejO2WwAbut6JBX+dlvF9+owyU3h
-CraycFaxZIMn+JzXbIunmVUrVE1QvpBFaNXlC47cO8CmQlMV0nChzZ8CgYEA6xAV
-F1L0iqISsCu0q1iM4LtHVT944o815B8RlREOPxROXJaJQ8phVQgT5PXRkHZDn55Z
-mKqkAX2KwjBQj0KfUvmJ6D8T6OZOe08/oSwiBrBpSQsH3AA7mmDXyT3gRsma0jnj
-cNGjecG9VXbJiZnBetGdLuvSnVYfdkcw4atthSUCgYEAhaFMaJEo8cjmCSIDtt5J
-GOTKUfiwY5T8cbWFnDatZ5f9yb4gSvzYcysOB+Yun17Uc5P0TDRw95VWD5Qap2CD
-NwnlrN1bBxsJC9BlPrkvm8TYYWbTCd0U3Es0xC57CSa/qUDFV32yE1GM4ZGFZNS+
-X26C/4+M/lZkXkRRoxGqvKUCgYEAugOyDRESf5qeG1ea03Vxlm3dlzJxYShfRzTm
-3wXuNjDFijN+UG0Y9Qc9ZxS4UA+ml+vhjxSKULueUOmW9qeMGUdrwKQaB1YpiR8/
-hTW9f3me97SI9aohgJteZ9xVXO8xW2d/+smLClEsmTM1bXSFTcIPFxB7TRLYNutD
-XXIhaxkCgYBEQECMTKNZcGf67fjmA6PMpMGlwbVGmyXYYK4I+IRNUFWyrpNalmr/
-LXj7m1EYcx4BK7BrpDUgnm8q37BAwYOioLJFWLK58iW1B+Qvg6jlwnr+ZaYhZx94
-D/SL9GuQQTQtxlFex4Wale7R8xNdt7xuVJD6pE3mFVkXN4+OrI+EWQ==
+MIIEpAIBAAKCAQEAtGyT+Knh6NBXKcQaa8X36qHYwhLYKLerWz7tUDHjuLi+7a48
+HFvTrhqHIXDjEbTyfPh7BMvDuyCvGHPtiaLxUdjf1jXBWRQWPA0Xj4lsva8HamsW
+d/V7A2ZpreFvJEnO7gCNryhNbREpjajtwyLSvJNmj1eifurVwt0dlvgFb9pNjMpw
+ujsWyaOC9upYpVOiWsjTvbpc8sJ7W75y8GQBjU6WmOM7WlaInckn9wbWhEDw/GA0
+u6lffpQFG3HDUuui+Knu44qtKFptD6XNNIDj4XmAHxDhWArXOKQ0xaXt0gWqw/XR
+BxWueREYA4Tf3x9dnVigCgKY6oK+CxdbvLeTVwIDAQABAoIBAFB1oz9fMxmJ33UG
+uOma7UY7StixYqg10DruwxHiTbVQ3gRMkQ3sfWfE+MIW/4wj74d/oAyxeeX3W15C
+RIn+mjNvzdJPQpwg8xFwnTMri8zDQ0FX5Ds2w9buUu5x/AhoydklcgnMpUqgPrGn
+xfAhlWz3JuOBpzuGKjGuPcXXcUVBipMzBz4KmcK88y2S3zhqRbvYrZlhdHlvrhsh
+5UAiHn/A5BBiLJNtzfxIGEy9tl4PBbfQ5fpXMCyg4r9tNN64NZPfdzoEDIb4dZqZ
+dzOFuoqjAkHXBf1VnfHoCJnmgYFIDMw9UU36NgGJHG43ZdMKR32lL81C76881PO3
+1YAEO1ECgYEA6+swZwhvQXNQuZgo/UsXPsu7AuVrRM6Wyt0FzCs7o4TqyKhlCgfk
+YO318qh//kc3CNYHg28OZdIzi+b4TyYZIE1qRJ8s0iohbCwVGTJ/r8omkEzhlo1s
+6kAVgnioFav68/70wVeKcljJhI4eRB8OtxMXLyKnqQZPOE2tsWi/TNUCgYEAw8gg
+8fKHbL04wS8xFXWWQh1atcK3fTvNTY9hqwJojNOBo+slzXycJwC5tqg43AZDYzGE
+mJrH5/augclQMd4efHd0VYQxgtAR5ZXpyYeThMdfb/Hq1K14JO3+bQzUHsAoRGfA
+WfQUwaNPLe0o6EkPWXnnoLVMSH/MIC3yFwPXhXsCgYEAucNTNY36rLq0Ua9ydx/t
+idC5zKoBMQjKy6oFqqJQL421oZKXHLLiLUCybQQo5HwG5bpB6EhGOf6t//c6hngl
+SL4scyQzErmB379GTbTpve2bN/yRlQ5/OGSFi1qeX5Iv5HhZGPRpW2h2JR4Szuj1
+mUo68y6CfiEtt9PSdONZ3pECgYEAg0p49WeL85rtLXflNZvWON4Qj6VVgVESO3n0
+qEaEMDRCUteFUUjIOsucvuYOw1Yb6LAzWFcryd2+ZuDGu7pVvWgqBpMQ1MWNyuV+
+kxwtDDTbRmn37cmqsTE8loqs0TZRipX9AxXQuY43sffBoAwmk/1RHI+X6WJyU/4b
+w91asXMCgYB+RVT6J7Xq0Q93TsJcShVFZF0nr2SbtqAMgqbdLv8ZHzJF5+W/nvV5
+Y9ZqB3aCcQn5vCyazSfZQqsXMxonuOharafGzEZRaV/7DOxW1EWbjTfMlZAvruuD
+88Be/vGN8zIL1Cu1R5hWowlKj++fCqhqF3Aauh6EtfAWQlqNStav3Q==
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/alice/etc/swanctl/rsa/aliceKey.pem b/testing/hosts/alice/etc/swanctl/rsa/aliceKey.pem
index 51f9c0d..2951205 100644
--- a/testing/hosts/alice/etc/swanctl/rsa/aliceKey.pem
+++ b/testing/hosts/alice/etc/swanctl/rsa/aliceKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA2I1qSBHmly3Q2qKt88kRv17dhmRge+pn9FQnoRr1kYTwq5DE
-YAe4tapp//casv8tgizV9MnslM0y749J5zyR/0jkDEi0/Nv65LAj2FdDGGU0nxX5
-mOz1DcZf/n3BLcNwcXiLxvzwj9/tosbAc6hHJP9Rk9c8YisdL1RaH/nT/9D8Yut6
-K+hbrkJ+Pug2LfAxNjBkHkzI9jmr0xFxjIQ9rQY0zQbPNh8gSRDPye5Iv+pZCuYu
-aVLoq3DkvcdexRoqKca3TEjuMsZaHjKyeuMw3ErNG3YshOpI+2hNNHYkHprn/rnj
-iYHYUYSulJ38uAZObDM6CWhkumxCCw3rGOlS+wIDAQABAoIBAFh3/ZGP7pqYlxib
-GWHdJSj/gpTi8R/utaV1s/L3ZpearhAJRpDM1sMw6bkupHO4GEl0M7ybudFYu5Ru
-/4w+jI60oqX6FiavYCKJazt4+uo+fm73tU6qj7qe7pyzl3YwwAE7dC9JKqY8n4K+
-m+UkPFx7CkLRzdN1NakeVut1TwzU/cUtAV8iY1yEtw/KyiyL/I7aJ3zZ1pg+5kRS
-JLKDrRlf0xQ+I7AY12XrSimbLqxmyVmWq74Fm/YAWGgvi/Nx04Zg/C4wp4A+izFt
-N8zWjktY1brRrCnRfUEcevv5hPqFxfOPFmB9x7mX/8eH5v2T+XR9swoF92xWHxQ5
-7tcB4NECgYEA69dBy4God5TW1FyT7DbgKHd7BVtOVLjsbQxc8UNBN/mHemUGMs1v
-lemW0ZPddU2/rqd3jlZuP4zv/6D9OZ0omi8auejO2WwAbut6JBX+dlvF9+owyU3h
-CraycFaxZIMn+JzXbIunmVUrVE1QvpBFaNXlC47cO8CmQlMV0nChzZ8CgYEA6xAV
-F1L0iqISsCu0q1iM4LtHVT944o815B8RlREOPxROXJaJQ8phVQgT5PXRkHZDn55Z
-mKqkAX2KwjBQj0KfUvmJ6D8T6OZOe08/oSwiBrBpSQsH3AA7mmDXyT3gRsma0jnj
-cNGjecG9VXbJiZnBetGdLuvSnVYfdkcw4atthSUCgYEAhaFMaJEo8cjmCSIDtt5J
-GOTKUfiwY5T8cbWFnDatZ5f9yb4gSvzYcysOB+Yun17Uc5P0TDRw95VWD5Qap2CD
-NwnlrN1bBxsJC9BlPrkvm8TYYWbTCd0U3Es0xC57CSa/qUDFV32yE1GM4ZGFZNS+
-X26C/4+M/lZkXkRRoxGqvKUCgYEAugOyDRESf5qeG1ea03Vxlm3dlzJxYShfRzTm
-3wXuNjDFijN+UG0Y9Qc9ZxS4UA+ml+vhjxSKULueUOmW9qeMGUdrwKQaB1YpiR8/
-hTW9f3me97SI9aohgJteZ9xVXO8xW2d/+smLClEsmTM1bXSFTcIPFxB7TRLYNutD
-XXIhaxkCgYBEQECMTKNZcGf67fjmA6PMpMGlwbVGmyXYYK4I+IRNUFWyrpNalmr/
-LXj7m1EYcx4BK7BrpDUgnm8q37BAwYOioLJFWLK58iW1B+Qvg6jlwnr+ZaYhZx94
-D/SL9GuQQTQtxlFex4Wale7R8xNdt7xuVJD6pE3mFVkXN4+OrI+EWQ==
+MIIEpAIBAAKCAQEAtGyT+Knh6NBXKcQaa8X36qHYwhLYKLerWz7tUDHjuLi+7a48
+HFvTrhqHIXDjEbTyfPh7BMvDuyCvGHPtiaLxUdjf1jXBWRQWPA0Xj4lsva8HamsW
+d/V7A2ZpreFvJEnO7gCNryhNbREpjajtwyLSvJNmj1eifurVwt0dlvgFb9pNjMpw
+ujsWyaOC9upYpVOiWsjTvbpc8sJ7W75y8GQBjU6WmOM7WlaInckn9wbWhEDw/GA0
+u6lffpQFG3HDUuui+Knu44qtKFptD6XNNIDj4XmAHxDhWArXOKQ0xaXt0gWqw/XR
+BxWueREYA4Tf3x9dnVigCgKY6oK+CxdbvLeTVwIDAQABAoIBAFB1oz9fMxmJ33UG
+uOma7UY7StixYqg10DruwxHiTbVQ3gRMkQ3sfWfE+MIW/4wj74d/oAyxeeX3W15C
+RIn+mjNvzdJPQpwg8xFwnTMri8zDQ0FX5Ds2w9buUu5x/AhoydklcgnMpUqgPrGn
+xfAhlWz3JuOBpzuGKjGuPcXXcUVBipMzBz4KmcK88y2S3zhqRbvYrZlhdHlvrhsh
+5UAiHn/A5BBiLJNtzfxIGEy9tl4PBbfQ5fpXMCyg4r9tNN64NZPfdzoEDIb4dZqZ
+dzOFuoqjAkHXBf1VnfHoCJnmgYFIDMw9UU36NgGJHG43ZdMKR32lL81C76881PO3
+1YAEO1ECgYEA6+swZwhvQXNQuZgo/UsXPsu7AuVrRM6Wyt0FzCs7o4TqyKhlCgfk
+YO318qh//kc3CNYHg28OZdIzi+b4TyYZIE1qRJ8s0iohbCwVGTJ/r8omkEzhlo1s
+6kAVgnioFav68/70wVeKcljJhI4eRB8OtxMXLyKnqQZPOE2tsWi/TNUCgYEAw8gg
+8fKHbL04wS8xFXWWQh1atcK3fTvNTY9hqwJojNOBo+slzXycJwC5tqg43AZDYzGE
+mJrH5/augclQMd4efHd0VYQxgtAR5ZXpyYeThMdfb/Hq1K14JO3+bQzUHsAoRGfA
+WfQUwaNPLe0o6EkPWXnnoLVMSH/MIC3yFwPXhXsCgYEAucNTNY36rLq0Ua9ydx/t
+idC5zKoBMQjKy6oFqqJQL421oZKXHLLiLUCybQQo5HwG5bpB6EhGOf6t//c6hngl
+SL4scyQzErmB379GTbTpve2bN/yRlQ5/OGSFi1qeX5Iv5HhZGPRpW2h2JR4Szuj1
+mUo68y6CfiEtt9PSdONZ3pECgYEAg0p49WeL85rtLXflNZvWON4Qj6VVgVESO3n0
+qEaEMDRCUteFUUjIOsucvuYOw1Yb6LAzWFcryd2+ZuDGu7pVvWgqBpMQ1MWNyuV+
+kxwtDDTbRmn37cmqsTE8loqs0TZRipX9AxXQuY43sffBoAwmk/1RHI+X6WJyU/4b
+w91asXMCgYB+RVT6J7Xq0Q93TsJcShVFZF0nr2SbtqAMgqbdLv8ZHzJF5+W/nvV5
+Y9ZqB3aCcQn5vCyazSfZQqsXMxonuOharafGzEZRaV/7DOxW1EWbjTfMlZAvruuD
+88Be/vGN8zIL1Cu1R5hWowlKj++fCqhqF3Aauh6EtfAWQlqNStav3Q==
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/alice/etc/swanctl/x509/aliceCert.pem b/testing/hosts/alice/etc/swanctl/x509/aliceCert.pem
index 49fe4b8..fc19567 100644
--- a/testing/hosts/alice/etc/swanctl/x509/aliceCert.pem
+++ b/testing/hosts/alice/etc/swanctl/x509/aliceCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBGTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEHzCCAwegAwIBAgIBLTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMDcyNFoXDTE0MDgyNjEwMDcyNFowVzELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NTQzNloXDTE5MDgyNjE0NTQzNlowVzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANiNakgR5pct0NqirfPJEb9e3YZkYHvqZ/RUJ6Ea9ZGE
-8KuQxGAHuLWqaf/3GrL/LYIs1fTJ7JTNMu+PSec8kf9I5AxItPzb+uSwI9hXQxhl
-NJ8V+Zjs9Q3GX/59wS3DcHF4i8b88I/f7aLGwHOoRyT/UZPXPGIrHS9UWh/50//Q
-/GLreivoW65Cfj7oNi3wMTYwZB5MyPY5q9MRcYyEPa0GNM0GzzYfIEkQz8nuSL/q
-WQrmLmlS6Ktw5L3HXsUaKinGt0xI7jLGWh4ysnrjMNxKzRt2LITqSPtoTTR2JB6a
-5/6544mB2FGErpSd/LgGTmwzOgloZLpsQgsN6xjpUvsCAwEAAaOCAQYwggECMAkG
-A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQF2gQgjAL0KEcKz2x3LQZm
-E9qGPDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
+BQADggEPADCCAQoCggEBALRsk/ip4ejQVynEGmvF9+qh2MIS2Ci3q1s+7VAx47i4
+vu2uPBxb064ahyFw4xG08nz4ewTLw7sgrxhz7Ymi8VHY39Y1wVkUFjwNF4+JbL2v
+B2prFnf1ewNmaa3hbyRJzu4Aja8oTW0RKY2o7cMi0ryTZo9Xon7q1cLdHZb4BW/a
+TYzKcLo7FsmjgvbqWKVTolrI0726XPLCe1u+cvBkAY1OlpjjO1pWiJ3JJ/cG1oRA
+8PxgNLupX36UBRtxw1Lrovip7uOKrShabQ+lzTSA4+F5gB8Q4VgK1zikNMWl7dIF
+qsP10QcVrnkRGAOE398fXZ1YoAoCmOqCvgsXW7y3k1cCAwEAAaOCAQYwggECMAkG
+A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBT7NcHfcw4VcO5WuhtuHPfz
+rkj82TBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0
cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu
Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBWv4PhHGVpiLF5M3Rn
-qQLSoRFjKqn3N9We81RWwVRpBzwoUEaHizelaVct9FJg6t7Fk/D8F0wag5EFKlcg
-KQ8fd/0qLE393uwGb4Dvql2w49NFFDUsk5FC+pMUDAYsWHyFu26WKY5kfaMwNMNJ
-HK6e4m6+Wmoy5ulkatwDJRDqkyG11YJ/p0n0HAG1DBJoL9079U+xQxT+9a2f7TaO
-B/UbQNOvOgqaddk5uUDTjqnY/bltbAAuuI1ZNMrPCCNUorcdhySJb1tlF/JXTTB6
-N60XqYRYnk5T1yftNU0AA26ggskv4MMDwgYCGsyZuCX9vW+XsArRQJ5fsSZDiO7R
-8FT2
+L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBLXRISCSOxF4ln8+ub
+oaHTs1JvfCFKCQ3vORWjrntd8v8SQ92xGRBrT5oCataVTiPbQwphdScOl377YUQU
+EGDOSpbNRD0Au5Z1VryP/02B401TSbrpZ7DZyAnxSsR6Dz8lbCtW1GLCpEzFdxNS
+Vi5j30k8yeCAy1VIYCCPsqNQpziIFYuzrQ87x0P1U9W0xUE0GHWDa79LRkkTv8uJ
+wJ4RKMk8HHnac7ws9ybrhT8sv3oXAv8LRN4zFTq+YRWOm8hH/0BhGMKRi6SzvdK1
+i853cG4N7I2B60msO2n0lDkPAgH8EBE6IRpd2DdrXH6UyEwEAiJrdGWRMNJpD7OI
+XSh6
-----END CERTIFICATE-----
diff --git a/testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem b/testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem
index 00ecd5a..d121908 100644
--- a/testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem
+++ b/testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIBGjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEHjCCAwagAwIBAgIBLjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMDgxOFoXDTE0MDgyNjEwMDgxOFowWDELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NTYyNloXDTE5MDgyNjE0NTYyNlowWDELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRswGQYDVQQDFBJib2JAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDXwxTtozmxKaUhC0T5HvxVShfM5jQQKwIzSVAZeXUp
-BgQ2uLT9Hn/J7boaUIE1Xf11zCRIlcy5Xkupha2gfqEmRbefYAOr/NFuC4pPEDeJ
-jWg/miCZo9/DH2iWvCvU4GCcrY/LKDeDoKL9fc9H5FTtA/Y1ugbooOO1yoV04eot
-MmvmYcqUtCX+h/Of9xM0w0m6aoDIXAhjcKEPMg/WL5acWuVVaWONa+x7HoQUDe+9
-MgoB1VmaoB77VYaK72jBhbvonF8GjEb3RiukfuMIOk5yN9OHzA9ODJbTDvSmmQkt
-h/oEHAL/tzOQ2zjEptsKvwq/3drGbdREO/cp39I5/ZRFAgMBAAGjggEEMIIBADAJ
-BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUYUK/uIcou7BS8ODHk9Ro
-PGJP1FcwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+AQUAA4IBDwAwggEKAoIBAQC17WwJLZubKi5Z7jWgpDBXIMDtzIKtJlNwLAXomp/W
+EuWsC8p8z0yaFlMCSQwWCFjLJjD/DH8NczEPyZZF4c3rXoph59tAXxj80C2/iU7K
+l62ZDDRa00TVmMo04U47fJYzhLsclQVzbenoWB68kJ+z4WpKc2UtPGggNOnb/5xH
+Alvx19DmMsGWpCpbp+H667xtB4T6CIXoVSmAMEkg10C8BlP3PgZY2As0vfZHITZ+
+p4y3KFOF/X3O5BHb4Ey9nl+680zB1mHkssrq4fMEgsf5mXWNSlhvcpdt7qIHG1IM
+AC3FgZzV4thEk6Lb0lZkR+woW9No652l0TrrJAAwiuBJAgMBAAGjggEEMIIBADAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUHWrADkwud47tB9AmhN0r
+ZXWlitkwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHQYDVR0RBBYwFIESYm9iQHN0cm9uZ3N3YW4u
b3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcv
-c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAEIkmrK7GPm4H/FAEVCN
-775XpuofsfGjT/bO/aPCqb+uPwwcKeUfxzICQDEqMv+mtxGuLjtfmTWwUcoPMgN+
-2HZDJGa1+kK2VLUz3QBIQXSdusbITb0ND/xCvbGwsk9y/0DGBnAo3xNBNM73ZQ8k
-/A7mQ2nnQfzI9gQ342FOuTTb/kwrVNixQI3dhvf6Th5Dj5rZfQs6c09+9jRLGBFx
-g7qQ1gej0fi6XYX4cSNwluu/Vo6xT5epEeTU5KoYn0mtOqFx6AY8xzIqQLvY4m8g
-viGoGRqId1gqNiEfshb8KICPI29WyiBRzMKO6reeb+446A9CSLgMW0Ze3SCRXrjr
-2nQ=
+c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBABnuiN+hpSNTLN1FrLWX
+iWWDvMJVW//7ttgyNR5q9CCyuCbMYujhfLn+Qbzh0pTx6fJijmUqua0SbBlrtW/t
+O4SvyCbisZij4XZcdoQltas+MTQyNBYdRx8g+bwqUPH/xB/kvXLogsVuO5IXm/Ey
+DSLlb+K12IBGc5zLlv/PoM+6FxuMMerI4t+TQZF06O5yWZ2Yr+weqtI172BQLh0u
+901s/3DOqv2fGTqAfK/8i+8H3gXNoxeRKmEH4+v2mBQDrfQpUqNF08Zbg9SRfdR1
+rHyi5hw0ynCIKYIbwSYhHjZQH0pQGY3uru6h14qSjnvt/LUiU1sExAsShyR4Lsgc
+w24=
-----END CERTIFICATE-----
diff --git a/testing/hosts/bob/etc/ipsec.d/private/bobKey.pem b/testing/hosts/bob/etc/ipsec.d/private/bobKey.pem
index e74392b..3d76cf6 100644
--- a/testing/hosts/bob/etc/ipsec.d/private/bobKey.pem
+++ b/testing/hosts/bob/etc/ipsec.d/private/bobKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA18MU7aM5sSmlIQtE+R78VUoXzOY0ECsCM0lQGXl1KQYENri0
-/R5/ye26GlCBNV39dcwkSJXMuV5LqYWtoH6hJkW3n2ADq/zRbguKTxA3iY1oP5og
-maPfwx9olrwr1OBgnK2Pyyg3g6Ci/X3PR+RU7QP2NboG6KDjtcqFdOHqLTJr5mHK
-lLQl/ofzn/cTNMNJumqAyFwIY3ChDzIP1i+WnFrlVWljjWvsex6EFA3vvTIKAdVZ
-mqAe+1WGiu9owYW76JxfBoxG90YrpH7jCDpOcjfTh8wPTgyW0w70ppkJLYf6BBwC
-/7czkNs4xKbbCr8Kv93axm3URDv3Kd/SOf2URQIDAQABAoIBAQC/GZwptk5c6ePF
-1rNqatVXvV5DLwmh4FX8ksyNI5Rvl1KYHRTAtAi/Ev2oXPF0ESFy+jKQz40aCbi+
-FxZndoDI4yr10BaweCYOb846pMRr4oEZBCwnqIuByQnbqCKyU2F+pAMeDyrMPLTg
-DFRQ+p11p/KkN3XzCL1mwE9f7NB64fIwIaoAPb5EzELq3SXbBn1MCDPcvZEeyqUW
-jW9OGe2hmen7Vk7JLE+2XU6Wyo6X4RWkj2lpOxofuxff4pI+xoiWmZxV93FzZoCo
-R55TP0AtgyRUQyRrSgSV8T34sZI79ZBt1N6JBdnOl8sl4niQu5laBKJGKWnEiiPE
-w7vUmHLBAoGBAP45AScORw0eb8K4Xy1UAaWZnSzN4z35QxkjelQ05Hkd9lrpwRBz
-Us2Yo35spvaI+/sYmnYC6vdnFRTdhVfHY4uTyODWOawhMM1mnWoRo0MohCyBBOjZ
-XGeOROWV4uGld6dLj4zoKfDWyw2y9ChT8kxidSmJajxese6DovTv1ov5AoGBANlF
-PgRyOCUZK5I1XTzkbt4GMUrRh3gAnTM84enjJHtxo+IZuwhVA8wgfl6k+LXAP49k
-si3HnmsAAezqFJOapbBf9zZSCTPTYDFk9qyu8TXw32K48obhb3Ns80Ba4sqVCixo
-K3NpOE5OaNxEdBHmi39RJf1fyUNZ+u+cz4xXdiWtAoGAChXo3cvLNdIHTQpTfFDg
-39kAS06/vS2uY8jsiXqvtb5ij6jGaAirOEzd754P4af9lzCasCPdfoMwaut+5sSa
-RmdOiNz23MVUUlHH3PVmLLvmwn073KEC8XjLcvBHV/xgitqMj2KGh29+DsUSuqbZ
-7f3Z+BPjixGWrYe7Z0w8jsECgYEA1a/MNwM/RP1kZQAnG2Rvxd3BTRyWZ+fytBoE
-9st3bhFuZUl5MdCrU3AB2YPXOKpD2PvoYi4aGJKBUklGw4UtwDIiKUK12kriKLJs
-CZplke+9RJMxtIaz3oohFAJPW38J6nLpiTDLN/jWGQ0aOyDLwgRFoNU8VQmCS3em
-iRjcEmECgYEAgyrUsD+qScWzS3GvkZITcy20+iCVfxXH8ZznNVHGFoFZ+3uu/kH+
-u0yXPXPux2t5P2+Ybm4ojV09/QWaJgHVoL7PBiyk5AhXO0A1EK0NG8uJeYaMthJk
-D6RrYXqdmKrSEDTh2DvE6W149sRgO2Z3b0FGgzjYjhSFF/ePZxAFiIQ=
+MIIEowIBAAKCAQEAte1sCS2bmyouWe41oKQwVyDA7cyCrSZTcCwF6Jqf1hLlrAvK
+fM9MmhZTAkkMFghYyyYw/wx/DXMxD8mWReHN616KYefbQF8Y/NAtv4lOypetmQw0
+WtNE1ZjKNOFOO3yWM4S7HJUFc23p6FgevJCfs+FqSnNlLTxoIDTp2/+cRwJb8dfQ
+5jLBlqQqW6fh+uu8bQeE+giF6FUpgDBJINdAvAZT9z4GWNgLNL32RyE2fqeMtyhT
+hf19zuQR2+BMvZ5fuvNMwdZh5LLK6uHzBILH+Zl1jUpYb3KXbe6iBxtSDAAtxYGc
+1eLYRJOi29JWZEfsKFvTaOudpdE66yQAMIrgSQIDAQABAoIBAQCPNhTjrLlfjfbq
+6C/jAxzimXAGQgVkVFU+aglEr+O+2yVdJ/MACRed/JDfra0L8woi8S+EtsuVROaM
+LP5UiIpXDBcXNzNLGxFKgn5g1q/lnz0Sy56zGLiJBDu5INs6zLpYV9YLi+u8j/uf
+4S5g9eAh9AJ+FRTCZVj6cWzet/rHkegCJ1KeA6Nxk9+cCnBUc6pD3Ars5miKGef+
+uuqg0MUJA5PHIwisQGyEx4KCjopZj4Lic0CXWf53wmm9eVWWMDwL0MgqYuXw/dTF
+1Z3ShU6VLNE0qCuC4Q7/H1MSfWfatM93nOI2u0/0r3zEnlK/5IpyrY8EtOiHhZ2G
+FAJw/Kl5AoGBAPEIC396ff3GbXmmLIkxF5Hq3Fdie0KbwpsVr1ibFvj6i63Zz7+P
+BYmuAtCNz5jnriVdyJ7gZs1XO+4sxB5IRls8nOINrO7jXmJh8Ye4G4jklJ+sDipj
+nvqg1gTWuJxopWD+/Pw+vKFW74LFVKFleJzn1f7v7sFM+AfWvvVZnX9/AoGBAME5
+u4q/U+9nu58sREtYqSuDYL8CdfaSLhdR7SN5xnvZnLmxOJEL2pSifU1P4HFvgWzl
+pQrTzb2rB/O62GcHo+2bin2BNGoBGkMuXfnw9ElchGv1ksJwy293MFy2CQBJ9lgf
+NfKO2EtunxYiFlZqKmThlf0IRtI4122EHbQBiYQ3AoGAFZEKtlVXgKWIliHwSjZC
+TaQeIxOEw+j7+LRwBBWccJq6dMvQcutxK2iOh+qocJ4KTv2dPdoGWMk9a4pF4g/F
+e9RolTF0D8v4XgU1f1dR32XUhpT2j4RqbTKG89finNwgMBWgvVE/v4/vzlupvuc9
+a4yy8SS20ET6zHjCjWF/XjECgYBTvGIyyaFlQY4Ed9mM0XpWehPGExnt5gGFZ6Kd
+2hsS9wY9TrjV2s451YT5qSD557mt6IMygwFJLcI/dHxtgdkfkmVc6E4/lgS8km51
+b19eH3Lfmkekbd8rifpyYwzZjDPukm/9krvXTLQykkkd39pJZ51pT1nppmptcnCw
+3m2q1wKBgHQ1HdDKGyqjfewGu/nuP7uCY3nledCYExMqo3e0dRx9y+6y3sFCdsVQ
+iaaMHEJNPsFQa+nWQiVrzyQ47KP2MZnzom2xeguM4DrchVpK0xMSxe9KbzbjF5V5
+3qeswPRBBHghOX3W5+krYvDzjX+JlCaMFvXy0NKN1Ti1Y4BVi1hL
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/bob/etc/swanctl/rsa/bobKey.pem b/testing/hosts/bob/etc/swanctl/rsa/bobKey.pem
index e74392b..3d76cf6 100644
--- a/testing/hosts/bob/etc/swanctl/rsa/bobKey.pem
+++ b/testing/hosts/bob/etc/swanctl/rsa/bobKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA18MU7aM5sSmlIQtE+R78VUoXzOY0ECsCM0lQGXl1KQYENri0
-/R5/ye26GlCBNV39dcwkSJXMuV5LqYWtoH6hJkW3n2ADq/zRbguKTxA3iY1oP5og
-maPfwx9olrwr1OBgnK2Pyyg3g6Ci/X3PR+RU7QP2NboG6KDjtcqFdOHqLTJr5mHK
-lLQl/ofzn/cTNMNJumqAyFwIY3ChDzIP1i+WnFrlVWljjWvsex6EFA3vvTIKAdVZ
-mqAe+1WGiu9owYW76JxfBoxG90YrpH7jCDpOcjfTh8wPTgyW0w70ppkJLYf6BBwC
-/7czkNs4xKbbCr8Kv93axm3URDv3Kd/SOf2URQIDAQABAoIBAQC/GZwptk5c6ePF
-1rNqatVXvV5DLwmh4FX8ksyNI5Rvl1KYHRTAtAi/Ev2oXPF0ESFy+jKQz40aCbi+
-FxZndoDI4yr10BaweCYOb846pMRr4oEZBCwnqIuByQnbqCKyU2F+pAMeDyrMPLTg
-DFRQ+p11p/KkN3XzCL1mwE9f7NB64fIwIaoAPb5EzELq3SXbBn1MCDPcvZEeyqUW
-jW9OGe2hmen7Vk7JLE+2XU6Wyo6X4RWkj2lpOxofuxff4pI+xoiWmZxV93FzZoCo
-R55TP0AtgyRUQyRrSgSV8T34sZI79ZBt1N6JBdnOl8sl4niQu5laBKJGKWnEiiPE
-w7vUmHLBAoGBAP45AScORw0eb8K4Xy1UAaWZnSzN4z35QxkjelQ05Hkd9lrpwRBz
-Us2Yo35spvaI+/sYmnYC6vdnFRTdhVfHY4uTyODWOawhMM1mnWoRo0MohCyBBOjZ
-XGeOROWV4uGld6dLj4zoKfDWyw2y9ChT8kxidSmJajxese6DovTv1ov5AoGBANlF
-PgRyOCUZK5I1XTzkbt4GMUrRh3gAnTM84enjJHtxo+IZuwhVA8wgfl6k+LXAP49k
-si3HnmsAAezqFJOapbBf9zZSCTPTYDFk9qyu8TXw32K48obhb3Ns80Ba4sqVCixo
-K3NpOE5OaNxEdBHmi39RJf1fyUNZ+u+cz4xXdiWtAoGAChXo3cvLNdIHTQpTfFDg
-39kAS06/vS2uY8jsiXqvtb5ij6jGaAirOEzd754P4af9lzCasCPdfoMwaut+5sSa
-RmdOiNz23MVUUlHH3PVmLLvmwn073KEC8XjLcvBHV/xgitqMj2KGh29+DsUSuqbZ
-7f3Z+BPjixGWrYe7Z0w8jsECgYEA1a/MNwM/RP1kZQAnG2Rvxd3BTRyWZ+fytBoE
-9st3bhFuZUl5MdCrU3AB2YPXOKpD2PvoYi4aGJKBUklGw4UtwDIiKUK12kriKLJs
-CZplke+9RJMxtIaz3oohFAJPW38J6nLpiTDLN/jWGQ0aOyDLwgRFoNU8VQmCS3em
-iRjcEmECgYEAgyrUsD+qScWzS3GvkZITcy20+iCVfxXH8ZznNVHGFoFZ+3uu/kH+
-u0yXPXPux2t5P2+Ybm4ojV09/QWaJgHVoL7PBiyk5AhXO0A1EK0NG8uJeYaMthJk
-D6RrYXqdmKrSEDTh2DvE6W149sRgO2Z3b0FGgzjYjhSFF/ePZxAFiIQ=
+MIIEowIBAAKCAQEAte1sCS2bmyouWe41oKQwVyDA7cyCrSZTcCwF6Jqf1hLlrAvK
+fM9MmhZTAkkMFghYyyYw/wx/DXMxD8mWReHN616KYefbQF8Y/NAtv4lOypetmQw0
+WtNE1ZjKNOFOO3yWM4S7HJUFc23p6FgevJCfs+FqSnNlLTxoIDTp2/+cRwJb8dfQ
+5jLBlqQqW6fh+uu8bQeE+giF6FUpgDBJINdAvAZT9z4GWNgLNL32RyE2fqeMtyhT
+hf19zuQR2+BMvZ5fuvNMwdZh5LLK6uHzBILH+Zl1jUpYb3KXbe6iBxtSDAAtxYGc
+1eLYRJOi29JWZEfsKFvTaOudpdE66yQAMIrgSQIDAQABAoIBAQCPNhTjrLlfjfbq
+6C/jAxzimXAGQgVkVFU+aglEr+O+2yVdJ/MACRed/JDfra0L8woi8S+EtsuVROaM
+LP5UiIpXDBcXNzNLGxFKgn5g1q/lnz0Sy56zGLiJBDu5INs6zLpYV9YLi+u8j/uf
+4S5g9eAh9AJ+FRTCZVj6cWzet/rHkegCJ1KeA6Nxk9+cCnBUc6pD3Ars5miKGef+
+uuqg0MUJA5PHIwisQGyEx4KCjopZj4Lic0CXWf53wmm9eVWWMDwL0MgqYuXw/dTF
+1Z3ShU6VLNE0qCuC4Q7/H1MSfWfatM93nOI2u0/0r3zEnlK/5IpyrY8EtOiHhZ2G
+FAJw/Kl5AoGBAPEIC396ff3GbXmmLIkxF5Hq3Fdie0KbwpsVr1ibFvj6i63Zz7+P
+BYmuAtCNz5jnriVdyJ7gZs1XO+4sxB5IRls8nOINrO7jXmJh8Ye4G4jklJ+sDipj
+nvqg1gTWuJxopWD+/Pw+vKFW74LFVKFleJzn1f7v7sFM+AfWvvVZnX9/AoGBAME5
+u4q/U+9nu58sREtYqSuDYL8CdfaSLhdR7SN5xnvZnLmxOJEL2pSifU1P4HFvgWzl
+pQrTzb2rB/O62GcHo+2bin2BNGoBGkMuXfnw9ElchGv1ksJwy293MFy2CQBJ9lgf
+NfKO2EtunxYiFlZqKmThlf0IRtI4122EHbQBiYQ3AoGAFZEKtlVXgKWIliHwSjZC
+TaQeIxOEw+j7+LRwBBWccJq6dMvQcutxK2iOh+qocJ4KTv2dPdoGWMk9a4pF4g/F
+e9RolTF0D8v4XgU1f1dR32XUhpT2j4RqbTKG89finNwgMBWgvVE/v4/vzlupvuc9
+a4yy8SS20ET6zHjCjWF/XjECgYBTvGIyyaFlQY4Ed9mM0XpWehPGExnt5gGFZ6Kd
+2hsS9wY9TrjV2s451YT5qSD557mt6IMygwFJLcI/dHxtgdkfkmVc6E4/lgS8km51
+b19eH3Lfmkekbd8rifpyYwzZjDPukm/9krvXTLQykkkd39pJZ51pT1nppmptcnCw
+3m2q1wKBgHQ1HdDKGyqjfewGu/nuP7uCY3nledCYExMqo3e0dRx9y+6y3sFCdsVQ
+iaaMHEJNPsFQa+nWQiVrzyQ47KP2MZnzom2xeguM4DrchVpK0xMSxe9KbzbjF5V5
+3qeswPRBBHghOX3W5+krYvDzjX+JlCaMFvXy0NKN1Ti1Y4BVi1hL
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/bob/etc/swanctl/x509/bobCert.pem b/testing/hosts/bob/etc/swanctl/x509/bobCert.pem
index 00ecd5a..d121908 100644
--- a/testing/hosts/bob/etc/swanctl/x509/bobCert.pem
+++ b/testing/hosts/bob/etc/swanctl/x509/bobCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIBGjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEHjCCAwagAwIBAgIBLjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMDgxOFoXDTE0MDgyNjEwMDgxOFowWDELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NTYyNloXDTE5MDgyNjE0NTYyNlowWDELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRswGQYDVQQDFBJib2JAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDXwxTtozmxKaUhC0T5HvxVShfM5jQQKwIzSVAZeXUp
-BgQ2uLT9Hn/J7boaUIE1Xf11zCRIlcy5Xkupha2gfqEmRbefYAOr/NFuC4pPEDeJ
-jWg/miCZo9/DH2iWvCvU4GCcrY/LKDeDoKL9fc9H5FTtA/Y1ugbooOO1yoV04eot
-MmvmYcqUtCX+h/Of9xM0w0m6aoDIXAhjcKEPMg/WL5acWuVVaWONa+x7HoQUDe+9
-MgoB1VmaoB77VYaK72jBhbvonF8GjEb3RiukfuMIOk5yN9OHzA9ODJbTDvSmmQkt
-h/oEHAL/tzOQ2zjEptsKvwq/3drGbdREO/cp39I5/ZRFAgMBAAGjggEEMIIBADAJ
-BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUYUK/uIcou7BS8ODHk9Ro
-PGJP1FcwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+AQUAA4IBDwAwggEKAoIBAQC17WwJLZubKi5Z7jWgpDBXIMDtzIKtJlNwLAXomp/W
+EuWsC8p8z0yaFlMCSQwWCFjLJjD/DH8NczEPyZZF4c3rXoph59tAXxj80C2/iU7K
+l62ZDDRa00TVmMo04U47fJYzhLsclQVzbenoWB68kJ+z4WpKc2UtPGggNOnb/5xH
+Alvx19DmMsGWpCpbp+H667xtB4T6CIXoVSmAMEkg10C8BlP3PgZY2As0vfZHITZ+
+p4y3KFOF/X3O5BHb4Ey9nl+680zB1mHkssrq4fMEgsf5mXWNSlhvcpdt7qIHG1IM
+AC3FgZzV4thEk6Lb0lZkR+woW9No652l0TrrJAAwiuBJAgMBAAGjggEEMIIBADAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUHWrADkwud47tB9AmhN0r
+ZXWlitkwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHQYDVR0RBBYwFIESYm9iQHN0cm9uZ3N3YW4u
b3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcv
-c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAEIkmrK7GPm4H/FAEVCN
-775XpuofsfGjT/bO/aPCqb+uPwwcKeUfxzICQDEqMv+mtxGuLjtfmTWwUcoPMgN+
-2HZDJGa1+kK2VLUz3QBIQXSdusbITb0ND/xCvbGwsk9y/0DGBnAo3xNBNM73ZQ8k
-/A7mQ2nnQfzI9gQ342FOuTTb/kwrVNixQI3dhvf6Th5Dj5rZfQs6c09+9jRLGBFx
-g7qQ1gej0fi6XYX4cSNwluu/Vo6xT5epEeTU5KoYn0mtOqFx6AY8xzIqQLvY4m8g
-viGoGRqId1gqNiEfshb8KICPI29WyiBRzMKO6reeb+446A9CSLgMW0Ze3SCRXrjr
-2nQ=
+c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBABnuiN+hpSNTLN1FrLWX
+iWWDvMJVW//7ttgyNR5q9CCyuCbMYujhfLn+Qbzh0pTx6fJijmUqua0SbBlrtW/t
+O4SvyCbisZij4XZcdoQltas+MTQyNBYdRx8g+bwqUPH/xB/kvXLogsVuO5IXm/Ey
+DSLlb+K12IBGc5zLlv/PoM+6FxuMMerI4t+TQZF06O5yWZ2Yr+weqtI172BQLh0u
+901s/3DOqv2fGTqAfK/8i+8H3gXNoxeRKmEH4+v2mBQDrfQpUqNF08Zbg9SRfdR1
+rHyi5hw0ynCIKYIbwSYhHjZQH0pQGY3uru6h14qSjnvt/LUiU1sExAsShyR4Lsgc
+w24=
-----END CERTIFICATE-----
diff --git a/testing/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 6c41df9..b089324 100644
--- a/testing/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MDUzNloXDTE5MDgyNjE1MDUzNlowWjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
-6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
-Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
-Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
-I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
-x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
-tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+AQEBBQADggEPADCCAQoCggEBALfz1DcXyt/sOALi1IZ/RcuPa5m+4fiSST2wVWWr
+lw3hUjeiwLfgoLrtKaGX4i+At82Zol2mdbEXFpO+9qxXliP2u0fexqP4mBuZus3E
+LA82EOL0lQ2ahAi8O3qafkDMBSgvoeJpEwNe00Ugh53g7hT7dw8tSgcPGqQkWutI
+IKT9T6e/HbHNjRtYlw9ZlHsp8gSYjg/Q6vV6ofttueMUD9NRv8w2Y76rnRRmUGf3
+GlNFFmgxZntCJRuYltnxV7VcCFoppyauYt/fPmjAxbPRuhHKacnzIzq83Ixf5fSj
+MTlluGCfWFX/NGENXamBqChkRLHmuCHNexxRp9s2F1S10hECAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRcWXBiVy0qJJxclFab
+iV7lxQW2vTBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
-GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
-ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
-F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
-L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
-ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
-Rf5Z0GOR
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBVqTw0DRABEwcw
+kMsDkX1yIX4lODAadvSq/PP/M3e6VoZOXBphKQvqgAgaCpk+vAXoHNPImg+vRVeY
+bIeS0E2lMo5nKQu7MCs8RpL97PMHL7NlzRBiS+CCKRaCHglJgCZtfwc1sapnrche
+MoZat+GyjnyKVNTJh/QtGm5QL9DRKa125B9gS9FtdT0BkhxIsZ4TsEOeTqv5dHix
+bc7x+MwETL6AxNraPqfIbt78cnsIB3PpIxYYTlDVY2Fwr2G0Ri9inEM/GZFAsJSU
+iSyoTqQsyZhzzOmE/mK40JtBv+lg+pPOa4tC8w892KEKsnRX9dxX+U6vr3QtoIjN
+wg8qvcUu
-----END CERTIFICATE-----
diff --git a/testing/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/hosts/carol/etc/ipsec.d/private/carolKey.pem
index 41a1399..1454ec5 100644
--- a/testing/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,30 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq
-i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH
-jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx
-m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce
-pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq
-J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf
-dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB
-h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC
-/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY
-EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV
-pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe
-sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz
-kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk
-gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja
-OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53
-D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM
-bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo
-BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx
-7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB
-UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs
-H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB
-y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA
-zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty
-AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6
-nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/hosts/carol/etc/swanctl/rsa/carolKey.pem
index ce17e71..6aae5f7 100644
--- a/testing/hosts/carol/etc/swanctl/rsa/carolKey.pem
+++ b/testing/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0F1ZT4EXvHiXKj7EeevhQA5Tz3JBC5Pm90+hfPHqRE+yNgC6
-6S2BdH5JouRAfD9hGAM9IqPmfOaaU5B/+tZGv7w7ar4L3ZpQgKaQ29kZqajnDZaU
-4xnpPl2TYe/5AzrFP8bNbJWvV0xi7/u3LAPUHDtpb8eqRERIO7qr3lVa74vODpeX
-EI0R7PRixms398LoEvarMoCowFsgcVbw46eH6cRjggXkDORmcWvDXYYjvZnzzanD
-3uXIrBmFLP8YxAUEnH6uc13Dk/UgnBOUbk9R2gMK178xyvWKID7M6i/HnnHUagbF
-26hdZTl6Ct/Uy1qVF/09zxevirdYQpMCaxmtUQIDAQABAoIBAQCKhvVgoS/Zssa1
-ZGOVt1fbEWtxCMHr45nzpDJ18hPQ9LdDpfqeGg3uGCP2sw+YSz7PCyAzDoqnUV0a
-33/mkV0aDhfmoJEc9II+9f5q24xvOobahtlXnxttxiK9QyDnn8QR4acjYOThAjzo
-1g3yqlzzpCA2G6W8mzT22OV4/IBnrvRX/ypakffHyKTyQsxGqxz/GNbRpNi4K1eR
-3x8YoEuMstojXDp5WQD6f/u8tLHQeaUEZzeU7spedcjBatJViWVFNRX1cYC43FGH
-EKqHTNO83t3xCdW1U8J6NRQ3+cG834lA8/+GMt1Z9sjgEQe0u/ScbFQJtunssp6t
-ozOAD6XRAoGBAPVTcEXQZ99NeG32fhz+oBzjym3j8Gvkjv2LTcSMHsGacRADh17i
-AjQ8hRyPlw0hYKLk0RCNpkN69rzProA/YfxFBYKomqCQbLpl/HAzqlhMGioX6Wsv
-NolRrtqlJh9uHBSZnPp/TECRiQ7/KBy05vNyCfS21XeGB8rsoKFRN3RtAoGBANlu
-N5ultO1gTYSn7XFnih8jORt0mmlyib077l0XmFr4kmT17DXT43seRNb9r+yKeK4Z
-ngu2gPWfmAC7iUulsx7pZPPdwULzYYNc9Joe23UzD0TzPCbFbgdSrj/g33YIOLZD
-e5mhMctUTWTamWuvO8P1cJzHXxNLBIzeu/i+0aX1AoGAF+LY4qNJCc/0Mti2LMKJ
-+mYfdpWj+g1V8s/WcZWnBPixm3qMequMxWNDHqXIcknWq+WViYQRNS7KyVV7Sxdg
-xfw+bhtWet21CG0XqCEPq+s0/PY5DuuY5sPiP32m+ZZx+3t9clJkrUC+VIx5bloa
-xodK+t22aR3Osm5ZsXtD5/0CgYEArJDLVZ8In7VlELnuu6i/eMMN2fqLatFa/HOK
-VRwa8WiDV9nOpVIMI3T8kd06OPQVn6f5RbaNV2RY0YwGBaH3LbtzQhFoB2j+pbGq
-+H8xEi16GvEpdmQPVYSLg2tIL3eK+y1H9cB3sravzjGovkyPlJFB1Uxu6vMJI3zL
-lzprTdkCgYAl7EF4x/fAF8Rqk/vbcuLjsZmuM8n6aDT4G3W0gc1nVhJMdEyCGxJr
-B+qYUtxY3kDMh/FgIJ2K87S6xIYneNPiHL/fzbv6rYkRUA9DpDBBuI7vsnxmrf/+
-ucit2V0aTtBfC9gaTtp5/UoIhaSjutDc3ez4NAHBnfch1sxxY8QSXg==
+MIIEpAIBAAKCAQEAt/PUNxfK3+w4AuLUhn9Fy49rmb7h+JJJPbBVZauXDeFSN6LA
+t+Cguu0poZfiL4C3zZmiXaZ1sRcWk772rFeWI/a7R97Go/iYG5m6zcQsDzYQ4vSV
+DZqECLw7epp+QMwFKC+h4mkTA17TRSCHneDuFPt3Dy1KBw8apCRa60ggpP1Pp78d
+sc2NG1iXD1mUeynyBJiOD9Dq9Xqh+2254xQP01G/zDZjvqudFGZQZ/caU0UWaDFm
+e0IlG5iW2fFXtVwIWimnJq5i398+aMDFs9G6EcppyfMjOrzcjF/l9KMxOWW4YJ9Y
+Vf80YQ1dqYGoKGREsea4Ic17HFGn2zYXVLXSEQIDAQABAoIBAD+b2vgqDAceYcft
+s9vGStY3A9goP2969kSUoxMDILq1/X4rk0SCMlIxDEJKiPYwJl68D38evne8Khxw
+3k9+AfbxrJUPndS5c6+nmwboHOwtn+068gfANIPowxCEN8AkTGw2/F2UQ/TYZ2nx
+87NOQkWTJvpiiMSkHmw//gh56n/iWgITnL48YuiVl2bHnEmHuD4khHhYLwdPTaDp
+Re42FzFYPHUKygHA9WoOsaFPW5Q6XK/8+vtVfIz316yXaeRjKHxpTPPsjzYn0zOZ
+RbtwbomvtaIhcQuE+Ub3viZiPlgrpWDFrMTKDpQ+ExBZhqPWdVRY490SoSqXBVIG
+ui7fAtkCgYEA2jnemCf9dWCSW2ZDI4EJ4S6gbfJsrJD6dX3Y+iBy1VVcKmL0JhZ5
+RVkLr+WBsqy7Ut64Je2Zy3z0dZnpeSn1rshGzi1wY7Ox7YCFgDnGEj6l+CPQuBBt
+IqviEtg4QB75A2ciFWsW5STbXiOEpa4tk6G+6R6vg7wtn1t8qqRxE68CgYEA18s2
+aRh5ZA9bQYIDXGHNzsDQT1L/Qraq0Y1AFYGP4kXvdpR8yi27d+SEXA2Y19Qy85xX
+qw17nhItPSW+MD4eydDx/fG/MVIZSI3mWi+2jGVK/r5L9CKVnpXbDYjngsFAKKsD
+Jut2hCq5PzsEuarvIHWj6LNhlYjZ3JyY9MrqJj8CgYEA1OljIObbZlrbUKt8U7aB
+Mh9wzPSaTN+CTYGEYb2o7DVFH+G9vS9uEFfpjCsKmI3okdjUp8SiqaN3SwnofZuP
+pYCnfF9e6ReYQFWFau5zLrfK7EfdSshUAmDayHIGp6DQaR6FZYo/I0ALe1SCBbfj
+pcdIYV/b9FZz2KfFASRBYucCgYEAn90s3ujBrU3vFfWiVcMi+8M9zzY2Yo7+tyVE
+T2pfVIro3tkcJY+BrU0+fQ+ZpnLOmEi/bbocVTs0BnO6lPTATFSdobqBIKGol2aA
+O1nTi+jSiSwjCqbAXu63jCxbDjPqOvaN7DxN3ZXlDKHFW2L1qf9cwVx6s5Phihz8
+94SHuHMCgYBR/i9MzfbyU2QMfJdDT+w+Ty0xSdaZ5mKvGGBgXZCYbzK0BStnDUz3
+5pBBmtmnqHLA9EzriXxlA4KVrWoZd02lGmbmxQpN/HiVQuLcABWqOjgxEIDJWyI6
+CGvDdDwbhrhj93ioTK42QE2GllSn+VVCv5/u25j++tLa9NnvGX6Smg==
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/hosts/carol/etc/swanctl/x509/carolCert.pem
index 6c41df9..b089324 100644
--- a/testing/hosts/carol/etc/swanctl/x509/carolCert.pem
+++ b/testing/hosts/carol/etc/swanctl/x509/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MDUzNloXDTE5MDgyNjE1MDUzNlowWjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
-6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
-Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
-Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
-I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
-x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
-tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+AQEBBQADggEPADCCAQoCggEBALfz1DcXyt/sOALi1IZ/RcuPa5m+4fiSST2wVWWr
+lw3hUjeiwLfgoLrtKaGX4i+At82Zol2mdbEXFpO+9qxXliP2u0fexqP4mBuZus3E
+LA82EOL0lQ2ahAi8O3qafkDMBSgvoeJpEwNe00Ugh53g7hT7dw8tSgcPGqQkWutI
+IKT9T6e/HbHNjRtYlw9ZlHsp8gSYjg/Q6vV6ofttueMUD9NRv8w2Y76rnRRmUGf3
+GlNFFmgxZntCJRuYltnxV7VcCFoppyauYt/fPmjAxbPRuhHKacnzIzq83Ixf5fSj
+MTlluGCfWFX/NGENXamBqChkRLHmuCHNexxRp9s2F1S10hECAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRcWXBiVy0qJJxclFab
+iV7lxQW2vTBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
-GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
-ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
-F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
-L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
-ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
-Rf5Z0GOR
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBVqTw0DRABEwcw
+kMsDkX1yIX4lODAadvSq/PP/M3e6VoZOXBphKQvqgAgaCpk+vAXoHNPImg+vRVeY
+bIeS0E2lMo5nKQu7MCs8RpL97PMHL7NlzRBiS+CCKRaCHglJgCZtfwc1sapnrche
+MoZat+GyjnyKVNTJh/QtGm5QL9DRKa125B9gS9FtdT0BkhxIsZ4TsEOeTqv5dHix
+bc7x+MwETL6AxNraPqfIbt78cnsIB3PpIxYYTlDVY2Fwr2G0Ri9inEM/GZFAsJSU
+iSyoTqQsyZhzzOmE/mK40JtBv+lg+pPOa4tC8w892KEKsnRX9dxX+U6vr3QtoIjN
+wg8qvcUu
-----END CERTIFICATE-----
diff --git a/testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index f212e19..66b184b 100644
--- a/testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBMTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMzczOVoXDTE0MDgyNjEwMzczOVowWzELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MTIwMloXDTE5MDgyNjE1MTIwMlowWzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzARBgNVBAsTCkFjY291
bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDAB/JTbwVY5oNF0+8Behdbc0NOeX+bl0SOcgpZ
-ha6nbMBQO41jtOI5r5Xbg9sK9l+DYOnZQZEsEhIVZDoK8yGI/FIEE+gWRf+OLmI8
-k2K+G1dklTC/VP2tZWMQYQWs6UnX3iiVpHccI3CQqqJWe9fZsIsq0J9j9hu6h9dG
-IEbon6RXDLPI5DIiIKc3r0jDHNDsIUDzcjuUdCxKFCMuHUCfa1PBiqpj5pP6XT0G
-gI6UjbgnNWPTPb2axE7P1x5gQmVwiFiYs+VTh2fq9O9xNxnn/YmzLk4/YNly7xYX
-Q31NuhSvRpH7jsJ1p4VSuunYqvccPUKsp5PvCtCeGvNT2qt1AgMBAAGjggEFMIIB
-ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7n842u6huBpBd394
-8mdL6EOdjg4wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx
+DQEBAQUAA4IBDwAwggEKAoIBAQDWPNxNxYTNX7XiBa3R0kITDxlil9YIPiVPPSCt
+e+F/5P2AwfH2/HdKJm8Cr4IFO5OSmwHJ2lQRtAL0Zm/qpF3UWYhAJSTqkdmK35Qf
+jjDe25z5g0HpCNPU8wybfWtQtfXiMZlCdodg3gwBJ8a6adcLCp1gXePDHmIY5ABK
+0YcfAPGZQW5HchkCQ/svBradIlkuK8/GohkNL2Evj/Q1ZDCW2xoZdmqsFWPhd9+f
+/y1RtuOPss1039aPGi8D5dfjx3IGrzfjO+umN26iOWB4IdghCUwmgX+M6KEwUkOk
+69XEOQf/1edfSdcf7of/9gqREF2xWBYlN5C5k0z8/aXJnlZDAgMBAAGjggEFMIIB
+ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7BZjmSiBXgHMAifA
+ucsf6reYcDcwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx
CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
ExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAyAbxrpMtTARw3
-jvBwuapaHXnTppz+TkWyfXVpgTwtPlf3rbhPk4DjhT2ygyMTI1azoqProf2aBbDr
-DldCSQPsZAcuzOdruKKMo2CQwgLuBFXL+JUX0hiIpFS1ZZHA2aDKyUw4OyADOvDU
-8r1/WiwRb91TdYP9nEu9qP30k0vkUg8DCbCmPI1/MVaxVzh9LRAFyOHrnKSCXG7o
-StmVFm2Yf3pE4HS1W6DtommyPs7aUD5XAaQdr3DYKI/TazoU6t5g2aEqigu+pj2M
-qk5idJkx5VCFvUU1hlChyX6NNNjJNnV6u5YiuatcdYQhpCTBsxnBoM+w0BvNOCl+
-1PdgEy1K
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBCoL5/jrxie0rq
+rCwKUA9TBDBBKBMZ9x5wdAQjP9L8b20Q4SDp1vAjhFr+Axgow76pqHaLDrd7qFKE
+sBtlN0G5ZXOaVI0xloaef1K113mkSvYqbvUZNi/aTb3btI4nrCftj58EAM8TlvYW
+jMOiLYPAhN/tfOTTaUzoYuRZ9v63fHYu3UiMvNojA0uxOeryRRdbcQecu4k2EBCj
+mkNu+EkNoLNvGOC4sEjq7Gy4n52xeTuO/rI7eIt7CUS39j9OtiKQJfLVIh0Yz+o5
+ljiF0OyoxkpYG/cpoVib1RZdqL1DsHEWcQxYB+8SSG/teLxiNIZxvPHUezvi09He
+ksxdvA73
-----END CERTIFICATE-----
diff --git a/testing/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/hosts/dave/etc/ipsec.d/private/daveKey.pem
index c0a5b42..9261cc1 100644
--- a/testing/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAwAfyU28FWOaDRdPvAXoXW3NDTnl/m5dEjnIKWYWup2zAUDuN
-Y7TiOa+V24PbCvZfg2Dp2UGRLBISFWQ6CvMhiPxSBBPoFkX/ji5iPJNivhtXZJUw
-v1T9rWVjEGEFrOlJ194olaR3HCNwkKqiVnvX2bCLKtCfY/YbuofXRiBG6J+kVwyz
-yOQyIiCnN69IwxzQ7CFA83I7lHQsShQjLh1An2tTwYqqY+aT+l09BoCOlI24JzVj
-0z29msROz9ceYEJlcIhYmLPlU4dn6vTvcTcZ5/2Jsy5OP2DZcu8WF0N9TboUr0aR
-+47CdaeFUrrp2Kr3HD1CrKeT7wrQnhrzU9qrdQIDAQABAoIBAQCB4t4dYPKU9xXD
-nV4D+bjiukvEQJn3e5F7Z9doReukgwJxQlaYIjkCG6mZGM6H0603B84kjRzMWkyw
-+2HnFhyQs1omN/C7YA1C9kyr/GTFgWjTN7YJNEuBhRpEcduM4R55TGLXFK8b8Tyq
-HUBAjvOo4qi/BO1Kh6Spvkf1vs83d9clTParD/Tz4QkjUzR5awMKHgOVGgrmTiJL
-Miao6ZF0gl6qh377xc3gzQdWh6kIb2RWVL2lR/iSdDP47s2ez8ubMO1v9mu05bc0
-H5YmCVeY4nkzjlVARdCuPulKHxBkStiPEOfnGZkj1F1fjfIoOFnD9MQSYkJuZUoE
-6JWiG7QBAoGBAOouYy7W0xRlXGTrahjU9JL+o3nKCRQmvX84Hxy9fx95tz1pS5U4
-7Gk7JFmS9qKhspInnblpjqxA5D3zqoO2gspatg7QfQJpLhbGXLqR7pqp92jbK+mh
-4KITqTZRpohtzTWqPxFupzKHo5qDDMJ3m8ArnIVmxM+M0lzpn6Awq5ZVAoGBANHs
-NR2voz//E6ZMSpgKb2l3NecFwdwqQQtzghD0wFnNBYV55DJNRuW7DB5t9EdtGgAg
-b2bPG+I2RdsZPGnL0EU5+H4rP0YXBGAxoVdaFqjnG5mIRN8mAdnWeVhCH3XBmUP1
-OFe1aghYMyC0ioXe8Vt1yaxeSiMjY4JKtma2DKChAoGBAIedv4CDlg/Mt1oWXwXs
-ZYqu/nrsPp+1463GEXZyYykWMsDUtpm/MmGqh118V2pNW/16BcQ3VhF5LvSVpNzM
-GCgZqi8gHBUGVlOIInFFS7mzznyh2GdfgJg77JVxaZC+jcWTRxzQSPFhTaSQWhZQ
-cBk06Fr07esIMVbvUKrTJLtVAoGBAIFCMsqetaTYSZ8iZuQLuOJ19wjTsLUCh56n
-dzU9n5sr9PRlQ6/9iWQ3spSiG8JHWbUuQ6pIaOD3jjgE6AA08X9O3MXDl2hvD9Cz
-fqcs37sM4x+8mrvUyVr7ByjjPj/h/5+qxRCssieFN6YxxQH9bxxkANRUEs5kIge+
-PWYtPsVBAoGAVako4J2YAfaD67Yl5u2XOWrBzVWzWNeqBsiAF1nCpR1RfeH4jFN/
-Uy/qbPVjdm14GNwd5wtI0xwBAsrTVit78DoxC2MUKMIuq9xVVakKX8UxBmCnldkW
-uhtXwJWH9pfQncCSrEaecfDkL8YVPDX/4XeJjqHpKqbyjTuGv+MK1Yw=
+MIIEpAIBAAKCAQEA1jzcTcWEzV+14gWt0dJCEw8ZYpfWCD4lTz0grXvhf+T9gMHx
+9vx3SiZvAq+CBTuTkpsBydpUEbQC9GZv6qRd1FmIQCUk6pHZit+UH44w3tuc+YNB
+6QjT1PMMm31rULX14jGZQnaHYN4MASfGumnXCwqdYF3jwx5iGOQAStGHHwDxmUFu
+R3IZAkP7Lwa2nSJZLivPxqIZDS9hL4/0NWQwltsaGXZqrBVj4Xffn/8tUbbjj7LN
+dN/WjxovA+XX48dyBq834zvrpjduojlgeCHYIQlMJoF/jOihMFJDpOvVxDkH/9Xn
+X0nXH+6H//YKkRBdsVgWJTeQuZNM/P2lyZ5WQwIDAQABAoIBAQC2KNF5HzUoGvVf
+1UxSV+Duq6v99PR71buLgIJEgEzgnigeTsoaI9iaJ8vEEM8Q+/MieMIwi39n/hN1
+E5Sdglx1rhr3z51wBctfFXOw0Qoks77pOP3V0zeqnW5e12lkGxOS3HFf3cCGUMcM
+RHHpFw1Nyhy+T5bV1QO7/kFxXG7zoB4bMEt/fQ8szSGS386cPlxWY8k6EoRlL7C1
+C2jPsJO2ogpAhbw3cXsYAlXsxbjhD/vH3WioWSd1vGo5Lam0zzazkdN1ihb1x7Zk
+cn2zz+Lc4xfxW/Jum6JZLHhaItzecoJWuHr3Ci87otMENOYMBPHw6azkFj1UIBfX
+KkiSTrthAoGBAP757COa0rsFmWL+G5Mn/KYLR/+DyCOCE+mXb8hEPvtkD6qmlEfR
+5l9Hfn8ARoOFirXSWwgtFYIHHrKU4Qtp/kAJgj96MppmsOdV9Ro927ovNnp6UXGQ
+PM5T/eemZtM/ZGM/JUHdTWa5ZFptsgOcNx6f0rhO+LbOPCxzPBwt8bC9AoGBANcZ
+EKTZBF6MT/haqb+1/iIIoS7RI+AnniHY3WI6yoYKEJTLxPzrEEyvTWvyowIoA2XX
+1gNnDvdsdIyY9DXHYn4ShsebFhYrQzcjzE3X3JHXHSEAPchdq4sry0PoyLZvXrgn
+A7x/qld+CJg7U/L1day2EF/14AXrbPoGWxdJWhL/AoGAcio1MTwBXvwC0fA1KI6e
+8Tnb4ux+kGeNwumrg2ALU0RaP26WthGltMOuP+8/o2QH16F4YRDOsIm/lPZUTWgI
+D2QyjXmJbtjMHMjAFh/cYmEBY5WhIdgTYc75wN8g6zVXHZkIdZVBMt2PsW2sZzFq
+/KtTDnNNqYxuJPjz0SpBLYECgYEAhzE609GOvHpGHRumy1bwtqVj4VAT02QzMKTk
+aEP5XIvg5hS46Bo6MWiRKcLkD4vkrtMcsSDKOFrTWjccbty1m/W6/qQMGrzwTyzR
+0S9Wc9eXeFF1g4TUN/G7nSAnXvratrXW1FgNUVZmwn+vgOokHvyDiDy6pB3XbcIm
+6Jjy4zMCgYB52RfZjkggHmof0/7zwa9MHdecdLeD2w1U1B87b+u4SedEh/MAJB5k
+MEctah2stX+jLJP4l0MeZfQf300M+CBu6q8Xygw82rWr9fMim8Sxj61Ws+gj5G7Y
+2Mo3OhmUZ1YJ0Brv4wgoW9/Nhv7EaOJdaREqW6J1Ax2GQmIFl+8vLA==
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/dave/etc/swanctl/rsa/daveKey.pem b/testing/hosts/dave/etc/swanctl/rsa/daveKey.pem
index c0a5b42..9261cc1 100644
--- a/testing/hosts/dave/etc/swanctl/rsa/daveKey.pem
+++ b/testing/hosts/dave/etc/swanctl/rsa/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAwAfyU28FWOaDRdPvAXoXW3NDTnl/m5dEjnIKWYWup2zAUDuN
-Y7TiOa+V24PbCvZfg2Dp2UGRLBISFWQ6CvMhiPxSBBPoFkX/ji5iPJNivhtXZJUw
-v1T9rWVjEGEFrOlJ194olaR3HCNwkKqiVnvX2bCLKtCfY/YbuofXRiBG6J+kVwyz
-yOQyIiCnN69IwxzQ7CFA83I7lHQsShQjLh1An2tTwYqqY+aT+l09BoCOlI24JzVj
-0z29msROz9ceYEJlcIhYmLPlU4dn6vTvcTcZ5/2Jsy5OP2DZcu8WF0N9TboUr0aR
-+47CdaeFUrrp2Kr3HD1CrKeT7wrQnhrzU9qrdQIDAQABAoIBAQCB4t4dYPKU9xXD
-nV4D+bjiukvEQJn3e5F7Z9doReukgwJxQlaYIjkCG6mZGM6H0603B84kjRzMWkyw
-+2HnFhyQs1omN/C7YA1C9kyr/GTFgWjTN7YJNEuBhRpEcduM4R55TGLXFK8b8Tyq
-HUBAjvOo4qi/BO1Kh6Spvkf1vs83d9clTParD/Tz4QkjUzR5awMKHgOVGgrmTiJL
-Miao6ZF0gl6qh377xc3gzQdWh6kIb2RWVL2lR/iSdDP47s2ez8ubMO1v9mu05bc0
-H5YmCVeY4nkzjlVARdCuPulKHxBkStiPEOfnGZkj1F1fjfIoOFnD9MQSYkJuZUoE
-6JWiG7QBAoGBAOouYy7W0xRlXGTrahjU9JL+o3nKCRQmvX84Hxy9fx95tz1pS5U4
-7Gk7JFmS9qKhspInnblpjqxA5D3zqoO2gspatg7QfQJpLhbGXLqR7pqp92jbK+mh
-4KITqTZRpohtzTWqPxFupzKHo5qDDMJ3m8ArnIVmxM+M0lzpn6Awq5ZVAoGBANHs
-NR2voz//E6ZMSpgKb2l3NecFwdwqQQtzghD0wFnNBYV55DJNRuW7DB5t9EdtGgAg
-b2bPG+I2RdsZPGnL0EU5+H4rP0YXBGAxoVdaFqjnG5mIRN8mAdnWeVhCH3XBmUP1
-OFe1aghYMyC0ioXe8Vt1yaxeSiMjY4JKtma2DKChAoGBAIedv4CDlg/Mt1oWXwXs
-ZYqu/nrsPp+1463GEXZyYykWMsDUtpm/MmGqh118V2pNW/16BcQ3VhF5LvSVpNzM
-GCgZqi8gHBUGVlOIInFFS7mzznyh2GdfgJg77JVxaZC+jcWTRxzQSPFhTaSQWhZQ
-cBk06Fr07esIMVbvUKrTJLtVAoGBAIFCMsqetaTYSZ8iZuQLuOJ19wjTsLUCh56n
-dzU9n5sr9PRlQ6/9iWQ3spSiG8JHWbUuQ6pIaOD3jjgE6AA08X9O3MXDl2hvD9Cz
-fqcs37sM4x+8mrvUyVr7ByjjPj/h/5+qxRCssieFN6YxxQH9bxxkANRUEs5kIge+
-PWYtPsVBAoGAVako4J2YAfaD67Yl5u2XOWrBzVWzWNeqBsiAF1nCpR1RfeH4jFN/
-Uy/qbPVjdm14GNwd5wtI0xwBAsrTVit78DoxC2MUKMIuq9xVVakKX8UxBmCnldkW
-uhtXwJWH9pfQncCSrEaecfDkL8YVPDX/4XeJjqHpKqbyjTuGv+MK1Yw=
+MIIEpAIBAAKCAQEA1jzcTcWEzV+14gWt0dJCEw8ZYpfWCD4lTz0grXvhf+T9gMHx
+9vx3SiZvAq+CBTuTkpsBydpUEbQC9GZv6qRd1FmIQCUk6pHZit+UH44w3tuc+YNB
+6QjT1PMMm31rULX14jGZQnaHYN4MASfGumnXCwqdYF3jwx5iGOQAStGHHwDxmUFu
+R3IZAkP7Lwa2nSJZLivPxqIZDS9hL4/0NWQwltsaGXZqrBVj4Xffn/8tUbbjj7LN
+dN/WjxovA+XX48dyBq834zvrpjduojlgeCHYIQlMJoF/jOihMFJDpOvVxDkH/9Xn
+X0nXH+6H//YKkRBdsVgWJTeQuZNM/P2lyZ5WQwIDAQABAoIBAQC2KNF5HzUoGvVf
+1UxSV+Duq6v99PR71buLgIJEgEzgnigeTsoaI9iaJ8vEEM8Q+/MieMIwi39n/hN1
+E5Sdglx1rhr3z51wBctfFXOw0Qoks77pOP3V0zeqnW5e12lkGxOS3HFf3cCGUMcM
+RHHpFw1Nyhy+T5bV1QO7/kFxXG7zoB4bMEt/fQ8szSGS386cPlxWY8k6EoRlL7C1
+C2jPsJO2ogpAhbw3cXsYAlXsxbjhD/vH3WioWSd1vGo5Lam0zzazkdN1ihb1x7Zk
+cn2zz+Lc4xfxW/Jum6JZLHhaItzecoJWuHr3Ci87otMENOYMBPHw6azkFj1UIBfX
+KkiSTrthAoGBAP757COa0rsFmWL+G5Mn/KYLR/+DyCOCE+mXb8hEPvtkD6qmlEfR
+5l9Hfn8ARoOFirXSWwgtFYIHHrKU4Qtp/kAJgj96MppmsOdV9Ro927ovNnp6UXGQ
+PM5T/eemZtM/ZGM/JUHdTWa5ZFptsgOcNx6f0rhO+LbOPCxzPBwt8bC9AoGBANcZ
+EKTZBF6MT/haqb+1/iIIoS7RI+AnniHY3WI6yoYKEJTLxPzrEEyvTWvyowIoA2XX
+1gNnDvdsdIyY9DXHYn4ShsebFhYrQzcjzE3X3JHXHSEAPchdq4sry0PoyLZvXrgn
+A7x/qld+CJg7U/L1day2EF/14AXrbPoGWxdJWhL/AoGAcio1MTwBXvwC0fA1KI6e
+8Tnb4ux+kGeNwumrg2ALU0RaP26WthGltMOuP+8/o2QH16F4YRDOsIm/lPZUTWgI
+D2QyjXmJbtjMHMjAFh/cYmEBY5WhIdgTYc75wN8g6zVXHZkIdZVBMt2PsW2sZzFq
+/KtTDnNNqYxuJPjz0SpBLYECgYEAhzE609GOvHpGHRumy1bwtqVj4VAT02QzMKTk
+aEP5XIvg5hS46Bo6MWiRKcLkD4vkrtMcsSDKOFrTWjccbty1m/W6/qQMGrzwTyzR
+0S9Wc9eXeFF1g4TUN/G7nSAnXvratrXW1FgNUVZmwn+vgOokHvyDiDy6pB3XbcIm
+6Jjy4zMCgYB52RfZjkggHmof0/7zwa9MHdecdLeD2w1U1B87b+u4SedEh/MAJB5k
+MEctah2stX+jLJP4l0MeZfQf300M+CBu6q8Xygw82rWr9fMim8Sxj61Ws+gj5G7Y
+2Mo3OhmUZ1YJ0Brv4wgoW9/Nhv7EaOJdaREqW6J1Ax2GQmIFl+8vLA==
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/hosts/dave/etc/swanctl/x509/daveCert.pem
index f212e19..66b184b 100644
--- a/testing/hosts/dave/etc/swanctl/x509/daveCert.pem
+++ b/testing/hosts/dave/etc/swanctl/x509/daveCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBMTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMzczOVoXDTE0MDgyNjEwMzczOVowWzELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MTIwMloXDTE5MDgyNjE1MTIwMlowWzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzARBgNVBAsTCkFjY291
bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDAB/JTbwVY5oNF0+8Behdbc0NOeX+bl0SOcgpZ
-ha6nbMBQO41jtOI5r5Xbg9sK9l+DYOnZQZEsEhIVZDoK8yGI/FIEE+gWRf+OLmI8
-k2K+G1dklTC/VP2tZWMQYQWs6UnX3iiVpHccI3CQqqJWe9fZsIsq0J9j9hu6h9dG
-IEbon6RXDLPI5DIiIKc3r0jDHNDsIUDzcjuUdCxKFCMuHUCfa1PBiqpj5pP6XT0G
-gI6UjbgnNWPTPb2axE7P1x5gQmVwiFiYs+VTh2fq9O9xNxnn/YmzLk4/YNly7xYX
-Q31NuhSvRpH7jsJ1p4VSuunYqvccPUKsp5PvCtCeGvNT2qt1AgMBAAGjggEFMIIB
-ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7n842u6huBpBd394
-8mdL6EOdjg4wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx
+DQEBAQUAA4IBDwAwggEKAoIBAQDWPNxNxYTNX7XiBa3R0kITDxlil9YIPiVPPSCt
+e+F/5P2AwfH2/HdKJm8Cr4IFO5OSmwHJ2lQRtAL0Zm/qpF3UWYhAJSTqkdmK35Qf
+jjDe25z5g0HpCNPU8wybfWtQtfXiMZlCdodg3gwBJ8a6adcLCp1gXePDHmIY5ABK
+0YcfAPGZQW5HchkCQ/svBradIlkuK8/GohkNL2Evj/Q1ZDCW2xoZdmqsFWPhd9+f
+/y1RtuOPss1039aPGi8D5dfjx3IGrzfjO+umN26iOWB4IdghCUwmgX+M6KEwUkOk
+69XEOQf/1edfSdcf7of/9gqREF2xWBYlN5C5k0z8/aXJnlZDAgMBAAGjggEFMIIB
+ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7BZjmSiBXgHMAifA
+ucsf6reYcDcwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx
CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
ExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAyAbxrpMtTARw3
-jvBwuapaHXnTppz+TkWyfXVpgTwtPlf3rbhPk4DjhT2ygyMTI1azoqProf2aBbDr
-DldCSQPsZAcuzOdruKKMo2CQwgLuBFXL+JUX0hiIpFS1ZZHA2aDKyUw4OyADOvDU
-8r1/WiwRb91TdYP9nEu9qP30k0vkUg8DCbCmPI1/MVaxVzh9LRAFyOHrnKSCXG7o
-StmVFm2Yf3pE4HS1W6DtommyPs7aUD5XAaQdr3DYKI/TazoU6t5g2aEqigu+pj2M
-qk5idJkx5VCFvUU1hlChyX6NNNjJNnV6u5YiuatcdYQhpCTBsxnBoM+w0BvNOCl+
-1PdgEy1K
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBCoL5/jrxie0rq
+rCwKUA9TBDBBKBMZ9x5wdAQjP9L8b20Q4SDp1vAjhFr+Axgow76pqHaLDrd7qFKE
+sBtlN0G5ZXOaVI0xloaef1K113mkSvYqbvUZNi/aTb3btI4nrCftj58EAM8TlvYW
+jMOiLYPAhN/tfOTTaUzoYuRZ9v63fHYu3UiMvNojA0uxOeryRRdbcQecu4k2EBCj
+mkNu+EkNoLNvGOC4sEjq7Gy4n52xeTuO/rI7eIt7CUS39j9OtiKQJfLVIh0Yz+o5
+ljiF0OyoxkpYG/cpoVib1RZdqL1DsHEWcQxYB+8SSG/teLxiNIZxvPHUezvi09He
+ksxdvA73
-----END CERTIFICATE-----
diff --git a/testing/hosts/default/etc/inittab b/testing/hosts/default/etc/inittab
new file mode 100644
index 0000000..fbdb702
--- /dev/null
+++ b/testing/hosts/default/etc/inittab
@@ -0,0 +1,71 @@
+# /etc/inittab: init(8) configuration.
+# $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $
+
+# The default runlevel.
+id:2:initdefault:
+
+# Boot-time system configuration/initialization script.
+# This is run first except when booting in emergency (-b) mode.
+si::sysinit:/etc/init.d/rcS
+
+# What to do in single-user mode.
+~~:S:wait:/sbin/sulogin
+
+# /etc/init.d executes the S and K scripts upon change
+# of runlevel.
+#
+# Runlevel 0 is halt.
+# Runlevel 1 is single-user.
+# Runlevels 2-5 are multi-user.
+# Runlevel 6 is reboot.
+
+l0:0:wait:/etc/init.d/rc 0
+l1:1:wait:/etc/init.d/rc 1
+l2:2:wait:/etc/init.d/rc 2
+l3:3:wait:/etc/init.d/rc 3
+l4:4:wait:/etc/init.d/rc 4
+l5:5:wait:/etc/init.d/rc 5
+l6:6:wait:/etc/init.d/rc 6
+# Normally not reached, but fallthrough in case of emergency.
+z6:6:respawn:/sbin/sulogin
+
+# What to do when CTRL-ALT-DEL is pressed.
+ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
+
+# Action on special keypress (ALT-UpArrow).
+#kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work."
+
+# What to do when the power fails/returns.
+pf::powerwait:/etc/init.d/powerfail start
+pn::powerfailnow:/etc/init.d/powerfail now
+po::powerokwait:/etc/init.d/powerfail stop
+
+# /sbin/getty invocations for the runlevels.
+#
+# The "id" field MUST be the same as the last
+# characters of the device (after "tty").
+#
+# Format:
+# <id>:<runlevels>:<action>:<process>
+#
+# Note that on most Debian systems tty7 is used by the X Window System,
+# so if you want to add more getty's go ahead but skip tty7 if you run X.
+#
+1:2345:respawn:/sbin/getty 38400 tty1
+2:23:respawn:/sbin/getty 38400 tty2
+3:23:respawn:/sbin/getty 38400 tty3
+4:23:respawn:/sbin/getty 38400 tty4
+5:23:respawn:/sbin/getty 38400 tty5
+6:23:respawn:/sbin/getty 38400 tty6
+
+# Example how to put a getty on a serial line (for a terminal)
+#
+#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
+#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100
+
+# Example how to put a getty on a modem line.
+#
+#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3
+
+# virtio console
+V0:12345:respawn:/sbin/getty 38400 hvc0
diff --git a/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem
index d5c970f..6f751a8 100644
--- a/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
-c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
-L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+
-SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY
-YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+
-7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3
-Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb
-A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
-AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU
+c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk
+fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68
+TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz
+oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7
+MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw
+Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0
+87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU
XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV
-jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML
-o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq
-wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz
-p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9
-25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY
-7QTufOwP
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi
+4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i
+LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2
+xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo
+buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a
+4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9
+ga8NOzX8
-----END CERTIFICATE-----
diff --git a/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem
index 4d99866..50629df 100644
--- a/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm
-MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ
-qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1
-ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR
-fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN
-2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9
-K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7
-mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc
-ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f
-XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy
-Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx
-J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj
-zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0
-8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT
-61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo
-PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug
-bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b
-eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1
-ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am
-DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt
-v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0
-fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw
-y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC
-h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2
-cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY
+MIIEowIBAAKCAQEApHwF+sUXQdH+WwYzdPMzpjuwhGGvHgsmBah1IQsPsddL9gZy
+gerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IABr87L9JAva56EHIAiUMuG8WizVbIK
+IhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6xvMJbwHLi0h7BUO9tBVLPy72YeGNB
+Y6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL0DgYP/n2maPEJGEivTFunkJD/mJ8
+DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhyYK5wsATB1ANeAtlFfgH+wsuHjZwt
+TJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47nwIDAQABAoIBAAQDXqX6rxGVDQ6t
+fQ3qbSUuKaVhOMOT5A6ZSJpQycY+CYVsLNkMoXszX6lUDhlH/Letcme03OAKMM77
+JGn9wYzHj+RcrDuE95Y2bh/oh1dWhaGeoW6pbSwpvD0FzkQKpANlOCr/5bltVxmb
+nHftI/sGBvUQGIal53ORE+jgV1+SK6I0oAIWiCpU2oZpYMAtp7WxOngsAJaGtk//
+m2ckH+T8uVHwe9gJ9HZnEk+Io6BXScMNNrsbd2J+pQ75wQXfzHEzHAj+ElhWzhtc
+5XefqHw/DfpPDX/lby3VoSoagqzsVuUx7LylgzIDxTsb9HQVOLjDzOQ+vn22Xj7g
+UCEjwLkCgYEA2EZguuzJdxRIWBSnIyzpCzfqm0EgybpeLuJVfzWla0yKWI6AeLhW
+cr+7o9UE8nCQHVffIrgjWksjc/S5FhzC9TYSHpPa8TPgebTQK4VxnP9Qkh/XRpJj
+CqgJ8k2MYleHYxa+AKQv/25yNhLdowkNR0iU1kbiaYRJMP0WigAmdAUCgYEAwrJe
+Y3LAawOkalJFMFTtLXsqZE91TFwMt9TQnzysGH3Q6+9N+qypS5KCes650+qgrwBV
+RmRNc1ixylToP3B0BKY5OD/BwMx1L/zSO3x7I4ZDasCu33y2ukGLcVSxrxTPTGdd
+8fhEiVO1CDXcM08/kSeQa049J8ziY3M+4NDchlMCgYEAw2VCO1923Tjb64gtQOBw
+ZAxOz5nVz6urL9yYted33is2yq9kbqzMnbuQAYKRh6Ae9APRuwJ2HjvIehjdp5aw
+pO4HDM00f7sI0ayEbu2PKfKZjotp6X6UMKqE4f8iGC9QSDvhyZ6NJs9YLHZ6+7NP
+5dkzbyx3njFAFxxxYpikJSkCgYByShB8YlUvvKCcRRUWbRQZWa6l2brqizJwCz43
+636+lcS5au2klAyBL0zm2Elfa+DNOe3U93Y7mrorIrJ+4v1H6We3bD3JdnvoIooq
+n0UNsngKx3cf++6r4WQAsA3pz9ZsbFVKgEmDL58aZbuQZxnSlJ4DT5c4sN3IMVOc
+1x5MvwKBgHudAaLvioIopBpYzOsK2OtEn6NQ7SwH0BLEUulHysaHqan5oExmM1bm
+YeivMDc9hj0YLXA47ryQHTx4vB5Nv3TI/LoUG6VrCvZvocQOXe/n7TguwAjJj7ef
+E55Gy8lXDRENyJMP1vif3N2iH8eQ1ASf8k/+gnBNkjSlYSSQUDfV
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/moon/etc/swanctl/rsa/moonKey.pem b/testing/hosts/moon/etc/swanctl/rsa/moonKey.pem
old mode 100755
new mode 100644
index 4d99866..50629df
--- a/testing/hosts/moon/etc/swanctl/rsa/moonKey.pem
+++ b/testing/hosts/moon/etc/swanctl/rsa/moonKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm
-MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ
-qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1
-ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR
-fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN
-2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9
-K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7
-mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc
-ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f
-XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy
-Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx
-J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj
-zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0
-8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT
-61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo
-PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug
-bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b
-eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1
-ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am
-DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt
-v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0
-fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw
-y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC
-h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2
-cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY
+MIIEowIBAAKCAQEApHwF+sUXQdH+WwYzdPMzpjuwhGGvHgsmBah1IQsPsddL9gZy
+gerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IABr87L9JAva56EHIAiUMuG8WizVbIK
+IhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6xvMJbwHLi0h7BUO9tBVLPy72YeGNB
+Y6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL0DgYP/n2maPEJGEivTFunkJD/mJ8
+DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhyYK5wsATB1ANeAtlFfgH+wsuHjZwt
+TJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47nwIDAQABAoIBAAQDXqX6rxGVDQ6t
+fQ3qbSUuKaVhOMOT5A6ZSJpQycY+CYVsLNkMoXszX6lUDhlH/Letcme03OAKMM77
+JGn9wYzHj+RcrDuE95Y2bh/oh1dWhaGeoW6pbSwpvD0FzkQKpANlOCr/5bltVxmb
+nHftI/sGBvUQGIal53ORE+jgV1+SK6I0oAIWiCpU2oZpYMAtp7WxOngsAJaGtk//
+m2ckH+T8uVHwe9gJ9HZnEk+Io6BXScMNNrsbd2J+pQ75wQXfzHEzHAj+ElhWzhtc
+5XefqHw/DfpPDX/lby3VoSoagqzsVuUx7LylgzIDxTsb9HQVOLjDzOQ+vn22Xj7g
+UCEjwLkCgYEA2EZguuzJdxRIWBSnIyzpCzfqm0EgybpeLuJVfzWla0yKWI6AeLhW
+cr+7o9UE8nCQHVffIrgjWksjc/S5FhzC9TYSHpPa8TPgebTQK4VxnP9Qkh/XRpJj
+CqgJ8k2MYleHYxa+AKQv/25yNhLdowkNR0iU1kbiaYRJMP0WigAmdAUCgYEAwrJe
+Y3LAawOkalJFMFTtLXsqZE91TFwMt9TQnzysGH3Q6+9N+qypS5KCes650+qgrwBV
+RmRNc1ixylToP3B0BKY5OD/BwMx1L/zSO3x7I4ZDasCu33y2ukGLcVSxrxTPTGdd
+8fhEiVO1CDXcM08/kSeQa049J8ziY3M+4NDchlMCgYEAw2VCO1923Tjb64gtQOBw
+ZAxOz5nVz6urL9yYted33is2yq9kbqzMnbuQAYKRh6Ae9APRuwJ2HjvIehjdp5aw
+pO4HDM00f7sI0ayEbu2PKfKZjotp6X6UMKqE4f8iGC9QSDvhyZ6NJs9YLHZ6+7NP
+5dkzbyx3njFAFxxxYpikJSkCgYByShB8YlUvvKCcRRUWbRQZWa6l2brqizJwCz43
+636+lcS5au2klAyBL0zm2Elfa+DNOe3U93Y7mrorIrJ+4v1H6We3bD3JdnvoIooq
+n0UNsngKx3cf++6r4WQAsA3pz9ZsbFVKgEmDL58aZbuQZxnSlJ4DT5c4sN3IMVOc
+1x5MvwKBgHudAaLvioIopBpYzOsK2OtEn6NQ7SwH0BLEUulHysaHqan5oExmM1bm
+YeivMDc9hj0YLXA47ryQHTx4vB5Nv3TI/LoUG6VrCvZvocQOXe/n7TguwAjJj7ef
+E55Gy8lXDRENyJMP1vif3N2iH8eQ1ASf8k/+gnBNkjSlYSSQUDfV
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/hosts/moon/etc/swanctl/x509/moonCert.pem
old mode 100755
new mode 100644
index d5c970f..6f751a8
--- a/testing/hosts/moon/etc/swanctl/x509/moonCert.pem
+++ b/testing/hosts/moon/etc/swanctl/x509/moonCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
-c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
-L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+
-SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY
-YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+
-7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3
-Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb
-A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
-AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU
+c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk
+fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68
+TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz
+oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7
+MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw
+Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0
+87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU
XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV
-jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML
-o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq
-wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz
-p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9
-25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY
-7QTufOwP
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi
+4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i
+LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2
+xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo
+buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a
+4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9
+ga8NOzX8
-----END CERTIFICATE-----
diff --git a/testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem b/testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem
index d0937ba..a8c3257 100644
--- a/testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem
+++ b/testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIDCCAwigAwIBAgIBKjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NDI0NVoXDTE5MDgyNjE0NDI0NVowRTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V
-VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68
-oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y
-h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4
-9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4
-e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb
-8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMci
+IAR9SlszDJhGEtRq9eCFAYNdtL3bC7jcELs7ttqiB51iAUgdi9JZCzgWNAGHd8Iv
+RDV529DDiUxXxOWCdYKUmQp0t5vR6oE5pmHmd5lcUguEyVrtqFSr6LMUqOXwFb41
+VUNPPR7YyLMdgUf9Ki0PZWdnVLVEp/ZKIY1OaqZLTnyfV7k0I/XQX2uW6UDCaC1A
+QBljzEfrD2gUcG9+FLpb5qDsiGUyhhLB+nM1GNPnZvIlCppD+0t3xEI87+eg5N86
+yXBcu4o/O7rvVpP17GrhwKuYx0RHDBScBDo/WRNEOrn8/Q9jQUlry06+0ChVYY+R
+328lHABkaoH/rB65JSECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBTtzWNHzdEvtjAAtgVDBxNUTJ0xijBtBgNVHSMEZjBkgBRd
p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
-Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA
-FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF
-0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5
-ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat
-Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul
-fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5
-G/jGGA==
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAVne/5HKpkbv75eHk
+x44aMVWT0DB6SF6nXrOQSzF7OV1FyNj2vibA9gAaiVnBXP+r798MDtwD/0N33TQl
+QIR2rGJqkocsCTcUiQW6xLDO6AmJCBAaJbc5REjNT+HndjjMsQjn1NyY8hQbyow1
+ZOQ543zCY+Al7A3YcUtISLLH4EMIP3On1PFM2rWMUq1HoSo2kl7Awv+okvoqx6Sf
+7/S2mj3dYGv+5eAVogkBL3mRCXEpGHC+6e6VW5nGYSYIRPkBRD2F4imB4+KYUR74
+GRopoaetH/TFRbDqiSWBf2L3Po2tXEPifIvkgavUXIn+tdgMhQ9BpVN8yEgPXLM5
+WdafVg==
-----END CERTIFICATE-----
diff --git a/testing/hosts/sun/etc/ipsec.d/private/sunKey.pem b/testing/hosts/sun/etc/ipsec.d/private/sunKey.pem
index d8fad9a..9008f5c 100644
--- a/testing/hosts/sun/etc/ipsec.d/private/sunKey.pem
+++ b/testing/hosts/sun/etc/ipsec.d/private/sunKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB
-eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+
-mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV
-sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK
-3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ
-mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl
-QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw
-HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH
-eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54
-/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/
-RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc
-Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY
-Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/
-Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h
-BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv
-NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF
-wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc
-JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78
-5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf
-mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi
-N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr
-r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX
-jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy
-gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV
-zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ==
+MIIEowIBAAKCAQEAxyIgBH1KWzMMmEYS1Gr14IUBg120vdsLuNwQuzu22qIHnWIB
+SB2L0lkLOBY0AYd3wi9ENXnb0MOJTFfE5YJ1gpSZCnS3m9HqgTmmYeZ3mVxSC4TJ
+Wu2oVKvosxSo5fAVvjVVQ089HtjIsx2BR/0qLQ9lZ2dUtUSn9kohjU5qpktOfJ9X
+uTQj9dBfa5bpQMJoLUBAGWPMR+sPaBRwb34UulvmoOyIZTKGEsH6czUY0+dm8iUK
+mkP7S3fEQjzv56Dk3zrJcFy7ij87uu9Wk/XsauHAq5jHREcMFJwEOj9ZE0Q6ufz9
+D2NBSWvLTr7QKFVhj5HfbyUcAGRqgf+sHrklIQIDAQABAoIBAAYd0TfyFT+Z4NAo
+jtmBc43y5+n+DdgrC0AhWk419lbe1TcLVJi/d5T9cS/G1tAZNh97zi+KT6so5mW2
+6HBYQn3BTLYaga1ClF5lw+uL5a6LPGXoLTsiw6HeKeaeQtXVOwW9o6HOpET3Sare
+xCLO7uW1bFrxvJNYyYPyIPezKelzptM3FSmV+Z3kzjGb9DpiwBbh4Dfbn2jQ/bA/
+0aWkMS40xpjU3tj/PeVGpBBG1gVARoYxqQxw1bflUjFUoDT6Y4aTpgdaP2vc5Tms
+CM0RCzD7EtQcd3RxZR4Bu6Zfv89g+8oJZCeU6SZFDQ8Ndi/8AVspvk2ojvz4rkfR
++HLQXPUCgYEA6mr/E7b1traPBAi/ODXu8kWj2Po4tNjbwEiZ5xGbg1tTHsTsTpFV
+puLTbSeuixRXCTOCSfjPM+M5O5XmYKq7hqr/Oc9SB1/cl1JQwDnBP+GZn2Phap+z
+vQVhSO6zcykoeAOAGAig5NryWIVymtQizlPY8zsY4tOGJIvENCvwRjcCgYEA2XeA
+7thCV+YNlhZkfkHEhVbkXsMdczJ5b0Rr7MH9ra4kRnJjNSOW0B1saQ+jxApN4hKL
+9SPzbGKkxR/2OI5WnYpvHc8LHTJbYdMoYhI+0KZ/eYPU69oB4OBSTWdYwEE/miRX
+vFWZMOpQ1pqvoJtDUZcluUhpvZ9dy8/LRHh3w2cCgYAmZOvuYLMSAAigkoYvQLYo
+PDu/2Avdov8rGTkL3ZhpBVYx3fMOU0OCF/ilEjDGWsh+m08lqnjVeMvw9HZNMumP
+/wXahBhdWNgaeML9GPiL6/lrX8KV4h5gQTdT6LS/kegs7/XU+eTQVwQGd6TzsvcY
+cCdCf1VuIVMBPVsfaGrsNQKBgQC+Dg8ErsPshgZBsXhKT7gswG/90ZAfaXFvqOCZ
+nkDSVWsmljnV6zCW2eAxQZXicw72ETd4Gt9XTi6qiPBrJRrVvHK4HoacEbKDoEOe
+0ktLlve5f1nKdlFF80Z6l2OdQmkPkcuLsVOcyGu14qKzPn5rBCnX8E1Zh7o1sXj4
+ckBY6QKBgExdm0dbKGjHfP+gN+f69sEuH4XFRmIxSDzj1//ZUUR4Ran7OIkAEy7c
+Y/Smu4UhceJS6a+OjGQdhK/wzNVxP7+AW+dL+JpOL+Nu3TL9uMgNFClB1Y0tJ7wD
+PJPmku6I346Jy/0SCclgeXQPRD5kHAixADcOtkSnkjojwj8VRAPP
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/sun/etc/swanctl/rsa/sunKey.pem b/testing/hosts/sun/etc/swanctl/rsa/sunKey.pem
old mode 100755
new mode 100644
index d8fad9a..9008f5c
--- a/testing/hosts/sun/etc/swanctl/rsa/sunKey.pem
+++ b/testing/hosts/sun/etc/swanctl/rsa/sunKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB
-eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+
-mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV
-sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK
-3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ
-mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl
-QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw
-HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH
-eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54
-/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/
-RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc
-Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY
-Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/
-Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h
-BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv
-NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF
-wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc
-JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78
-5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf
-mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi
-N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr
-r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX
-jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy
-gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV
-zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ==
+MIIEowIBAAKCAQEAxyIgBH1KWzMMmEYS1Gr14IUBg120vdsLuNwQuzu22qIHnWIB
+SB2L0lkLOBY0AYd3wi9ENXnb0MOJTFfE5YJ1gpSZCnS3m9HqgTmmYeZ3mVxSC4TJ
+Wu2oVKvosxSo5fAVvjVVQ089HtjIsx2BR/0qLQ9lZ2dUtUSn9kohjU5qpktOfJ9X
+uTQj9dBfa5bpQMJoLUBAGWPMR+sPaBRwb34UulvmoOyIZTKGEsH6czUY0+dm8iUK
+mkP7S3fEQjzv56Dk3zrJcFy7ij87uu9Wk/XsauHAq5jHREcMFJwEOj9ZE0Q6ufz9
+D2NBSWvLTr7QKFVhj5HfbyUcAGRqgf+sHrklIQIDAQABAoIBAAYd0TfyFT+Z4NAo
+jtmBc43y5+n+DdgrC0AhWk419lbe1TcLVJi/d5T9cS/G1tAZNh97zi+KT6so5mW2
+6HBYQn3BTLYaga1ClF5lw+uL5a6LPGXoLTsiw6HeKeaeQtXVOwW9o6HOpET3Sare
+xCLO7uW1bFrxvJNYyYPyIPezKelzptM3FSmV+Z3kzjGb9DpiwBbh4Dfbn2jQ/bA/
+0aWkMS40xpjU3tj/PeVGpBBG1gVARoYxqQxw1bflUjFUoDT6Y4aTpgdaP2vc5Tms
+CM0RCzD7EtQcd3RxZR4Bu6Zfv89g+8oJZCeU6SZFDQ8Ndi/8AVspvk2ojvz4rkfR
++HLQXPUCgYEA6mr/E7b1traPBAi/ODXu8kWj2Po4tNjbwEiZ5xGbg1tTHsTsTpFV
+puLTbSeuixRXCTOCSfjPM+M5O5XmYKq7hqr/Oc9SB1/cl1JQwDnBP+GZn2Phap+z
+vQVhSO6zcykoeAOAGAig5NryWIVymtQizlPY8zsY4tOGJIvENCvwRjcCgYEA2XeA
+7thCV+YNlhZkfkHEhVbkXsMdczJ5b0Rr7MH9ra4kRnJjNSOW0B1saQ+jxApN4hKL
+9SPzbGKkxR/2OI5WnYpvHc8LHTJbYdMoYhI+0KZ/eYPU69oB4OBSTWdYwEE/miRX
+vFWZMOpQ1pqvoJtDUZcluUhpvZ9dy8/LRHh3w2cCgYAmZOvuYLMSAAigkoYvQLYo
+PDu/2Avdov8rGTkL3ZhpBVYx3fMOU0OCF/ilEjDGWsh+m08lqnjVeMvw9HZNMumP
+/wXahBhdWNgaeML9GPiL6/lrX8KV4h5gQTdT6LS/kegs7/XU+eTQVwQGd6TzsvcY
+cCdCf1VuIVMBPVsfaGrsNQKBgQC+Dg8ErsPshgZBsXhKT7gswG/90ZAfaXFvqOCZ
+nkDSVWsmljnV6zCW2eAxQZXicw72ETd4Gt9XTi6qiPBrJRrVvHK4HoacEbKDoEOe
+0ktLlve5f1nKdlFF80Z6l2OdQmkPkcuLsVOcyGu14qKzPn5rBCnX8E1Zh7o1sXj4
+ckBY6QKBgExdm0dbKGjHfP+gN+f69sEuH4XFRmIxSDzj1//ZUUR4Ran7OIkAEy7c
+Y/Smu4UhceJS6a+OjGQdhK/wzNVxP7+AW+dL+JpOL+Nu3TL9uMgNFClB1Y0tJ7wD
+PJPmku6I346Jy/0SCclgeXQPRD5kHAixADcOtkSnkjojwj8VRAPP
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/sun/etc/swanctl/x509/sunCert.pem b/testing/hosts/sun/etc/swanctl/x509/sunCert.pem
old mode 100755
new mode 100644
index d0937ba..a8c3257
--- a/testing/hosts/sun/etc/swanctl/x509/sunCert.pem
+++ b/testing/hosts/sun/etc/swanctl/x509/sunCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIDCCAwigAwIBAgIBKjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NDI0NVoXDTE5MDgyNjE0NDI0NVowRTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V
-VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68
-oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y
-h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4
-9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4
-e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb
-8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMci
+IAR9SlszDJhGEtRq9eCFAYNdtL3bC7jcELs7ttqiB51iAUgdi9JZCzgWNAGHd8Iv
+RDV529DDiUxXxOWCdYKUmQp0t5vR6oE5pmHmd5lcUguEyVrtqFSr6LMUqOXwFb41
+VUNPPR7YyLMdgUf9Ki0PZWdnVLVEp/ZKIY1OaqZLTnyfV7k0I/XQX2uW6UDCaC1A
+QBljzEfrD2gUcG9+FLpb5qDsiGUyhhLB+nM1GNPnZvIlCppD+0t3xEI87+eg5N86
+yXBcu4o/O7rvVpP17GrhwKuYx0RHDBScBDo/WRNEOrn8/Q9jQUlry06+0ChVYY+R
+328lHABkaoH/rB65JSECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBTtzWNHzdEvtjAAtgVDBxNUTJ0xijBtBgNVHSMEZjBkgBRd
p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
-Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA
-FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF
-0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5
-ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat
-Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul
-fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5
-G/jGGA==
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAVne/5HKpkbv75eHk
+x44aMVWT0DB6SF6nXrOQSzF7OV1FyNj2vibA9gAaiVnBXP+r798MDtwD/0N33TQl
+QIR2rGJqkocsCTcUiQW6xLDO6AmJCBAaJbc5REjNT+HndjjMsQjn1NyY8hQbyow1
+ZOQ543zCY+Al7A3YcUtISLLH4EMIP3On1PFM2rWMUq1HoSo2kl7Awv+okvoqx6Sf
+7/S2mj3dYGv+5eAVogkBL3mRCXEpGHC+6e6VW5nGYSYIRPkBRD2F4imB4+KYUR74
+GRopoaetH/TFRbDqiSWBf2L3Po2tXEPifIvkgavUXIn+tdgMhQ9BpVN8yEgPXLM5
+WdafVg==
-----END CERTIFICATE-----
diff --git a/testing/hosts/venus/etc/ipsec.d/certs/venusCert.pem b/testing/hosts/venus/etc/ipsec.d/certs/venusCert.pem
index c383667..6e951bf 100644
--- a/testing/hosts/venus/etc/ipsec.d/certs/venusCert.pem
+++ b/testing/hosts/venus/etc/ipsec.d/certs/venusCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBGDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEDzCCAvegAwIBAgIBLDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMDUyMloXDTE0MDgyNjEwMDUyMlowRzELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NTIyN1oXDTE5MDgyNjE0NTIyN1owRzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHTAbBgNVBAMTFHZlbnVz
LnN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-s0UsstkyjuvNkpx/vmZlKpBITJyGmfTfFjl01uU4dUVwzE3yhllGPLN3ijLSteHP
-3opUbDNd5dG4eVsa9DUiqIJlk/g+tnKS5IdQbA6yUf1nIHr39tVukOtX66sMeHBU
-+M46KD7r4RRrGSBYT1FsyIv47D2uk24nBZ7Sf2+LoVQZfMIVdydIGfHxmQJxymzS
-80mh57EN2y70oH9HMwn/bbGb8WrysN09WVbNbT2vdeYX3OJXi0xsmT/Ynev1VD9B
-2mbA/XCf4c45xFL1HxKQ/+RTlmY6z6m4rBFuFGCscLPba5g290mXqrpMSpuWUagI
-RZmOaeoyd3x25qbYwNe5QwIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E
-BAMCA6gwHQYDVR0OBBYEFI9cCmyxR/wbUXCARuBjbHpUAS1nMG0GA1UdIwRmMGSA
+s0NJSUJbtycdFMvKJ/dlsaFZbycstYbcGjmZtOZJpOvvJJB5DEQyJt3h8gWUOj1u
+Oq//laCC6x53P7OQpsHAQpZFYv7qeo1GtDRqgNDIZwSW/PmaBHbSTKmwlVBTQBto
+J3UMEPfb0ZSuvmW776t0W3TR6AHelU22ajB4+ERTMxEz8knEXrBjaAugL129WFXG
+WG/2OSRmWZEO1SrhRJV+/EaSc4H5veIvZ0zhu0lf0Lgc4NCh2CPOn8cVA3qvMa+A
+JcrvTdvadZ/hY+2Klqq/Ic5CB79HbbYAH9//qPPNc+fINpMFPGTcyznxNlIzfSXZ
+ga4pM/NmDnKTayuKw0GRTwIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E
+BAMCA6gwHQYDVR0OBBYEFIq1nS2ZywL8mwA1izsWzXznzo0MMG0GA1UdIwRmMGSA
FF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UE
ChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENB
ggEAMB8GA1UdEQQYMBaCFHZlbnVzLnN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAw
LqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmww
-DQYJKoZIhvcNAQELBQADggEBAK5Pi/g5Y234tEcTFWE0Vdg4cKxIfZRewFOOZI1z
-/RWfzoqPZ6YzD15B1toKZrAGsqyhdJ4yQ/BwxJpdgNCscMelkzMubcLXL9QugPS4
-hz4MLkJR2tDCZA/mFUTEbAQwdNSCxSo/l0vZ5KXUg9y5zZhCWpZiHJBXnz/567wn
-K16J3x9TYtdh4sT+y+0vHgvosUs2srRTkK2WDDxlh9XTch7DZyrLuiRRFrWjc6y9
-ThVH/qQNXwEBq2t9UYjQUVyx77gVQmiLrPU7UjL4IBoZmBNV/VJ10+rmGj1eG1nD
-pgq6oBTrbEsv8Ix7y/MziTB8POj3dKjl2UZmRVBwMbnNqYk=
+DQYJKoZIhvcNAQELBQADggEBAFBBquKL/HIc/NjxzbDFfyRSUJolOW/eyljAlZjV
+OHyOXqSFU5vnurZ1OX6ww+zoMJ3lP/36SOLGODKFl2QY8n3YnZjpDsDEdwAeU754
+G9Hc17ODEKMucgwPFwMNBsodg6ZQ3eaPMHv7KL+bh7dK2SfEk+UtLNru5TGzAEaJ
+WoQaaqbPNIHUN+aUkP9KkE/oo1S/FlUVvKV9kzNfZSMzjhAUwYYudnFay0J5Ja/y
+vuEBQpzFnoVB1exDGhBJBUB3UGvCeZcfcS5yuc6xRfCjuo9l0azxsIoqIru8g8Xa
+YFVNLlyEMDLE9ScCwZ6qR3K+xf++IO/l4VRLhpn40PUM6Cc=
-----END CERTIFICATE-----
diff --git a/testing/hosts/venus/etc/ipsec.d/private/venusKey.pem b/testing/hosts/venus/etc/ipsec.d/private/venusKey.pem
index 0477f69..4e02a72 100644
--- a/testing/hosts/venus/etc/ipsec.d/private/venusKey.pem
+++ b/testing/hosts/venus/etc/ipsec.d/private/venusKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAs0UsstkyjuvNkpx/vmZlKpBITJyGmfTfFjl01uU4dUVwzE3y
-hllGPLN3ijLSteHP3opUbDNd5dG4eVsa9DUiqIJlk/g+tnKS5IdQbA6yUf1nIHr3
-9tVukOtX66sMeHBU+M46KD7r4RRrGSBYT1FsyIv47D2uk24nBZ7Sf2+LoVQZfMIV
-dydIGfHxmQJxymzS80mh57EN2y70oH9HMwn/bbGb8WrysN09WVbNbT2vdeYX3OJX
-i0xsmT/Ynev1VD9B2mbA/XCf4c45xFL1HxKQ/+RTlmY6z6m4rBFuFGCscLPba5g2
-90mXqrpMSpuWUagIRZmOaeoyd3x25qbYwNe5QwIDAQABAoIBAC9F9I2NHPn3UJRy
-1HTfB5p7xbT+Kbh7jECOEjOA6qxyDVayz1uCOzVSlhlJYas4ytoCXFTUDtTFwwGt
-dqQjRupsyGCGu/Lcr8O3swtrrLZWPlWgV7ctfSSWCu9IgddYt++MYmWuggEuozdT
-AjaYYDlaP9/8PAcAqyWeRh/4yDdYRpEHshePE/uZaIDH1xgQ72v8Ks6fnz3sTYK6
-dJZfZ2EMUS2CsdbqYX+X7CSLkM7FVs+O0xFz00AF7xyfID9RP+nSGkPny60/O5Vk
-qO3dC1pXCs3aAXlTUBsP0aHWHFHXIIfJA95fQy0V7gqDxXHRPRInlFdERYkebM4S
-ctnfxYECgYEA6vFH8Vzc9G99LIZGX2EfODfwJ62TzDPOgqubUMpQRqydTxA9GaPG
-KyoF7GEYK3K8sji/uH1qcogUS46vXNcvm5xe7B5OPgfTLF6tfMaVeBvA6PfGOirx
-qzvrFDTp+DdInOOO9KwvVULKvWtIehSIT12EjKXPxnMCh/vTN2ngg2ECgYEAw1aA
-Z7iBrOPSTFf3S+rMgEMSv3s578YTg6hlaNfDvTEC9zQEDg7k4MxffRyBKLqidLUl
-ZZrcTszdO25c56w7xjFwcLwlFZuaoulFn+ON77/eudtCAjGjnmxUQuruzmoh8YyL
-zBB0oEGzm4u46BK3/ODIzQxpZL0MUUTXliLfoyMCgYA5KwrxfUI6rGJOEkJPdSeO
-m3XxgbgkCTsn6q/5YbFU8S26Dl5/va071ZbpZNrnv5yQ1WQ5dTMQuXIOzKJ5OddY
-yx0B4YHycB7/fe5DHWNDfaVcSuZOQyLZItRZ72I7RuCBZJHlkXxXB9CjdNaG9jYQ
-8dWOD87WICguhKVpp3a9IQKBgGLZByl1iMmAkA7qBM56Bvpw9q/HH85iIcXiFU80
-wGygvKtzuwmSJ+hKA5hAMGv35fXBJSeBcjK+IMXOV101HxpwMkIaM3n3wAzolr8O
-W+kS4xaSCZkqnW2xzAIA+M+jjYG6aZPeT+Y42TbBQdTOhCSHa5W3zi2YLP+DIsVq
-6FiZAoGAUGZttRZOFMZ1paEKtJzvbf7bYNkqW1iIY5AVAN84g4AEJ3910WHxXh7+
-uFWyBU4fUy0Qgk9HihSRbfnq2lvwNNWUeMQmt8t1WpEGUDT6FH4LoDD3fvHbmxY0
-y5QBbDvalkeIe6ESdW1uhLzxCzCRZSkANtMfiVCKvQOOBjxbfeo=
+MIIEpAIBAAKCAQEAs0NJSUJbtycdFMvKJ/dlsaFZbycstYbcGjmZtOZJpOvvJJB5
+DEQyJt3h8gWUOj1uOq//laCC6x53P7OQpsHAQpZFYv7qeo1GtDRqgNDIZwSW/Pma
+BHbSTKmwlVBTQBtoJ3UMEPfb0ZSuvmW776t0W3TR6AHelU22ajB4+ERTMxEz8knE
+XrBjaAugL129WFXGWG/2OSRmWZEO1SrhRJV+/EaSc4H5veIvZ0zhu0lf0Lgc4NCh
+2CPOn8cVA3qvMa+AJcrvTdvadZ/hY+2Klqq/Ic5CB79HbbYAH9//qPPNc+fINpMF
+PGTcyznxNlIzfSXZga4pM/NmDnKTayuKw0GRTwIDAQABAoIBAFIBCdl1fbc/MVJ+
+FzBJQEAN63epmA5CbxWgG+xhHHdRZsh3PqiZ2cdl4SJx4ujxiSdXs7ejAcDE4xBE
++HsQTv8m9v7eVi1Ry3JMOBxNZh+aPefj1s0L/hAL4Det0yeUYgUKykZI3En3liiL
+KXnuGQBtZEiZ8lSihDv3iJ8pwlWtWL/xpvXFS6iI5XY4yHC+L2m1wrNkf5bKREll
+s2FbiqFkCJp+YLQ0Yk9JkjqpuFWcuTlryN53/PVWCbQDkK0QQCIOZETnPtpaoltX
+N1sW8REr0UVHPyPpUCkb/Gf6aZjrvSzlJKHeU/KRHseEfqZDRF5vagTArR4AzbUT
+nOPfESECgYEA4B7ndYQdYR9BYZndBbY5YmwgfntEATSDBY7V4Ql62gKiMReRcj3M
+sT8kNno54mXW2x9xRaimTtlKf7hXc3ac2QhTboT4UIQ0J4oyoPXXtSAuzfIrhB7e
+w06NCzbWr25ukbkG9YXtAu/1nSqqwt46cMGirJcNXi0gAo5ML/kIyA0CgYEAzMLv
+Nhh2grIWqzU7UtNXceTR+YZp8077kM8cOhCw/+zG06h1O4ycJhrxBAYbhXvqLnkW
+7fqKe7vN6sTKdKniagY4FuglU1kSZtWVdFnCkxLl9weI3RGhELxRGPV8+uFkqsla
+lx2yYQnqP0XuOh5FdNOvvVZX22uR7YvgiIeD68sCgYANHkH2AvGlSasOB2+EchIR
+zLpqLNTiLSyuGpoyPdfPAvBzZynAQhXFGikId0cEFWnqEYETzrdNTjKqHyQfQgYU
+PgSEJ4xRSiuzVMd53Gnv1B5pN4+MgDIRxHtE+MTAJ/qY1PevT1N8JId/14t/NHq/
+NtZKu9ywcnu5KpMTC8ST0QKBgQCfQhrGC17ZpmQlQ6Dheclwp1V9a0Mq38qgRcYh
+j2vrkiDO7R5Jc8LbjGbbB1kOiGOLQ9lGvXBKbrbpG6iP9rZIWo/zmRm26vd6DjNR
+LKM+uxsr+KtFrnmEx8OX0xAjHX2rrDKOiKV9/jU4g06X24WQKTlt3SM2YUM97GZ2
+Kli74wKBgQDMU5h0bgXRFHQTOnbzn/euTJU1ytR+EZUHVifCkxTlhkSB0uv1D2ZQ
+8g922diELw6qBQgY6kjrU9yDb2gxDtcyz/G/liR+P9O8j0rarplM4kl5/fYxgQz8
+iMgszcmLKSjld6GKu7i/cVVp+7jvo4cx8jg37fcWsxX8hoFplot1vQ==
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/venus/etc/swanctl/rsa/venusKey.pem b/testing/hosts/venus/etc/swanctl/rsa/venusKey.pem
index 0477f69..4e02a72 100644
--- a/testing/hosts/venus/etc/swanctl/rsa/venusKey.pem
+++ b/testing/hosts/venus/etc/swanctl/rsa/venusKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAs0UsstkyjuvNkpx/vmZlKpBITJyGmfTfFjl01uU4dUVwzE3y
-hllGPLN3ijLSteHP3opUbDNd5dG4eVsa9DUiqIJlk/g+tnKS5IdQbA6yUf1nIHr3
-9tVukOtX66sMeHBU+M46KD7r4RRrGSBYT1FsyIv47D2uk24nBZ7Sf2+LoVQZfMIV
-dydIGfHxmQJxymzS80mh57EN2y70oH9HMwn/bbGb8WrysN09WVbNbT2vdeYX3OJX
-i0xsmT/Ynev1VD9B2mbA/XCf4c45xFL1HxKQ/+RTlmY6z6m4rBFuFGCscLPba5g2
-90mXqrpMSpuWUagIRZmOaeoyd3x25qbYwNe5QwIDAQABAoIBAC9F9I2NHPn3UJRy
-1HTfB5p7xbT+Kbh7jECOEjOA6qxyDVayz1uCOzVSlhlJYas4ytoCXFTUDtTFwwGt
-dqQjRupsyGCGu/Lcr8O3swtrrLZWPlWgV7ctfSSWCu9IgddYt++MYmWuggEuozdT
-AjaYYDlaP9/8PAcAqyWeRh/4yDdYRpEHshePE/uZaIDH1xgQ72v8Ks6fnz3sTYK6
-dJZfZ2EMUS2CsdbqYX+X7CSLkM7FVs+O0xFz00AF7xyfID9RP+nSGkPny60/O5Vk
-qO3dC1pXCs3aAXlTUBsP0aHWHFHXIIfJA95fQy0V7gqDxXHRPRInlFdERYkebM4S
-ctnfxYECgYEA6vFH8Vzc9G99LIZGX2EfODfwJ62TzDPOgqubUMpQRqydTxA9GaPG
-KyoF7GEYK3K8sji/uH1qcogUS46vXNcvm5xe7B5OPgfTLF6tfMaVeBvA6PfGOirx
-qzvrFDTp+DdInOOO9KwvVULKvWtIehSIT12EjKXPxnMCh/vTN2ngg2ECgYEAw1aA
-Z7iBrOPSTFf3S+rMgEMSv3s578YTg6hlaNfDvTEC9zQEDg7k4MxffRyBKLqidLUl
-ZZrcTszdO25c56w7xjFwcLwlFZuaoulFn+ON77/eudtCAjGjnmxUQuruzmoh8YyL
-zBB0oEGzm4u46BK3/ODIzQxpZL0MUUTXliLfoyMCgYA5KwrxfUI6rGJOEkJPdSeO
-m3XxgbgkCTsn6q/5YbFU8S26Dl5/va071ZbpZNrnv5yQ1WQ5dTMQuXIOzKJ5OddY
-yx0B4YHycB7/fe5DHWNDfaVcSuZOQyLZItRZ72I7RuCBZJHlkXxXB9CjdNaG9jYQ
-8dWOD87WICguhKVpp3a9IQKBgGLZByl1iMmAkA7qBM56Bvpw9q/HH85iIcXiFU80
-wGygvKtzuwmSJ+hKA5hAMGv35fXBJSeBcjK+IMXOV101HxpwMkIaM3n3wAzolr8O
-W+kS4xaSCZkqnW2xzAIA+M+jjYG6aZPeT+Y42TbBQdTOhCSHa5W3zi2YLP+DIsVq
-6FiZAoGAUGZttRZOFMZ1paEKtJzvbf7bYNkqW1iIY5AVAN84g4AEJ3910WHxXh7+
-uFWyBU4fUy0Qgk9HihSRbfnq2lvwNNWUeMQmt8t1WpEGUDT6FH4LoDD3fvHbmxY0
-y5QBbDvalkeIe6ESdW1uhLzxCzCRZSkANtMfiVCKvQOOBjxbfeo=
+MIIEpAIBAAKCAQEAs0NJSUJbtycdFMvKJ/dlsaFZbycstYbcGjmZtOZJpOvvJJB5
+DEQyJt3h8gWUOj1uOq//laCC6x53P7OQpsHAQpZFYv7qeo1GtDRqgNDIZwSW/Pma
+BHbSTKmwlVBTQBtoJ3UMEPfb0ZSuvmW776t0W3TR6AHelU22ajB4+ERTMxEz8knE
+XrBjaAugL129WFXGWG/2OSRmWZEO1SrhRJV+/EaSc4H5veIvZ0zhu0lf0Lgc4NCh
+2CPOn8cVA3qvMa+AJcrvTdvadZ/hY+2Klqq/Ic5CB79HbbYAH9//qPPNc+fINpMF
+PGTcyznxNlIzfSXZga4pM/NmDnKTayuKw0GRTwIDAQABAoIBAFIBCdl1fbc/MVJ+
+FzBJQEAN63epmA5CbxWgG+xhHHdRZsh3PqiZ2cdl4SJx4ujxiSdXs7ejAcDE4xBE
++HsQTv8m9v7eVi1Ry3JMOBxNZh+aPefj1s0L/hAL4Det0yeUYgUKykZI3En3liiL
+KXnuGQBtZEiZ8lSihDv3iJ8pwlWtWL/xpvXFS6iI5XY4yHC+L2m1wrNkf5bKREll
+s2FbiqFkCJp+YLQ0Yk9JkjqpuFWcuTlryN53/PVWCbQDkK0QQCIOZETnPtpaoltX
+N1sW8REr0UVHPyPpUCkb/Gf6aZjrvSzlJKHeU/KRHseEfqZDRF5vagTArR4AzbUT
+nOPfESECgYEA4B7ndYQdYR9BYZndBbY5YmwgfntEATSDBY7V4Ql62gKiMReRcj3M
+sT8kNno54mXW2x9xRaimTtlKf7hXc3ac2QhTboT4UIQ0J4oyoPXXtSAuzfIrhB7e
+w06NCzbWr25ukbkG9YXtAu/1nSqqwt46cMGirJcNXi0gAo5ML/kIyA0CgYEAzMLv
+Nhh2grIWqzU7UtNXceTR+YZp8077kM8cOhCw/+zG06h1O4ycJhrxBAYbhXvqLnkW
+7fqKe7vN6sTKdKniagY4FuglU1kSZtWVdFnCkxLl9weI3RGhELxRGPV8+uFkqsla
+lx2yYQnqP0XuOh5FdNOvvVZX22uR7YvgiIeD68sCgYANHkH2AvGlSasOB2+EchIR
+zLpqLNTiLSyuGpoyPdfPAvBzZynAQhXFGikId0cEFWnqEYETzrdNTjKqHyQfQgYU
+PgSEJ4xRSiuzVMd53Gnv1B5pN4+MgDIRxHtE+MTAJ/qY1PevT1N8JId/14t/NHq/
+NtZKu9ywcnu5KpMTC8ST0QKBgQCfQhrGC17ZpmQlQ6Dheclwp1V9a0Mq38qgRcYh
+j2vrkiDO7R5Jc8LbjGbbB1kOiGOLQ9lGvXBKbrbpG6iP9rZIWo/zmRm26vd6DjNR
+LKM+uxsr+KtFrnmEx8OX0xAjHX2rrDKOiKV9/jU4g06X24WQKTlt3SM2YUM97GZ2
+Kli74wKBgQDMU5h0bgXRFHQTOnbzn/euTJU1ytR+EZUHVifCkxTlhkSB0uv1D2ZQ
+8g922diELw6qBQgY6kjrU9yDb2gxDtcyz/G/liR+P9O8j0rarplM4kl5/fYxgQz8
+iMgszcmLKSjld6GKu7i/cVVp+7jvo4cx8jg37fcWsxX8hoFplot1vQ==
-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/venus/etc/swanctl/x509/venusCert.pem b/testing/hosts/venus/etc/swanctl/x509/venusCert.pem
index c383667..6e951bf 100644
--- a/testing/hosts/venus/etc/swanctl/x509/venusCert.pem
+++ b/testing/hosts/venus/etc/swanctl/x509/venusCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBGDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEDzCCAvegAwIBAgIBLDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMDUyMloXDTE0MDgyNjEwMDUyMlowRzELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE0NTIyN1oXDTE5MDgyNjE0NTIyN1owRzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHTAbBgNVBAMTFHZlbnVz
LnN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-s0UsstkyjuvNkpx/vmZlKpBITJyGmfTfFjl01uU4dUVwzE3yhllGPLN3ijLSteHP
-3opUbDNd5dG4eVsa9DUiqIJlk/g+tnKS5IdQbA6yUf1nIHr39tVukOtX66sMeHBU
-+M46KD7r4RRrGSBYT1FsyIv47D2uk24nBZ7Sf2+LoVQZfMIVdydIGfHxmQJxymzS
-80mh57EN2y70oH9HMwn/bbGb8WrysN09WVbNbT2vdeYX3OJXi0xsmT/Ynev1VD9B
-2mbA/XCf4c45xFL1HxKQ/+RTlmY6z6m4rBFuFGCscLPba5g290mXqrpMSpuWUagI
-RZmOaeoyd3x25qbYwNe5QwIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E
-BAMCA6gwHQYDVR0OBBYEFI9cCmyxR/wbUXCARuBjbHpUAS1nMG0GA1UdIwRmMGSA
+s0NJSUJbtycdFMvKJ/dlsaFZbycstYbcGjmZtOZJpOvvJJB5DEQyJt3h8gWUOj1u
+Oq//laCC6x53P7OQpsHAQpZFYv7qeo1GtDRqgNDIZwSW/PmaBHbSTKmwlVBTQBto
+J3UMEPfb0ZSuvmW776t0W3TR6AHelU22ajB4+ERTMxEz8knEXrBjaAugL129WFXG
+WG/2OSRmWZEO1SrhRJV+/EaSc4H5veIvZ0zhu0lf0Lgc4NCh2CPOn8cVA3qvMa+A
+JcrvTdvadZ/hY+2Klqq/Ic5CB79HbbYAH9//qPPNc+fINpMFPGTcyznxNlIzfSXZ
+ga4pM/NmDnKTayuKw0GRTwIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E
+BAMCA6gwHQYDVR0OBBYEFIq1nS2ZywL8mwA1izsWzXznzo0MMG0GA1UdIwRmMGSA
FF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UE
ChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENB
ggEAMB8GA1UdEQQYMBaCFHZlbnVzLnN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAw
LqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmww
-DQYJKoZIhvcNAQELBQADggEBAK5Pi/g5Y234tEcTFWE0Vdg4cKxIfZRewFOOZI1z
-/RWfzoqPZ6YzD15B1toKZrAGsqyhdJ4yQ/BwxJpdgNCscMelkzMubcLXL9QugPS4
-hz4MLkJR2tDCZA/mFUTEbAQwdNSCxSo/l0vZ5KXUg9y5zZhCWpZiHJBXnz/567wn
-K16J3x9TYtdh4sT+y+0vHgvosUs2srRTkK2WDDxlh9XTch7DZyrLuiRRFrWjc6y9
-ThVH/qQNXwEBq2t9UYjQUVyx77gVQmiLrPU7UjL4IBoZmBNV/VJ10+rmGj1eG1nD
-pgq6oBTrbEsv8Ix7y/MziTB8POj3dKjl2UZmRVBwMbnNqYk=
+DQYJKoZIhvcNAQELBQADggEBAFBBquKL/HIc/NjxzbDFfyRSUJolOW/eyljAlZjV
+OHyOXqSFU5vnurZ1OX6ww+zoMJ3lP/36SOLGODKFl2QY8n3YnZjpDsDEdwAeU754
+G9Hc17ODEKMucgwPFwMNBsodg6ZQ3eaPMHv7KL+bh7dK2SfEk+UtLNru5TGzAEaJ
+WoQaaqbPNIHUN+aUkP9KkE/oo1S/FlUVvKV9kzNfZSMzjhAUwYYudnFay0J5Ja/y
+vuEBQpzFnoVB1exDGhBJBUB3UGvCeZcfcS5yuc6xRfCjuo9l0azxsIoqIru8g8Xa
+YFVNLlyEMDLE9ScCwZ6qR3K+xf++IO/l4VRLhpn40PUM6Cc=
-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/bind/db.strongswan.org b/testing/hosts/winnetou/etc/bind/db.strongswan.org
index 694e2ce..f838d2f 100644
--- a/testing/hosts/winnetou/etc/bind/db.strongswan.org
+++ b/testing/hosts/winnetou/etc/bind/db.strongswan.org
@@ -5,12 +5,12 @@ $TTL 604800
@ IN SOA ns1.strongswan.org. root.strongswan.org. (
1 ; Serial
604800 ; Refresh
- 86400 ; Retry
+ 86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.strongswan.org.
-ns1 IN A 192.168.0.150
+ns1 IN A 192.168.0.150
ns1 IN AAAA fe80::fcfd:c0ff:fea8:96
;
moon IN A 192.168.0.1
@@ -32,91 +32,87 @@ ldap IN CNAME winnetou.strongswan.org.
ocsp IN CNAME winnetou.strongswan.org.
;
moon IN CERT ( 1 0 0
- MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+ MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
- b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE
+ b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
- c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
- L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+
- SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY
- YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+
- 7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3
- Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb
- A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
- AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU
+ c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk
+ fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68
+ TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz
+ oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7
+ MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw
+ Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0
+ 87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
+ AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU
XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
- b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV
- jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML
- o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq
- wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz
- p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9
- 25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY
- 7QTufOwP
+ b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi
+ 4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i
+ LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2
+ xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo
+ buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a
+ 4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9
+ ga8NOzX8
)
sun IN CERT ( 1 0 0
- MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+ MIIEIDCCAwigAwIBAgIBKjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
- b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE
+ b290IENBMB4XDTE0MDgyNzE0NDI0NVoXDTE5MDgyNjE0NDI0NVowRTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
- dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V
- VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68
- oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y
- h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4
- 9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4
- e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb
- 8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
- AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd
+ dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMci
+ IAR9SlszDJhGEtRq9eCFAYNdtL3bC7jcELs7ttqiB51iAUgdi9JZCzgWNAGHd8Iv
+ RDV529DDiUxXxOWCdYKUmQp0t5vR6oE5pmHmd5lcUguEyVrtqFSr6LMUqOXwFb41
+ VUNPPR7YyLMdgUf9Ki0PZWdnVLVEp/ZKIY1OaqZLTnyfV7k0I/XQX2uW6UDCaC1A
+ QBljzEfrD2gUcG9+FLpb5qDsiGUyhhLB+nM1GNPnZvIlCppD+0t3xEI87+eg5N86
+ yXBcu4o/O7rvVpP17GrhwKuYx0RHDBScBDo/WRNEOrn8/Q9jQUlry06+0ChVYY+R
+ 328lHABkaoH/rB65JSECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+ AgOoMB0GA1UdDgQWBBTtzWNHzdEvtjAAtgVDBxNUTJ0xijBtBgNVHSMEZjBkgBRd
p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
- Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA
- FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF
- 0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5
- ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat
- Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul
- fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5
- G/jGGA==
+ Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAVne/5HKpkbv75eHk
+ x44aMVWT0DB6SF6nXrOQSzF7OV1FyNj2vibA9gAaiVnBXP+r798MDtwD/0N33TQl
+ QIR2rGJqkocsCTcUiQW6xLDO6AmJCBAaJbc5REjNT+HndjjMsQjn1NyY8hQbyow1
+ ZOQ543zCY+Al7A3YcUtISLLH4EMIP3On1PFM2rWMUq1HoSo2kl7Awv+okvoqx6Sf
+ 7/S2mj3dYGv+5eAVogkBL3mRCXEpGHC+6e6VW5nGYSYIRPkBRD2F4imB4+KYUR74
+ GRopoaetH/TFRbDqiSWBf2L3Po2tXEPifIvkgavUXIn+tdgMhQ9BpVN8yEgPXLM5
+ WdafVg==
)
;
moon IN IPSECKEY ( 10 1 2 192.168.0.1
- AwEAAcovYz3Uu7oFhiFbFaAxL3P1MxJPCzObmuE7tkiwK0xGjg8B5jD7
- 75IZe3cI9dv/6n5JYoaWbXWs8TvV5Dd6GCHYLeEC6t+ZY7SJBBoLD592
- t54hUKo5Ag4/pSpnfbuHnJhikeTxVC/i8ElOnFyVTU+qdaF6p7VmUvGx
- bvvctGaX99C39SC8mQIFNlk40s0x8r7tMOdhpWwC2dyC8M3vydQ0R7ap
- j3YortKsEnpKlQSDj2bnUX5eCwZyyBZUdLzmifc6b8bjxyssRUmN27w
- LF7BJFWBv6U8lbMd3xCxTRWD/u+WqzdlEzI200quviilK9VsDpqAaVNe
- EMKt4OJdTwoc=
+ AwEAAaR8BfrFF0HR/lsGM3TzM6Y7sIRhrx4LJgWodSELD7HXS/YGcoHq86UzNb70
+ OJG0brxN0mVi3/bihG4kFfSAAa/Oy/SQL2uehByAIlDLhvFos1WyCiIUJWXPEtpi
+ MAFtCXOhJp6Cb/Y+hf7VQ/fusbzCW8By4tIewVDvbQVSz8u9mHhjQWOgqG+Aqzrh
+ TicgAnsye4vb2fl8zn516bu6i9A4GD/59pmjxCRhIr0xbp5CQ/5ifA3nMi00HHIb
+ Ao9tdfATLn9qo1Z+FFjwgQbocmCucLAEwdQDXgLZRX4B/sLLh42cLUya7tOZRhwW
+ dxdoWfTzuvIVR2yGWY+kgfF+O58=
)
sun IN IPSECKEY ( 10 1 2 192.168.0.2
- AwEAAd+VVIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqq
- rQ3X917h7YNsSk68oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5
- mimv/prYj6o0yawxoPjoDs9Yh7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg
- 1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/49YuxQ59DemY9IRbwsrKCHH0m
- GrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4e0da1ntPCEQLeE83
- 3+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb8WNzRWB8
- Egh3BDK6FsE=
+ AwEAAcciIAR9SlszDJhGEtRq9eCFAYNdtL3bC7jcELs7ttqiB51iAUgdi9JZCzgW
+ NAGHd8IvRDV529DDiUxXxOWCdYKUmQp0t5vR6oE5pmHmd5lcUguEyVrtqFSr6LMU
+ qOXwFb41VUNPPR7YyLMdgUf9Ki0PZWdnVLVEp/ZKIY1OaqZLTnyfV7k0I/XQX2uW
+ 6UDCaC1AQBljzEfrD2gUcG9+FLpb5qDsiGUyhhLB+nM1GNPnZvIlCppD+0t3xEI8
+ 7+eg5N86yXBcu4o/O7rvVpP17GrhwKuYx0RHDBScBDo/WRNEOrn8/Q9jQUlry06+
+ 0ChVYY+R328lHABkaoH/rB65JSE=
)
carol IN IPSECKEY ( 10 1 2 192.168.0.100
- AwEAAdBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx6kRPsjYAuukt
- gXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZGamo
- 5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6
- q95VWu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF
- 5AzkZnFrw12GI72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5P
- UdoDCte/Mcr1iiA+zOovx55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3
- WEKTAmsZrVE=
+ AwEAAbfz1DcXyt/sOALi1IZ/RcuPa5m+4fiSST2wVWWrlw3hUjeiwLfgoLrtKaGX
+ 4i+At82Zol2mdbEXFpO+9qxXliP2u0fexqP4mBuZus3ELA82EOL0lQ2ahAi8O3qa
+ fkDMBSgvoeJpEwNe00Ugh53g7hT7dw8tSgcPGqQkWutIIKT9T6e/HbHNjRtYlw9Z
+ lHsp8gSYjg/Q6vV6ofttueMUD9NRv8w2Y76rnRRmUGf3GlNFFmgxZntCJRuYltnx
+ V7VcCFoppyauYt/fPmjAxbPRuhHKacnzIzq83Ixf5fSjMTlluGCfWFX/NGENXamB
+ qChkRLHmuCHNexxRp9s2F1S10hE=
)
dave IN IPSECKEY ( 10 1 2 192.168.0.200
- AwEAAcAH8lNvBVjmg0XT7wF6F1tzQ055f5uXRI5yClmFrqdswFA7jWO0
- 4jmvlduD2wr2X4Ng6dlBkSwSEhVkOgrzIYj8UgQT6BZF/44uYjyTYr4b
- V2SVML9U/a1lYxBhBazpSdfeKJWkdxwjcJCqolZ719mwiyrQn2P2G7qH
- 10YgRuifpFcMs8jkMiIgpzevSMMc0OwhQPNyO5R0LEoUIy4dQJ9rU8GK
- qmPmk/pdPQaAjpSNuCc1Y9M9vZrETs/XHmBCZXCIWJiz5VOHZ+r073E3
- Gef9ibMuTj9g2XLvFhdDfU26FK9GkfuOwnWnhVK66diq9xw9Qqynk+8K
- 0J4a81Paq3U=
+ AwEAAdY83E3FhM1fteIFrdHSQhMPGWKX1gg+JU89IK174X/k/YDB8fb8d0ombwKv
+ ggU7k5KbAcnaVBG0AvRmb+qkXdRZiEAlJOqR2YrflB+OMN7bnPmDQekI09TzDJt9
+ a1C19eIxmUJ2h2DeDAEnxrpp1wsKnWBd48MeYhjkAErRhx8A8ZlBbkdyGQJD+y8G
+ tp0iWS4rz8aiGQ0vYS+P9DVkMJbbGhl2aqwVY+F335//LVG244+yzXTf1o8aLwPl
+ 1+PHcgavN+M766Y3bqI5YHgh2CEJTCaBf4zooTBSQ6Tr1cQ5B//V519J1x/uh//2
+ CpEQXbFYFiU3kLmTTPz9pcmeVkM=
)
;
; This is a zone-signing key, keyid 9396, for strongswan.org.
diff --git a/testing/hosts/winnetou/etc/openssl/certs/07de9420646e493941432a451e7c14fd28fb9307 b/testing/hosts/winnetou/etc/openssl/certs/07de9420646e493941432a451e7c14fd28fb9307
new file mode 100644
index 0000000..291812e
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/07de9420646e493941432a451e7c14fd28fb9307 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/0e35060aed55a85aa8520815c166588fc35bcd93 b/testing/hosts/winnetou/etc/openssl/certs/0e35060aed55a85aa8520815c166588fc35bcd93
deleted file mode 100644
index dcb5746..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/0e35060aed55a85aa8520815c166588fc35bcd93 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/160769ece9ead9c1c4d89c34aa004c3b66402081 b/testing/hosts/winnetou/etc/openssl/certs/160769ece9ead9c1c4d89c34aa004c3b66402081
deleted file mode 100644
index eb21aa7..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/160769ece9ead9c1c4d89c34aa004c3b66402081 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/16bf9080ac60d035d7a75ca7f634ed4427f00c0f b/testing/hosts/winnetou/etc/openssl/certs/16bf9080ac60d035d7a75ca7f634ed4427f00c0f
new file mode 100644
index 0000000..fb34242
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/16bf9080ac60d035d7a75ca7f634ed4427f00c0f differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/174b20a63b8469706e6695e185ac8cc90bb9e69f b/testing/hosts/winnetou/etc/openssl/certs/174b20a63b8469706e6695e185ac8cc90bb9e69f
new file mode 100644
index 0000000..0cbb57b
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/174b20a63b8469706e6695e185ac8cc90bb9e69f differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/1b260aa901f29db73635f568c34e27d1f1cb23ab b/testing/hosts/winnetou/etc/openssl/certs/1b260aa901f29db73635f568c34e27d1f1cb23ab
deleted file mode 100644
index 529fd2d..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/1b260aa901f29db73635f568c34e27d1f1cb23ab and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/24d9077c072f5a22ad0c6f65f9f20ebda2afa491 b/testing/hosts/winnetou/etc/openssl/certs/24d9077c072f5a22ad0c6f65f9f20ebda2afa491
new file mode 100644
index 0000000..b7dae35
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/24d9077c072f5a22ad0c6f65f9f20ebda2afa491 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/394ceefaef48af8394d9a0e63d74cc56a4117a23 b/testing/hosts/winnetou/etc/openssl/certs/394ceefaef48af8394d9a0e63d74cc56a4117a23
deleted file mode 100644
index 29cbe00..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/394ceefaef48af8394d9a0e63d74cc56a4117a23 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/3b389ed7670f8698f37e8a90b4f99389d3c8e3c0 b/testing/hosts/winnetou/etc/openssl/certs/3b389ed7670f8698f37e8a90b4f99389d3c8e3c0
new file mode 100644
index 0000000..ee4b769
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/3b389ed7670f8698f37e8a90b4f99389d3c8e3c0 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/430651fd670098ad72f02c4cc34a017f9931c88b b/testing/hosts/winnetou/etc/openssl/certs/430651fd670098ad72f02c4cc34a017f9931c88b
deleted file mode 100644
index 1be3900..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/430651fd670098ad72f02c4cc34a017f9931c88b and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c b/testing/hosts/winnetou/etc/openssl/certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c
deleted file mode 100644
index 2b48d67..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/45b967b2f9b4a8855235b2d01249cd1e079348aa b/testing/hosts/winnetou/etc/openssl/certs/45b967b2f9b4a8855235b2d01249cd1e079348aa
deleted file mode 100644
index c5d6050..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/45b967b2f9b4a8855235b2d01249cd1e079348aa and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/47a2450a79a68462c105747751a6526aa8a20277 b/testing/hosts/winnetou/etc/openssl/certs/47a2450a79a68462c105747751a6526aa8a20277
deleted file mode 100644
index 5044790..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/47a2450a79a68462c105747751a6526aa8a20277 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/4f4b98c28a1d286274f529e75000cfbb02ce4c64 b/testing/hosts/winnetou/etc/openssl/certs/4f4b98c28a1d286274f529e75000cfbb02ce4c64
deleted file mode 100644
index 2bf0d15..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/4f4b98c28a1d286274f529e75000cfbb02ce4c64 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/53b5bf163ae90d54271288852c2ab062fb9e74e3 b/testing/hosts/winnetou/etc/openssl/certs/53b5bf163ae90d54271288852c2ab062fb9e74e3
deleted file mode 100644
index ac09de4..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/53b5bf163ae90d54271288852c2ab062fb9e74e3 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/53c790f4502ef25e04d6924ac63e65ec224495db b/testing/hosts/winnetou/etc/openssl/certs/53c790f4502ef25e04d6924ac63e65ec224495db
new file mode 100644
index 0000000..e9c6c85
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/53c790f4502ef25e04d6924ac63e65ec224495db differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/548acbf0651d74df8175e709d52e24d9fcf1a1e5 b/testing/hosts/winnetou/etc/openssl/certs/548acbf0651d74df8175e709d52e24d9fcf1a1e5
new file mode 100644
index 0000000..a91949e
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/548acbf0651d74df8175e709d52e24d9fcf1a1e5 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/55b8d682bccbba72d48faa4e31b885c589d94e35 b/testing/hosts/winnetou/etc/openssl/certs/55b8d682bccbba72d48faa4e31b885c589d94e35
new file mode 100644
index 0000000..c13108d
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/55b8d682bccbba72d48faa4e31b885c589d94e35 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/57b8d46c89658ec3a53e7aec7fd99aa42636d8a8 b/testing/hosts/winnetou/etc/openssl/certs/57b8d46c89658ec3a53e7aec7fd99aa42636d8a8
new file mode 100644
index 0000000..c99060c
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/57b8d46c89658ec3a53e7aec7fd99aa42636d8a8 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/5bd93cb213b4b31885da0a0efc2a79f4a7070708 b/testing/hosts/winnetou/etc/openssl/certs/5bd93cb213b4b31885da0a0efc2a79f4a7070708
new file mode 100644
index 0000000..7e3c269
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/5bd93cb213b4b31885da0a0efc2a79f4a7070708 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4 b/testing/hosts/winnetou/etc/openssl/certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4
deleted file mode 100644
index 10a5268..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/65b352233dc5cf96ecd69271587e47eea59446f1 b/testing/hosts/winnetou/etc/openssl/certs/65b352233dc5cf96ecd69271587e47eea59446f1
new file mode 100644
index 0000000..4160279
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/65b352233dc5cf96ecd69271587e47eea59446f1 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/679aaf150f9eef2897cf419485667387a8b8579a b/testing/hosts/winnetou/etc/openssl/certs/679aaf150f9eef2897cf419485667387a8b8579a
new file mode 100644
index 0000000..c21b3fe
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/679aaf150f9eef2897cf419485667387a8b8579a differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/694f095095ab926875841456736263fe40696930 b/testing/hosts/winnetou/etc/openssl/certs/694f095095ab926875841456736263fe40696930
new file mode 100644
index 0000000..415f5c5
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/694f095095ab926875841456736263fe40696930 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/7c6a448fb938e5c19ab75631f0d0cbb92b25f2a9 b/testing/hosts/winnetou/etc/openssl/certs/7c6a448fb938e5c19ab75631f0d0cbb92b25f2a9
deleted file mode 100644
index ecc8b3f..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/7c6a448fb938e5c19ab75631f0d0cbb92b25f2a9 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/7db109750703f47b822eb10cf205159f90fe3634 b/testing/hosts/winnetou/etc/openssl/certs/7db109750703f47b822eb10cf205159f90fe3634
deleted file mode 100644
index 87b8097..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/7db109750703f47b822eb10cf205159f90fe3634 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/878cbc01427f1c1f5335b68604256705e85bfcd1 b/testing/hosts/winnetou/etc/openssl/certs/878cbc01427f1c1f5335b68604256705e85bfcd1
new file mode 100644
index 0000000..9791796
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/878cbc01427f1c1f5335b68604256705e85bfcd1 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/8c16a693aa59f4f4ed7eec7fd8a4ba7799e3c531 b/testing/hosts/winnetou/etc/openssl/certs/8c16a693aa59f4f4ed7eec7fd8a4ba7799e3c531
new file mode 100644
index 0000000..debeca3
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/8c16a693aa59f4f4ed7eec7fd8a4ba7799e3c531 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/8dcd0fcfbfdcfce2480a4f18b20007517df2091f b/testing/hosts/winnetou/etc/openssl/certs/8dcd0fcfbfdcfce2480a4f18b20007517df2091f
deleted file mode 100644
index 2a52f62..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/8dcd0fcfbfdcfce2480a4f18b20007517df2091f and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/8e9be7e9f0de2874707245ee200bfb971a646ba9 b/testing/hosts/winnetou/etc/openssl/certs/8e9be7e9f0de2874707245ee200bfb971a646ba9
deleted file mode 100644
index ab91cd3..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/8e9be7e9f0de2874707245ee200bfb971a646ba9 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/9319a45e2618f95fa64c539edb6bb6ef5e19a27e b/testing/hosts/winnetou/etc/openssl/certs/9319a45e2618f95fa64c539edb6bb6ef5e19a27e
new file mode 100644
index 0000000..7ab1b3e
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/9319a45e2618f95fa64c539edb6bb6ef5e19a27e differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/982d8252943f432acfacb002a0e576442402ba50 b/testing/hosts/winnetou/etc/openssl/certs/982d8252943f432acfacb002a0e576442402ba50
new file mode 100644
index 0000000..dafc9ed
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/982d8252943f432acfacb002a0e576442402ba50 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/9ff39ec266e309f2b53748a4fe0cfd3923955ff4 b/testing/hosts/winnetou/etc/openssl/certs/9ff39ec266e309f2b53748a4fe0cfd3923955ff4
deleted file mode 100644
index 9e4bb37..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/9ff39ec266e309f2b53748a4fe0cfd3923955ff4 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/a91bb369a86604673f42f25b3fc94422eb73afd5 b/testing/hosts/winnetou/etc/openssl/certs/a91bb369a86604673f42f25b3fc94422eb73afd5
deleted file mode 100644
index cfca395..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/a91bb369a86604673f42f25b3fc94422eb73afd5 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/af19b02dcdc28a4e86d1657b656f0cac63b5474b b/testing/hosts/winnetou/etc/openssl/certs/af19b02dcdc28a4e86d1657b656f0cac63b5474b
deleted file mode 100644
index 891800d..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/af19b02dcdc28a4e86d1657b656f0cac63b5474b and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/b15a2fbbd5613781df896d28f82e4b0893011530 b/testing/hosts/winnetou/etc/openssl/certs/b15a2fbbd5613781df896d28f82e4b0893011530
deleted file mode 100644
index 8137fc7..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/b15a2fbbd5613781df896d28f82e4b0893011530 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/bb027269812f2cb0c1ba534c0016b7f33bdca83f b/testing/hosts/winnetou/etc/openssl/certs/bb027269812f2cb0c1ba534c0016b7f33bdca83f
deleted file mode 100644
index 8040300..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/bb027269812f2cb0c1ba534c0016b7f33bdca83f and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/c45be2b38883548967f4f959fd5ec0822f65237b b/testing/hosts/winnetou/etc/openssl/certs/c45be2b38883548967f4f959fd5ec0822f65237b
deleted file mode 100644
index bee738d..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/c45be2b38883548967f4f959fd5ec0822f65237b and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/cb516460e6f70eb2601effee6b7b6c7884c23fdb b/testing/hosts/winnetou/etc/openssl/certs/cb516460e6f70eb2601effee6b7b6c7884c23fdb
new file mode 100644
index 0000000..d23de6f
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/cb516460e6f70eb2601effee6b7b6c7884c23fdb differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/cedd2d5985ee0efde7acb2f788ed1a4237197d01 b/testing/hosts/winnetou/etc/openssl/certs/cedd2d5985ee0efde7acb2f788ed1a4237197d01
deleted file mode 100644
index 0fcc92d..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/cedd2d5985ee0efde7acb2f788ed1a4237197d01 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83 b/testing/hosts/winnetou/etc/openssl/certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83
deleted file mode 100644
index a0bf273..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/de106e5254cbafddb683117f90174910f43b5ae3 b/testing/hosts/winnetou/etc/openssl/certs/de106e5254cbafddb683117f90174910f43b5ae3
deleted file mode 100644
index 01b0f6c..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/de106e5254cbafddb683117f90174910f43b5ae3 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/de216601f06d10a41171392fdfc9127f0bb9d5b0 b/testing/hosts/winnetou/etc/openssl/certs/de216601f06d10a41171392fdfc9127f0bb9d5b0
deleted file mode 100644
index 002aaa2..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/de216601f06d10a41171392fdfc9127f0bb9d5b0 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/e07015ca76fba1039b247ce96c214bb038539cc8 b/testing/hosts/winnetou/etc/openssl/certs/e07015ca76fba1039b247ce96c214bb038539cc8
deleted file mode 100644
index b928af4..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/e07015ca76fba1039b247ce96c214bb038539cc8 and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/e079576c2006eb01569cb79c6e39dbb488050a86 b/testing/hosts/winnetou/etc/openssl/certs/e079576c2006eb01569cb79c6e39dbb488050a86
new file mode 100644
index 0000000..f16e124
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/e079576c2006eb01569cb79c6e39dbb488050a86 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/e08213ec6a79e05c86a6f8a378eb4d5086352a7b b/testing/hosts/winnetou/etc/openssl/certs/e08213ec6a79e05c86a6f8a378eb4d5086352a7b
deleted file mode 100644
index 7afadad..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/e08213ec6a79e05c86a6f8a378eb4d5086352a7b and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/e1fc65a76e366f513effaba487ac6cf2c144b7a7 b/testing/hosts/winnetou/etc/openssl/certs/e1fc65a76e366f513effaba487ac6cf2c144b7a7
new file mode 100644
index 0000000..2d7314d
Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/e1fc65a76e366f513effaba487ac6cf2c144b7a7 differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf b/testing/hosts/winnetou/etc/openssl/certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf
deleted file mode 100644
index 32cecce..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/certs/f2595dbd1ee26d9df0e8c5beae47875c68b97b4c b/testing/hosts/winnetou/etc/openssl/certs/f2595dbd1ee26d9df0e8c5beae47875c68b97b4c
deleted file mode 100644
index 0fd84ad..0000000
Binary files a/testing/hosts/winnetou/etc/openssl/certs/f2595dbd1ee26d9df0e8c5beae47875c68b97b4c and /dev/null differ
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt
index 4b75f47..49264a5 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/index.txt
@@ -19,14 +19,14 @@ R 111007122112Z 111017123715Z,superseded 12 unknown /C=CH/O=Linux strongSwan/OU=
R 120224075857Z 120315063217Z,superseded 13 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol at strongswan.org
R 120425210745Z 140414203104Z,superseded 14 unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org
R 140406120117Z 140414203012Z,superseded 15 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol at strongswan.org
-V 140826095904Z 16 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org
-V 140826100332Z 17 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org
-V 140826100522Z 18 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org
-V 140826100724Z 19 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice at strongswan.org
-V 140826100818Z 1A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob at strongswan.org
+R 140826095904Z 140827143322Z,superseded 16 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org
+R 140826100332Z 140827143341Z,superseded 17 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org
+R 140826100522Z 140827143345Z,superseded 18 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org
+R 140826100724Z 140827143349Z,superseded 19 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice at strongswan.org
+R 140826100818Z 140827143358Z,superseded 1A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob at strongswan.org
R 140826103106Z 090827103405Z,keyCompromise 1B unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
-V 140826103739Z 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave at strongswan.org
-V 140826104451Z 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
+R 140826103739Z 140827143427Z,superseded 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave at strongswan.org
+R 140826104451Z 140827143432Z,superseded 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
V 141123125153Z 1E unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
V 150226210530Z 1F unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa at strongswan.org
V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
@@ -39,3 +39,11 @@ V 161015125030Z 26 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave at strongsw
V 170314064200Z 27 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol at strongswan.org
R 190321135622Z 140322135700Z,CACompromise 28 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 190413204655Z 29 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol at strongswan.org
+V 190826144245Z 2A unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org
+V 190826144456Z 2B unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org
+V 190826145227Z 2C unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org
+V 190826145436Z 2D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice at strongswan.org
+V 190826145626Z 2E unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob at strongswan.org
+R 190826150222Z 140827150343Z,keyCompromise 2F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
+V 190826150536Z 30 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
+V 190826151202Z 31 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave at strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old
index 3baf17f..cd5ddfd 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/index.txt.old
@@ -19,14 +19,14 @@ R 111007122112Z 111017123715Z,superseded 12 unknown /C=CH/O=Linux strongSwan/OU=
R 120224075857Z 120315063217Z,superseded 13 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol at strongswan.org
R 120425210745Z 140414203104Z,superseded 14 unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org
R 140406120117Z 140414203012Z,superseded 15 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol at strongswan.org
-V 140826095904Z 16 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org
-V 140826100332Z 17 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org
-V 140826100522Z 18 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org
-V 140826100724Z 19 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice at strongswan.org
-V 140826100818Z 1A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob at strongswan.org
+R 140826095904Z 140827143322Z,superseded 16 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org
+R 140826100332Z 140827143341Z,superseded 17 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org
+R 140826100522Z 140827143345Z,superseded 18 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org
+R 140826100724Z 140827143349Z,superseded 19 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice at strongswan.org
+R 140826100818Z 140827143358Z,superseded 1A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob at strongswan.org
R 140826103106Z 090827103405Z,keyCompromise 1B unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
-V 140826103739Z 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave at strongswan.org
-V 140826104451Z 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
+R 140826103739Z 140827143427Z,superseded 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave at strongswan.org
+R 140826104451Z 140827143432Z,superseded 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
V 141123125153Z 1E unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
V 150226210530Z 1F unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa at strongswan.org
V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
@@ -38,3 +38,11 @@ V 161015124759Z 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol at strongs
V 161015125030Z 26 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave at strongswan.org
V 170314064200Z 27 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol at strongswan.org
R 190321135622Z 140322135700Z,CACompromise 28 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+V 190413204655Z 29 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol at strongswan.org
+V 190826144245Z 2A unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org
+V 190826144456Z 2B unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org
+V 190826145227Z 2C unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org
+V 190826145436Z 2D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice at strongswan.org
+V 190826145626Z 2E unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob at strongswan.org
+R 190826150222Z 140827150343Z,keyCompromise 2F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
+V 190826150536Z 30 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/2A.pem b/testing/hosts/winnetou/etc/openssl/newcerts/2A.pem
new file mode 100644
index 0000000..a8c3257
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/2A.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIBKjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE0MDgyNzE0NDI0NVoXDTE5MDgyNjE0NDI0NVowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
+dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMci
+IAR9SlszDJhGEtRq9eCFAYNdtL3bC7jcELs7ttqiB51iAUgdi9JZCzgWNAGHd8Iv
+RDV529DDiUxXxOWCdYKUmQp0t5vR6oE5pmHmd5lcUguEyVrtqFSr6LMUqOXwFb41
+VUNPPR7YyLMdgUf9Ki0PZWdnVLVEp/ZKIY1OaqZLTnyfV7k0I/XQX2uW6UDCaC1A
+QBljzEfrD2gUcG9+FLpb5qDsiGUyhhLB+nM1GNPnZvIlCppD+0t3xEI87+eg5N86
+yXBcu4o/O7rvVpP17GrhwKuYx0RHDBScBDo/WRNEOrn8/Q9jQUlry06+0ChVYY+R
+328lHABkaoH/rB65JSECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgOoMB0GA1UdDgQWBBTtzWNHzdEvtjAAtgVDBxNUTJ0xijBtBgNVHSMEZjBkgBRd
+p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
+EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
+ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
+Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAVne/5HKpkbv75eHk
+x44aMVWT0DB6SF6nXrOQSzF7OV1FyNj2vibA9gAaiVnBXP+r798MDtwD/0N33TQl
+QIR2rGJqkocsCTcUiQW6xLDO6AmJCBAaJbc5REjNT+HndjjMsQjn1NyY8hQbyow1
+ZOQ543zCY+Al7A3YcUtISLLH4EMIP3On1PFM2rWMUq1HoSo2kl7Awv+okvoqx6Sf
+7/S2mj3dYGv+5eAVogkBL3mRCXEpGHC+6e6VW5nGYSYIRPkBRD2F4imB4+KYUR74
+GRopoaetH/TFRbDqiSWBf2L3Po2tXEPifIvkgavUXIn+tdgMhQ9BpVN8yEgPXLM5
+WdafVg==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/2B.pem b/testing/hosts/winnetou/etc/openssl/newcerts/2B.pem
new file mode 100644
index 0000000..6f751a8
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/2B.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
+c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk
+fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68
+TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz
+oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7
+MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw
+Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0
+87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU
+XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
+ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
+AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
+BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi
+4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i
+LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2
+xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo
+buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a
+4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9
+ga8NOzX8
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/2D.pem b/testing/hosts/winnetou/etc/openssl/newcerts/2D.pem
new file mode 100644
index 0000000..fc19567
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/2D.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHzCCAwegAwIBAgIBLTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE0MDgyNzE0NTQzNloXDTE5MDgyNjE0NTQzNlowVzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
+MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALRsk/ip4ejQVynEGmvF9+qh2MIS2Ci3q1s+7VAx47i4
+vu2uPBxb064ahyFw4xG08nz4ewTLw7sgrxhz7Ymi8VHY39Y1wVkUFjwNF4+JbL2v
+B2prFnf1ewNmaa3hbyRJzu4Aja8oTW0RKY2o7cMi0ryTZo9Xon7q1cLdHZb4BW/a
+TYzKcLo7FsmjgvbqWKVTolrI0726XPLCe1u+cvBkAY1OlpjjO1pWiJ3JJ/cG1oRA
+8PxgNLupX36UBRtxw1Lrovip7uOKrShabQ+lzTSA4+F5gB8Q4VgK1zikNMWl7dIF
+qsP10QcVrnkRGAOE398fXZ1YoAoCmOqCvgsXW7y3k1cCAwEAAaOCAQYwggECMAkG
+A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBT7NcHfcw4VcO5WuhtuHPfz
+rkj82TBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0
+cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu
+Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
+L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBLXRISCSOxF4ln8+ub
+oaHTs1JvfCFKCQ3vORWjrntd8v8SQ92xGRBrT5oCataVTiPbQwphdScOl377YUQU
+EGDOSpbNRD0Au5Z1VryP/02B401TSbrpZ7DZyAnxSsR6Dz8lbCtW1GLCpEzFdxNS
+Vi5j30k8yeCAy1VIYCCPsqNQpziIFYuzrQ87x0P1U9W0xUE0GHWDa79LRkkTv8uJ
+wJ4RKMk8HHnac7ws9ybrhT8sv3oXAv8LRN4zFTq+YRWOm8hH/0BhGMKRi6SzvdK1
+i853cG4N7I2B60msO2n0lDkPAgH8EBE6IRpd2DdrXH6UyEwEAiJrdGWRMNJpD7OI
+XSh6
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/2E.pem b/testing/hosts/winnetou/etc/openssl/newcerts/2E.pem
new file mode 100644
index 0000000..d121908
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/2E.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHjCCAwagAwIBAgIBLjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE0MDgyNzE0NTYyNloXDTE5MDgyNjE0NTYyNlowWDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMRswGQYDVQQDFBJib2JAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC17WwJLZubKi5Z7jWgpDBXIMDtzIKtJlNwLAXomp/W
+EuWsC8p8z0yaFlMCSQwWCFjLJjD/DH8NczEPyZZF4c3rXoph59tAXxj80C2/iU7K
+l62ZDDRa00TVmMo04U47fJYzhLsclQVzbenoWB68kJ+z4WpKc2UtPGggNOnb/5xH
+Alvx19DmMsGWpCpbp+H667xtB4T6CIXoVSmAMEkg10C8BlP3PgZY2As0vfZHITZ+
+p4y3KFOF/X3O5BHb4Ey9nl+680zB1mHkssrq4fMEgsf5mXWNSlhvcpdt7qIHG1IM
+AC3FgZzV4thEk6Lb0lZkR+woW9No652l0TrrJAAwiuBJAgMBAAGjggEEMIIBADAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUHWrADkwud47tB9AmhN0r
+ZXWlitkwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
+dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHQYDVR0RBBYwFIESYm9iQHN0cm9uZ3N3YW4u
+b3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcv
+c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBABnuiN+hpSNTLN1FrLWX
+iWWDvMJVW//7ttgyNR5q9CCyuCbMYujhfLn+Qbzh0pTx6fJijmUqua0SbBlrtW/t
+O4SvyCbisZij4XZcdoQltas+MTQyNBYdRx8g+bwqUPH/xB/kvXLogsVuO5IXm/Ey
+DSLlb+K12IBGc5zLlv/PoM+6FxuMMerI4t+TQZF06O5yWZ2Yr+weqtI172BQLh0u
+901s/3DOqv2fGTqAfK/8i+8H3gXNoxeRKmEH4+v2mBQDrfQpUqNF08Zbg9SRfdR1
+rHyi5hw0ynCIKYIbwSYhHjZQH0pQGY3uru6h14qSjnvt/LUiU1sExAsShyR4Lsgc
+w24=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/2F.pem b/testing/hosts/winnetou/etc/openssl/newcerts/2F.pem
new file mode 100644
index 0000000..e9a75fa
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/2F.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBLzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE0MDgyNzE1MDIyMloXDTE5MDgyNjE1MDIyMlowWjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMJhEfwaamqe85Wwr+AWO8YJbxX717rTX0tVLEVG
+AB/Q1CAnQquMxo8Cf4Ufto/Odm+25Ihxy2Zedmjnoy8xe4s9vFUjEYPgo+wIT7t3
+I3nUhKJhJWEw7hdHwPHif1aAMK/Mrvkou/VFwzJwnCwA9VKe1/Mn4X1YNLak/cQD
+L2Ci34uxJzvjt/5DVDmh7Fd/9wsNHOafycsxEJEyDtDpbZSMklIArTcA61U0+oxZ
+MBZVZHMN9vJETR+BEBaZkEpFSn4vaYjtzpsLG+MicYiuspQ+v8dG50JzeTRpRRpP
+HF3ob20kd9VOz1nU/43CVpvxFk3d+UNNYF89iIBCNZAf6gMCAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQTfdv0x2BIOc0ZAvGE
+VrABn/Jk6zBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
+d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC6A+3G600itmdH
+4+zQ1FskGsCUj6mUXn+4blshl41zzhyRmplJT51Wch926E1LUxca9FKUu8XT1tAP
+Wo56RO92eX7M3OgeQz7NqtYxgNauqKfd+IFg+y1vC4etj25dfC56+ETfCrxOZzuZ
+vFD0mhn1hzXw3CNjSIH3HtWHOJjat+jZKsSayiYg3jO+L7i+cz6arbMhQwwGzskb
+wTJejXul+G1/lFhPwMFyep2ilKwRiLJpE3L17hYVwXNEerFcpq6q0OEylmCxXswd
+uO4NPb7dDiKw1pbdIQfZh2HqUXr3Vb4FcCWpAHhSCnNtwQQGKMg0CZtiPvwaaeXI
+oXwOnQXX
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/30.pem b/testing/hosts/winnetou/etc/openssl/newcerts/30.pem
new file mode 100644
index 0000000..b089324
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/30.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE0MDgyNzE1MDUzNloXDTE5MDgyNjE1MDUzNlowWjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALfz1DcXyt/sOALi1IZ/RcuPa5m+4fiSST2wVWWr
+lw3hUjeiwLfgoLrtKaGX4i+At82Zol2mdbEXFpO+9qxXliP2u0fexqP4mBuZus3E
+LA82EOL0lQ2ahAi8O3qafkDMBSgvoeJpEwNe00Ugh53g7hT7dw8tSgcPGqQkWutI
+IKT9T6e/HbHNjRtYlw9ZlHsp8gSYjg/Q6vV6ofttueMUD9NRv8w2Y76rnRRmUGf3
+GlNFFmgxZntCJRuYltnxV7VcCFoppyauYt/fPmjAxbPRuhHKacnzIzq83Ixf5fSj
+MTlluGCfWFX/NGENXamBqChkRLHmuCHNexxRp9s2F1S10hECAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRcWXBiVy0qJJxclFab
+iV7lxQW2vTBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
+d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBVqTw0DRABEwcw
+kMsDkX1yIX4lODAadvSq/PP/M3e6VoZOXBphKQvqgAgaCpk+vAXoHNPImg+vRVeY
+bIeS0E2lMo5nKQu7MCs8RpL97PMHL7NlzRBiS+CCKRaCHglJgCZtfwc1sapnrche
+MoZat+GyjnyKVNTJh/QtGm5QL9DRKa125B9gS9FtdT0BkhxIsZ4TsEOeTqv5dHix
+bc7x+MwETL6AxNraPqfIbt78cnsIB3PpIxYYTlDVY2Fwr2G0Ri9inEM/GZFAsJSU
+iSyoTqQsyZhzzOmE/mK40JtBv+lg+pPOa4tC8w892KEKsnRX9dxX+U6vr3QtoIjN
+wg8qvcUu
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/31.pem b/testing/hosts/winnetou/etc/openssl/newcerts/31.pem
new file mode 100644
index 0000000..66b184b
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/31.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBMTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE0MDgyNzE1MTIwMloXDTE5MDgyNjE1MTIwMlowWzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzARBgNVBAsTCkFjY291
+bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDWPNxNxYTNX7XiBa3R0kITDxlil9YIPiVPPSCt
+e+F/5P2AwfH2/HdKJm8Cr4IFO5OSmwHJ2lQRtAL0Zm/qpF3UWYhAJSTqkdmK35Qf
+jjDe25z5g0HpCNPU8wybfWtQtfXiMZlCdodg3gwBJ8a6adcLCp1gXePDHmIY5ABK
+0YcfAPGZQW5HchkCQ/svBradIlkuK8/GohkNL2Evj/Q1ZDCW2xoZdmqsFWPhd9+f
+/y1RtuOPss1039aPGi8D5dfjx3IGrzfjO+umN26iOWB4IdghCUwmgX+M6KEwUkOk
+69XEOQf/1edfSdcf7of/9gqREF2xWBYlN5C5k0z8/aXJnlZDAgMBAAGjggEFMIIB
+ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7BZjmSiBXgHMAifA
+ucsf6reYcDcwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
+ExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
+d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBCoL5/jrxie0rq
+rCwKUA9TBDBBKBMZ9x5wdAQjP9L8b20Q4SDp1vAjhFr+Axgow76pqHaLDrd7qFKE
+sBtlN0G5ZXOaVI0xloaef1K113mkSvYqbvUZNi/aTb3btI4nrCftj58EAM8TlvYW
+jMOiLYPAhN/tfOTTaUzoYuRZ9v63fHYu3UiMvNojA0uxOeryRRdbcQecu4k2EBCj
+mkNu+EkNoLNvGOC4sEjq7Gy4n52xeTuO/rI7eIt7CUS39j9OtiKQJfLVIh0Yz+o5
+ljiF0OyoxkpYG/cpoVib1RZdqL1DsHEWcQxYB+8SSG/teLxiNIZxvPHUezvi09He
+ksxdvA73
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial
index 8676c24..f5c8955 100644
--- a/testing/hosts/winnetou/etc/openssl/serial
+++ b/testing/hosts/winnetou/etc/openssl/serial
@@ -1 +1 @@
-2A
+32
diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old
index f04c001..e85087a 100644
--- a/testing/hosts/winnetou/etc/openssl/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/serial.old
@@ -1 +1 @@
-29
+31
diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage
index 956fc93..075fd8e 100755
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@@ -7,11 +7,13 @@ DIR=$(dirname `readlink -f $0`)
. $DIR/function.sh
[ `id -u` -eq 0 ] || die "You must be root to run $0"
+running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
check_commands debootstrap mkfs.ext3 partprobe qemu-img qemu-nbd sfdisk
# package includes/excludes
-INC=build-essential,gperf,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool
+INC=automake,autoconf,libtool,bison,flex,gperf,pkg-config,gettext
+INC=$INC,build-essential,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool
INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc
INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev
INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core
diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages
index 245fc25..3e107c0 100755
--- a/testing/scripts/build-guestimages
+++ b/testing/scripts/build-guestimages
@@ -25,6 +25,7 @@ HOSTSDIR=$DIR/../hosts
[ `id -u` -eq 0 ] || die "You must be root to run $0"
[ -f $ROOTIMG ] || die "Root image $ROOTIMG not found"
[ -f $HOSTDIR ] || die "Hosts directory $HOSTSDIR not found"
+running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
check_commands partprobe qemu-img qemu-nbd
diff --git a/testing/scripts/build-rootimage b/testing/scripts/build-rootimage
index 8e10ce5..a84104a 100755
--- a/testing/scripts/build-rootimage
+++ b/testing/scripts/build-rootimage
@@ -22,6 +22,7 @@ DIR=$(dirname `readlink -f $0`)
[ `id -u` -eq 0 ] || die "You must be root to run $0"
[ -f "$BASEIMG" ] || die "Base image $BASEIMG not found"
+running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
check_commands partprobe qemu-img qemu-nbd
diff --git a/testing/scripts/build-strongswan b/testing/scripts/build-strongswan
new file mode 100755
index 0000000..c52dddd
--- /dev/null
+++ b/testing/scripts/build-strongswan
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+echo "Preparing root image"
+
+DIR=$(dirname `readlink -f $0`)
+. $DIR/../testing.conf
+. $DIR/function.sh
+
+SWANDIR=${1:+$(readlink -f $1)}
+: ${SWANDIR:=$(readlink -f $DIR/../..)}
+
+[ `id -u` -eq 0 ] || die "You must be root to run $0"
+[ -f "$BASEIMG" ] || die "Base image $BASEIMG not found"
+[ -f "$ROOTIMG" ] || die "Root image $ROOTIMG not found"
+running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
+
+[ -f $SWANDIR/src/libstrongswan/asn1/oid.txt ] || die "strongSwan not found in $SWANDIR"
+
+SRCUID=${SUDO_UID:-$(id -u)}
+SRCGID=${SUDO_GID:-$(id -g)}
+
+check_commands partprobe qemu-img qemu-nbd bindfs
+
+load_qemu_nbd
+
+mkdir -p $LOOPDIR
+mkdir -p $IMGDIR
+
+log_action "Connecting root image to NBD device $NBDEV"
+execute "qemu-nbd -c $NBDEV $ROOTIMG"
+do_on_exit qemu-nbd -d $NBDEV
+partprobe $NBDEV
+
+log_action "Mounting $NBDPARTITION to $LOOPDIR"
+execute "mount $NBDPARTITION $LOOPDIR"
+do_on_exit umount $LOOPDIR
+
+log_action "Mounting proc filesystem to $LOOPDIR/proc"
+execute "mount -t proc none $LOOPDIR/proc"
+do_on_exit umount $LOOPDIR/proc
+
+mkdir -p $LOOPDIR/root/shared
+log_action "Mounting $SHAREDDIR as /root/shared"
+execute "mount -o bind $SHAREDDIR $LOOPDIR/root/shared"
+do_on_exit umount $LOOPDIR/root/shared
+
+mkdir -p $LOOPDIR/root/strongswan
+log_action "Mounting $SWANDIR as /root/strongswan"
+execute "bindfs -u $SRCUID -g $SRCGID $SWANDIR $LOOPDIR/root/strongswan"
+do_on_exit umount $LOOPDIR/root/strongswan
+
+echo "Building and installing strongSwan"
+log_action "Preparing source tree"
+execute_chroot 'autoreconf -i /root/strongswan'
+
+RECPDIR=$DIR/recipes
+RECIPE=`ls $RECPDIR/*strongswan.mk | xargs -n1 basename`
+mkdir -p $SHAREDDIR/build-strongswan
+cp $RECPDIR/$RECIPE $SHAREDDIR/build-strongswan
+log_action "Installing from recipe $RECIPE"
+execute_chroot "make SRCDIR=/root/strongswan BUILDDIR=/root/shared/build-strongswan -f /root/shared/build-strongswan/$RECIPE"
+
+# cleanup before mounting guest images
+on_exit
+
+$DIR/build-guestimages
diff --git a/testing/scripts/function.sh b/testing/scripts/function.sh
index c476967..2dd465c 100755
--- a/testing/scripts/function.sh
+++ b/testing/scripts/function.sh
@@ -156,6 +156,18 @@ check_commands()
done
}
+# check if any of the given virtual guests are running
+# $* - names of guests to check
+running_any()
+{
+ command -v virsh >/dev/null || return 1
+ for host in $*
+ do
+ virsh list --name | grep "^$host$" >/dev/null && return 0
+ done
+ return 1
+}
+
#############################################
# search and replace strings throughout a
# whole directory
diff --git a/testing/scripts/recipes/005_anet.mk b/testing/scripts/recipes/005_anet.mk
index 2a3023c..2d982d0 100644
--- a/testing/scripts/recipes/005_anet.mk
+++ b/testing/scripts/recipes/005_anet.mk
@@ -8,14 +8,16 @@ PREFIX = /usr/local/ada
all: install
-.$(PKG)-cloned:
+$(PKG):
git clone $(SRC) $(PKG)
- cd $(PKG) && git checkout $(REV)
+
+.$(PKG)-cloned-$(REV): $(PKG)
+ cd $(PKG) && git fetch && git checkout $(REV)
@touch $@
-.$(PKG)-built: .$(PKG)-cloned
+.$(PKG)-built-$(REV): .$(PKG)-cloned-$(REV)
cd $(PKG) && make LIBRARY_KIND=static
@touch $@
-install: .$(PKG)-built
+install: .$(PKG)-built-$(REV)
cd $(PKG) && make PREFIX=$(PREFIX) LIBRARY_KIND=static install
diff --git a/testing/scripts/recipes/006_tkm-rpc.mk b/testing/scripts/recipes/006_tkm-rpc.mk
index 9e1d2cf..6c4aae0 100644
--- a/testing/scripts/recipes/006_tkm-rpc.mk
+++ b/testing/scripts/recipes/006_tkm-rpc.mk
@@ -10,14 +10,16 @@ export ADA_PROJECT_PATH=$(PREFIX)/lib/gnat
all: install
-.$(PKG)-cloned:
+$(PKG):
git clone $(SRC) $(PKG)
- cd $(PKG) && git checkout $(REV)
+
+.$(PKG)-cloned-$(REV): $(PKG)
+ cd $(PKG) && git fetch && git checkout $(REV)
@touch $@
-.$(PKG)-built: .$(PKG)-cloned
+.$(PKG)-built-$(REV): .$(PKG)-cloned-$(REV)
cd $(PKG) && make
@touch $@
-install: .$(PKG)-built
+install: .$(PKG)-built-$(REV)
cd $(PKG) && make PREFIX=$(PREFIX) install
diff --git a/testing/scripts/recipes/007_x509-ada.mk b/testing/scripts/recipes/007_x509-ada.mk
index 121a144..7899f6d 100644
--- a/testing/scripts/recipes/007_x509-ada.mk
+++ b/testing/scripts/recipes/007_x509-ada.mk
@@ -2,20 +2,22 @@
PKG = x509-ada
SRC = http://git.codelabs.ch/git/$(PKG).git
-REV = v0.1
+REV = v0.1.1
PREFIX = /usr/local/ada
all: install
-.$(PKG)-cloned:
+$(PKG):
git clone $(SRC) $(PKG)
- cd $(PKG) && git checkout $(REV)
+
+.$(PKG)-cloned-$(REV): $(PKG)
+ cd $(PKG) && git fetch && git checkout $(REV)
@touch $@
-.$(PKG)-built: .$(PKG)-cloned
+.$(PKG)-built-$(REV): .$(PKG)-cloned-$(REV)
cd $(PKG) && make tests && make
@touch $@
-install: .$(PKG)-built
+install: .$(PKG)-built-$(REV)
cd $(PKG) && make PREFIX=$(PREFIX) install
diff --git a/testing/scripts/recipes/008_xfrm-ada.mk b/testing/scripts/recipes/008_xfrm-ada.mk
index 6ad4513..ad1cbb2 100644
--- a/testing/scripts/recipes/008_xfrm-ada.mk
+++ b/testing/scripts/recipes/008_xfrm-ada.mk
@@ -10,14 +10,16 @@ export ADA_PROJECT_PATH=$(PREFIX)/lib/gnat
all: install
-.$(PKG)-cloned:
+$(PKG):
git clone $(SRC) $(PKG)
- cd $(PKG) && git checkout $(REV)
+
+.$(PKG)-cloned-$(REV): $(PKG)
+ cd $(PKG) && git fetch && git checkout $(REV)
@touch $@
-.$(PKG)-built: .$(PKG)-cloned
+.$(PKG)-built-$(REV): .$(PKG)-cloned-$(REV)
cd $(PKG) && make
@touch $@
-install: .$(PKG)-built
+install: .$(PKG)-built-$(REV)
cd $(PKG) && make PREFIX=$(PREFIX) install
diff --git a/testing/scripts/recipes/009_xfrm-proxy.mk b/testing/scripts/recipes/009_xfrm-proxy.mk
index 569fbfe..a7c9d31 100644
--- a/testing/scripts/recipes/009_xfrm-proxy.mk
+++ b/testing/scripts/recipes/009_xfrm-proxy.mk
@@ -8,14 +8,16 @@ export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
all: install
-.$(PKG)-cloned:
+$(PKG):
git clone $(SRC) $(PKG)
- cd $(PKG) && git checkout $(REV)
+
+.$(PKG)-cloned-$(REV): $(PKG)
+ cd $(PKG) && git fetch && git checkout $(REV)
@touch $@
-.$(PKG)-built: .$(PKG)-cloned
+.$(PKG)-built-$(REV): .$(PKG)-cloned-$(REV)
cd $(PKG) && make
@touch $@
-install: .$(PKG)-built
+install: .$(PKG)-built-$(REV)
cd $(PKG) && make install
diff --git a/testing/scripts/recipes/010_tkm.mk b/testing/scripts/recipes/010_tkm.mk
index 960eba7..12eafd6 100644
--- a/testing/scripts/recipes/010_tkm.mk
+++ b/testing/scripts/recipes/010_tkm.mk
@@ -8,14 +8,16 @@ export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
all: install
-.$(PKG)-cloned:
+$(PKG):
git clone $(SRC) $(PKG)
- cd $(PKG) && git checkout $(REV)
+
+.$(PKG)-cloned-$(REV): $(PKG)
+ cd $(PKG) && git fetch && git checkout $(REV)
@touch $@
-.$(PKG)-built: .$(PKG)-cloned
+.$(PKG)-built-$(REV): .$(PKG)-cloned-$(REV)
cd $(PKG) && make
@touch $@
-install: .$(PKG)-built
+install: .$(PKG)-built-$(REV)
cd $(PKG) && make install
diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk
index c414208..2b7bde5 100644
--- a/testing/scripts/recipes/013_strongswan.mk
+++ b/testing/scripts/recipes/013_strongswan.mk
@@ -5,6 +5,15 @@ PKG = strongswan-$(PV)
TAR = $(PKG).tar.bz2
SRC = http://download.strongswan.org/$(TAR)
+# can be passed to load sources from a directory instead of a tarball
+ifneq ($(origin SRCDIR), undefined)
+DIR = $(SRCDIR)
+BUILDDIR ?= $(SRCDIR)
+endif
+DIR ?= .
+# can be passed if not building in the source directory
+BUILDDIR ?= $(PKG)
+
NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
CONFIG_OPTS = \
@@ -82,7 +91,8 @@ CONFIG_OPTS = \
--enable-kernel-libipsec \
--enable-tkm \
--enable-ntru \
- --enable-lookip
+ --enable-lookip \
+ --enable-swanctl
export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
@@ -94,11 +104,11 @@ $(TAR):
$(PKG): $(TAR)
tar xfj $(TAR)
-configure: $(PKG)
- cd $(PKG) && ./configure $(CONFIG_OPTS)
+configure: $(BUILDDIR)
+ cd $(BUILDDIR) && $(DIR)/configure $(CONFIG_OPTS)
build: configure
- cd $(PKG) && make -j $(NUM_CPUS)
+ cd $(BUILDDIR) && make -j $(NUM_CPUS)
install: build
- cd $(PKG) && make install
+ cd $(BUILDDIR) && make -j install
diff --git a/testing/start-testing b/testing/start-testing
index 45cf4c9..83291de 100755
--- a/testing/start-testing
+++ b/testing/start-testing
@@ -17,6 +17,7 @@ echo "Starting test environment"
check_commands kvm virsh
+[ -f $KNLSRC ] || die "Kernel $KNLSRC not found"
log_action "Deploying kernel $KERNEL"
execute "ln -fs $KNLSRC $KNLTARGET"
diff --git a/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
index 037d434..f7b335e 100644
--- a/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index 037d434..f7b335e 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
index 2f527cf..b171760 100644
--- a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default ha
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha
plugins {
ha {
local = PH_IP_ALICE
diff --git a/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf
index dcafe67..e58af9e 100644
--- a/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf
index 825cfdc..ecbad66 100644
--- a/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
index 2693cf1..30ae28e 100644
--- a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default ha
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha
plugins {
ha {
local = PH_IP_MOON1
diff --git a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
index 0fe8bd9..0776fb1 100644
--- a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
index 0fe8bd9..0776fb1 100644
--- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
index 0fe8bd9..0776fb1 100644
--- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
index 5ea53fd..9b248e8 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
index ce2265a..9b248e8 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
index 5ea53fd..9b248e8 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf
index 0e4e577..5d1c35c 100644
--- a/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf
index 0e4e577..5d1c35c 100644
--- a/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf
index 002166a..de6bda2 100644
--- a/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
diff --git a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
index 0e4e577..5d1c35c 100644
--- a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
index 0e4e577..5d1c35c 100644
--- a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
index 002166a..de6bda2 100644
--- a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
diff --git a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
index 6c41df9..b089324 100644
--- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MDUzNloXDTE5MDgyNjE1MDUzNlowWjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
-6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
-Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
-Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
-I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
-x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
-tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+AQEBBQADggEPADCCAQoCggEBALfz1DcXyt/sOALi1IZ/RcuPa5m+4fiSST2wVWWr
+lw3hUjeiwLfgoLrtKaGX4i+At82Zol2mdbEXFpO+9qxXliP2u0fexqP4mBuZus3E
+LA82EOL0lQ2ahAi8O3qafkDMBSgvoeJpEwNe00Ugh53g7hT7dw8tSgcPGqQkWutI
+IKT9T6e/HbHNjRtYlw9ZlHsp8gSYjg/Q6vV6ofttueMUD9NRv8w2Y76rnRRmUGf3
+GlNFFmgxZntCJRuYltnxV7VcCFoppyauYt/fPmjAxbPRuhHKacnzIzq83Ixf5fSj
+MTlluGCfWFX/NGENXamBqChkRLHmuCHNexxRp9s2F1S10hECAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRcWXBiVy0qJJxclFab
+iV7lxQW2vTBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
-GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
-ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
-F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
-L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
-ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
-Rf5Z0GOR
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBVqTw0DRABEwcw
+kMsDkX1yIX4lODAadvSq/PP/M3e6VoZOXBphKQvqgAgaCpk+vAXoHNPImg+vRVeY
+bIeS0E2lMo5nKQu7MCs8RpL97PMHL7NlzRBiS+CCKRaCHglJgCZtfwc1sapnrche
+MoZat+GyjnyKVNTJh/QtGm5QL9DRKa125B9gS9FtdT0BkhxIsZ4TsEOeTqv5dHix
+bc7x+MwETL6AxNraPqfIbt78cnsIB3PpIxYYTlDVY2Fwr2G0Ri9inEM/GZFAsJSU
+iSyoTqQsyZhzzOmE/mK40JtBv+lg+pPOa4tC8w892KEKsnRX9dxX+U6vr3QtoIjN
+wg8qvcUu
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
index 41a1399..1454ec5 100644
--- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
@@ -1,30 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq
-i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH
-jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx
-m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce
-pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq
-J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf
-dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB
-h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC
-/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY
-EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV
-pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe
-sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz
-kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk
-gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja
-OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53
-D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM
-bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo
-BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx
-7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB
-UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs
-H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB
-y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA
-zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty
-AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6
-nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem
index 6c41df9..b089324 100644
--- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MDUzNloXDTE5MDgyNjE1MDUzNlowWjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
-6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
-Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
-Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
-I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
-x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
-tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+AQEBBQADggEPADCCAQoCggEBALfz1DcXyt/sOALi1IZ/RcuPa5m+4fiSST2wVWWr
+lw3hUjeiwLfgoLrtKaGX4i+At82Zol2mdbEXFpO+9qxXliP2u0fexqP4mBuZus3E
+LA82EOL0lQ2ahAi8O3qafkDMBSgvoeJpEwNe00Ugh53g7hT7dw8tSgcPGqQkWutI
+IKT9T6e/HbHNjRtYlw9ZlHsp8gSYjg/Q6vV6ofttueMUD9NRv8w2Y76rnRRmUGf3
+GlNFFmgxZntCJRuYltnxV7VcCFoppyauYt/fPmjAxbPRuhHKacnzIzq83Ixf5fSj
+MTlluGCfWFX/NGENXamBqChkRLHmuCHNexxRp9s2F1S10hECAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRcWXBiVy0qJJxclFab
+iV7lxQW2vTBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
-GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
-ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
-F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
-L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
-ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
-Rf5Z0GOR
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBVqTw0DRABEwcw
+kMsDkX1yIX4lODAadvSq/PP/M3e6VoZOXBphKQvqgAgaCpk+vAXoHNPImg+vRVeY
+bIeS0E2lMo5nKQu7MCs8RpL97PMHL7NlzRBiS+CCKRaCHglJgCZtfwc1sapnrche
+MoZat+GyjnyKVNTJh/QtGm5QL9DRKa125B9gS9FtdT0BkhxIsZ4TsEOeTqv5dHix
+bc7x+MwETL6AxNraPqfIbt78cnsIB3PpIxYYTlDVY2Fwr2G0Ri9inEM/GZFAsJSU
+iSyoTqQsyZhzzOmE/mK40JtBv+lg+pPOa4tC8w892KEKsnRX9dxX+U6vr3QtoIjN
+wg8qvcUu
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem
index 41a1399..1454ec5 100644
--- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem
@@ -1,30 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq
-i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH
-jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx
-m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce
-pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq
-J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf
-dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB
-h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC
-/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY
-EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV
-pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe
-sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz
-kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk
-gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja
-OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53
-D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM
-bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo
-BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx
-7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB
-UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs
-H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB
-y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA
-zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty
-AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6
-nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
index d70d7b9..f295f15 100644
--- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
index d70d7b9..f295f15 100644
--- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
index e607bba..cae7e00 100644
--- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
index e607bba..cae7e00 100644
--- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
index e063e44..e396bb1 100644
--- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
index e063e44..e396bb1 100644
--- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
index 04ffaf6..a4542db 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
libhydra {
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
index dabff38..0387fdf 100644
--- a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
keep_alive = 5
}
diff --git a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
index ca23c69..2127105 100644
--- a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
index dabff38..0387fdf 100644
--- a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
keep_alive = 5
}
diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
index 8767874..842eda0 100644
--- a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
+++ b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
@@ -1,7 +1,7 @@
moon::cat /var/log/daemon.log::received FRAGMENTATION vendor ID::YES
sun::cat /var/log/daemon.log::received FRAGMENTATION vendor ID::YES
-moon::cat /var/log/daemon.log::sending IKE message with length of 1468 bytes in 2 fragments::YES
-sun::cat /var/log/daemon.log::sending IKE message with length of 1388 bytes in 2 fragments::YES
+moon::cat /var/log/daemon.log::splitting IKE message with length of 1468 bytes into 2 fragments::YES
+sun::cat /var/log/daemon.log::splitting IKE message with length of 1388 bytes into 2 fragments::YES
moon::cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES
moon::cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES
sun::cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES
diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf
index 8cc4192..e663014 100644
--- a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
dh_exponent_ansi_x9_42 = no
diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf
index 8cc4192..e663014 100644
--- a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
dh_exponent_ansi_x9_42 = no
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
index 4de997a..978b276 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
index f0432ad..c52a325 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
}
diff --git a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
index eb8b140..33c50d1 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
index eb8b140..33c50d1 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
index eb8b140..33c50d1 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf
index 38bfed0..c43d34a 100644
--- a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf
@@ -1,8 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default unity
-
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default unity
+
cisco_unity = yes
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf
index dbf1bee..cb696bd 100644
--- a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default attr unity
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default attr unity
cisco_unity = yes
dh_exponent_ansi_x9_42 = no
diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
index 0792a3f..86827b2 100644
--- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
integrity_test = yes
diff --git a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
index 0792a3f..86827b2 100644
--- a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
integrity_test = yes
diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
index 0792a3f..86827b2 100644
--- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
integrity_test = yes
diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf
index dc900c4..73b0885 100644
--- a/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
initiator_only = yes
}
diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf
index 9251921..2b80853 100644
--- a/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
retransmit_timeout = 2
retransmit_base = 1.5
diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf
index 7f31b17..094e0ef 100644
--- a/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf
index ba37a47..09b9264 100644
--- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-md5 xauth-eap updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-md5 xauth-eap updown
dh_exponent_ansi_x9_42 = no
diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf
index 7114a3f..a6e1ba4 100644
--- a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius updown
dh_exponent_ansi_x9_42 = no
diff --git a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
index 406c157..e34a862 100644
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
@@ -1,18 +1,18 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIC+DCCAeACAQEwgbCgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHaFe
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMKFe
pFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZ6BG
MESkQjBAMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEW
-MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIWCKrRUelL+kw
-IhgPMjAxNDAyMDcwODU4MTJaGA8yMDIyMDQyNjA4NTgxMlowIjAgBggrBgEFBQcK
+MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIOfmFTwtXXD0w
+IhgPMjAxNDEwMDMwOTU5MjBaGA8yMDI0MDkzMDA5NTkyMFowIjAgBggrBgEFBQcK
BDEUMBIwEAwFc2FsZXMMB2ZpbmFuY2UwfzByBgNVHSMEazBpCwHqxzoCXPi2xMHh
2q7CV/ZSsLChSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJv
bmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCCBVOfhWvHBdhMAkG
-A1UdOAQCBQAwDQYJKoZIhvcNAQEFBQADggEBADNSv52dbBOp30L0kJse9HqWMBaR
-SA5IDrF1FMLVZfI0Vb9XgEmk1SXAnMmPm7bfk+2w0Rd1jL7D905nel3LXuvohSR9
-wd4Vo8XX3WUlzNfjUEFFJb0nU2ybr7SmxF+K4wGnhvBAym2y/hNA0glp2hNjYTds
-g+RUpM4bSqP5DpUfRBl19VHeEu/OymoACOzuHuNc1IndYM1mkSJYumX6YW60DpF/
-TaK1So3FyEWucHeoFCziNbclrjWwB8OS3JfCOl95rxu+0JhyWc+3x1E50W8DaAnY
-ZRyYxDjYT9/E9xyzV45yo0xFODIgDgfKMsDjfUmfny3dTesdFUf3Ar3vTfA=
+A1UdOAQCBQAwDQYJKoZIhvcNAQEFBQADggEBAB4yDhtbNt9fqE/RBDQCgK7iPifx
+cA4r/xkMgF1pd1CnWEMf3xdNWJ8veICYurnFuP02KzyUB7aqkIdf6T9wBesQIfBV
+QiBmUSP2Du3+d+rhA2vJPAtbJ7dUQy/1CAIqGaLpnfN4q9GevFG4aTeD6bxZhKgU
+73o6899XVCcuc5Hs1Q1Cj6v7+WRXazSTLXnR1D9Q6NqmbY0sigOLnqj4fDUWmUB7
+mtxQ8MJ/YwS3x/0agqnBdsX+AxGh4pVgLtQA0swh10enqjnEpQYh/2MN/vdiZany
+bne4Wow6AP5Re6+VNTsIea3vxShfEjzLcU4hbrJATZgY8pfhQ6zBW9EeuCg=
-----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
index 2f646c3..b31fcab 100644
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
@@ -1,18 +1,18 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIC9DCCAdwCAQEwgbGgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHKFf
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMaFf
pF0wWzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzAR
BgNVBAsTCkFjY291bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmeg
RjBEpEIwQDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
-FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCCPxWgWKmOUM
-MCIYDzIwMTQwMjA3MDg1OTM3WhgPMjAyMjA0MjYwODU5MzdaMB0wGwYIKwYBBQUH
+FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCDDfVDwIujJW
+MCIYDzIwMTQxMDAzMTAwMTU3WhgPMjAyNDA5MzAxMDAxNTdaMB0wGwYIKwYBBQUH
CgQxDzANMAsMCW1hcmtldGluZzB/MHIGA1UdIwRrMGkLAerHOgJc+LbEweHarsJX
9lKwsKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIIFU5+Fa8cF2EwCQYDVR04
-BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAThlKhGVv34sfnCSQn6nYUdxMhboTuC98
-+DgvTQ/tH0hddCJNg00SpO8AbStwEsqHFaSqFzAGHcMk+XUrBRSGszAwg8nKAKfT
-MCvJbK6lWQcPF0WPSSk9/r1TLan4I9xhneNIIGQf1fnNo7NrQnmhJjolUgXQNwFA
-qZgKBsk0jWcOSvI0bpK90km5flCHn/OA1rDCdaPuMwreDhvNDoApORYFPZVsLhid
-CXSqT+FWfm2NfegS+Q4VHP3YLbY4vLepCerU9aMTUIPit0kf1N8piG/l6AUno1XP
-VrcTvruQUWQb08H9aYt7l7kyhzOKkuXjVbdn5egZnK0m4WKmV50guA==
+BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAgA8NaLekpYA1Sr/8MxUeAhTJd5fxeIME
+uGiMpWUEginzkC3YOgzB5hLHTRvcIwtbkVn4HMyVZ2t3ccG30PSjBTOaUeKoZsL0
+psucfiCxIfk4H3yxncqEFOCxqvRgqHARCAeolqP8tsrpJp80fRIlgXJKJfhCSDJP
+Qe+bBI/3ZorBFtQl+Mtc0bxf1SIfXNC2yPHyFIDAvroNE9KxHYXfR/7s6HuoPJl6
+pk0In/jO5YkiiaFdVBSbhAqyWkhPBoryWVHOUgl6fC/7U5SjYdf+85XHFjYzTm2k
+iChkqmrdkJJNjqYQgcY9Qah/KW9Nl5upMF/xuKI2cA68XXJeEpe1xQ==
-----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
index d420384..77f5305 100644
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
@@ -1,18 +1,18 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIC8DCCAdgCAQEwgbGgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHKFf
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMaFf
pF0wWzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzAR
BgNVBAsTCkFjY291bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmeg
RjBEpEIwQDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
-FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCEuGbFvrRrtr
-MCIYDzIwMTQwMjA3MDgwMTE3WhgPMjAxNDAyMDcwOTAxMTdaMBkwFwYIKwYBBQUH
+FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCDKmYal/LdaN
+MCIYDzIwMTMwMTAxMDYwMDAwWhgPMjAxMzAxMTEwNjAwMDBaMBkwFwYIKwYBBQUH
CgQxCzAJMAcMBXNhbGVzMH8wcgYDVR0jBGswaQsB6sc6Alz4tsTB4dquwlf2UrCw
oUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEb
MBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBgggVTn4VrxwXYTAJBgNVHTgEAgUA
-MA0GCSqGSIb3DQEBBQUAA4IBAQBYnOq716FJ079kXAt8vmi2GpEyyCqSBqqjr0lR
-X9mGQqWKmpj88ZP61tCooCy8HaJsgKBvedKJHJ4e/YxR+fqBDkT4apFu4wX8P/xh
-yKy6/RMAdTtkwVTE6flXdQryCQ/PGhSMuwwH/URFg65mixAatyyaoat4+mZ506u3
-F9ZZXkHPP4nZXAJqYjLLcNXPqC4lGoXXT+9dgsm6RLAdnBXT1GGff9tmqt9CcspW
-XPjoqy9AxNr6FnItvMGw0CC6MPyVOJImlSxdhFW7waZkpNfmGzRdylXMwHXk8PbW
-gjmlDUbyWquu8xBlpron3X/Jx3YNGVNrhgfZLlmhzCRouMqc
+MA0GCSqGSIb3DQEBBQUAA4IBAQDFbTwtd9XoCNfoweLRyUEkLvygczUcqxwiV0sE
+SUqo6ZIEY/jdtvvvWhvdO1kZo7oZpLXNgElrGoPdsQ6IhgTSpNdyE4JdFd60KwQk
+l8MWaJHyZm7HzFHqu2v2uPYOSpZaHBJFryU9ULkOvlzJILX/J6KtM7/2p+jetIFC
+s6yFBhtBYnih8U3Xyv+g1Q9g3EkosNvjUoz/qiWUsNkvLY7apanAyUxQ54YPXmB1
+OCgomdNLY94OIQDM9VBjSlrnCPMDI/uYZ6jbMczvKI/OypZtqiO0vwQkuXBi2UZy
+WBDOk42oHOvlpjcnL3zkd5spyuxs9f8ABy875660zs+CI3Cv
-----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
index cd836a2..bae8628 100644
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation acert hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/acert-cached/reissue.txt b/testing/tests/ikev2/acert-cached/reissue.txt
new file mode 100644
index 0000000..6ab98f1
--- /dev/null
+++ b/testing/tests/ikev2/acert-cached/reissue.txt
@@ -0,0 +1,23 @@
+# Carols acert for sales and finance
+pki --acert \
+ --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+ --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+ --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+ --group sales --group finance -l 87600 -f pem \
+ > hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
+
+# Daves acert for marketing
+pki --acert \
+ --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+ --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+ --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+ --group marketing -l 87600 -f pem \
+ > hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves expired acert for sales
+pki --acert \
+ --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+ --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+ --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+ --group sales -F "01.01.13 08:00:00" -l 240 -f pem \
+ > hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
diff --git a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
index 3be000a..18fd32c 100644
--- a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
+++ b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
@@ -1,18 +1,18 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIC8TCCAdkCAQEwgbCgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHaFe
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMKFe
pFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZ6BG
MESkQjBAMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEW
-MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIISLuuiWM2O9Yw
-IhgPMjAxNDAyMDcwODQyMDVaGA8yMDE0MDIwNzA5NDIwNVowGzAZBggrBgEFBQcK
+MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIZ7+OxMinSysw
+IhgPMjAxMzAxMDEwNjAwMDBaGA8yMDEzMDExMTA2MDAwMFowGzAZBggrBgEFBQcK
BDENMAswCQwHZmluYW5jZTB/MHIGA1UdIwRrMGkLAerHOgJc+LbEweHarsJX9lKw
sKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
GzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIIFU5+Fa8cF2EwCQYDVR04BAIF
-ADANBgkqhkiG9w0BAQUFAAOCAQEAaDwqM5BY9pXhlSlT3cpCJYsNCfk6T1nG5s5J
-Dtgwojw0BVSoxKqcbpWdP09HOpBcwbPVk++I19wd5VsdHxtQ4/o2Hoevg4QWxUUx
-t3qsdMDjg7U2iH+JppYsEDmXmx9k1hvV1OiEzHJKTDlZqXkhiItLatKSptTG3c0A
-DdJVS05sdepzhkRGimE/QwO7nJ3v5ixFNIetgfbojbjhJPpNfXPIgMMHerK/hAlo
-ekSwcmh9ufFuEXg8C0NunQqf6Z6FbxiUXUF9j7dvlEp3n5YFsv3WSMUjE3Sb7r8T
-3e2A/LXb05ky0/SNebgS4fU9oi8acEgwN2Vqwu82hClwYAcHJg==
+ADANBgkqhkiG9w0BAQUFAAOCAQEAPmh8cxDsI22AZBPqNwfefJ11PNfEUkhhXLC3
+GjobCbTfBoMUs/HhSjHmTThDzHs/TQgeB97MWYUxWgCJjnvD10b6CxGq6OqaWz4O
+Zz1Q895qqFo7i87MRg0EDfYe3/3722Ive6jB/cFsP7c+//PJBwrY+jITX52DsmY8
+f9iDjh+uZlHKuYF1LULY9CHFzp+lStF1rSYSaEOPqKvSqbmOFKEG0Ft10Sx1jnb0
+tGllgWEYDcngictPK6IfSb52wLw/NlqCVU5Us4q4EXCPlgv+Jb8TzuCHjRunUYYU
+hMlF5qwKz2vYADQKZQuTWltd/wrKNI16vePw/l4JGia64eVHNg==
-----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
index a188a1d..978ab3d 100644
--- a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
+++ b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
@@ -1,18 +1,18 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIC7zCCAdcCAQEwgbCgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHaFe
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMKFe
pFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZ6BG
MESkQjBAMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEW
-MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIYO/yp98Yxu4w
-IhgPMjAxNDAyMDcxMDAxNTdaGA8yMDIyMDQyNjEwMDE1N1owGTAXBggrBgEFBQcK
+MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIc9h8nt+7954w
+IhgPMjAxNDEwMDMxMDI0MjBaGA8yMDI0MDkzMDEwMjQyMFowGTAXBggrBgEFBQcK
BDELMAkwBwwFc2FsZXMwfzByBgNVHSMEazBpCwHqxzoCXPi2xMHh2q7CV/ZSsLCh
SaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRsw
GQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCCBVOfhWvHBdhMAkGA1UdOAQCBQAw
-DQYJKoZIhvcNAQEFBQADggEBAJA/duSysWae5X9JTC0BLY6gK8ggj5V9H3d60rM4
-7A8HVQldWe5QwYIRZmLS0XhMVHWiIvXJHwue2Xgs8DyAqILSCKIKpCJRhqPIxHCh
-bek1nzw2YzVaU+E37He5V9PSkkRFO9tRvELhW3t4Wya7p4l6MVFW9ETOOtUqZYmt
-bxAq/XEFZl/aFb2FW2RoKjUZpwxbrccCaV1hKIxtNen2ro31dNd9YHXe+fE4Fc7r
-FTwbhOg3QLvZDXmiZt3LCXdMKAhayLbuSVsycuEtac44OVSvKhJ8GYykTRRn67nU
-qCFNDe266KTNDqUMilrHm3FYGkpFtREOBajH4EqdMAJSdXg=
+DQYJKoZIhvcNAQEFBQADggEBABdaDa/S5KBcETrE2Ttu7uVs3j4vRTCyf5J14G2M
+6a06O0dYXdRhKl/zs0JXvVl+0peyAcjHJAkDEGHwOnbUd6iZQfHlDc6//yyCjv56
+cjhDqtctSzI5iJNVJHlaxMGNDEmSZbr2IBIZ8W9dTswnrLVYP6aPLU5mCIf/jhcU
+uBAfpMLNpz6CCGToqkJi5GgO6MX9pr0fdDJeu/Pyhu1P4m8ShAYuwKRiADnAb2zb
+caC61tZh3BldeQGZlD9fIxRk7yL5zaU+HphvcY3b+tyKdbv5pfgOvPuBqUtZ+I/a
+ejeoAX09edN394xeIOV/2pPnOL3ybo4FHkparTX9UJYNxjE=
-----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf
index cd836a2..bae8628 100644
--- a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation acert hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/acert-fallback/reissue.txt b/testing/tests/ikev2/acert-fallback/reissue.txt
new file mode 100644
index 0000000..2e1cd68
--- /dev/null
+++ b/testing/tests/ikev2/acert-fallback/reissue.txt
@@ -0,0 +1,15 @@
+# Carols expired acert for finance
+pki --acert \
+ --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+ --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+ --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+ --group finance -F "01.01.13 08:00:00" -l 240 -f pem \
+ > ./hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
+
+# Carols valid acert for sales
+pki --acert \
+ --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+ --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+ --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+ --group sales -l 87600 -f pem \
+ > hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
diff --git a/testing/tests/ikev2/acert-inline/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem b/testing/tests/ikev2/acert-inline/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
index a188a1d..18b2610 100644
--- a/testing/tests/ikev2/acert-inline/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
+++ b/testing/tests/ikev2/acert-inline/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
@@ -1,18 +1,18 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIC7zCCAdcCAQEwgbCgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHaFe
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMKFe
pFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZ6BG
MESkQjBAMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEW
-MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIYO/yp98Yxu4w
-IhgPMjAxNDAyMDcxMDAxNTdaGA8yMDIyMDQyNjEwMDE1N1owGTAXBggrBgEFBQcK
+MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIWKuUaKxtshcw
+IhgPMjAxNDEwMDMxMDEzMTFaGA8yMDI0MDkzMDEwMTMxMVowGTAXBggrBgEFBQcK
BDELMAkwBwwFc2FsZXMwfzByBgNVHSMEazBpCwHqxzoCXPi2xMHh2q7CV/ZSsLCh
SaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRsw
GQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCCBVOfhWvHBdhMAkGA1UdOAQCBQAw
-DQYJKoZIhvcNAQEFBQADggEBAJA/duSysWae5X9JTC0BLY6gK8ggj5V9H3d60rM4
-7A8HVQldWe5QwYIRZmLS0XhMVHWiIvXJHwue2Xgs8DyAqILSCKIKpCJRhqPIxHCh
-bek1nzw2YzVaU+E37He5V9PSkkRFO9tRvELhW3t4Wya7p4l6MVFW9ETOOtUqZYmt
-bxAq/XEFZl/aFb2FW2RoKjUZpwxbrccCaV1hKIxtNen2ro31dNd9YHXe+fE4Fc7r
-FTwbhOg3QLvZDXmiZt3LCXdMKAhayLbuSVsycuEtac44OVSvKhJ8GYykTRRn67nU
-qCFNDe266KTNDqUMilrHm3FYGkpFtREOBajH4EqdMAJSdXg=
+DQYJKoZIhvcNAQEFBQADggEBAFkNsX6dyQCYzYPeBcUJWWwWaAwIAQ8sQTqWOXGu
+ccnicZNTLEEDcHYz+99MpU7akrVNd5W7qMu3cViab+24JL2pHXKnvdDnsj6ayGL1
+DZfENdhYuYa6cLxWtzo6TsFAZeLddkR7/tBUqQnneOOiWonIY8dP/5tX0qfU/JWQ
+iE9AmCuwVieNf3WDt7ja+TUUuovaoEaXZgRWPpzKlFAmOf7FEt58r8gMrgzo6uqz
+h32Y0XmIxAWbvVBmVjg1pl2Bvx235SsmwQ1fEfkDNFjhfQblbiV5gbnqLib3d8Eq
+eyB6tzO5kHiVI0DjGygKpnP0kKeyfwtDOXoIb8EgU16svSM=
-----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem b/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem
index e612607..8c8fac5 100644
--- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem
+++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem
@@ -1,18 +1,18 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIC7TCCAdUCAQEwgbGgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHKFf
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMaFf
pF0wWzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzAR
BgNVBAsTCkFjY291bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmeg
QzBBpD8wPTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
-EzARBgNVBAMTCmV4cGlyZWQgQUEwDQYJKoZIhvcNAQEFBQACCG25qKzXgZ9HMCIY
-DzIwMTQwMjA3MTAxMzQyWhgPMjAyMjA0MjYxMDEzNDJaMBkwFwYIKwYBBQUHCgQx
+EzARBgNVBAMTCmV4cGlyZWQgQUEwDQYJKoZIhvcNAQEFBQACCA3IIXAIe9+8MCIY
+DzIwMTQxMDAzMTAxNzA2WhgPMjAyNDA5MzAxMDE3MDZaMBkwFwYIKwYBBQUHCgQx
CzAJMAcMBXNhbGVzMH8wcgYDVR0jBGswabOoTOBJ6lXcG4NAowI32Y/oXa9/oUmk
RzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkG
A1UEAxMSc3Ryb25nU3dhbiBSb290IENBgggqIkNljRd9CTAJBgNVHTgEAgUAMA0G
-CSqGSIb3DQEBBQUAA4IBAQCfX/84tHCidlVbOU4is/1hZc+FpK4GG1jcywM9mtjB
-QUeX28LYkewDdRpe49zJuTbvuIIABTp+4alf/oo7sKLk+o2/qq6CPfx8BSRL1a61
-Y1wVeGmXqcRQgtX+r3asMtLBoAFO8VaHt6pY52bg2YMNVRrUnCUVLqQjT+/Ujr4f
-Lhs74VOxn7S94YbqvP5rytNFjdzBREipmb8j4mhIyfwUluoWFCkzxuwRaSEGhSMO
-NobJuj/mK0PUU+TMYEcOMpQ/nVyb9rBtOvDoNU3BeD+ovuamErT9/9vWhEOwMD4C
-OeR+ofespDX+AdCyZ1Dr1GMyUmIRK7GERdasIhx5pYMk
+CSqGSIb3DQEBBQUAA4IBAQASoU5dvb9Khy4/RzU1v9RR5tST+D1Wc8LvRTZZKTQq
+Xr/bew1I0blr+r23jCsL820Reu1W1dinx3mJ7lcp7dxrmkG2U70NHj0eHjx0poms
+nCS6XgRpPM4M1jOqWM8eDKvvu9Qr8VcQlTVRWpyPUtweBuR4Xw/UpmQVEPm/ZgI+
+IyQC1g1r9pIuyTPM+e35u39ui8/6Ojqe5/FoTYhyxG/wohmx2+N2UMLtoByEZtQ8
+3FapsFYMpuVM5YU75WeaTARUbuhW6roeMjqGKdeLsXNETXS368yrPmCKtLaZ2l1u
+hslX9uJoubP0agQrjJ2stuY198VaGlL8oBrNT1oT2yyg
-----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem b/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
index 2f646c3..23a8b85 100644
--- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
+++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
@@ -1,18 +1,18 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIC9DCCAdwCAQEwgbGgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHKFf
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMaFf
pF0wWzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzAR
BgNVBAsTCkFjY291bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmeg
RjBEpEIwQDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
-FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCCPxWgWKmOUM
-MCIYDzIwMTQwMjA3MDg1OTM3WhgPMjAyMjA0MjYwODU5MzdaMB0wGwYIKwYBBQUH
+FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCAak0VAwh8bc
+MCIYDzIwMTQxMDAzMTAxNTE3WhgPMjAyNDA5MzAxMDE1MTdaMB0wGwYIKwYBBQUH
CgQxDzANMAsMCW1hcmtldGluZzB/MHIGA1UdIwRrMGkLAerHOgJc+LbEweHarsJX
9lKwsKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIIFU5+Fa8cF2EwCQYDVR04
-BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAThlKhGVv34sfnCSQn6nYUdxMhboTuC98
-+DgvTQ/tH0hddCJNg00SpO8AbStwEsqHFaSqFzAGHcMk+XUrBRSGszAwg8nKAKfT
-MCvJbK6lWQcPF0WPSSk9/r1TLan4I9xhneNIIGQf1fnNo7NrQnmhJjolUgXQNwFA
-qZgKBsk0jWcOSvI0bpK90km5flCHn/OA1rDCdaPuMwreDhvNDoApORYFPZVsLhid
-CXSqT+FWfm2NfegS+Q4VHP3YLbY4vLepCerU9aMTUIPit0kf1N8piG/l6AUno1XP
-VrcTvruQUWQb08H9aYt7l7kyhzOKkuXjVbdn5egZnK0m4WKmV50guA==
+BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAWdsybtPblq5EDLHKE4xakwLmbE5Jd5IV
+0E/jOJWrdN/XOR1pGe55YjW/WFCDklAZcsR+Ap07x2L+idK+XfW3sMRgoXUYe9JO
+1NSAPquy8zl206GpqiN5gmYQnQv2UshnbnEMd9osMmFIdqFVjFZFLtb8O+QRSVW1
+jiiL5a20amtQvyOI7B4vWImJ/EZh5lB3AxABVayeJvJJ4oQBBH/RIGCVocHykr4y
+jG9Vq/CxOIu6xUKvBlT/r68tiS7Rtg2Br5sAY7MmnXzkJxgdNyfsCTThdFExGzzj
+FHjzgHPjlAFofV22otSUzdOE6b22Dh7c1mxuDgUzlpPh2ycsp21CRw==
-----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf
index cd836a2..bae8628 100644
--- a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation acert hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/acert-inline/reissue.txt b/testing/tests/ikev2/acert-inline/reissue.txt
new file mode 100644
index 0000000..994fa0f
--- /dev/null
+++ b/testing/tests/ikev2/acert-inline/reissue.txt
@@ -0,0 +1,23 @@
+# Carols sales acert
+pki --acert \
+ --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+ --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem --in \
+ ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+ --group sales -l 87600 -f pem \
+ > hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
+
+# Daves marketing acert
+pki --acert \
+ --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+ --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+ --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+ --group marketing -l 87600 -f pem
+ > hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves sales acert from expired AA
+pki --acert \
+ --issuercert hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem \
+ --issuerkey hosts/moon/etc/ipsec.d/private/aa-expired.pem \
+ --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+ --group sales -l 87600 -f pem \
+ > hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf
index d70d7b9..f295f15 100644
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf
index d70d7b9..f295f15 100644
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf
index e607bba..cae7e00 100644
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf
index e607bba..cae7e00 100644
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
index e063e44..e396bb1 100644
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
index e063e44..e396bb1 100644
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
index eacadc5..adc0ab9 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
index eacadc5..adc0ab9 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
index a14fc56..fed33db 100644
--- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
index a14fc56..fed33db 100644
--- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
index a14fc56..fed33db 100644
--- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
index a14fc56..fed33db 100644
--- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
index 0e4e577..5d1c35c 100644
--- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
index 0e4e577..5d1c35c 100644
--- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
index 002166a..de6bda2 100644
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
index 2ba42b6..269e1a5 100644
--- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
index 1e3d118..a2bdf79 100644
--- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
index a92610c..e9a75fa 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBLzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MDIyMloXDTE5MDgyNjE1MDIyMlowWjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr
-lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD
-e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG
-Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi
-+BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ
-TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh
-ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+AQEBBQADggEPADCCAQoCggEBAMJhEfwaamqe85Wwr+AWO8YJbxX717rTX0tVLEVG
+AB/Q1CAnQquMxo8Cf4Ufto/Odm+25Ihxy2Zedmjnoy8xe4s9vFUjEYPgo+wIT7t3
+I3nUhKJhJWEw7hdHwPHif1aAMK/Mrvkou/VFwzJwnCwA9VKe1/Mn4X1YNLak/cQD
+L2Ci34uxJzvjt/5DVDmh7Fd/9wsNHOafycsxEJEyDtDpbZSMklIArTcA61U0+oxZ
+MBZVZHMN9vJETR+BEBaZkEpFSn4vaYjtzpsLG+MicYiuspQ+v8dG50JzeTRpRRpP
+HF3ob20kd9VOz1nU/43CVpvxFk3d+UNNYF89iIBCNZAf6gMCAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQTfdv0x2BIOc0ZAvGE
+VrABn/Jk6zBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/
-jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl
-nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC
-6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a
-cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f
-q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z
-0xafBd5x
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC6A+3G600itmdH
+4+zQ1FskGsCUj6mUXn+4blshl41zzhyRmplJT51Wch926E1LUxca9FKUu8XT1tAP
+Wo56RO92eX7M3OgeQz7NqtYxgNauqKfd+IFg+y1vC4etj25dfC56+ETfCrxOZzuZ
+vFD0mhn1hzXw3CNjSIH3HtWHOJjat+jZKsSayiYg3jO+L7i+cz6arbMhQwwGzskb
+wTJejXul+G1/lFhPwMFyep2ilKwRiLJpE3L17hYVwXNEerFcpq6q0OEylmCxXswd
+uO4NPb7dDiKw1pbdIQfZh2HqUXr3Vb4FcCWpAHhSCnNtwQQGKMg0CZtiPvwaaeXI
+oXwOnQXX
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
index 60e7fdf..7b72371 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA4eH8EF/1XBRvHchTZm8onKXAJQ/YavjRV6Vx7GuVHU+grefB
-msnHF+GHGvF3Htae388OIXZ7LMD1Thw7JLXM+la5G3r08Q5Z/NAlmQN7kLptdkwf
-AkZoIzSHwS6CfAjv9eBsSrxT/U8HAh4WHzFLIjDKfw2rIdab7qFoVkZSvPvLRk4B
-hxflmV0/y+ObZLICXSE+Wh3TKmTYrWKCY7zDdxFEWoPbteHO2AgnKiL4E7e6Zz4F
-dyk8ahnsgVpe8dwxUQKvFuSu9F2kqLP/j67wVqRAm0GZi6o/ZMuh1ElMpInhS8g9
-dnwNMRgL8lr/CubWE18fhPdiNYZP76VVtgXuoQIDAQABAoIBAQCbF5UAkUJgdM9O
-fat128DgvZXOXLDV0f261igAkmWR+Ih0n3n5E64VoY4oW77Ud7wiI4KqSzWLpvlH
-Jm8dZ45UHJOAYM4pbRcwVKJcC14eI0LhRKbN4xXBhmHnrE1/aIuKIQt5zRFGDarc
-M1gxFqFl2mZPEk18MGRkVoLTKfnJMzdHI1m0IAMwg3Rl9cmuVdkhTS+IAoULVNnI
-0iAOsFN8SdDaKBqRcPkypT5s4wjGH4s7zjW4PmEDwDhhfeHkVccCuH8n3un1bPT2
-oc73RSXdCYMgDTD3waXC+4cCQGPZmUCl6Mfq7YCECkUpUg6rHlaCYRSZZoQPf5vH
-VsBUvjABAoGBAPHSnJOL6tcqJCCZ27E3zIsmZ+d6dX4B/YN1Xk3vKHhavN5Ks6Gx
-ZCsaluMuB2qyBRrpKnSAz6lUQ1TOxzuphlVIX1EnLW+JvNgFyem9PARsP2SMsKqm
-VaqnId6pprdbP53NpL9Z7AsbS/i/Ab6WpVPyYHdqVsimCdRGK9/JlOnBAoGBAO8g
-I4a4dJKiwHBHyP6wkYrhWdYwmjTJlskNNjrvtn7bCJ/Lm0SaGFXKIHCExnenZji0
-bBp3XiFNPlPfjTaXG++3IH6fxYdHonsrkxbUHvGAVETmHVLzeFiAKuUBvrWuKecD
-yoywVenugORQIPal3AcLwPsVRfDU89tTQhiFq3zhAoGBAIqmfy/54URM3Tnz/Yq2
-u4htFNYb2JHPAlQFT3TP0xxuqiuqGSR0WUJ9lFXdZlM+jr7HQZha4rXrok9V39XN
-dUAgpsYY+GwjRSt25jYmUesXRaGZKRIvHJ8kBL9t9jDbGLaZ2gP8wuH7XKvamF12
-coSXS8gsKGYTDT+wnCdLpR4BAoGAFwuV4Ont8iPVP/zrFgCWRjgpnEba1bOH4KBx
-VYS8pcUeM6g/soDXT41HSxDAv89WPqjEslhGrhbvps2oolY1zwhrDUkAlGUG96/f
-YRfYU5X2iR1UPiZQttbDS4a7hm7egvEOmDh2TzE5IsfGJX8ekV9Ene4S637acYy4
-lfxr5oECgYEAzRuvh6aG7UmKwNTfatEKav7/gUH3QBGK+Pp3TPSmR5PKh/Pk4py6
-95bT4mHrKCBIfSv/8h+6baYZr9Ha1Oj++J94RXEi8wdjjl1w3LGQrM/X+0AVqn5P
-b5w1nvRK7bMikIXbZmPJmivrfChcjD21gvWeF6Osq8McWF8jW2HzrZw=
+MIIEowIBAAKCAQEAwmER/Bpqap7zlbCv4BY7xglvFfvXutNfS1UsRUYAH9DUICdC
+q4zGjwJ/hR+2j852b7bkiHHLZl52aOejLzF7iz28VSMRg+Cj7AhPu3cjedSEomEl
+YTDuF0fA8eJ/VoAwr8yu+Si79UXDMnCcLAD1Up7X8yfhfVg0tqT9xAMvYKLfi7En
+O+O3/kNUOaHsV3/3Cw0c5p/JyzEQkTIO0OltlIySUgCtNwDrVTT6jFkwFlVkcw32
+8kRNH4EQFpmQSkVKfi9piO3Omwsb4yJxiK6ylD6/x0bnQnN5NGlFGk8cXehvbSR3
+1U7PWdT/jcJWm/EWTd35Q01gXz2IgEI1kB/qAwIDAQABAoIBAQCNiPD3iKSEDkl/
+bbAikw3jHWttrnte5ho1WEdsCZR9lilfYDcDgvXxm/gOjxD3lXZX0eyGDZX1bEL8
+D+6apoU21jUUKPzP8fpqG4MzFYUXaM9LDUGSi3ZSLUUo26us6JqK55dghXCXH70K
+NUUCJZB8IH1N6HQgOOHpPCorV8ZfrfOklNmCJgevVi2ySJ9Oke5YGhhIgNBuXMAB
+Llpg8mc6WqQVCzQnQqOMLT+cHGVcSiwyP04J0vhRWtFCKhaOTJfEG2/RwyHMeOwV
+cjOIHZhviW1QmYV3/kIUaYtOW7HqxCzPHxXlulgWjF6jF7cFmHtsVmjfZxqNDMID
+Fdz+ODQBAoGBAOp/kSOOCK93sojk2zmJdeuiWzIQaQ9Dkt9sgq2h98pFfcQ6veTH
+s2IHbr5nCFl4DvX+Ugh5H/hNIG2FOQ/XWpasXJvQKvttBXXTBHSi8/ZwmcR5xPsA
++9xLaajg4PFIYY2aiSV5Ydoe55dve+8AMNvFmt5chW9hBZ4XdPJL25hBAoGBANQz
+xxm+bI4Y942zKOJRfMc+7zNlQBRcB4TisAEYjviEONRFyWg+mToV2WYGhdU9wduy
+8etriCUTKlS7i+MR80vT874oak+ZK9eDGdzTcNQwKo5pUvBpGkHea+QyWrm0oWg4
+mX4F1TGRFLDdkKPK4F42n8cjozGljjoQb7QH2tFDAoGAMA+lN5xMu2nU9amyJMC/
+omPMPR6P6cj3uUMMJXokxxgnBqjjcphbc6QCVpPXaj7pEhHlzkbE/qcQFmJPp6eD
+sY3yDR1FMfLOQ6/UIfOj/MZnPZWXgbpZ5HSwWyR79ffXxqX9peiS3Zmn7amzxPBN
+Ez4U164uyv0foZ89IMvbXgECgYB7V2E58HpOmeqCPYndCnpZoZYNrKNzcg6Yyd59
+tJWdk9UoZSvtYL1Vis+jQtVVniDpH3kIWqd2zU4ElEJ6CLv+7kK12+33OFPIX5aP
+yYLCgwCpaETiImU1th/GMxKS8JAE8SkenCtQNUDukMp6ufhyKpPyfx9jQxSJYXZc
+EVi52wKBgHpfgXTUHASyAGDaNr5pUk6xZC59eLW3+JquQVxl5GjTDCXK5ilaMLtq
+sLT6B0AWd3QKQQHKOl8rVeMA3/SkXXxTooRisgL1OvzEuJg9mHOM/tLLYFTg6Dna
+RKtXeklyTaEsmmFT+zgRVqp0qDN7JhlNtCfUYz4fW70kx3Iet/Tv
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
index 5a243ca..5cfec3e 100644
--- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
scepclient {
diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
index 5a243ca..5cfec3e 100644
--- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
scepclient {
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
index 609d357..1c7c270 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
server = 10.1.255.255
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
index 609d357..1c7c270 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
server = 10.1.255.255
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
index 75c605f..d96d1d7 100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
server = 10.1.255.255
diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
index 6c41df9..b089324 100644
--- a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MDUzNloXDTE5MDgyNjE1MDUzNlowWjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
-6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
-Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
-Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
-I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
-x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
-tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+AQEBBQADggEPADCCAQoCggEBALfz1DcXyt/sOALi1IZ/RcuPa5m+4fiSST2wVWWr
+lw3hUjeiwLfgoLrtKaGX4i+At82Zol2mdbEXFpO+9qxXliP2u0fexqP4mBuZus3E
+LA82EOL0lQ2ahAi8O3qafkDMBSgvoeJpEwNe00Ugh53g7hT7dw8tSgcPGqQkWutI
+IKT9T6e/HbHNjRtYlw9ZlHsp8gSYjg/Q6vV6ofttueMUD9NRv8w2Y76rnRRmUGf3
+GlNFFmgxZntCJRuYltnxV7VcCFoppyauYt/fPmjAxbPRuhHKacnzIzq83Ixf5fSj
+MTlluGCfWFX/NGENXamBqChkRLHmuCHNexxRp9s2F1S10hECAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRcWXBiVy0qJJxclFab
+iV7lxQW2vTBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
-GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
-ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
-F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
-L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
-ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
-Rf5Z0GOR
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBVqTw0DRABEwcw
+kMsDkX1yIX4lODAadvSq/PP/M3e6VoZOXBphKQvqgAgaCpk+vAXoHNPImg+vRVeY
+bIeS0E2lMo5nKQu7MCs8RpL97PMHL7NlzRBiS+CCKRaCHglJgCZtfwc1sapnrche
+MoZat+GyjnyKVNTJh/QtGm5QL9DRKa125B9gS9FtdT0BkhxIsZ4TsEOeTqv5dHix
+bc7x+MwETL6AxNraPqfIbt78cnsIB3PpIxYYTlDVY2Fwr2G0Ri9inEM/GZFAsJSU
+iSyoTqQsyZhzzOmE/mK40JtBv+lg+pPOa4tC8w892KEKsnRX9dxX+U6vr3QtoIjN
+wg8qvcUu
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
index 41a1399..1454ec5 100644
--- a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
@@ -1,30 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq
-i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH
-jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx
-m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce
-pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq
-J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf
-dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB
-h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC
-/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY
-EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV
-pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe
-sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz
-kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk
-gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja
-OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53
-D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM
-bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo
-BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx
-7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB
-UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs
-H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB
-y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA
-zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty
-AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6
-nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf
index 73bbf68..4ccce1f 100644
--- a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
index 56eaebf..eaaf8bd 100644
--- a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
}
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
index 04ffaf6..a4542db 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
libhydra {
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index 04ffaf6..a4542db 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
libhydra {
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
index 2dc6a3a..fe6cdde 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
}
libhydra {
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
index bd19ffe..7b81476 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
index 2dc6a3a..fe6cdde 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
}
libhydra {
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf
index 73b0cb7..c7e9a44 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite attr-sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite attr-sql
}
libhydra {
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
index c81c5b6..af1bc18 100644
--- a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown lookip
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown lookip
}
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
index 8e872dd..414eeba 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
index 8e872dd..414eeba 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
index aba7eef..710c38b 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
index bc90242..0431c5d 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce constraints x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce constraints x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
index 77bd678..8d3610b 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation constraints hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation constraints hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
index dabff38..0387fdf 100644
--- a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
keep_alive = 5
}
diff --git a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
index ca23c69..2127105 100644
--- a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
index dabff38..0387fdf 100644
--- a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
keep_alive = 5
}
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
index 94e0b2a..a262950 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
index 94e0b2a..a262950 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/ipsec.d/certs/moonPub.der b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/ipsec.d/certs/moonPub.der
index 7157104..6724735 100644
Binary files a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/ipsec.d/certs/moonPub.der and b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/ipsec.d/certs/moonPub.der differ
diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/ipsec.d/certs/sunPub.der b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/ipsec.d/certs/sunPub.der
index cc99934..744c759 100644
Binary files a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/ipsec.d/certs/sunPub.der and b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/ipsec.d/certs/sunPub.der differ
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-fragmentation/description.txt b/testing/tests/ikev2/net2net-fragmentation/description.txt
new file mode 100644
index 0000000..1f63c96
--- /dev/null
+++ b/testing/tests/ikev2/net2net-fragmentation/description.txt
@@ -0,0 +1,9 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b>. The IKEv2 fragmentation protocol
+defined in <b>RFC 7383</b> prevents the IP fragmentation of the IKEv2 messages carrying the
+large X.509 certificates.
+<p/>
+Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat
new file mode 100644
index 0000000..7f227fd
--- /dev/null
+++ b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat
@@ -0,0 +1,15 @@
+moon::cat /var/log/daemon.log::IKE_SA_INIT request 0.*FRAG_SUP::YES
+sun::cat /var/log/daemon.log::IKE_SA_INIT response 0.*FRAG_SUP::YES
+moon::cat /var/log/daemon.log::splitting IKE message with length of 1804 bytes into 2 fragments::YES
+sun::cat /var/log/daemon.log::splitting IKE message with length of 1596 bytes into 2 fragments::YES
+moon::cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
+moon::cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+sun::cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
+sun::cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/ipsec.conf
new file mode 100644
index 0000000..bb0b2b0
--- /dev/null
+++ b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ fragmentation=yes
+
+conn net-net
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=PH_IP_SUN
+ rightid=@sun.strongswan.org
+ rightsubnet=10.2.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf
similarity index 100%
copy from testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf
copy to testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf
diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/ipsec.conf
new file mode 100644
index 0000000..855bb44
--- /dev/null
+++ b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ fragmentation=yes
+
+conn net-net
+ left=PH_IP_SUN
+ leftcert=sunCert.pem
+ leftid=@sun.strongswan.org
+ leftsubnet=10.2.0.0/16
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf
similarity index 100%
copy from testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf
copy to testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf
diff --git a/testing/tests/ikev2/net2net-fragmentation/posttest.dat b/testing/tests/ikev2/net2net-fragmentation/posttest.dat
new file mode 100644
index 0000000..837738f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-fragmentation/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+
diff --git a/testing/tests/ikev2/net2net-fragmentation/pretest.dat b/testing/tests/ikev2/net2net-fragmentation/pretest.dat
new file mode 100644
index 0000000..1732d6e
--- /dev/null
+++ b/testing/tests/ikev2/net2net-fragmentation/pretest.dat
@@ -0,0 +1,6 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-fragmentation/test.conf b/testing/tests/ikev2/net2net-fragmentation/test.conf
new file mode 100644
index 0000000..afa2acc
--- /dev/null
+++ b/testing/tests/ikev2/net2net-fragmentation/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
index 17f6111..577d74e 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
index 0d18555..9f1d9c4 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
index 4de997a..978b276 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
index f0432ad..c52a325 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12
index d3cca4f..365da74 100644
Binary files a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 and b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 differ
diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
index 4628e70..92e758d 100644
--- a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12
index 1a9e2aa..e2cd2f2 100644
Binary files a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 and b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 differ
diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
index 4628e70..92e758d 100644
--- a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
index 54cdfd9..5d04d3e 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac xcbc curl stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
index 54cdfd9..5d04d3e 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac xcbc curl stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
index f1e81ea..f1b3fb7 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
index f1e81ea..f1b3fb7 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
index 8e685c8..ddba8b1 100644
--- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
index a92610c..e9a75fa 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEIjCCAwqgAwIBAgIBLzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE
+b290IENBMB4XDTE0MDgyNzE1MDIyMloXDTE5MDgyNjE1MDIyMlowWjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr
-lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD
-e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG
-Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi
-+BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ
-TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh
-ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+AQEBBQADggEPADCCAQoCggEBAMJhEfwaamqe85Wwr+AWO8YJbxX717rTX0tVLEVG
+AB/Q1CAnQquMxo8Cf4Ufto/Odm+25Ihxy2Zedmjnoy8xe4s9vFUjEYPgo+wIT7t3
+I3nUhKJhJWEw7hdHwPHif1aAMK/Mrvkou/VFwzJwnCwA9VKe1/Mn4X1YNLak/cQD
+L2Ci34uxJzvjt/5DVDmh7Fd/9wsNHOafycsxEJEyDtDpbZSMklIArTcA61U0+oxZ
+MBZVZHMN9vJETR+BEBaZkEpFSn4vaYjtzpsLG+MicYiuspQ+v8dG50JzeTRpRRpP
+HF3ob20kd9VOz1nU/43CVpvxFk3d+UNNYF89iIBCNZAf6gMCAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQTfdv0x2BIOc0ZAvGE
+VrABn/Jk6zBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/
-jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl
-nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC
-6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a
-cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f
-q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z
-0xafBd5x
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC6A+3G600itmdH
+4+zQ1FskGsCUj6mUXn+4blshl41zzhyRmplJT51Wch926E1LUxca9FKUu8XT1tAP
+Wo56RO92eX7M3OgeQz7NqtYxgNauqKfd+IFg+y1vC4etj25dfC56+ETfCrxOZzuZ
+vFD0mhn1hzXw3CNjSIH3HtWHOJjat+jZKsSayiYg3jO+L7i+cz6arbMhQwwGzskb
+wTJejXul+G1/lFhPwMFyep2ilKwRiLJpE3L17hYVwXNEerFcpq6q0OEylmCxXswd
+uO4NPb7dDiKw1pbdIQfZh2HqUXr3Vb4FcCWpAHhSCnNtwQQGKMg0CZtiPvwaaeXI
+oXwOnQXX
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
index 60e7fdf..7b72371 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA4eH8EF/1XBRvHchTZm8onKXAJQ/YavjRV6Vx7GuVHU+grefB
-msnHF+GHGvF3Htae388OIXZ7LMD1Thw7JLXM+la5G3r08Q5Z/NAlmQN7kLptdkwf
-AkZoIzSHwS6CfAjv9eBsSrxT/U8HAh4WHzFLIjDKfw2rIdab7qFoVkZSvPvLRk4B
-hxflmV0/y+ObZLICXSE+Wh3TKmTYrWKCY7zDdxFEWoPbteHO2AgnKiL4E7e6Zz4F
-dyk8ahnsgVpe8dwxUQKvFuSu9F2kqLP/j67wVqRAm0GZi6o/ZMuh1ElMpInhS8g9
-dnwNMRgL8lr/CubWE18fhPdiNYZP76VVtgXuoQIDAQABAoIBAQCbF5UAkUJgdM9O
-fat128DgvZXOXLDV0f261igAkmWR+Ih0n3n5E64VoY4oW77Ud7wiI4KqSzWLpvlH
-Jm8dZ45UHJOAYM4pbRcwVKJcC14eI0LhRKbN4xXBhmHnrE1/aIuKIQt5zRFGDarc
-M1gxFqFl2mZPEk18MGRkVoLTKfnJMzdHI1m0IAMwg3Rl9cmuVdkhTS+IAoULVNnI
-0iAOsFN8SdDaKBqRcPkypT5s4wjGH4s7zjW4PmEDwDhhfeHkVccCuH8n3un1bPT2
-oc73RSXdCYMgDTD3waXC+4cCQGPZmUCl6Mfq7YCECkUpUg6rHlaCYRSZZoQPf5vH
-VsBUvjABAoGBAPHSnJOL6tcqJCCZ27E3zIsmZ+d6dX4B/YN1Xk3vKHhavN5Ks6Gx
-ZCsaluMuB2qyBRrpKnSAz6lUQ1TOxzuphlVIX1EnLW+JvNgFyem9PARsP2SMsKqm
-VaqnId6pprdbP53NpL9Z7AsbS/i/Ab6WpVPyYHdqVsimCdRGK9/JlOnBAoGBAO8g
-I4a4dJKiwHBHyP6wkYrhWdYwmjTJlskNNjrvtn7bCJ/Lm0SaGFXKIHCExnenZji0
-bBp3XiFNPlPfjTaXG++3IH6fxYdHonsrkxbUHvGAVETmHVLzeFiAKuUBvrWuKecD
-yoywVenugORQIPal3AcLwPsVRfDU89tTQhiFq3zhAoGBAIqmfy/54URM3Tnz/Yq2
-u4htFNYb2JHPAlQFT3TP0xxuqiuqGSR0WUJ9lFXdZlM+jr7HQZha4rXrok9V39XN
-dUAgpsYY+GwjRSt25jYmUesXRaGZKRIvHJ8kBL9t9jDbGLaZ2gP8wuH7XKvamF12
-coSXS8gsKGYTDT+wnCdLpR4BAoGAFwuV4Ont8iPVP/zrFgCWRjgpnEba1bOH4KBx
-VYS8pcUeM6g/soDXT41HSxDAv89WPqjEslhGrhbvps2oolY1zwhrDUkAlGUG96/f
-YRfYU5X2iR1UPiZQttbDS4a7hm7egvEOmDh2TzE5IsfGJX8ekV9Ene4S637acYy4
-lfxr5oECgYEAzRuvh6aG7UmKwNTfatEKav7/gUH3QBGK+Pp3TPSmR5PKh/Pk4py6
-95bT4mHrKCBIfSv/8h+6baYZr9Ha1Oj++J94RXEi8wdjjl1w3LGQrM/X+0AVqn5P
-b5w1nvRK7bMikIXbZmPJmivrfChcjD21gvWeF6Osq8McWF8jW2HzrZw=
+MIIEowIBAAKCAQEAwmER/Bpqap7zlbCv4BY7xglvFfvXutNfS1UsRUYAH9DUICdC
+q4zGjwJ/hR+2j852b7bkiHHLZl52aOejLzF7iz28VSMRg+Cj7AhPu3cjedSEomEl
+YTDuF0fA8eJ/VoAwr8yu+Si79UXDMnCcLAD1Up7X8yfhfVg0tqT9xAMvYKLfi7En
+O+O3/kNUOaHsV3/3Cw0c5p/JyzEQkTIO0OltlIySUgCtNwDrVTT6jFkwFlVkcw32
+8kRNH4EQFpmQSkVKfi9piO3Omwsb4yJxiK6ylD6/x0bnQnN5NGlFGk8cXehvbSR3
+1U7PWdT/jcJWm/EWTd35Q01gXz2IgEI1kB/qAwIDAQABAoIBAQCNiPD3iKSEDkl/
+bbAikw3jHWttrnte5ho1WEdsCZR9lilfYDcDgvXxm/gOjxD3lXZX0eyGDZX1bEL8
+D+6apoU21jUUKPzP8fpqG4MzFYUXaM9LDUGSi3ZSLUUo26us6JqK55dghXCXH70K
+NUUCJZB8IH1N6HQgOOHpPCorV8ZfrfOklNmCJgevVi2ySJ9Oke5YGhhIgNBuXMAB
+Llpg8mc6WqQVCzQnQqOMLT+cHGVcSiwyP04J0vhRWtFCKhaOTJfEG2/RwyHMeOwV
+cjOIHZhviW1QmYV3/kIUaYtOW7HqxCzPHxXlulgWjF6jF7cFmHtsVmjfZxqNDMID
+Fdz+ODQBAoGBAOp/kSOOCK93sojk2zmJdeuiWzIQaQ9Dkt9sgq2h98pFfcQ6veTH
+s2IHbr5nCFl4DvX+Ugh5H/hNIG2FOQ/XWpasXJvQKvttBXXTBHSi8/ZwmcR5xPsA
++9xLaajg4PFIYY2aiSV5Ydoe55dve+8AMNvFmt5chW9hBZ4XdPJL25hBAoGBANQz
+xxm+bI4Y942zKOJRfMc+7zNlQBRcB4TisAEYjviEONRFyWg+mToV2WYGhdU9wduy
+8etriCUTKlS7i+MR80vT874oak+ZK9eDGdzTcNQwKo5pUvBpGkHea+QyWrm0oWg4
+mX4F1TGRFLDdkKPK4F42n8cjozGljjoQb7QH2tFDAoGAMA+lN5xMu2nU9amyJMC/
+omPMPR6P6cj3uUMMJXokxxgnBqjjcphbc6QCVpPXaj7pEhHlzkbE/qcQFmJPp6eD
+sY3yDR1FMfLOQ6/UIfOj/MZnPZWXgbpZ5HSwWyR79ffXxqX9peiS3Zmn7amzxPBN
+Ez4U164uyv0foZ89IMvbXgECgYB7V2E58HpOmeqCPYndCnpZoZYNrKNzcg6Yyd59
+tJWdk9UoZSvtYL1Vis+jQtVVniDpH3kIWqd2zU4ElEJ6CLv+7kK12+33OFPIX5aP
+yYLCgwCpaETiImU1th/GMxKS8JAE8SkenCtQNUDukMp6ufhyKpPyfx9jQxSJYXZc
+EVi52wKBgHpfgXTUHASyAGDaNr5pUk6xZC59eLW3+JquQVxl5GjTDCXK5ilaMLtq
+sLT6B0AWd3QKQQHKOl8rVeMA3/SkXXxTooRisgL1OvzEuJg9mHOM/tLLYFTg6Dna
+RKtXeklyTaEsmmFT+zgRVqp0qDN7JhlNtCfUYz4fW70kx3Iet/Tv
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 4e2acef..d1eb770 100644
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index 4e2acef..d1eb770 100644
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index 4e2acef..d1eb770 100644
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/ipsec.d/certs/moonPub.der b/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/ipsec.d/certs/moonPub.der
index 7157104..6724735 100644
Binary files a/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/ipsec.d/certs/moonPub.der and b/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/ipsec.d/certs/moonPub.der differ
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
index 2f8bf5d..32446b8 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
index 2f8bf5d..32446b8 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index bbbafd7..b3d3510 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
integrity_test = yes
}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index bbbafd7..b3d3510 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
integrity_test = yes
}
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
index 0fd7117..c54efe5 100644
--- a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
index 5f9eedb..decdc7e 100644
--- a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
}
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
index a068226..75c8ad3 100644
--- a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-md5 eap-tls eap-dynamic updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-md5 eap-tls eap-dynamic updown
plugins {
eap-dynamic {
diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf
index b1b4180..2a5c62c 100644
--- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf
index b1b4180..2a5c62c 100644
--- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf
index 4297a30..6cdad0a 100644
--- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
class_group = yes
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf
index b1b4180..2a5c62c 100644
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf
index b1b4180..2a5c62c 100644
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf
index 4297a30..6cdad0a 100644
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
class_group = yes
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
index b1b4180..2a5c62c 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
index b1b4180..2a5c62c 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
index b1b4180..2a5c62c 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
index aba7eef..710c38b 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
index 0fd7117..c54efe5 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
index f634316..6de89b8 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
index 0fd7117..c54efe5 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
index 0fd7117..c54efe5 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
index 66dee83..e48153b 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
+ load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
index 66dee83..e48153b 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
+ load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
index e9958df..ccf3f2c 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
index e9958df..ccf3f2c 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
index 5f00ef5..5f9465d 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
plugins {
eap-peap {
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
index 613ceee..f97b28f 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
index 613ceee..f97b28f 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
index 58e8df0..f2a9c37 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
plugins {
eap-peap {
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
index 0e20d1c..d2989a8 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
index 0e20d1c..d2989a8 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
index 38d78e7..3629454 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
index 8e872dd..414eeba 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
index aba7eef..710c38b 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
index 691bec8..1ea5962 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
index 691bec8..1ea5962 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
index f634316..6de89b8 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
index 691bec8..1ea5962 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
index 691bec8..1ea5962 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
index f634316..6de89b8 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
index 66d8fb3..a2c3b71 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
integrity_test = yes
}
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
index 3eda3aa..1716f91 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
integrity_test = yes
}
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
index 1a0f836..2fc9f94 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac gcm stroke kernel-netlink socket-default eap-tls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
plugins {
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
index 1a0f836..2fc9f94 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac gcm stroke kernel-netlink socket-default eap-tls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
plugins {
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
index d397fe6..1510176 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
index ac6642e..35b6f39 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
index 2eb2adc..4c778a7 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
index 5bf9dc0..fbf1617 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
index 32b4d2e..e1a0cee 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
index 32b4d2e..e1a0cee 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
index 9401ffb..3f7b266 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
plugins {
eap-ttls {
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
index 8de5ec6..d148c4e 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
index 8de5ec6..d148c4e 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
index c730346..2d85e8c 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
plugins {
eap-ttls {
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 32b4d2e..e1a0cee 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 32b4d2e..e1a0cee 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
index 5bf9dc0..fbf1617 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
index b294b7c..7ea4d88 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
index b294b7c..7ea4d88 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
index b294b7c..7ea4d88 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf
index dc900c4..73b0885 100644
--- a/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
initiator_only = yes
}
diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf
index 9251921..2b80853 100644
--- a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
retransmit_timeout = 2
retransmit_base = 1.5
diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf
index 7f31b17..094e0ef 100644
--- a/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
index 15d775d..f8f79c2 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,29 +1,29 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE6TAbBgkqhkiG9w0BBQMwDgQI+eazNjQUVoACAggABIIEyMUe2rc1ZsQgFwUm
-MiU+qAl2g7uzI1Pz6XzgvjZrV5n62XXAbIbG4WP08slkD2VXA5iVTnfI7nj0HEtD
-d2eaLU0GKNwmW7eSAXmhwBiUA623Xo0Y/X4eAY9VUfSlVshnNKOsgETQxQhUsKK1
-NXSpXfAjSgd+HDwQ+uvFQQD9WgibO3rIxfuO9+QqwnYXWz/p2bmc128mBibaFxwa
-SdVlYhR9l1hhFHN5cdD5AXFsflbLzGVR6gJpArU1m1soOEYp6q314L75KALYAVaY
-tQTC6gcPtXRZZvNsg9iRttPKsky0XJF7t5YGIqM4NNu5b534iXATm5Lt9jkrNKqm
-3SGD+KDLrk2aIaU9jCgY73Um1MJOls8AzUU0ZqwmAQAYoaZOwMDZ/P0Uw/du3Oaz
-O9FbzfPoS46muRZHMDVXEB0Zt8laSjwryeIU26MNye1xEU0aJJRaQQP2Vq8FTGtM
-Gi4gR9vdjyBhRE51z0kd5vPc7YkpqJNGB59KHRlHVmozo3v7zjkY/ROsiy1a0Vy/
-6ZkwtS0cnFzFhUBvUefzCsRKSiWWULqGIn3Qb7o+JQYc8vxuEua8DGnEmQEUBRgE
-j/YeI8wtObYm+u6eE0lbTopdSkfHu5UzTDYpnYDhW5nwv5ZOKeRBdXyX4BOrITnR
-xEsmp34/ql3/C9W1MXkjStaSRiWfbHt35gVlFaJNXZJXtKVOlFgxFxuslrawGI0c
-DLhPu1aMfHNc8LlD8cN5W2OQ/jsYlQDDd+n1WPpn+9VuBqSlnDl/mn4/0R7Yy53m
-+lgruhfA7S26NG+SxHPXBq8PE052ohDLylKRGEqBTJp2aXNEKKZLrK8I1zbdIx1h
-0YAAtERtvqPu2xSvJ7lGuHD+87TlWa54p3H+0UM803RBQUcH5lsNUzQ4lAN/eFgg
-7TK2BqRTqWTVm8he0tVY8XJ4dLPLsXxUKb/tiFvtjBdQM7bq0UlTxign8VGZro7v
-dKkGqdsEEiFzCnOvDwyjOEG7wUVmO/ejWkuI510U80x/APuOUH0zQOTBhMSrz1Eh
-AdWWeSvNuyWyRPNNzlQ4DJd3UKnu4BZu4zobe4imhwCCrkGkfE5FhnyXExA8FppT
-2BNe5AmIfI1joEQyRgXm/nAvwvN9pawKfDxg8gmhBLjVfk50tAydWurhrhF6CnBL
-4h/hhb+C6HZBbNpmY+O12bDk81unZ8Vvtbkix5n7/371XbaAQN1WYxNaH6SDeT1J
-qDRWAZhGPBn7VLVaQ6ZmLB73U8vkcju8r6atWasZTPsZQl2eng9J/5UoL/0Ubri2
-Jlmj/fScAhlK7yM62dVYVwezYtKV8QUcaDmcqO8qhuVCnYlaqu6SO5ApYWkOMzMW
-EpvY0SqD6QkfKvT8bVU9GOaNSMaEKUR7NPPgettVcEkg50TeyBRvXvOAexD6qcE0
-NO/sYx9do0WpY4u85DZt3Toper0hchbEmXVHlxh8CKPgUTFVsDQ6AVyrVWrtoY1k
-VpJutwWV5sPIxq17bFLTJ7pP2NIvNBvwnDedn5WKNDFu9E2U8vAujVdzlQd/gsJi
-JLCreDt+rcmJVBJHMxZC+SpLbR4kNMAe5vwwESVo6wBsxMuyn1b+82C8rum5qbJ9
-RGF8RGrZzrPWbBITPw==
+MIIE6TAbBgkqhkiG9w0BBQMwDgQIIIZxbISLie0CAggABIIEyBVsO1KqccrFCCR+
+GjUUsRJkMpoK28ybZQKEp7p2i+ccGV4tfPJR27VQ88Xy/9cMeGpC92Zi2DI/JnWf
+774YP7XCvyHcMiretzFiE87b4/ezaJVDc9ofvlPAh5iGcJ6T0FOsCOP4SC79Fqn7
+zFrxL4MGHl8kn/MddpzKlVXBapFmH4OQtTkUDvZF+81O00cRy+zrS/IZcpie0mqG
+OlzaEEdvrF0agFh4VM7xXaQLYqI/apNIHz7LfONasI9eO42XlM6FQ0cD64jcFoUd
+ztb7r14o/Hsg/vPnWPiZIa/ufMJccX2O7PTh48RASdaiiNzQnuntTPydubMlZypZ
+Y2rwbl0WCG/JkWDahHeEzi2ENXEVz2IM2DfsuAa0cKi7D6Nz40AD5oo6cW3RYLPt
+S1Q0+eWQteVs54+DgAa5kWaiNaJjchfrSCY8v1rTfsb5qTft7cQUaOO/A10zFBt6
+6vyhnUCQ69Oj8plvTYo9oyaQW8jTjraevvf9tZQws0A17y9jQNfifvn1bpTQGe7Q
+YhGGRoP3XROVNyZrAETiLrg/ILmrTkiko+ONkCPT+Fv5auE7nwM+7ipZBgdxijeD
+pHJ6/iciejsnwxYQrftqP6S6+uHAphWgTg+0Z66hoUhqPXWpzG7oQqrT1IF0iHS1
+exAJ+K0Pi5Kpak9zppmG6kVKtHxwp4MXZAPTXD4O20LxZPGxQ6OG4t10rPScDbVm
+mFUWa1Jb57qDrQy1XgKtkvUVrdTep9rjqdHu1N1kkqm6bNVciZUtSnftnPDuLnkO
+QDt+amc4aMK+PezFKW1wuDnDDbxiyI4zos7eP+itHP2sd1CHDYidyYR9CfZp9JEu
+uFWNL4xnE4o0acBRni3/poKC0t6DuwhN3p7/vMrgin6pQrlUQMFEiVDHcz05cmx1
+R50Sy7PcyQWxpQVryX8+a3sNF80mBRepOEFcDvw9LmtVye5Sl0+P6Mp4o1/q1Iaq
+eMf/Pg6yKX66ojic2uxL7/jcMbDuyItnP0weS4EeAmD0hPJd1nlbJ6b5s5nEYM4W
+aqrntKa8TPMwI2rpTx0n33NL5Z2BHJoS1R3lEQfH03Cbwizbd8w13PZ6cJ9BJHRF
+RNSswZiZbJ/bgM36WKKegRQbj/r0GZcYdn9Qp2URI32bAfm7gaM3tC6jchyCQyCn
+Q98938jRvWM2cmKRPvEXNiw/8YlBf7mUBgAcHMGdBsSjwT3IkE4sEWWtLp4AyARV
+oMzPJRmVvhFP+lyUhwNJt3Bgd0R2MS+wMjv7ruhl+ZLJwTKMr4oBSCstTrZumsai
+bVIpq+paCXiJWUndwap+BbLceX0bToXET7BPTLtqrzL3hXHCbkP/s5TcljcT8vBN
+INOG1XvjICKBTbpEVVTlM9D1eVRNNdtQ7g+i2sWkoYWy2J7IV0I90skn+1KcQekI
+i0ZefKaA+6mL9cjgz5ih1Gq0MSRx3w98Za2C0QTSk5hrqzQNUN1EsJmSw9KXsNi8
+CXHFPhQhWZKraNe7yAGEye2Cl9UugN2z21bHgUEi1IrupclNYhxXDWEVO23vhC4k
+Jwc/s5w8K8Cgei9XBAYvOTgB3RDtLLH+eG2lRBgc7kJF2WPjmzSvIjtVuD1+hKIO
+ypRsLNggTTGmPFbL1w==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
index 9802ea7..d35cb99 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 199d789..fa6d0aa 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,30 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRwFyB7jCGskCAggA
-MBQGCCqGSIb3DQMHBAjDqug87twvJwSCBMiBb1Y4B1FxGPGQwAgZd6aE8J6xH4VZ
-MNpkm4+MPCVYBvpG1q3I1YcvIw0GcAlLQASGLXEytuVEH5xCUaGdCsa5zVpf+6Ex
-i8Oyqf0dbRRafzN+K+jVLBa+higxXESE6jYxBP/auH4v5pcEy+fbljwDauyEP0bF
-EgURF5nTsa5c+MTmWho+OMy/1pAuP92XmwLeeBXWuRWs+s3wkBOIe3SerW5MOyMN
-mwqqu/6J4RU9VL7kooVE/B0oWJblvBTjeJoKDy5iX/iE2oRqXjihWPXYIhWqeCEB
-2QCpZ1/9hEN7FLX87GBD7yivhhQMF/uBnTRIjmgbKmNtwY1+rybz0MUJrXVfS1iE
-JYHlo4/cqudjsMjtjhTV9n4FJd9IsuSmZjMHVk3enIyhZ1oliugS25OpWKHnybzj
-65cgxVGPTW31o21w/fEqRRR/KzrEaMZiPyO2EEMcKlB7xmEX9cIdvD99OvLMPEuQ
-UA2hzRKO+A4roidNUT7yp8yy3BkQGLAr4JYaFINreeD+9BrIFx1jRbG3z8xqxtwh
-8P+uR2pyLYaDxeyxkjM7zDV4ax/iV1+L+z3GiC5GnPZEKkpm89MdI7fzeChttVVk
-CtpnxR3vxK2HqfcQFrTG5HNldzpAJk/tBrHRcyAnXrKs+XZhpOQ3gYoNY4fGeGYM
-c9NyeAUZkqJ1nCfHBAR9bmmCEwZSmhSt5voqZ+zS3DWKG30WtNpYMNEEchtWq8Op
-IEimZ341pZOjWqJ396zJ8qJ1XncffC/yAnRsb0xvhS149dwkDyH+17qVyF+V/pyb
-5unjg6V9g0yZ9TKyH858sRG8acVXo6NhuxCg0w8mJ4LCxcJSTgDA0lXFQcuTBLlZ
-YaXfD/dr60HfyH2ll4b5hlkww9jrg1uNW++FcsCHsZu5DV5QbhyVIYdhyp4dTV/7
-9SJJPmeMacQCNJqg783bpUyVaEecHAg8H/u+Zir0vWdRdpeekO28NLVqgQuPEqzs
-Y53RCbjlbilzHud50HHUAqN3fKJK51I1GrjrSeV9xSVnB5psjmOjPvEagGu4kv+s
-fu/fEge0HPx9FUA2xJR9u1/8swYsiAugoWxXFJVBSDJh2a4759ftd7b2mid0aX86
-OeJcY164mlLbu3d905Ez5mgVBHXDuk/LRwrvdprw48tqMB0Tv77egKbSeQzyQLD0
-ZhUQFIJ1cBlmFIw2ZdXUVlV2MJcK6XMlFkdyHRBTfiHI1V/Q2QFFLkTb64X3iTHC
-Ckow0ibsT76pDCP+Buotfk7gho6WgiojC0URzZPG/KDHUHO173S6Nr23NBpVzxun
-lKf5LiAC5LDoJmAx/XouYjh77LZLsi+jhuG3/DnIULZt8aSm5RKGZ6A3VgaaCXhp
-tG3kSSCD6gKrYt7FrKHQ1dwPakPaDdOrBtd13823sPth7GMKmbhrC/x4Q768ml/i
-Gk7DQoYbRkqi7t66aiYuJASxpYpsUWwO7MYOz2vGxDdskp/AukwnNJTA8e2rL0ki
-seqJ2l7+snUXZ4SFJ/D+wfMK2WeQRTJB4hgu7AQyp543mQ+EYZaNMtKIdgQL86q7
-MZVAx5ad82GNtAMgGLyf72bE1mkTK44poT6dob25z7MxFsM7zjadNDzcgBiYdEHq
-/8U=
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIA3i/m7GvIH4CAggA
+MBQGCCqGSIb3DQMHBAjo55qyY9mTbgSCBMjIKeoejVtH4o8wnaCArTOOmNkxbDbS
+us6mwIK293se1/mLnCMzIYdu9O78QuiC/BZWKhFQV/UIHx0RTAVQ1JNn3OrITzWm
+szRn/0yFilBD57La08e36h25QNGLQq11FXAa1R4ZjtMz2pRLAeEg1cCnPN65Rsgb
+YNXbGxrJ/sZJGi1EV9z96nJZ9/Ino2Uo8h8FK6WNwKTFjA0ZjZIsx1R5tKsRC2Y+
+xArlZRrARSG0DP1BVNChibd8+SNdiEEbp4EJIBWBqAA/yxLa5I1SFGQMBafCD4Vt
+JUdtqn2RAo/2oepQEYGRYBCga+FrgOf87GKu1dwzidoesDWwuf+90t2MBP2JeTQn
+801bDmxirJFv9ALG0xhSiN2nVbiCXx0lvHWQ5okeR5wImhIRLkD/fWMe+qJ+c+Lf
+WwkZ7eVnjWbvmukOJWto2odE7dFweQR1XPBi20C9NXQ45WiQlg3E3DsDHXP7mKbL
+uF4hPRPc5HYtluqsDz/bG69qCpj+PGH9JnUqQFgYix1sIse5Q0WDaX+as/gD9370
+Lq5BLm1TN4j73mnd0L7xE67YJ86mj7WSC4mBC9p0O60IbqB8Jnt7iY169IXvdCWP
+euYwvfWQeLQyrtAfNlE6zlfe8OcSbc8MMNYuGZvcShFUvF1jf8JXTW3nkQ86s/k1
+aijV6P8Nk38u2pLR57t3PHzMQglVDQthtO26q5KmaYMi40ZjwriR/sHVEeCcWxVu
+L9neSVdjRVt/Wl0wYMogm7naLDezQ8xC58QZpR0oUD6mSquaFlyWZU3iu8vh1lft
+TLKUqpNSt2QsEa3L/+GpEoge8eH30UpUpi3fUW5DLLtE06maZHqHj6mbtDsa1ggH
+cLE4/S2rLF4GNPUeh5S2z3NzDpPXjXPtzxMA3XgMpyViKSeG+wM2utBim7UeVKed
+NdVFymtIVkIstTk+Bu4XzWz8/HS9wNkh5XqPthQSJCPnmdHKl39BmIrgoRVk1KNu
+04cl18mFcvg0zS9ppYpGmovfv87J+IB+72kE+icEuHf4qcQSTN45wakVMib4pajH
+0LG3bUYPnk6ixZhlH/yhn8d7vi+olTipmGevAQAzNg7bbdgyivRb4+uX7rRHdfwO
+mmiXHG5RtS3czu26C7hB87m+UTCkwNGI4xAbwyQRcgks47b4sGZJWHvhCGBiIFRJ
+J99R1tCT+v/qMlhlEwnIn8Q56GKEfBRVt99n/xiq1En44Fz0c1awAu6vwbUyfEdL
+VRq6wMn50eaf0jKd2a5Rc23lui8wpsbt0Z0NrmlV2FXi8QhxTZJXKjG0s59qnR5N
+cEeITnoGcFxY+nYzC/S3YMqygqvAaaZ/fvf2klvYk47DWztSdfS5dml+nOte/fPi
+YAizmhlKmtHU59ofihlEqnis04PRp4A7zy8nCDEBKLIhPbveLANwD9BtpKChNWcp
+qyWQl/Mtge2G6KY5GLHfIWDotZToy+S4Is3onZ9tvGzClVEtAttTUdrz5rZcbhEg
+afJlQEzRPm0EH0amQ+CKhAljdBK4yv7SPuKYks65XD+Y7/sLzgdLAhsTQ9BkD4oo
+ldo8IaVT/rFdAtT0aU1lSJIq+oB72dIzzYuQtmCWrLiYnlWkc2S+4qSEaflPJtBd
+PAM=
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
index 9802ea7..d35cb99 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
index 02045f5..314bd2e 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKL2M91Lu6BYYh
-WxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+SWKGlm11rPE7
-1eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yYYpHk8VQv4vBJ
-TpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+7TDnYaVsAtnc
-gvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3Om/G48crLEVJ
-jdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVbA6agGlTXhDCr
-eDiXU8KHAgMBAAECggEAIEUH9epqO/p9uf0rqnGvPTa5fAaZpxcC1UgOg/N6NaZd
-LhADiXXseskOZ6VKeF6UMqvLyedgeROtPPuafTBDgcNbLzqj+iQlQb9MpEt3pt/v
-1pFCqqiGp3eJCQeTjcbLO5cf6gaKhUoXR9wAINbDjB+MvsUw10cJngHP0Osc7/Kw
-d70Hqu9JibdVlGFLFqd4iRouSQNp0qlXHd9c0WUzFjioo8lhhKglnrWIyqs7v6uc
-D3e2bIMOzw8pTcG2el82t14+CV4keGTxmrIS/b804JJTFsoTw0K0ukZOz5PSqOOe
-7iTdY93dk4EBqfS48N6Qdl4cH9pcYuFhzHEnlK6uoQKBgQD4XWCmmQRHkm2hq523
-8JSl1DWxH3DF/vlUGongWJgAEZDP3GUbiiPMv+jnvazSJXdvAWmdBr5a5avEaQ/p
-m4H9nzaelzQ3+8ui79vh3G+Difsr5444R/TwUyOyx7a2pMhcoKpyZCdHQ09DWPC6
-8Qqxc/nD8k6WdFcBed3iPGwkjQKBgQDQZpPrXJK21Rb2MLebG5jqORDLxMRCpHec
-4W9bCYJchY6k38xNM+6z5N6XGn+l0qFT6ag+ZfdSfKd7k+/CV5YOrdjOW1flkNkY
-nlQmUq42d8YjNDo5wdFtvvMGlAbqpJE+66BuCjrzyFOdvUvn2crzzNZUrjl65/qn
-K6gj5LAgYwKBgQDvK8TySfKEFe97O6/TPVt4YeYenn9UPBjQNApIQCiIEGJauQuo
-vJuDBd/8onx1llzwSfTxoVfYYsnJh78qIHXKzfKkQEmqC9FrI/6j/0pn6o01F3Su
-oCSw9e8vsAE023STNqlNJUNp7di7qz+PVqYMgvmoB4REgN50bm4M+lDN1QKBgHsy
-2Ok/rcAGEu/xdulsFCcLG0HLDdbz0X5dyu2/nmBB2EThxK4zMD8K4wfi82k9LoAj
-1oEk2GPcK0qj9w4lpyEAZvX/C+Q7kAu8tbR+Fl0+y1ROcMlqKfu98X+HDNuz8+WF
-eC71P0qUt9G9cV0b5J3iDya6ZGKjNwuShHDLpc9PAoGAMk/6z3BeZ0b3QdJP9qoL
-sUqtVcukHrd1jmzA1R9A/qxrSkWc43SvQkKH9gKwYUUgB5tDa46QzeDd/2eTBOnv
-3XSi/7/m5OG9EjbDYEE/LSZW4As+PLIXVnZxv3OnIqIi5ehdEJ/ix3yvWVH1ufQX
-HHRK+nF/5+kwZIjmq4c0Epg=
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkfAX6xRdB0f5b
+BjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68TdJlYt/24oRu
+JBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlzoSaegm/2PoX+
+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7MnuL29n5fM5+
+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXwEy5/aqNWfhRY
+8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn087ryFUdshlmP
+pIHxfjufAgMBAAECggEABANepfqvEZUNDq19DeptJS4ppWE4w5PkDplImlDJxj4J
+hWws2QyhezNfqVQOGUf8t61yZ7Tc4Aowzvskaf3BjMeP5FysO4T3ljZuH+iHV1aF
+oZ6hbqltLCm8PQXORAqkA2U4Kv/luW1XGZucd+0j+wYG9RAYhqXnc5ET6OBXX5Ir
+ojSgAhaIKlTahmlgwC2ntbE6eCwAloa2T/+bZyQf5Py5UfB72An0dmcST4ijoFdJ
+ww02uxt3Yn6lDvnBBd/McTMcCP4SWFbOG1zld5+ofD8N+k8Nf+VvLdWhKhqCrOxW
+5THsvKWDMgPFOxv0dBU4uMPM5D6+fbZePuBQISPAuQKBgQDYRmC67Ml3FEhYFKcj
+LOkLN+qbQSDJul4u4lV/NaVrTIpYjoB4uFZyv7uj1QTycJAdV98iuCNaSyNz9LkW
+HML1NhIek9rxM+B5tNArhXGc/1CSH9dGkmMKqAnyTYxiV4djFr4ApC//bnI2Et2j
+CQ1HSJTWRuJphEkw/RaKACZ0BQKBgQDCsl5jcsBrA6RqUkUwVO0teypkT3VMXAy3
+1NCfPKwYfdDr7036rKlLkoJ6zrnT6qCvAFVGZE1zWLHKVOg/cHQEpjk4P8HAzHUv
+/NI7fHsjhkNqwK7ffLa6QYtxVLGvFM9MZ13x+ESJU7UINdwzTz+RJ5BrTj0nzOJj
+cz7g0NyGUwKBgQDDZUI7X3bdONvriC1A4HBkDE7PmdXPq6sv3Ji153feKzbKr2Ru
+rMydu5ABgpGHoB70A9G7AnYeO8h6GN2nlrCk7gcMzTR/uwjRrIRu7Y8p8pmOi2np
+fpQwqoTh/yIYL1BIO+HJno0mz1gsdnr7s0/l2TNvLHeeMUAXHHFimKQlKQKBgHJK
+EHxiVS+8oJxFFRZtFBlZrqXZuuqLMnALPjfrfr6VxLlq7aSUDIEvTObYSV9r4M05
+7dT3djuauisisn7i/UfpZ7dsPcl2e+giiiqfRQ2yeArHdx/77qvhZACwDenP1mxs
+VUqASYMvnxplu5BnGdKUngNPlziw3cgxU5zXHky/AoGAe50Bou+KgiikGljM6wrY
+60Sfo1DtLAfQEsRS6UfKxoepqfmgTGYzVuZh6K8wNz2GPRgtcDjuvJAdPHi8Hk2/
+dMj8uhQbpWsK9m+hxA5d7+ftOC7ACMmPt58TnkbLyVcNEQ3Ikw/W+J/c3aIfx5DU
+BJ/yT/6CcE2SNKVhJJBQN9U=
-----END PRIVATE KEY-----
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
index 597aebf..665ef65 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
index b1b4180..2a5c62c 100644
--- a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
index 3bf573f..a7937ed 100644
--- a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
index 984985a..77edd57 100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown
plugins {
whitelist {
enable = yes
diff --git a/testing/tests/ikev2/rw-whitelist/pretest.dat b/testing/tests/ikev2/rw-whitelist/pretest.dat
index 8776077..0f246a8 100644
--- a/testing/tests/ikev2/rw-whitelist/pretest.dat
+++ b/testing/tests/ikev2/rw-whitelist/pretest.dat
@@ -4,12 +4,14 @@ dave::iptables-restore < /etc/iptables.rules
carol::ipsec start
dave::ipsec start
moon::ipsec start
+moon::expect-connection rw
moon::ipsec whitelist add alice at strongswan.org
moon::ipsec whitelist add bob at strongswan.org
moon::ipsec whitelist add carol at strongswan.org
moon::ipsec whitelist enable
moon::ipsec whitelist list
-carol::sleep 2
+carol::expect-connection home
carol::ipsec up home
+dave::expect-connection home
dave::ipsec up home
carol::sleep 1
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
index dabff38..0387fdf 100644
--- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
keep_alive = 5
}
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
index ca23c69..2127105 100644
--- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
index dabff38..0387fdf 100644
--- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
keep_alive = 5
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
index 85d8c19..7014c36 100644
--- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
index 7f26bc4..818f7cd 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
@@ -2,7 +2,7 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
index 7f26bc4..818f7cd 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
@@ -2,7 +2,7 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
index 5ffc1a2..a0f8344 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
- fragment_size = 1024
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
index 5ffc1a2..a0f8344 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
- fragment_size = 1024
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf
index c3dca0d..7292066 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf
@@ -14,6 +14,7 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
+ fragmentation=yes
mobike=no
conn net-net
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
index 5ef523e..a0f8344 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf
index d2673d9..2141c15 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf
@@ -14,6 +14,7 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
+ fragmentation=yes
mobike=no
conn net-net
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
index 5ef523e..a0f8344 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
index 5ffc1a2..5f29f52 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
index d4b9a55..1f39ade 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size=1024
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
index d18c788..268b708 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
index be176e9..a1a6e74 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
install_routes=no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index d18c788..268b708 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
index be176e9..a1a6e74 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
install_routes=no
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 2b824dc..ec70039 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation addrblock hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
index 2b824dc..ec70039 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation addrblock hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
index 5ffc1a2..5f29f52 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
index 5ffc1a2..5f29f52 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
index 5ffc1a2..5f29f52 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
index 2b824dc..ec70039 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation addrblock hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
index e2593c1..bb9f822 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 nonce revocation addrblock hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random x509 curl nonce revocation addrblock hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 2b824dc..ec70039 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation addrblock hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
index 5ffc1a2..5f29f52 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
index 5ffc1a2..5f29f52 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
fragment_size = 1024
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
index 5ef523e..8269071 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
index d5c4d27..71180e0 100644
--- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
plugins {
kernel-netlink {
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
index d5c4d27..71180e0 100644
--- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
plugins {
kernel-netlink {
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
index 97bb34a..19d636b 100644
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
index 97bb34a..19d636b 100644
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
index 97bb34a..19d636b 100644
--- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
index 97bb34a..19d636b 100644
--- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
index 69c6e32..8d328f0 100644
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-libipsec kernel-netlink socket-default updown
+ load = pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-libipsec kernel-netlink socket-default updown
initiator_only = yes
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
index 69c6e32..8d328f0 100644
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-libipsec kernel-netlink socket-default updown
+ load = pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-libipsec kernel-netlink socket-default updown
initiator_only = yes
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
index fa8dd94..0f4c68f 100644
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-libipsec kernel-netlink socket-default updown
+ load = pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-libipsec kernel-netlink socket-default updown
plugins {
openssl {
- fips_mode = 2
+ fips_mode = 2
}
}
}
diff --git a/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf
index c4ac991..976544b 100644
--- a/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac xcbc stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf
index c4ac991..976544b 100644
--- a/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac xcbc stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf
index 7857722..fde691e 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf
index 7857722..fde691e 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
index 5481f7b..4a7e09c 100644
--- a/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 random nonce revocation openssl stroke kernel-netlink socket-default updown
+ load = pem pkcs1 random nonce revocation openssl curl stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/dave/etc/strongswan.conf
index 564e4ea..99069ae 100644
--- a/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac gcm stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
index 5481f7b..4a7e09c 100644
--- a/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 random nonce revocation openssl stroke kernel-netlink socket-default updown
+ load = pem pkcs1 random nonce revocation openssl curl stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index c4ac991..976544b 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac xcbc stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index c4ac991..976544b 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac xcbc stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf
index 7857722..fde691e 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf
index 7857722..fde691e 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
index 7857722..fde691e 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
index 7857722..fde691e 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/strongswan.conf
index 4901462..a72c825 100644
--- a/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 random nonce openssl revocation hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 random nonce openssl revocation curl hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
x509 {
diff --git a/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/strongswan.conf b/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/strongswan.conf
index 444a41d..d676405 100644
--- a/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 random nonce openssl revocation hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 random nonce openssl curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
index 0bbf93a..4a5e52d 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/strongswan.conf
index 440bdaa..a2b5acb 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 pkcs8 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 pkcs8 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/strongswan.conf
index 440bdaa..a2b5acb 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 pkcs8 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 pkcs8 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/strongswan.conf
index 440bdaa..a2b5acb 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 pkcs8 openssl revocation random nonce hmac stroke kernel-netlink socket-default updown
+ load = pem pkcs1 pkcs8 openssl curl revocation random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12
index d3cca4f..365da74 100644
Binary files a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 and b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 differ
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
index 2074a4d..2448837 100644
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem nonce revocation openssl stroke kernel-netlink socket-default updown
+ load = pem nonce revocation openssl curl stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12
index 1a9e2aa..e2cd2f2 100644
Binary files a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 and b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 differ
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
index 2074a4d..2448837 100644
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem nonce revocation openssl stroke kernel-netlink socket-default updown
+ load = pem nonce revocation openssl curl stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index a952c81..8197ea8 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 openssl revocation nonce xcbc cmac ctr ccm stroke kernel-netlink socket-default updown
+ load = test-vectors pem pkcs1 openssl curl revocation nonce xcbc cmac ctr ccm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
on_add = yes
}
}
-
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index d9d650c..058abca 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index 065050d..8197ea8 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 openssl revocation nonce xcbc cmac ctr ccm stroke kernel-netlink socket-default updown
+ load = test-vectors pem pkcs1 openssl curl revocation nonce xcbc cmac ctr ccm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
index c55b0a9..f2c6051 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 random nonce openssl revocation stroke kernel-netlink socket-default eap-tls updown
+ load = pem pkcs1 random nonce openssl curl revocation stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
index af4737f..7af4b4e 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 random nonce openssl revocation stroke kernel-netlink socket-default eap-tls updown
+ load = pem pkcs1 random nonce openssl curl revocation stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
libtls {
suites = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
}
-
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf
index 8a8e08e..d117a30 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+ load = test-vectors pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-netlink socket-default
initiator_only = yes
integrity_test = yes
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf
index c97a520..7f06388 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+ load = test-vectors pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-netlink socket-default
retransmit_timeout = 2
retransmit_base = 1.5
- retransmit_tries = 3
+ retransmit_tries = 3
initiator_only = yes
integrity_test = yes
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf
index a234b6c..feb5d79 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+ load = test-vectors pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-netlink socket-default
integrity_test = yes
@@ -12,7 +12,7 @@ charon {
plugins {
openssl {
- fips_mode = 2
+ fips_mode = 2
}
}
}
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf
index 8a8e08e..d117a30 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+ load = test-vectors pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-netlink socket-default
initiator_only = yes
integrity_test = yes
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf
index c97a520..7f06388 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+ load = test-vectors pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-netlink socket-default
retransmit_timeout = 2
retransmit_base = 1.5
- retransmit_tries = 3
+ retransmit_tries = 3
initiator_only = yes
integrity_test = yes
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf
index a234b6c..feb5d79 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+ load = test-vectors pem pkcs1 pkcs8 random nonce x509 revocation openssl soup stroke kernel-netlink socket-default
integrity_test = yes
@@ -12,7 +12,7 @@ charon {
plugins {
openssl {
- fips_mode = 2
+ fips_mode = 2
}
}
}
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
index 2061e52..5afc88f 100644
--- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
index 8aa0ef4..a627f72 100644
--- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
index 8aa0ef4..a627f72 100644
--- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
index 8aa0ef4..a627f72 100644
--- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
index 7e96bf1..db61be2 100644
--- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
keep_alive = 5
}
diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
index c0f605d..f8efdff 100644
--- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
index 7e96bf1..db61be2 100644
--- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
keep_alive = 5
}
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/ipsec.d/data.sql
index 38c9d9b..4a5d349 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c'
+ 11, X'5c597062572d2a249c5c94569b895ee5c505b6bd'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
+ 1, 1, X'308204223082030aa003020102020130300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135303533365a170d3139303832363135303533365a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85 [...]
+ 1, X'308204a40201000282010100b7f3d43717cadfec3802e2d4867f45cb8f6b99bee1f892493db05565ab970de15237a2c0b7e0a0baed29a197e22f80b7cd99a25da675b1171693bef6ac579623f6bb47dec6a3f8981b99bacdc42c0f3610e2f4950d9a8408bc3b7a9a7e40cc05282fa1e26913035ed34520879de0ee14fb770f2d4a070f1aa4245aeb4820a4fd4fa7bf1db1cd8d1b58970f59947b29f204988e0fd0eaf57aa1fb6db9e3140fd351bfcc3663beab9d14665067f71a5345166831667b42251b9896d9f157b55c085a29a726ae62dfdf3e68c0c5b3d1ba11ca69c9f3233abcdc8c5fe5f4a3313965b8609f5855ff3 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/ipsec.d/data.sql
index 5b9beb3..85e4752 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e'
+ 11, X'ec16639928815e01cc0227c0b9cb1feab7987037'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
+ 1, 1, X'308204223082030aa003020102020131300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135313230325a170d3139303832363135313230325a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
);
INSERT INTO certificate_identity (
@@ -79,7 +79,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec [...]
+ 1, X'308204a40201000282010100d63cdc4dc584cd5fb5e205add1d242130f196297d6083e254f3d20ad7be17fe4fd80c1f1f6fc774a266f02af82053b93929b01c9da5411b402f4666feaa45dd45988402524ea91d98adf941f8e30dedb9cf98341e908d3d4f30c9b7d6b50b5f5e2319942768760de0c0127c6ba69d70b0a9d605de3c31e6218e4004ad1871f00f199416e4772190243fb2f06b69d22592e2bcfc6a2190d2f612f8ff435643096db1a19766aac1563e177df9fff2d51b6e38fb2cd74dfd68f1a2f03e5d7e3c77206af37e33beba6376ea239607821d821094c26817f8ce8a1305243a4ebd5c43907ffd5e75f49d [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/ipsec.d/data.sql
index e0c5dfc..a584dd8 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -59,13 +59,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -103,7 +103,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
index 69f7bb6..3b720bf 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
libhydra {
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/ipsec.d/data.sql
index 38c9d9b..4a5d349 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c'
+ 11, X'5c597062572d2a249c5c94569b895ee5c505b6bd'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
+ 1, 1, X'308204223082030aa003020102020130300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135303533365a170d3139303832363135303533365a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85 [...]
+ 1, X'308204a40201000282010100b7f3d43717cadfec3802e2d4867f45cb8f6b99bee1f892493db05565ab970de15237a2c0b7e0a0baed29a197e22f80b7cd99a25da675b1171693bef6ac579623f6bb47dec6a3f8981b99bacdc42c0f3610e2f4950d9a8408bc3b7a9a7e40cc05282fa1e26913035ed34520879de0ee14fb770f2d4a070f1aa4245aeb4820a4fd4fa7bf1db1cd8d1b58970f59947b29f204988e0fd0eaf57aa1fb6db9e3140fd351bfcc3663beab9d14665067f71a5345166831667b42251b9896d9f157b55c085a29a726ae62dfdf3e68c0c5b3d1ba11ca69c9f3233abcdc8c5fe5f4a3313965b8609f5855ff3 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/ipsec.d/data.sql
index 9739a78..a832d06 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e'
+ 11, X'ec16639928815e01cc0227c0b9cb1feab7987037'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
+ 1, 1, X'308204223082030aa003020102020131300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135313230325a170d3139303832363135313230325a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec [...]
+ 1, X'308204a40201000282010100d63cdc4dc584cd5fb5e205add1d242130f196297d6083e254f3d20ad7be17fe4fd80c1f1f6fc774a266f02af82053b93929b01c9da5411b402f4666feaa45dd45988402524ea91d98adf941f8e30dedb9cf98341e908d3d4f30c9b7d6b50b5f5e2319942768760de0c0127c6ba69d70b0a9d605de3c31e6218e4004ad1871f00f199416e4772190243fb2f06b69d22592e2bcfc6a2190d2f612f8ff435643096db1a19766aac1563e177df9fff2d51b6e38fb2cd74dfd68f1a2f03e5d7e3c77206af37e33beba6376ea239607821d821094c26817f8ce8a1305243a4ebd5c43907ffd5e75f49d [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/ipsec.d/data.sql
index 1ea0bd3..6e33e05 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -53,13 +53,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -97,7 +97,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
index 69f7bb6..3b720bf 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
libhydra {
diff --git a/testing/tests/sql/ip-pool-db/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db/hosts/carol/etc/ipsec.d/data.sql
index d2cd51d..9ef560a 100644
--- a/testing/tests/sql/ip-pool-db/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db/hosts/carol/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c'
+ 11, X'5c597062572d2a249c5c94569b895ee5c505b6bd'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
+ 1, 1, X'308204223082030aa003020102020130300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135303533365a170d3139303832363135303533365a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85 [...]
+ 1, X'308204a40201000282010100b7f3d43717cadfec3802e2d4867f45cb8f6b99bee1f892493db05565ab970de15237a2c0b7e0a0baed29a197e22f80b7cd99a25da675b1171693bef6ac579623f6bb47dec6a3f8981b99bacdc42c0f3610e2f4950d9a8408bc3b7a9a7e40cc05282fa1e26913035ed34520879de0ee14fb770f2d4a070f1aa4245aeb4820a4fd4fa7bf1db1cd8d1b58970f59947b29f204988e0fd0eaf57aa1fb6db9e3140fd351bfcc3663beab9d14665067f71a5345166831667b42251b9896d9f157b55c085a29a726ae62dfdf3e68c0c5b3d1ba11ca69c9f3233abcdc8c5fe5f4a3313965b8609f5855ff3 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
index 145ca90..62d9edb 100644
--- a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql resolve
}
diff --git a/testing/tests/sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql
index eb58e9d..39f0549 100644
--- a/testing/tests/sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e'
+ 11, X'ec16639928815e01cc0227c0b9cb1feab7987037'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
+ 1, 1, X'308204223082030aa003020102020131300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135313230325a170d3139303832363135313230325a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec [...]
+ 1, X'308204a40201000282010100d63cdc4dc584cd5fb5e205add1d242130f196297d6083e254f3d20ad7be17fe4fd80c1f1f6fc774a266f02af82053b93929b01c9da5411b402f4666feaa45dd45988402524ea91d98adf941f8e30dedb9cf98341e908d3d4f30c9b7d6b50b5f5e2319942768760de0c0127c6ba69d70b0a9d605de3c31e6218e4004ad1871f00f199416e4772190243fb2f06b69d22592e2bcfc6a2190d2f612f8ff435643096db1a19766aac1563e177df9fff2d51b6e38fb2cd74dfd68f1a2f03e5d7e3c77206af37e33beba6376ea239607821d821094c26817f8ce8a1305243a4ebd5c43907ffd5e75f49d [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
index 145ca90..62d9edb 100644
--- a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql resolve
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql resolve
}
diff --git a/testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql
index 0de6313..8378364 100644
--- a/testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
index 69f7bb6..3b720bf 100644
--- a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
libhydra {
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/ipsec.d/data.sql
index 38c9d9b..4a5d349 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c'
+ 11, X'5c597062572d2a249c5c94569b895ee5c505b6bd'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
+ 1, 1, X'308204223082030aa003020102020130300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135303533365a170d3139303832363135303533365a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85 [...]
+ 1, X'308204a40201000282010100b7f3d43717cadfec3802e2d4867f45cb8f6b99bee1f892493db05565ab970de15237a2c0b7e0a0baed29a197e22f80b7cd99a25da675b1171693bef6ac579623f6bb47dec6a3f8981b99bacdc42c0f3610e2f4950d9a8408bc3b7a9a7e40cc05282fa1e26913035ed34520879de0ee14fb770f2d4a070f1aa4245aeb4820a4fd4fa7bf1db1cd8d1b58970f59947b29f204988e0fd0eaf57aa1fb6db9e3140fd351bfcc3663beab9d14665067f71a5345166831667b42251b9896d9f157b55c085a29a726ae62dfdf3e68c0c5b3d1ba11ca69c9f3233abcdc8c5fe5f4a3313965b8609f5855ff3 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/ipsec.d/data.sql
index acc82b8..529574a 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/ipsec.d/data.sql
@@ -26,7 +26,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e'
+ 11, X'ec16639928815e01cc0227c0b9cb1feab7987037'
);
INSERT INTO identities (
@@ -40,13 +40,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
+ 1, 1, X'308204223082030aa003020102020131300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135313230325a170d3139303832363135313230325a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
);
INSERT INTO certificate_identity (
@@ -84,7 +84,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec [...]
+ 1, X'308204a40201000282010100d63cdc4dc584cd5fb5e205add1d242130f196297d6083e254f3d20ad7be17fe4fd80c1f1f6fc774a266f02af82053b93929b01c9da5411b402f4666feaa45dd45988402524ea91d98adf941f8e30dedb9cf98341e908d3d4f30c9b7d6b50b5f5e2319942768760de0c0127c6ba69d70b0a9d605de3c31e6218e4004ad1871f00f199416e4772190243fb2f06b69d22592e2bcfc6a2190d2f612f8ff435643096db1a19766aac1563e177df9fff2d51b6e38fb2cd74dfd68f1a2f03e5d7e3c77206af37e33beba6376ea239607821d821094c26817f8ce8a1305243a4ebd5c43907ffd5e75f49d [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/ipsec.d/data.sql
index 3b0ea67..31d9e1c 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -53,13 +53,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -97,7 +97,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
index 69f7bb6..3b720bf 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
libhydra {
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/ipsec.d/data.sql
index 38c9d9b..4a5d349 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c'
+ 11, X'5c597062572d2a249c5c94569b895ee5c505b6bd'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
+ 1, 1, X'308204223082030aa003020102020130300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135303533365a170d3139303832363135303533365a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85 [...]
+ 1, X'308204a40201000282010100b7f3d43717cadfec3802e2d4867f45cb8f6b99bee1f892493db05565ab970de15237a2c0b7e0a0baed29a197e22f80b7cd99a25da675b1171693bef6ac579623f6bb47dec6a3f8981b99bacdc42c0f3610e2f4950d9a8408bc3b7a9a7e40cc05282fa1e26913035ed34520879de0ee14fb770f2d4a070f1aa4245aeb4820a4fd4fa7bf1db1cd8d1b58970f59947b29f204988e0fd0eaf57aa1fb6db9e3140fd351bfcc3663beab9d14665067f71a5345166831667b42251b9896d9f157b55c085a29a726ae62dfdf3e68c0c5b3d1ba11ca69c9f3233abcdc8c5fe5f4a3313965b8609f5855ff3 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/ipsec.d/data.sql
index 9739a78..a832d06 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e'
+ 11, X'ec16639928815e01cc0227c0b9cb1feab7987037'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
+ 1, 1, X'308204223082030aa003020102020131300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135313230325a170d3139303832363135313230325a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec [...]
+ 1, X'308204a40201000282010100d63cdc4dc584cd5fb5e205add1d242130f196297d6083e254f3d20ad7be17fe4fd80c1f1f6fc774a266f02af82053b93929b01c9da5411b402f4666feaa45dd45988402524ea91d98adf941f8e30dedb9cf98341e908d3d4f30c9b7d6b50b5f5e2319942768760de0c0127c6ba69d70b0a9d605de3c31e6218e4004ad1871f00f199416e4772190243fb2f06b69d22592e2bcfc6a2190d2f612f8ff435643096db1a19766aac1563e177df9fff2d51b6e38fb2cd74dfd68f1a2f03e5d7e3c77206af37e33beba6376ea239607821d821094c26817f8ce8a1305243a4ebd5c43907ffd5e75f49d [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/ipsec.d/data.sql
index ae493ee..1861e5f 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index 69f7bb6..3b720bf 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
libhydra {
diff --git a/testing/tests/sql/multi-level-ca/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/multi-level-ca/hosts/carol/etc/ipsec.d/data.sql
index 66b1473..335abe2 100644
--- a/testing/tests/sql/multi-level-ca/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/multi-level-ca/hosts/carol/etc/ipsec.d/data.sql
@@ -57,7 +57,7 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
diff --git a/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/multi-level-ca/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/multi-level-ca/hosts/dave/etc/ipsec.d/data.sql
index b8780e5..91ddf01 100644
--- a/testing/tests/sql/multi-level-ca/hosts/dave/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/multi-level-ca/hosts/dave/etc/ipsec.d/data.sql
@@ -59,7 +59,7 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
diff --git a/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/multi-level-ca/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/multi-level-ca/hosts/moon/etc/ipsec.d/data.sql
index 71141db..9d9564b 100644
--- a/testing/tests/sql/multi-level-ca/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/multi-level-ca/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql
index ef6849c..d49fe49 100644
--- a/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql
@@ -33,7 +33,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
/* Certificates */
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql
index 79a35ef..938e507 100644
--- a/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql
@@ -33,7 +33,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */
- 11, X'56d69e2fdaa8a1cd195c2353e7c5b67096e30bfb'
+ 11, X'edcd6347cdd12fb63000b605430713544c9d318a'
);
/* Certificates */
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=sun.strongswan.org */
- 1, 1, X'3082042030820308a003020102020116300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373039353930345a170d3134303832363039353930345a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b30190603550403131273756e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100df9554 [...]
+ 1, 1, X'3082042030820308a00302010202012a300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343234355a170d3139303832363134343234355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b30190603550403131273756e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c72220 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */
- 1, X'308204a40201000282010100df95548a67e90e63694fff10dea9e80e5c49f51f8412b49856b695a145661fd8d21eba017aaaad0dd7f75ee1ed836c4a4ebca28c18f61f48de03b1ee135506c26bd958dd602f9bd2ae4d4e16b4f7f0399a29affe9ad88faa34c9ac31a0f8e80ecf5887b0fb29ff85f1f920934b2d9472595fae89edd36b1576e0d7106577e129e4eaf615b119f50594a51413ba176936dff8f58bb1439f437a663d2116f0b2b2821c7d261ab26c0dda9e6f46a9fbc42f4971e30add5fafd30d29668014040b2902387b475ad67b4f08440b784f37dfe34d441806b9f9342aa193dde017aabc5af401085099d57 [...]
+ 1, X'308204a30201000282010100c72220047d4a5b330c984612d46af5e08501835db4bddb0bb8dc10bb3bb6daa2079d6201481d8bd2590b381634018777c22f443579dbd0c3894c57c4e582758294990a74b79bd1ea8139a661e677995c520b84c95aeda854abe8b314a8e5f015be3555434f3d1ed8c8b31d8147fd2a2d0f65676754b544a7f64a218d4e6aa64b4e7c9f57b93423f5d05f6b96e940c2682d40401963cc47eb0f6814706f7e14ba5be6a0ec8865328612c1fa733518d3e766f2250a9a43fb4b77c4423cefe7a0e4df3ac9705cbb8a3f3bbaef5693f5ec6ae1c0ab98c744470c149c043a3f5913443ab9fcfd0f634 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
index a356434..e161c6f 100644
--- a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
@@ -33,7 +33,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
/* Certificates */
@@ -47,7 +47,7 @@ INSERT INTO certificates (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494945496a4343417771674177494241674942467a414e42676b71686b69473977304241517346414442464d517377435159445651514745774a445344455a0a4d4263474131554543684d5154476c7564586767633352796232356e55336468626a45624d426b474131554541784d53633352796232356e55336468626942530a6232393049454e424d423458445441354d4467794e7a45774d444d7a4d6c6f58445445304d4467794e6a45774d444d7a4d6c6f77526a454c4d416b47413155450a42684d43513067784754415842674e564241 [...]
+ 1, 1, X'2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494945496a43434177716741774942416749424b7a414e42676b71686b69473977304241517346414442464d517377435159445651514745774a445344455a0a4d4263474131554543684d5154476c7564586767633352796232356e55336468626a45624d426b474131554541784d53633352796232356e55336468626942530a6232393049454e424d423458445445304d4467794e7a45304e4451314e6c6f58445445354d4467794e6a45304e4451314e6c6f77526a454c4d416b47413155450a42684d43513067784754415842674e564241 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d4949456f77494241414b43415145417969396a5064533775675747495673566f444576632f557a456b384c4d35756134547532534c41725445614f4477486d0a4d5076766b686c3764776a31322f2f71666b6c6968705a7464617a784f39586b4e336f594964677434514c7133356c6a74496b45476773506e3361336e6946510a716a6b43446a2b6c4b6d6439753465636d474b52355046554c2b4c7753553663584a564e543670316f58716e74575a53386246752b3979305a706633304c66310a494c795a4167553257546a537a54487 [...]
+ 1, X'2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d4949456f77494241414b4341514541704877462b7355585164482b5777597a64504d7a706a7577684747764867736d42616831495173507364644c39675a790a6765727a70544d31767651346b625275764533535a574c6639754b4562695156394941427238374c394a41766135364548494169554d75473857697a5662494b0a4968516c5a633853326d49774157304a6336456d6e6f4a76396a36462f745644392b3678764d4a6277484c6930683742554f397442564c507937325965474e420a5936436f623443724f75464f4a79414 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
index 97c482e..27a40dd 100644
--- a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
@@ -33,7 +33,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */
- 11, X'56d69e2fdaa8a1cd195c2353e7c5b67096e30bfb'
+ 11, X'edcd6347cdd12fb63000b605430713544c9d318a'
);
/* Certificates */
@@ -47,7 +47,7 @@ INSERT INTO certificates (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=sun.strongswan.org */
- 1, 1, X'2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d49494549444343417769674177494241674942466a414e42676b71686b69473977304241517346414442464d517377435159445651514745774a445344455a0a4d4263474131554543684d5154476c7564586767633352796232356e55336468626a45624d426b474131554541784d53633352796232356e55336468626942530a6232393049454e424d423458445441354d4467794e7a41354e546b774e466f58445445304d4467794e6a41354e546b774e466f775254454c4d416b47413155450a42684d43513067784754415842674e564241 [...]
+ 1, 1, X'2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494945494443434177696741774942416749424b6a414e42676b71686b69473977304241517346414442464d517377435159445651514745774a445344455a0a4d4263474131554543684d5154476c7564586767633352796232356e55336468626a45624d426b474131554541784d53633352796232356e55336468626942530a6232393049454e424d423458445445304d4467794e7a45304e4449304e566f58445445354d4467794e6a45304e4449304e566f775254454c4d416b47413155450a42684d43513067784754415842674e564241 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */
- 1, X'2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d4949457041494241414b434151454133355655696d6670446d4e70542f385133716e6f446c784a39522b4545725359567261566f55566d48396a5348726f420a6571717444646633587548746732784b547279696a426a3248306a654137487545315547776d765a574e31674c357653726b314f4672543338446d614b612f2b0a6d746950716a544a724447672b4f674f7a316948735073702f3458782b53435453793255636c6c66726f6e7430327356647544584547563334536e6b367659560a73526e31425a536c46424f3646326b3 [...]
+ 1, X'2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d4949456f77494241414b4341514541787949674248314b577a4d4d6d4559533147723134495542673132307664734c754e7751757a7532327149486e5749420a5342324c306c6b4c4f42593041596433776939454e586e62304d4f4a5446664535594a316770535a436e53336d39487167546d6d59655a336d5678534334544a0a5775326f564b766f7378536f35664156766a56565130383948746a4973783242522f30714c51396c5a3264557455536e396b6f686a553571706b744f664a39580a7554516a3964426661356270514d4a6 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql
index e828f89..d178fe5 100644
--- a/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql
@@ -33,7 +33,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
/* Certificates */
@@ -47,7 +47,7 @@ INSERT INTO certificates (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494945496a4343417771674177494241674942467a414e42676b71686b69473977304241517346414442464d517377435159445651514745774a445344455a0a4d4263474131554543684d5154476c7564586767633352796232356e55336468626a45624d426b474131554541784d53633352796232356e55336468626942530a6232393049454e424d423458445441354d4467794e7a45774d444d7a4d6c6f58445445304d4467794e6a45774d444d7a4d6c6f77526a454c4d416b47413155450a42684d43513067784754415842674e564241 [...]
+ 1, 1, X'2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494945496a43434177716741774942416749424b7a414e42676b71686b69473977304241517346414442464d517377435159445651514745774a445344455a0a4d4263474131554543684d5154476c7564586767633352796232356e55336468626a45624d426b474131554541784d53633352796232356e55336468626942530a6232393049454e424d423458445445304d4467794e7a45304e4451314e6c6f58445445354d4467794e6a45304e4451314e6c6f77526a454c4d416b47413155450a42684d43513067784754415842674e564241 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d4949456f77494241414b43415145417969396a5064533775675747495673566f444576632f557a456b384c4d35756134547532534c41725445614f4477486d0a4d5076766b686c3764776a31322f2f71666b6c6968705a7464617a784f39586b4e336f594964677434514c7133356c6a74496b45476773506e3361336e6946510a716a6b43446a2b6c4b6d6439753465636d474b52355046554c2b4c7753553663584a564e543670316f58716e74575a53386246752b3979305a706633304c66310a494c795a4167553257546a537a54487 [...]
+ 1, X'2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d4949456f77494241414b4341514541704877462b7355585164482b5777597a64504d7a706a7577684747764867736d42616831495173507364644c39675a790a6765727a70544d31767651346b625275764533535a574c6639754b4562695156394941427238374c394a41766135364548494169554d75473857697a5662494b0a4968516c5a633853326d49774157304a6336456d6e6f4a76396a36462f745644392b3678764d4a6277484c6930683742554f397442564c507937325965474e420a5936436f623443724f75464f4a79414 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql
index c5676b7..dd437b9 100644
--- a/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql
@@ -33,7 +33,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */
- 11, X'56d69e2fdaa8a1cd195c2353e7c5b67096e30bfb'
+ 11, X'edcd6347cdd12fb63000b605430713544c9d318a'
);
/* Certificates */
@@ -47,7 +47,7 @@ INSERT INTO certificates (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=sun.strongswan.org */
- 1, 1, X'2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d49494549444343417769674177494241674942466a414e42676b71686b69473977304241517346414442464d517377435159445651514745774a445344455a0a4d4263474131554543684d5154476c7564586767633352796232356e55336468626a45624d426b474131554541784d53633352796232356e55336468626942530a6232393049454e424d423458445441354d4467794e7a41354e546b774e466f58445445304d4467794e6a41354e546b774e466f775254454c4d416b47413155450a42684d43513067784754415842674e564241 [...]
+ 1, 1, X'2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494945494443434177696741774942416749424b6a414e42676b71686b69473977304241517346414442464d517377435159445651514745774a445344455a0a4d4263474131554543684d5154476c7564586767633352796232356e55336468626a45624d426b474131554541784d53633352796232356e55336468626942530a6232393049454e424d423458445445304d4467794e7a45304e4449304e566f58445445354d4467794e6a45304e4449304e566f775254454c4d416b47413155450a42684d43513067784754415842674e564241 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */
- 1, X'2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d4949457041494241414b434151454133355655696d6670446d4e70542f385133716e6f446c784a39522b4545725359567261566f55566d48396a5348726f420a6571717444646633587548746732784b547279696a426a3248306a654137487545315547776d765a574e31674c357653726b314f4672543338446d614b612f2b0a6d746950716a544a724447672b4f674f7a316948735073702f3458782b53435453793255636c6c66726f6e7430327356647544584547563334536e6b367659560a73526e31425a536c46424f3646326b3 [...]
+ 1, X'2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d4949456f77494241414b4341514541787949674248314b577a4d4d6d4559533147723134495542673132307664734c754e7751757a7532327149486e5749420a5342324c306c6b4c4f42593041596433776939454e586e62304d4f4a5446664535594a316770535a436e53336d39487167546d6d59655a336d5678534334544a0a5775326f564b766f7378536f35664156766a56565130383948746a4973783242522f30714c51396c5a3264557455536e396b6f686a553571706b744f664a39580a7554516a3964426661356270514d4a6 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql
index b1bf209..90c9a49 100644
--- a/testing/tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c'
+ 11, X'5c597062572d2a249c5c94569b895ee5c505b6bd'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
+ 1, 1, X'308204223082030aa003020102020130300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135303533365a170d3139303832363135303533365a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol at strongswan.org' */
- 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85 [...]
+ 1, X'308204a40201000282010100b7f3d43717cadfec3802e2d4867f45cb8f6b99bee1f892493db05565ab970de15237a2c0b7e0a0baed29a197e22f80b7cd99a25da675b1171693bef6ac579623f6bb47dec6a3f8981b99bacdc42c0f3610e2f4950d9a8408bc3b7a9a7e40cc05282fa1e26913035ed34520879de0ee14fb770f2d4a070f1aa4245aeb4820a4fd4fa7bf1db1cd8d1b58970f59947b29f204988e0fd0eaf57aa1fb6db9e3140fd351bfcc3663beab9d14665067f71a5345166831667b42251b9896d9f157b55c085a29a726ae62dfdf3e68c0c5b3d1ba11ca69c9f3233abcdc8c5fe5f4a3313965b8609f5855ff3 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
index 101bd2e..7e8023f 100644
--- a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
integrity_test = yes
crypto_test {
diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql
index 53168ad..70afc34 100644
--- a/testing/tests/sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e'
+ 11, X'ec16639928815e01cc0227c0b9cb1feab7987037'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave at strongswan.org */
- 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
+ 1, 1, X'308204223082030aa003020102020131300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373135313230325a170d3139303832363135313230325a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave at strongswan.org' */
- 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec [...]
+ 1, X'308204a40201000282010100d63cdc4dc584cd5fb5e205add1d242130f196297d6083e254f3d20ad7be17fe4fd80c1f1f6fc774a266f02af82053b93929b01c9da5411b402f4666feaa45dd45988402524ea91d98adf941f8e30dedb9cf98341e908d3d4f30c9b7d6b50b5f5e2319942768760de0c0127c6ba69d70b0a9d605de3c31e6218e4004ad1871f00f199416e4772190243fb2f06b69d22592e2bcfc6a2190d2f612f8ff435643096db1a19766aac1563e177df9fff2d51b6e38fb2cd74dfd68f1a2f03e5d7e3c77206af37e33beba6376ea239607821d821094c26817f8ce8a1305243a4ebd5c43907ffd5e75f49d [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
index 101bd2e..7e8023f 100644
--- a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
integrity_test = yes
crypto_test {
diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql
index 1a3807b..27e90de 100644
--- a/testing/tests/sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
index 101bd2e..7e8023f 100644
--- a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
integrity_test = yes
crypto_test {
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/ipsec.d/data.sql
index 8a4e527..806a5b2 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/ipsec.d/data.sql
@@ -35,7 +35,7 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificate_identity (
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index f48c123..ec5899c 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
+ load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
}
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql
index 58a42cf..6b74f8b 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -47,13 +47,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -91,7 +91,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/ipsec.d/data.sql
index 7d2d17b..c6c08a0 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/ipsec.d/data.sql
@@ -35,7 +35,7 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificate_identity (
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/ipsec.d/data.sql
index 53d84ee..3620f20 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/ipsec.d/data.sql
@@ -35,7 +35,7 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificate_identity (
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/data.sql
index 70f1884..a3d480f 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e'
+ 11, X'd8263d21ec7cdbbe5a390c5b70cb038021deae13'
);
INSERT INTO identities (
@@ -53,13 +53,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */
- 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f [...]
+ 1, 1, X'308204223082030aa00302010202012b300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343435365a170d3139303832363134343435365a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100a47c [...]
);
INSERT INTO certificate_identity (
@@ -97,7 +97,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */
- 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944c [...]
+ 1, X'308204a30201000282010100a47c05fac51741d1fe5b063374f333a63bb08461af1e0b2605a875210b0fb1d74bf6067281eaf3a53335bef43891b46ebc4dd26562dff6e2846e2415f48001afcecbf4902f6b9e841c802250cb86f168b355b20a22142565cf12da6230016d0973a1269e826ff63e85fed543f7eeb1bcc25bc072e2d21ec150ef6d0552cfcbbd9878634163a0a86f80ab3ae14e2720027b327b8bdbd9f97cce7e75e9bbba8bd038183ff9f699a3c4246122bd316e9e4243fe627c0de7322d341c721b028f6d75f0132e7f6aa3567e1458f08106e87260ae70b004c1d4035e02d9457e01fec2cb878d9c2d4c9ae [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index 930b725..174f8c2 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
index d37a130..4c06ca4 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
index d37a130..4c06ca4 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
index d37a130..4c06ca4 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
index d37a130..4c06ca4 100644
--- a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
index d37a130..4c06ca4 100644
--- a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
index d37a130..4c06ca4 100644
--- a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/ipsec.d/data.sql b/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/ipsec.d/data.sql
index b1f5c7d..bb7c2dd 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/ipsec.d/data.sql
@@ -33,7 +33,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, OU=Sales, CN=alice at strongswan.org' */
- 11, X'05da04208c02f428470acf6c772d066613da863c'
+ 11, X'fb35c1df730e1570ee56ba1b6e1cf7f3ae48fcd9'
);
INSERT INTO identities (
@@ -47,13 +47,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, OU=Sales, CN=alice at strongswan.org */
- 1, 1, X'3082041f30820307a003020102020119300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303732345a170d3134303832363130303732345a3057310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e310e300c060355040b130553616c6573311d301b06035504031414616c696365407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105 [...]
+ 1, 1, X'3082041f30820307a00302010202012d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134353433365a170d3139303832363134353433365a3057310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e310e300c060355040b130553616c6573311d301b06035504031414616c696365407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105 [...]
);
INSERT INTO certificate_identity (
@@ -91,7 +91,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, OU=Sales, CN=alice at strongswan.org' */
- 1, X'308204a40201000282010100d88d6a4811e6972dd0daa2adf3c911bf5edd8664607bea67f45427a11af59184f0ab90c46007b8b5aa69fff71ab2ff2d822cd5f4c9ec94cd32ef8f49e73c91ff48e40c48b4fcdbfae4b023d857431865349f15f998ecf50dc65ffe7dc12dc37071788bc6fcf08fdfeda2c6c073a84724ff5193d73c622b1d2f545a1ff9d3ffd0fc62eb7a2be85bae427e3ee8362df0313630641e4cc8f639abd311718c843dad0634cd06cf361f204910cfc9ee48bfea590ae62e6952e8ab70e4bdc75ec51a2a29c6b74c48ee32c65a1e32b27ae330dc4acd1b762c84ea48fb684d3476241e9ae7feb9e38981d [...]
+ 1, X'308204a40201000282010100b46c93f8a9e1e8d05729c41a6bc5f7eaa1d8c212d828b7ab5b3eed5031e3b8b8beedae3c1c5bd3ae1a872170e311b4f27cf87b04cbc3bb20af1873ed89a2f151d8dfd635c15914163c0d178f896cbdaf076a6b1677f57b036669ade16f2449ceee008daf284d6d11298da8edc322d2bc93668f57a27eead5c2dd1d96f8056fda4d8cca70ba3b16c9a382f6ea58a553a25ac8d3bdba5cf2c27b5bbe72f064018d4e9698e33b5a56889dc927f706d68440f0fc6034bba95f7e94051b71c352eba2f8a9eee38aad285a6d0fa5cd3480e3e179801f10e1580ad738a434c5a5edd205aac3f5d10715a [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
index 2f01cdc..7f02ba1 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
keep_alive = 5
}
diff --git a/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/ipsec.d/data.sql
index 4e99759..8489f10 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/ipsec.d/data.sql
@@ -27,7 +27,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */
- 11, X'56d69e2fdaa8a1cd195c2353e7c5b67096e30bfb'
+ 11, X'edcd6347cdd12fb63000b605430713544c9d318a'
);
INSERT INTO identities (
@@ -41,13 +41,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=sun.strongswan.org */
- 1, 1, X'3082042030820308a003020102020116300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373039353930345a170d3134303832363039353930345a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b30190603550403131273756e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100df9554 [...]
+ 1, 1, X'3082042030820308a00302010202012a300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134343234355a170d3139303832363134343234355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b30190603550403131273756e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c72220 [...]
);
INSERT INTO certificate_identity (
@@ -85,7 +85,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */
- 1, X'308204a40201000282010100df95548a67e90e63694fff10dea9e80e5c49f51f8412b49856b695a145661fd8d21eba017aaaad0dd7f75ee1ed836c4a4ebca28c18f61f48de03b1ee135506c26bd958dd602f9bd2ae4d4e16b4f7f0399a29affe9ad88faa34c9ac31a0f8e80ecf5887b0fb29ff85f1f920934b2d9472595fae89edd36b1576e0d7106577e129e4eaf615b119f50594a51413ba176936dff8f58bb1439f437a663d2116f0b2b2821c7d261ab26c0dda9e6f46a9fbc42f4971e30add5fafd30d29668014040b2902387b475ad67b4f08440b784f37dfe34d441806b9f9342aa193dde017aabc5af401085099d57 [...]
+ 1, X'308204a30201000282010100c72220047d4a5b330c984612d46af5e08501835db4bddb0bb8dc10bb3bb6daa2079d6201481d8bd2590b381634018777c22f443579dbd0c3894c57c4e582758294990a74b79bd1ea8139a661e677995c520b84c95aeda854abe8b314a8e5f015be3555434f3d1ed8c8b31d8147fd2a2d0f65676754b544a7f64a218d4e6aa64b4e7c9f57b93423f5d05f6b96e940c2682d40401963cc47eb0f6814706f7e14ba5be6a0ec8865328612c1fa733518d3e766f2250a9a43fb4b77c4423cefe7a0e4df3ac9705cbb8a3f3bbaef5693f5ec6ae1c0ab98c744470c149c043a3f5913443ab9fcfd0f634 [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
index 16e9349..6a89855 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -9,5 +9,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
diff --git a/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/ipsec.d/data.sql b/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/ipsec.d/data.sql
index e00d00e..cc28124 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/ipsec.d/data.sql
@@ -33,7 +33,7 @@ INSERT INTO identities (
INSERT INTO identities (
type, data
) VALUES ( /* subjkey of 'C=CH, O=Linux strongSwan, CN=venus.strongswan.org' */
- 11, X'8f5c0a6cb147fc1b51708046e0636c7a54012d67'
+ 11, X'8ab59d2d99cb02fc9b00358b3b16cd7ce7ce8d0c'
);
INSERT INTO identities (
@@ -47,13 +47,13 @@ INSERT INTO identities (
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=strongSwan Root CA */
- 1, 1, X'308203b53082029da003020102020100300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131303134355a170d3134303930383131303134355a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
+ 1, 1, X'308203b8308202a0a003020102020100300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303130303131385a170d3139303930373130303131385a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bff25f [...]
);
INSERT INTO certificates (
type, keytype, data
) VALUES ( /* C=CH, O=Linux strongSwan, CN=venus.strongswan.org */
- 1, 1, X'3082040f308202f7a003020102020118300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303532325a170d3134303832363130303532325a3047310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311d301b0603550403131476656e75732e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b3 [...]
+ 1, 1, X'3082040f308202f7a00302010202012c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3134303832373134353232375a170d3139303832363134353232375a3047310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311d301b0603550403131476656e75732e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b3 [...]
);
INSERT INTO certificate_identity (
@@ -91,7 +91,7 @@ INSERT INTO certificate_identity (
INSERT INTO private_keys (
type, data
) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=venus.strongswan.org' */
- 1, X'308204a20201000282010100b3452cb2d9328eebcd929c7fbe66652a90484c9c8699f4df163974d6e538754570cc4df28659463cb3778a32d2b5e1cfde8a546c335de5d1b8795b1af43522a8826593f83eb67292e487506c0eb251fd67207af7f6d56e90eb57ebab0c787054f8ce3a283eebe1146b1920584f516cc88bf8ec3dae936e27059ed27f6f8ba154197cc21577274819f1f1990271ca6cd2f349a1e7b10ddb2ef4a07f473309ff6db19bf16af2b0dd3d5956cd6d3daf75e617dce2578b4c6c993fd89debf5543f41da66c0fd709fe1ce39c452f51f1290ffe45396663acfa9b8ac116e1460ac70b3db6b9836f7499 [...]
+ 1, X'308204a40201000282010100b3434949425bb7271d14cbca27f765b1a1596f272cb586dc1a3999b4e649a4ebef2490790c443226dde1f205943a3d6e3aafff95a082eb1e773fb390a6c1c042964562feea7a8d46b4346a80d0c8670496fcf99a0476d24ca9b0955053401b6827750c10f7dbd194aebe65bbefab745b74d1e801de954db66a3078f84453331133f249c45eb063680ba02f5dbd5855c6586ff639246659910ed52ae144957efc46927381f9bde22f674ce1bb495fd0b81ce0d0a1d823ce9fc715037aaf31af8025caef4ddbda759fe163ed8a96aabf21ce4207bf476db6001fdfffa8f3cd73e7c83693053c64d [...]
);
INSERT INTO private_key_identity (
diff --git a/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
index 2f01cdc..7f02ba1 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
keep_alive = 5
}
diff --git a/testing/tests/swanctl/ip-pool/pretest.dat b/testing/tests/swanctl/ip-pool/pretest.dat
index d1afdf0..25288f5 100755
--- a/testing/tests/swanctl/ip-pool/pretest.dat
+++ b/testing/tests/swanctl/ip-pool/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
+moon::sleep 1
moon::swanctl --load-conns 2> /dev/null
carol::swanctl --load-conns 2> /dev/null
dave::swanctl --load-conns 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/description.txt b/testing/tests/swanctl/net2net-cert-ipv6/description.txt
new file mode 100755
index 0000000..5952ecc
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/evaltest.dat b/testing/tests/swanctl/net2net-cert-ipv6/evaltest.dat
new file mode 100755
index 0000000..cdbecd5
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/evaltest.dat
@@ -0,0 +1,5 @@
+moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf
new file mode 100755
index 0000000..bd131af
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ fragment_size = 1400
+}
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 0000000..16e145c
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ gw-gw {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128gcm128-modp2048
+ }
+ }
+
+ version = 2
+ mobike = no
+ fragmentation = yes
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-modp2048
+ }
+}
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf
new file mode 100755
index 0000000..bd131af
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+
+ fragment_size = 1400
+}
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 0000000..90aa137
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ gw-gw {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ start_action = none
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ rekey_time = 10m
+ esp_proposals = aes128gcm128-modp2048
+ }
+ }
+
+ version = 2
+ mobike = no
+ fragmentation = yes
+ reauth_time = 60m
+ rekey_time = 20m
+ proposals = aes128-sha256-modp2048
+ }
+}
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/posttest.dat b/testing/tests/swanctl/net2net-cert-ipv6/posttest.dat
new file mode 100755
index 0000000..a40a7dd
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/posttest.dat
@@ -0,0 +1,11 @@
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::service charon stop 2> /dev/null
+sun::service charon stop 2> /dev/null
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/pretest.dat b/testing/tests/swanctl/net2net-cert-ipv6/pretest.dat
new file mode 100755
index 0000000..36e8e19
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/pretest.dat
@@ -0,0 +1,16 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::service charon start 2> /dev/null
+sun::service charon start 2> /dev/null
+moon::sleep 1
+moon::swanctl --load-conns 2> /dev/null
+sun::swanctl --load-conns 2> /dev/null
+moon::swanctl --load-creds 2> /dev/null
+sun::swanctl --load-creds 2> /dev/null
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-cert-ipv6/test.conf b/testing/tests/swanctl/net2net-cert-ipv6/test.conf
new file mode 100755
index 0000000..646b8b3
--- /dev/null
+++ b/testing/tests/swanctl/net2net-cert-ipv6/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/swanctl/net2net-cert/pretest.dat b/testing/tests/swanctl/net2net-cert/pretest.dat
index 2c4ba6c..3825643 100755
--- a/testing/tests/swanctl/net2net-cert/pretest.dat
+++ b/testing/tests/swanctl/net2net-cert/pretest.dat
@@ -1,7 +1,8 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::service charon start 2> /dev/null
sun::service charon start 2> /dev/null
+moon::sleep 1
moon::swanctl --load-conns 2> /dev/null
sun::swanctl --load-conns 2> /dev/null
moon::swanctl --load-creds 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-route/pretest.dat b/testing/tests/swanctl/net2net-route/pretest.dat
index 61e33fa..71f8f88 100755
--- a/testing/tests/swanctl/net2net-route/pretest.dat
+++ b/testing/tests/swanctl/net2net-route/pretest.dat
@@ -1,9 +1,10 @@
sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+moon::service charon start 2> /dev/null
+moon::sleep 1
sun::swanctl --load-creds 2> /dev/null
moon::swanctl --load-creds 2> /dev/null
sun::swanctl --load-conns 2> /dev/null
moon::swanctl --load-conns 2> /dev/null
-alice::ping -c 3 10.2.0.10
+alice::ping -c 3 10.2.0.10
diff --git a/testing/tests/swanctl/net2net-start/pretest.dat b/testing/tests/swanctl/net2net-start/pretest.dat
index 0560092..5528eb7 100755
--- a/testing/tests/swanctl/net2net-start/pretest.dat
+++ b/testing/tests/swanctl/net2net-start/pretest.dat
@@ -1,9 +1,10 @@
sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+moon::service charon start 2> /dev/null
+moon::sleep 1
sun::swanctl --load-creds 2> /dev/null
moon::swanctl --load-creds 2> /dev/null
sun::swanctl --load-conns 2> /dev/null
moon::swanctl --load-conns 2> /dev/null
-moon::sleep 1
+moon::sleep 1
diff --git a/testing/tests/swanctl/rw-cert/pretest.dat b/testing/tests/swanctl/rw-cert/pretest.dat
index 3fdf01d..75b359a 100755
--- a/testing/tests/swanctl/rw-cert/pretest.dat
+++ b/testing/tests/swanctl/rw-cert/pretest.dat
@@ -1,9 +1,10 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
+moon::sleep 1
moon::swanctl --load-conns 2> /dev/null
carol::swanctl --load-conns 2> /dev/null
dave::swanctl --load-conns 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
index 2018f5d..7507ac3 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
@@ -4,9 +4,10 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
+moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
+moon::sleep 1
moon::swanctl --load-conns 2> /dev/null
carol::swanctl --load-conns 2> /dev/null
dave::swanctl --load-conns 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
index 2018f5d..7507ac3 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
@@ -4,9 +4,10 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
+moon::service charon start 2> /dev/null
carol::service charon start 2> /dev/null
dave::service charon start 2> /dev/null
+moon::sleep 1
moon::swanctl --load-conns 2> /dev/null
carol::swanctl --load-conns 2> /dev/null
dave::swanctl --load-conns 2> /dev/null
diff --git a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/moonKey.der b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/moonKey.der
index 97f0963..d374893 100644
Binary files a/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/moonKey.der and b/testing/tests/tkm/host2host-initiator/hosts/moon/etc/tkm/moonKey.der differ
diff --git a/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/tkm/host2host-responder/hosts/moon/etc/tkm/moonKey.der b/testing/tests/tkm/host2host-responder/hosts/moon/etc/tkm/moonKey.der
index 97f0963..d374893 100644
Binary files a/testing/tests/tkm/host2host-responder/hosts/moon/etc/tkm/moonKey.der and b/testing/tests/tkm/host2host-responder/hosts/moon/etc/tkm/moonKey.der differ
diff --git a/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/tkm/moonKey.der b/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/tkm/moonKey.der
index 97f0963..d374893 100644
Binary files a/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/tkm/moonKey.der and b/testing/tests/tkm/host2host-xfrmproxy/hosts/moon/etc/tkm/moonKey.der differ
diff --git a/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf
index dc93764..f585edf 100644
--- a/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf b/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf
index ca23c69..2127105 100644
--- a/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf b/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf
index ca23c69..2127105 100644
--- a/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/tkm/multiple-clients/hosts/sun/etc/tkm/sunKey.der b/testing/tests/tkm/multiple-clients/hosts/sun/etc/tkm/sunKey.der
index 4c47db0..cb547a0 100644
Binary files a/testing/tests/tkm/multiple-clients/hosts/sun/etc/tkm/sunKey.der and b/testing/tests/tkm/multiple-clients/hosts/sun/etc/tkm/sunKey.der differ
diff --git a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/tkm/moonKey.der b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/tkm/moonKey.der
index 97f0963..d374893 100644
Binary files a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/tkm/moonKey.der and b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/tkm/moonKey.der differ
diff --git a/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf
index 94e0b2a..a262950 100644
--- a/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/tkm/moonKey.der b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/tkm/moonKey.der
index 97f0963..d374893 100644
Binary files a/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/tkm/moonKey.der and b/testing/tests/tkm/net2net-xfrmproxy/hosts/moon/etc/tkm/moonKey.der differ
diff --git a/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf b/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf
index 94e0b2a..a262950 100644
--- a/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
index 2f104f5..d891a2c 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
index 2f104f5..d891a2c 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
index 51425ac..03f5519 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
index 4c77038..927c459 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
index df385d5..566457d 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
index 5bf9dc0..fbf1617 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql
index 8b36df5..d87b5e7 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql
@@ -1,10 +1,10 @@
/* Devices */
INSERT INTO devices ( /* 1 */
- value, product, created
-) VALUES (
- 'aabbccddeeff11223344556677889900', 42, 1372330615
-);
+ value, product, created
+)
+SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Groups Members */
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
index 4eeff49..3520fd5 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
index 7c27dbd..b8488fe 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
index 390c42c..6e49677 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
index 7541a2a..03b2474 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
@@ -5,6 +5,7 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second
alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second
+alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd
alice::cat /etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
index 4c77038..927c459 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
index 5424f4c..1422c3c 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
index 390c42c..6e49677 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/strongswan.conf
index 390c42c..6e49677 100644
--- a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
index 4c77038..927c459 100644
--- a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
index 5424f4c..1422c3c 100644
--- a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
index 3037d00..2ce6fd3 100644
--- a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
index 20c0928..201f6c7 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
index 64a25b4..a255b90 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication=no
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
index 7ee2ead..ee510f1 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
index c0e5e94..ea8e626 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
index 4c31a78..3a93fc3 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
index 46c7367..009e2ef 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
index d71893a..43af0fc 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
index d71893a..43af0fc 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
index 7681388..9f3874b 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
index f9bb033..14c2aaf 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.5 x86_64.*carol at strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*carol at strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.5 x86_64.*dave at strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*dave at strongswan.org - isolate::YES
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave at strongswan.org' with EAP successful::YES
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
index f64fe6a..0c93429 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
index 075919a..2284412 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/pts/data1.sql
index 8b36df5..d87b5e7 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/pts/data1.sql
@@ -1,10 +1,10 @@
/* Devices */
INSERT INTO devices ( /* 1 */
- value, product, created
-) VALUES (
- 'aabbccddeeff11223344556677889900', 42, 1372330615
-);
+ value, product, created
+)
+SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Groups Members */
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
index e81908f..88a4ad3 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
+ load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
@@ -28,4 +28,3 @@ attest {
load = random nonce openssl sqlite
database = sqlite:///etc/pts/config.db
}
-
diff --git a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
index 49ea041..7a562ee 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
@@ -3,6 +3,7 @@ carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
+moon::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-20-os/evaltest.dat b/testing/tests/tnc/tnccs-20-os/evaltest.dat
index b9f094f..1cf7ed6 100644
--- a/testing/tests/tnc/tnccs-20-os/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-os/evaltest.dat
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --sessions 2> /dev/null::Debian 7.5 x86_64.*carol at strongswan.org - allow::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian.*x86_64.*carol at strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with EAP successful::YES
-moon:: ipsec attest --sessions 2> /dev/null::Debian 7.5 x86_64.*dave at strongswan.org - isolate::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian.*x86_64.*dave at strongswan.org - isolate::YES
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave at strongswan.org' with EAP successful::YES
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
index 4f5993e..0b8e923 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
index 4ed358d..4dcb5c3 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql
index 6e7e10f..3cfa251 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql
@@ -1,10 +1,10 @@
/* Devices */
INSERT INTO devices ( /* 1 */
- value, product, created
-) VALUES (
- 'aabbccddeeff11223344556677889900', 42, 1372330615
-);
+ value, product, created
+)
+SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Groups Members */
@@ -26,9 +26,9 @@ INSERT INTO identities (
INSERT INTO sessions (
time, connection, identity, device, product, rec
-) VALUES (
- NOW, 1, 1, 1, 42, 0
-);
+)
+SELECT NOW, 1, 1, 1, id, 0
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Results */
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
index ed81c17..baa7dbb 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-os/pretest.dat b/testing/tests/tnc/tnccs-20-os/pretest.dat
index d991ee3..fc102ec 100644
--- a/testing/tests/tnc/tnccs-20-os/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os/pretest.dat
@@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules
carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
moon::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql
+moon::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
index 9a477bd..a86fcff 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
@@ -1,20 +1,20 @@
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-dave:: cat /var/log/daemon.log::collected 372 SWID tags::YES
+dave:: cat /var/log/daemon.log::collected ... SWID tags::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-carol::cat /var/log/daemon.log::collected 373 SWID tag IDs::YES
+carol::cat /var/log/daemon.log::collected ... SWID tag IDs::YES
carol::cat /var/log/daemon.log::collected 1 SWID tag::YES
carol::cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Allowed::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
alice::cat /var/log/daemon.log::user AR identity.*dave.*authenticated by password::YES
-alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 3: allow - received inventory of 0 SWID tag IDs and 372 SWID tags::YES
+alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 3: allow - received inventory of 0 SWID tag IDs and ... SWID tags::YES
alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 9: allow - received inventory of 373 SWID tag IDs and 1 SWID tag::YES
+alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 9: allow - received inventory of ... SWID tag IDs and 1 SWID tag::YES
moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave' successful::YES
moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql
index 8adc459..d6a547b 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql
@@ -1,10 +1,10 @@
/* Devices */
INSERT INTO devices ( /* 1 */
- value, product, created
-) VALUES (
- 'aabbccddeeff11223344556677889900', 42, 1372330615
-);
+ value, product, created
+)
+SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Groups Members */
@@ -26,9 +26,9 @@ INSERT INTO identities (
INSERT INTO sessions (
time, connection, identity, device, product, rec
-) VALUES (
- NOW, 1, 1, 1, 42, 0
-);
+)
+SELECT NOW, 1, 1, 1, id, 0
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Results */
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
index a60f1de..1c34f51 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
plugins {
eap-ttls {
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
index c040f09..ee16a4c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
plugins {
eap-ttls {
@@ -11,8 +11,8 @@ charon {
max_message_count = 0
}
tnccs-20 {
- max_batch_size = 32754
- max_message_size = 32722
+ max_batch_size = 16370
+ max_message_size = 16338
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
index cd9efee..dd7d160 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
plugins {
eap-ttls {
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
index d329518..fc647a0 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
index 4ba63d1..ca3c559 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
@@ -7,6 +7,7 @@ dave::cat /etc/tnc_config
carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql
+alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
alice::chgrp www-data /etc/pts/config.db; chmod g+w /etc/pts/config.db
alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
index 9327f51..3b48073 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
@@ -1,19 +1,19 @@
dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES
-dave:: cat /var/log/auth.log::collected 372 SWID tags::YES
+dave:: cat /var/log/auth.log::collected ... SWID tags::YES
carol::cat /var/log/auth.log::received SASL Success result::YES
-carol::cat /var/log/auth.log::collected 373 SWID tag IDs::YES
+carol::cat /var/log/auth.log::collected ... SWID tag IDs::YES
carol::cat /var/log/auth.log::collected 1 SWID tag::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave at strongswan.org::YES
alice::cat /var/log/daemon.log::certificate status is good::YES
alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave at strongswan.org.*authenticated by certificate::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with 372 items for request 3 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::received SWID tag inventory with ... items for request 3 at eid 1 of epoch::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES
alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::received SWID tag ID inventory with 373 items for request 9 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items for request 9 at eid 1 of epoch::YES
alice::cat /var/log/daemon.log::1 SWID tag target::YES
alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES
alice::cat /var/log/daemon.log::regid.2004-03.org.strongswan_strongSwan-::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql
index 14f9d7d..16ab96d 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql
@@ -1,10 +1,10 @@
/* Devices */
INSERT INTO devices ( /* 1 */
- value, product, created
-) VALUES (
- 'aabbccddeeff11223344556677889900', 42, 1372330615
-);
+ value, product, created
+)
+SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Groups Members */
@@ -26,9 +26,9 @@ INSERT INTO identities (
INSERT INTO sessions (
time, connection, identity, device, product, rec
-) VALUES (
- NOW, 1, 1, 1, 42, 0
-);
+)
+SELECT NOW, 1, 1, 1, id, 0
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Results */
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index eb807b1..935973c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,9 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 nonce x509 revocation constraints openssl socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+ load = pem pkcs1 nonce x509 openssl curl revocation constraints socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
- plugins {
+ plugins {
tnc-pdp {
server = aaa.strongswan.org
radius {
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
index 29fdf02..c83805a 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ libtls {
}
pt-tls-client {
- load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
+ load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
index 0a7f048..2e2fccd 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
@@ -17,5 +17,5 @@ libtls {
}
pt-tls-client {
- load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
+ load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
index ca8f47d..eed7967 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
@@ -7,6 +7,7 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
dave::cat /etc/tnc_config
alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql
+alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
alice::chgrp www-data /etc/pts/config.db; chmod g+w /etc/pts/config.db
alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
index f9bb033..14c2aaf 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.5 x86_64.*carol at strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*carol at strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.5 x86_64.*dave at strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*dave at strongswan.org - isolate::YES
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave at strongswan.org' with EAP successful::YES
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
index 53bb9df..9f410d1 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
index 25c27be..e67223b 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql
index 8b36df5..d87b5e7 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql
@@ -1,10 +1,10 @@
/* Devices */
INSERT INTO devices ( /* 1 */
- value, product, created
-) VALUES (
- 'aabbccddeeff11223344556677889900', 42, 1372330615
-);
+ value, product, created
+)
+SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Groups Members */
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
index 07d620c..e72ab09 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
+ load = aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
@@ -30,4 +30,3 @@ attest {
load = random nonce openssl sqlite
database = sqlite:///etc/pts/config.db
}
-
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
index 49ea041..7a562ee 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
@@ -3,6 +3,7 @@ carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
+moon::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-20-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-pts/evaltest.dat
index 2d18138..0bf4f2b 100644
--- a/testing/tests/tnc/tnccs-20-pts/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/evaltest.dat
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.5 x86_64.*carol at strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*carol at strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol at strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.5 x86_64.*dave at strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*dave at strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave at strongswan.org' with EAP successful::YES
moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
index f64fe6a..0c93429 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
index 79c79b8..3c41f15 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
plugins {
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql
index 8b36df5..d87b5e7 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql
@@ -1,10 +1,10 @@
/* Devices */
INSERT INTO devices ( /* 1 */
- value, product, created
-) VALUES (
- 'aabbccddeeff11223344556677889900', 42, 1372330615
-);
+ value, product, created
+)
+SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
+FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
/* Groups Members */
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
index e81908f..88a4ad3 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
+ load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
@@ -28,4 +28,3 @@ attest {
load = random nonce openssl sqlite
database = sqlite:///etc/pts/config.db
}
-
diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat
index 49ea041..7a562ee 100644
--- a/testing/tests/tnc/tnccs-20-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/pretest.dat
@@ -3,6 +3,7 @@ carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
+moon::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
moon::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
index 5e661c3..85287fb 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
index 6b86fe8..f068d12 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
index 46c7367..009e2ef 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
index 1cf2f0e..6c7ef55 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
index 0e63eab..67c3007 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
index 1a4dc85..a408b73 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
index 292bfa5..c1693c1 100644
--- a/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
}
diff --git a/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
index 75f6d73..d8026b2 100644
--- a/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
index 94e1ee9..9c13fcb 100644
--- a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
index c8e5e8a..a81460b 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
integrity_test = yes
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
index 9fc9cec..b64aeeb 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication=no
integrity_test = yes
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
index 0d547cb..45c132f 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown
multiple_authentication=no
integrity_test = yes
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git
More information about the Pkg-swan-devel
mailing list