Project

General

Profile

SQLite HOWTO » History » Version 10

Version 9 (Martin Willi, 30.06.2008 08:28) → Version 10/28 (Andreas Steffen, 01.05.2009 19:58)


h1. SQLite HOWTO



SQLite tables defined in [browser:trunk/testing/hosts/default/etc/ipsec.d/tables.sql tables.sql]



h2. TABLE identities



*type* defined in [browser:trunk/src/libstrongswan/utils/identification.h#L58 identification.h]

| || 0|ID_ANY |matches 0||ID_ANY ||matches any id |right=%any | ||right=_%any_ ||
| || 1|ID_IPV4_ADDR |IPv4 1||ID_IPV4_ADDR ||IPv4 address |right=192.168.0.1 | ||right=_192.168.0.1_ ||
| || 2|ID_FQDN |fully 2||ID_FQDN ||fully qualified domain name |right=@moon.strongswan.org | ||right=_@moon.strongswan.org_ ||
| || 3|ID_RFC822_ADDR |RFC822 3||ID_RFC822_ADDR ||RFC822 email address |right=carol@strongswan.org | ||right=_carol@strongswan.org_ ||
| || 5|ID_IPV6_ADDR |IPv6 5||ID_IPV6_ADDR ||IPv6 address |right=fec0::1 | ||right=_fec0::1_ ||
| || 9|ID_DER_ASN1_DN |ASN.1 9||ID_DER_ASN1_DN ||ASN.1 distinguished name |right=C=CH, ||right=_C=CH, O=Linux strongSwan, CN=moon.strongswan.org | CN=moon.strongswan.org_||
| 11|ID_KEY_ID |opaque || 11||ID_KEY_ID ||opaque octet string |right=@#e5e410876c2ac4bead854942a6de7658303a9fc1 | ||right=_@#e5e410876c2ac4bead854942a6de7658303a9fc1_ ||
|202|ID_PUBKEY_INFO_SHA1 |SHA-1 ||202||ID_PUBKEY_INFO_SHA1||SHA-1 hash over subjectPublicKeyInfo | | subjectPublicKeyInfo|| ||
|203|ID_PUBKEY_SHA1 |SHA-1 ||203||ID_PUBKEY_SHA1 ||SHA-1 hash over subjectPublicKey | | || ||

*ID_ANY*: scripts/id2sql "%any"

<pre>

INSERT INTO identities (
type, data
) VALUES (
0, X_
);
</pre>



*ID_IPV4_ADDR*: scripts/id2sql "192.168.0.1"

<pre>

INSERT INTO identities (
type, data
) VALUES (
1, X'c0a80001'
);
</pre>



*ID_FQDN*: scripts/id2sql "@moon.strongswan.org"

<pre>

INSERT INTO identities (
type, data
) VALUES (
2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
);
</pre>



*ID_RFC822_ADDR*: scripts/id2sql "carol@strongswan.org"

<pre>

INSERT INTO identities (
type, data
) VALUES (
3, X'6361726f6c407374726f6e677377616e2e6f7267'
);
</pre>



*ID_IPV6_ADDR*: scripts/id2sql "fec0::1"

<pre>

INSERT INTO identities (
type, data
) VALUES (
5, X'fec00000000000000000000000000001'
);
</pre>



*ID_DER_ASN1_DN*: scripts/id2sql "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

<pre>

INSERT INTO identities (
type, data
) VALUES (
9, X'3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f7267'
);
</pre>



*ID_KEY_ID*: scripts/id2sql "@#e5e410876c2ac4bead854942a6de7658303a9fc1"

<pre>

INSERT INTO identities (
type, data
) VALUES (
11, X'e5e410876c2ac4bead854942a6de7658303a9fc1'
);
</pre>



*ID_PUBKEY_INFO_SHA1*: scripts/key2keyid moonKey.der

<pre>

INSERT INTO identities (
type, data
) VALUES (
202, X'd70dbd46d5133519064f12f100525ead0802ca95'
);
</pre>



*ID_PUBKEY_SHA1*: scripts/key2keyid moonKey.der

<pre>

INSERT INTO identities (
type, data
) VALUES (
203, X'e5e410876c2ac4bead854942a6de7658303a9fc1'
);
</pre>



h2. TABLE private_keys



*type* defined in [browser:trunk/src/libstrongswan/credentials/keys/public_key.h#L37 public_key.h]

|1 |KEY_RSA |RSA ||1||KEY_RSA ||RSA key in PKCS!#1 format | ||
|2 |KEY_ECDSA |ECDSA ||2||KEY_ECDSA||ECDSA key in ANSI X9.62 format |

format||

h2. TABLE certificates



*type* defined in [browser:trunk/src/libstrongswan/credentials/certificates/certificate.h#L35 certificate.h]

|1 |CERT_X509 |X.509 ||1||CERT_X509 ||X.509 certificate | ||
|2 |CERT_X509_CRL |X.509 ||2||CERT_X509_CRL ||X.509 certificate revocation list | list||
|5 |CERT_X509_AC |X.509 ||5||CERT_X509_AC ||X.509 attribute certificate | ||
|6 |CERT_TRUSTED_PUBKEY |trusted ||6||CERT_TRUSTED_PUBKEY||trusted public key | ||

*keytype* defined in [browser:trunk/src/libstrongswan/credentials/keys/public_key.h#L37 public_key.h]



h2. TABLE shared_secrets



*type* defined in [browser:trunk/src/libstrongswan/credentials/keys/shared_key.h#L33 shared_key.h]

|1 |SHARED_IKE |: ||1||SHARED_IKE||: PSK <secret> | ||
|2 |SHARED_EAP |: ||2||SHARED_EAP||: EAP <secret> | ||
|3 |SHARED_PRIVATE_KEY_PASS |: ||3||SHARED_PRIVATE_KEY_PASS||: RSA <keyfile> <secret> | <secret>||
|4 |SHARED_PIN |: ||4||SHARED_PIN||: PIN <secret> |

||

h2. TABLE peer_configs



*auth_method* defined in [browser:trunk/src/charon/config/peer_cfg.h#L87 peer_cfg.h]

|1 |CONF_AUTH_PUBKEY |authentication ||1||CONF_AUTH_PUBKEY||authentication using public key |authby=rsasig_, authby=ecdsasig | ||authby=_rsasig_, authby=_ecdsasig_||
|2 |CONF_AUTH_PSK |authentication ||2||CONF_AUTH_PSK ||authentication using pre-shared secret |authby=psk | secret||authby=_psk_ ||
|3 |CONF_AUTH_EAP |authentication ||3||CONF_AUTH_EAP ||authentication using EAP |authby=eap | ||authby=_eap_ ||

*eap_type* defined in [browser:trunk/src/charon/sa/authenticators/eap/eap_method.h#L50 eap_method.h]

| 4 |EAP_MD5 | || 4||EAP_MD5||
|18 |EAP_SIM | ||18||EAP_SIM||
|23 |EAP_AKA |

||23||EAP_AKA||

h2. TABLE traffic_selectors



*type* defined in [browser:trunk/src/charon/config/traffic_selector.h#L37 traffic_selector.h]

|7 |TS_IPV4_ADDR_RANGE | ||7||TS_IPV4_ADDR_RANGE||
|8 |TS_IPV6_ADDR_RANGE | ||8||TS_IPV6_ADDR_RANGE||