[svn-upgrade] Integrating new upstream version, strongswan (4.3.2)

5 files changed, 91 insertions, 34 deletions

diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c
index 018cab1c0..0a01d0385 100644
--- a/src/libstrongswan/credentials/keys/private_key.c
+++ b/src/libstrongswan/credentials/keys/private_key.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: private_key.c 3488 2008-02-21 15:10:02Z martin $
  */
 
 #include "private_key.h"
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index 219926af1..f38af8ff4 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: private_key.h 5003 2009-03-24 17:43:01Z martin $
  */
  
 /**
@@ -82,6 +80,14 @@ struct private_key_t {
 	public_key_t* (*get_public_key)(private_key_t *this);
 	
 	/**
+	 * Check if two private keys are equal.
+	 * 
+	 * @param other		other private key
+	 * @return			TRUE, if equality
+	 */
+	bool (*equals) (private_key_t *this, private_key_t *other);
+
+	/**
 	 * Check if a private key belongs to a public key.
 	 * 
 	 * @param public	public key
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 80b9f03c3..c94c27f0a 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -11,27 +11,60 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: public_key.c 4051 2008-06-10 09:08:27Z tobias $
  */
 
+#include <asn1/oid.h>
+
 #include "public_key.h"
 
-ENUM(key_type_names, KEY_RSA, KEY_ECDSA,
+ENUM(key_type_names, KEY_RSA, KEY_DSA,
 	"RSA",
-	"ECDSA"
+	"ECDSA",
+	"DSA"
 );
 
-ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_ECDSA_521,
-	"DEFAULT",
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
+	"UNKNOWN",
+	"RSA_EMSA_PKCS1_NULL",
 	"RSA_EMSA_PKCS1_MD5",
 	"RSA_EMSA_PKCS1_SHA1",
 	"RSA_EMSA_PKCS1_SHA256",
 	"RSA_EMSA_PKCS1_SHA384",
 	"RSA_EMSA_PKCS1_SHA512",
+	"ECDSA_WITH_NULL",
 	"ECDSA_WITH_SHA1",
 	"ECDSA-256",
 	"ECDSA-384",
 	"ECDSA-521",
 );
 
+/*
+ * Defined in header.
+ */
+signature_scheme_t signature_scheme_from_oid(int oid)
+{
+	switch (oid)
+	{
+		case OID_MD5_WITH_RSA:
+		case OID_MD5:
+			return SIGN_RSA_EMSA_PKCS1_MD5;
+		case OID_SHA1_WITH_RSA:
+		case OID_SHA1:
+			return SIGN_RSA_EMSA_PKCS1_SHA1;
+		case OID_SHA256_WITH_RSA:
+		case OID_SHA256:
+			return SIGN_RSA_EMSA_PKCS1_SHA256;
+		case OID_SHA384_WITH_RSA:
+		case OID_SHA384:
+			return SIGN_RSA_EMSA_PKCS1_SHA384;
+		case OID_SHA512_WITH_RSA:
+		case OID_SHA512:
+			return SIGN_RSA_EMSA_PKCS1_SHA512;
+		case OID_ECDSA_WITH_SHA1:
+		case OID_EC_PUBLICKEY:
+			return SIGN_ECDSA_WITH_SHA1;
+		default:
+			return SIGN_UNKNOWN;
+	}
+}
+
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 65bb5f64d..c58531b73 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: public_key.h 5003 2009-03-24 17:43:01Z martin $
  */
  
 /**
@@ -36,12 +34,14 @@ typedef enum signature_scheme_t signature_scheme_t;
  */
 enum key_type_t {
 	/** key type wildcard */
-	KEY_ANY,
+	KEY_ANY   = 0,
 	/** RSA crypto system as in PKCS#1 */
-	KEY_RSA,
+	KEY_RSA   = 1,
 	/** ECDSA as in ANSI X9.62 */
-	KEY_ECDSA,
-	/** DSS, ElGamal, ... */
+	KEY_ECDSA = 2,
+	/** DSA */
+	KEY_DSA   = 3,
+	/** ElGamal, ... */
 };
 
 /**
@@ -52,29 +52,35 @@ extern enum_name_t *key_type_names;
 /**
  * Signature scheme for signature creation
  *
- * EMSA-PKCS1 signatures are from the PKCS#1 standard. They include
- * the ASN1-OID of the used hash algorithm.
+ * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
+ * A prepended ASN.1 encoded digestInfo field contains the 
+ * OID of the used hash algorithm. The ASN.1 type of the PKCS#7
+ * variants is OCTET_STRING instead of the default BIT_STRING.
  */
 enum signature_scheme_t {
-	/** default scheme of that underlying crypto system */
-	SIGN_DEFAULT,
-	/** EMSA-PKCS1 with MD5  */
+	/** Unknown signature scheme                                       */
+	SIGN_UNKNOWN,
+	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo       */
+	SIGN_RSA_EMSA_PKCS1_NULL,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5       */
 	SIGN_RSA_EMSA_PKCS1_MD5,
-	/** EMSA-PKCS1 signature as in PKCS#1 standard using SHA1 as hash.  */
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
 	SIGN_RSA_EMSA_PKCS1_SHA1,
-	/** EMSA-PKCS1 signature as in PKCS#1 standard using SHA256 as hash. */
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256   */
 	SIGN_RSA_EMSA_PKCS1_SHA256,
-	/** EMSA-PKCS1 signature as in PKCS#1 standard using SHA384 as hash. */
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384   */
 	SIGN_RSA_EMSA_PKCS1_SHA384,
-	/** EMSA-PKCS1 signature as in PKCS#1 standard using SHA512 as hash. */
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512   */
 	SIGN_RSA_EMSA_PKCS1_SHA512,
-	/** ECDSA using SHA-1 as hash. */
+	/** ECDSA over precomputed digest                                  */
+	SIGN_ECDSA_WITH_NULL,
+	/** ECDSA with SHA-1                                               */
 	SIGN_ECDSA_WITH_SHA1,
-	/** ECDSA with SHA-256 on the P-256 curve as in RFC 4754 */
+	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754           */
 	SIGN_ECDSA_256,
-	/** ECDSA with SHA-384 on the P-384 curve as in RFC 4754 */
+	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754           */
 	SIGN_ECDSA_384,
-	/** ECDSA with SHA-512 on the P-521 curve as in RFC 4754 */
+	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754           */
 	SIGN_ECDSA_521,
 };
 
@@ -109,13 +115,21 @@ struct public_key_t {
 	/**
 	 * Encrypt a chunk of data.
 	 *
-	 * @param crypto	chunk containing plaintext data
-	 * @param plain		where to allocate encrypted data
+	 * @param plain		chunk containing plaintext data
+	 * @param crypto	where to allocate encrypted data
 	 * @return 			TRUE if data successfully encrypted
 	 */
-	bool (*encrypt)(public_key_t *this, chunk_t crypto, chunk_t *plain);
+	bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
 	
 	/**
+	 * Check if two public keys are equal.
+	 * 
+	 * @param other		other public key
+	 * @return			TRUE, if equality
+	 */
+	bool (*equals)(public_key_t *this, public_key_t *other);
+
+	/**
 	 * Get the strength of the key in bytes.
 	 * 
 	 * @return			strength of the key in bytes
@@ -152,4 +166,12 @@ struct public_key_t {
 	void (*destroy)(public_key_t *this);
 };
 
+/**
+ * Conversion of ASN.1 signature or hash OID to signature scheme.
+ * 
+ * @param oid			ASN.1 OID
+ * @return				signature_scheme, SIGN_UNKNOWN if OID is unsupported
+ */
+signature_scheme_t signature_scheme_from_oid(int oid);
+
 #endif /** PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
index f55b52c3a..c6f141446 100644
--- a/src/libstrongswan/credentials/keys/shared_key.c
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: shared_key.c 3600 2008-03-14 15:11:29Z martin $
  */
 
 #include "shared_key.h"