New upstream release.

6 files changed, 20 insertions, 522 deletions

diff --git a/src/libstrongswan/credentials/keys/key_encoding.c b/src/libstrongswan/credentials/keys/key_encoding.c
deleted file mode 100644
index 89b25226c..000000000
--- a/src/libstrongswan/credentials/keys/key_encoding.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "key_encoding.h"
-
-#include <stdint.h>
-
-#include <utils/linked_list.h>
-#include <utils/hashtable.h>
-#include <threading/rwlock.h>
-
-typedef struct private_key_encoding_t private_key_encoding_t;
-
-/**
- * Private data of an key_encoding_t object.
- */
-struct private_key_encoding_t {
-
-	/**
-	 * Public key_encoding_t interface.
-	 */
-	key_encoding_t public;
-
-	/**
-	 * cached encodings, a table for each encoding_type_t, containing chunk_t*
-	 */
-	hashtable_t *cache[KEY_ENCODING_MAX];
-
-	/**
-	 * Registered encoding fuctions, key_encoder_t
-	 */
-	linked_list_t *encoders;
-
-	/**
-	 * lock to access cache/encoders
-	 */
-	rwlock_t *lock;
-};
-
-/**
- * See header.
- */
-bool key_encoding_args(va_list args, ...)
-{
-	va_list parts, copy;
-	bool failed = FALSE;
-
-	va_start(parts, args);
-
-	while (!failed)
-	{
-		key_encoding_part_t current, target;
-		chunk_t *out, data;
-
-		/* get the part we are looking for */
-		target = va_arg(parts, key_encoding_part_t);
-		if (target == KEY_PART_END)
-		{
-			break;
-		}
-		out = va_arg(parts, chunk_t*);
-
-		va_copy(copy, args);
-		while (!failed)
-		{
-			current = va_arg(copy, key_encoding_part_t);
-			if (current == KEY_PART_END)
-			{
-				failed = TRUE;
-				break;
-			}
-			data = va_arg(copy, chunk_t);
-			if (current == target)
-			{
-				*out = data;
-				break;
-			}
-		}
-		va_end(copy);
-	}
-	va_end(parts);
-	return !failed;
-}
-
-/**
- * hashtable hash() function
- */
-static u_int hash(void *key)
-{
-	return (uintptr_t)key;
-}
-
-/**
- * hashtable equals() function
- */
-static bool equals(void *key1, void *key2)
-{
-	return key1 == key2;
-}
-
-/**
- * Implementation of key_encoding_t.get_cache
- */
-static bool get_cache(private_key_encoding_t *this, key_encoding_type_t type,
-					  void *cache, chunk_t *encoding)
-{
-	chunk_t *chunk;
-
-	if (type >= KEY_ENCODING_MAX || type < 0)
-	{
-		return FALSE;
-	}
-	this->lock->read_lock(this->lock);
-	chunk = this->cache[type]->get(this->cache[type], cache);
-	if (chunk)
-	{
-		*encoding = *chunk;
-	}
-	this->lock->unlock(this->lock);
-	return !!chunk;
-}
-
-/**
- * Implementation of key_encoding_t.encode
- */
-static bool encode(private_key_encoding_t *this, key_encoding_type_t type,
-				   void *cache, chunk_t *encoding, ...)
-{
-	enumerator_t *enumerator;
-	va_list args, copy;
-	key_encoder_t encode;
-	bool success = FALSE;
-	chunk_t *chunk;
-
-	if (type >= KEY_ENCODING_MAX || type < 0)
-	{
-		return FALSE;
-	}
-	this->lock->read_lock(this->lock);
-	if (cache)
-	{
-		chunk = this->cache[type]->get(this->cache[type], cache);
-		if (chunk)
-		{
-			*encoding = *chunk;
-			this->lock->unlock(this->lock);
-			return TRUE;
-		}
-	}
-	va_start(args, encoding);
-	enumerator = this->encoders->create_enumerator(this->encoders);
-	while (enumerator->enumerate(enumerator, &encode))
-	{
-		va_copy(copy, args);
-		success = encode(type, encoding, copy);
-		va_end(copy);
-		if (success)
-		{
-			if (cache)
-			{
-				chunk = malloc_thing(chunk_t);
-				*chunk = *encoding;
-				this->lock->unlock(this->lock);
-				this->lock->write_lock(this->lock);
-				this->cache[type]->put(this->cache[type], cache, chunk);
-			}
-			break;
-		}
-	}
-	enumerator->destroy(enumerator);
-	va_end(args);
-	this->lock->unlock(this->lock);
-	return success;
-}
-
-/**
- * Implementation of key_encoding_t.cache
- */
-static void cache(private_key_encoding_t *this, key_encoding_type_t type,
-				  void *cache, chunk_t encoding)
-{
-	chunk_t *chunk;
-
-	if (type >= KEY_ENCODING_MAX || type < 0)
-	{
-		return free(encoding.ptr);
-	}
-	chunk = malloc_thing(chunk_t);
-	*chunk = encoding;
-	this->lock->write_lock(this->lock);
-	chunk = this->cache[type]->put(this->cache[type], cache, chunk);
-	this->lock->unlock(this->lock);
-	/* free an encoding already associated to the cache */
-	if (chunk)
-	{
-		free(chunk->ptr);
-		free(chunk);
-	}
-}
-
-/**
- * Implementation of key_encoding_t.clear_cache
- */
-static void clear_cache(private_key_encoding_t *this, void *cache)
-{
-	key_encoding_type_t type;
-	chunk_t *chunk;
-
-	this->lock->write_lock(this->lock);
-	for (type = 0; type < KEY_ENCODING_MAX; type++)
-	{
-		chunk = this->cache[type]->remove(this->cache[type], cache);
-		if (chunk)
-		{
-			chunk_free(chunk);
-			free(chunk);
-		}
-	}
-	this->lock->unlock(this->lock);
-}
-
-/**
- * Implementation of key_encoding_t.add_encoder
- */
-static void add_encoder(private_key_encoding_t *this, key_encoder_t encoder)
-{
-	this->lock->write_lock(this->lock);
-	this->encoders->insert_last(this->encoders, encoder);
-	this->lock->unlock(this->lock);
-}
-
-/**
- * Implementation of key_encoding_t.remove_encoder
- */
-static void remove_encoder(private_key_encoding_t *this, key_encoder_t encoder)
-{
-	this->lock->write_lock(this->lock);
-	this->encoders->remove(this->encoders, encoder, NULL);
-	this->lock->unlock(this->lock);
-}
-
-/**
- * Implementation of key_encoder_t.destroy.
- */
-static void destroy(private_key_encoding_t *this)
-{
-	key_encoding_type_t type;
-
-	for (type = 0; type < KEY_ENCODING_MAX; type++)
-	{
-		/* We explicitly do not free remaining encodings. All keys should
-		 * have gone now, and they are responsible for cleaning out their
-		 * cache entries. Not flushing here allows the leak detective to
-		 * complain if a key did not flush cached encodings. */
-		this->cache[type]->destroy(this->cache[type]);
-	}
-	this->encoders->destroy(this->encoders);
-	this->lock->destroy(this->lock);
-	free(this);
-}
-
-/**
- * See header
- */
-key_encoding_t *key_encoding_create()
-{
-	private_key_encoding_t *this = malloc_thing(private_key_encoding_t);
-	key_encoding_type_t type;
-
-	this->public.encode = (bool(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t *encoding, ...))encode;
-	this->public.get_cache = (bool(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t *encoding))get_cache;
-	this->public.cache = (void(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t encoding))cache;
-	this->public.clear_cache = (void(*)(key_encoding_t*, void *cache))clear_cache;
-	this->public.add_encoder = (void(*)(key_encoding_t*, key_encoder_t encoder))add_encoder;
-	this->public.remove_encoder = (void(*)(key_encoding_t*, key_encoder_t encoder))remove_encoder;
-	this->public.destroy = (void(*)(key_encoding_t*))destroy;
-
-	for (type = 0; type < KEY_ENCODING_MAX; type++)
-	{
-		this->cache[type] = hashtable_create(hash, equals, 8);
-	}
-	this->encoders = linked_list_create();
-	this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
-
-	return &this->public;
-}
-
diff --git a/src/libstrongswan/credentials/keys/key_encoding.h b/src/libstrongswan/credentials/keys/key_encoding.h
deleted file mode 100644
index d8435f4b4..000000000
--- a/src/libstrongswan/credentials/keys/key_encoding.h
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup key_encoding key_encoding
- * @{ @ingroup keys
- */
-
-#ifndef KEY_ENCODING_H_
-#define KEY_ENCODING_H_
-
-typedef struct key_encoding_t key_encoding_t;
-typedef enum key_encoding_type_t key_encoding_type_t;
-typedef enum key_encoding_part_t key_encoding_part_t;
-
-#include <library.h>
-
-/**
- * Key encoder function implementing encoding/fingerprinting.
- *
- * The variable argument list takes key_encoding_part_t, followed by part
- * specific arguments, terminated by KEY_PART_END.
- *
- * @param type		format to encode the key to
- * @param args		list of (key_encoding_part_t, data)
- * @param encoding	encoding result, allocated
- * @return			TRUE if encoding successful
- */
-typedef bool (*key_encoder_t)(key_encoding_type_t type, chunk_t *encoding,
-							  va_list args);
-
-/**
- * Helper function for key_encoder_t implementations to parse argument list.
- *
- * Key encoder functions get a variable argument list to parse. To simplify
- * the job, this function reads the arguments and returns chunks for each
- * part.
- * The argument list of this function takes a key_encoding_part_t, followed
- * by a data pointer receiving the value, terminated by KEY_PART_END.
- *
- * @param args		argument list passed to key encoder function
- * @param ...		list of (key_encoding_part_t, data*)
- * @return			TRUE if all parts found, FALSE otherwise
- */
-bool key_encoding_args(va_list args, ...);
-
-/**
- * Encoding type of a fingerprint/private-/public-key.
- *
- * Fingerprints have have the KEY_ID_*, public keys the KEY_PUB_* and
- * private keys the KEY_PRIV_* prefix.
- */
-enum key_encoding_type_t {
-	/** SHA1 fingerprint over subjectPublicKeyInfo */
-	KEY_ID_PUBKEY_INFO_SHA1 = 0,
-	/** SHA1 fingerprint over subjectPublicKey */
-	KEY_ID_PUBKEY_SHA1,
-	/** PGPv3 fingerprint */
-	KEY_ID_PGPV3,
-	/** PGPv4 fingerprint */
-	KEY_ID_PGPV4,
-
-	KEY_ID_MAX,
-
-	/** PKCS#1 and similar ASN.1 key encoding */
-	KEY_PUB_ASN1_DER,
-	KEY_PRIV_ASN1_DER,
-	/** subjectPublicKeyInfo encoding */
-	KEY_PUB_SPKI_ASN1_DER,
-	/** PEM encoded PKCS#1 key */
-	KEY_PUB_PEM,
-	KEY_PRIV_PEM,
-	/** PGP key encoding */
-	KEY_PUB_PGP,
-	KEY_PRIV_PGP,
-
-	KEY_ENCODING_MAX,
-};
-
-/**
- * Parts of a key to encode.
- */
-enum key_encoding_part_t {
-	/** modulus of a RSA key, n */
-	KEY_PART_RSA_MODULUS,
-	/** public exponent of a RSA key, e */
-	KEY_PART_RSA_PUB_EXP,
-	/** private exponent of a RSA key, d */
-	KEY_PART_RSA_PRIV_EXP,
-	/** prime1 a RSA key, p */
-	KEY_PART_RSA_PRIME1,
-	/** prime2 a RSA key, q */
-	KEY_PART_RSA_PRIME2,
-	/** exponent1 a RSA key, exp1 */
-	KEY_PART_RSA_EXP1,
-	/** exponent1 a RSA key, exp2 */
-	KEY_PART_RSA_EXP2,
-	/** coefficient of RSA key, coeff */
-	KEY_PART_RSA_COEFF,
-	/** a DER encoded RSA public key */
-	KEY_PART_RSA_PUB_ASN1_DER,
-	/** a DER encoded RSA private key */
-	KEY_PART_RSA_PRIV_ASN1_DER,
-	/** a DER encoded ECDSA public key */
-	KEY_PART_ECDSA_PUB_ASN1_DER,
-	/** a DER encoded ECDSA private key */
-	KEY_PART_ECDSA_PRIV_ASN1_DER,
-
-	KEY_PART_END,
-};
-
-/**
- * Private/Public key encoding and fingerprinting facility.
- */
-struct key_encoding_t {
-
-	/**
-	 * Encode a key into a format using several key parts, optional caching.
-	 *
-	 * The variable argument list takes key_encoding_part_t, followed by part
-	 * specific arguments, terminated by KEY_PART_END.
-	 * If a cache key is given, the returned encoding points to internal data:
-	 * do not free or modify. If no cache key is given, the encoding is
-	 * allocated and must be freed by the caller.
-	 *
-	 * @param type			format the key should be encoded to
-	 * @param cache			key to use for caching, NULL to not cache
-	 * @param encoding		encoding result, allocated if caching disabled
-	 * @param ...			list of (key_encoding_part_t, data)
-	 * @return				TRUE if encoding successful
-	 */
-	bool (*encode)(key_encoding_t *this, key_encoding_type_t type, void *cache,
-				   chunk_t *encoding, ...);
-
-	/**
-	 * Clear all cached encodings of a given cache key.
-	 *
-	 * @param cache			key used in encode() for caching
-	 */
-	void (*clear_cache)(key_encoding_t *this, void *cache);
-
-	/**
-	 * Check for a cached encoding.
-	 *
-	 * @param type			format of the key encoding
-	 * @param cache			key to use for caching, as given to encode()
-	 * @param encoding		encoding result, internal data
-	 * @return				TRUE if cache entry found
-	 */
-	bool (*get_cache)(key_encoding_t *this, key_encoding_type_t type,
-					  void *cache, chunk_t *encoding);
-
-	/**
-	 * Cache a key encoding created externally.
-	 *
-	 * After calling cache(), the passed encoding is owned by the key encoding
-	 * facility.
-	 *
-	 * @param type			format of the key encoding
-	 * @param cache			key to use for caching, as given to encode()
-	 * @param encoding		encoding to cache, gets owned by this
-	 */
-	void (*cache)(key_encoding_t *this, key_encoding_type_t type, void *cache,
-				  chunk_t encoding);
-
-	/**
-	 * Register a key encoder function.
-	 *
-	 * @param encoder		key encoder function to add
-	 */
-	void (*add_encoder)(key_encoding_t *this, key_encoder_t encoder);
-
-	/**
-	 * Unregister a previously registered key encoder function.
-	 *
-	 * @param encoder		key encoder function to remove
-	 */
-	void (*remove_encoder)(key_encoding_t *this, key_encoder_t encoder);
-
-	/**
-	 * Destroy a key_encoding_t.
-	 */
-	void (*destroy)(key_encoding_t *this);
-};
-
-/**
- * Create a key_encoding instance.
- */
-key_encoding_t *key_encoding_create();
-
-#endif /** KEY_ENCODING_H_ @}*/
diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c
index c3b5ac55b..8292af495 100644
--- a/src/libstrongswan/credentials/keys/private_key.c
+++ b/src/libstrongswan/credentials/keys/private_key.c
@@ -20,7 +20,7 @@
  */
 bool private_key_equals(private_key_t *this, private_key_t *other)
 {
-	key_encoding_type_t type;
+	cred_encoding_type_t type;
 	chunk_t a, b;
 
 	if (this == other)
@@ -28,7 +28,7 @@ bool private_key_equals(private_key_t *this, private_key_t *other)
 		return TRUE;
 	}
 
-	for (type = 0; type < KEY_ENCODING_MAX; type++)
+	for (type = 0; type < CRED_ENCODING_MAX; type++)
 	{
 		if (this->get_fingerprint(this, type, &a) &&
 			other->get_fingerprint(other, type, &b))
@@ -44,10 +44,10 @@ bool private_key_equals(private_key_t *this, private_key_t *other)
  */
 bool private_key_belongs_to(private_key_t *private, public_key_t *public)
 {
-	key_encoding_type_t type;
+	cred_encoding_type_t type;
 	chunk_t a, b;
 
-	for (type = 0; type < KEY_ENCODING_MAX; type++)
+	for (type = 0; type < CRED_ENCODING_MAX; type++)
 	{
 		if (private->get_fingerprint(private, type, &a) &&
 			public->get_fingerprint(public, type, &b))
@@ -63,10 +63,10 @@ bool private_key_belongs_to(private_key_t *private, public_key_t *public)
  */
 bool private_key_has_fingerprint(private_key_t *private, chunk_t fingerprint)
 {
-	key_encoding_type_t type;
+	cred_encoding_type_t type;
 	chunk_t current;
 
-	for (type = 0; type < KEY_ID_MAX; type++)
+	for (type = 0; type < KEYID_MAX; type++)
 	{
 		if (private->get_fingerprint(private, type, &current) &&
 			chunk_equals(current, fingerprint))
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index d4517f296..27f4ab098 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -23,6 +23,7 @@
 
 typedef struct private_key_t private_key_t;
 
+#include <credentials/cred_encoding.h>
 #include <credentials/keys/public_key.h>
 
 /**
@@ -89,11 +90,11 @@ struct private_key_t {
 	/**
 	 * Get the fingerprint of the key.
 	 *
-	 * @param type		type of fingerprint, one of KEY_ID_*
+	 * @param type		type of fingerprint, one of KEYID_*
 	 * @param fp		fingerprint, points to internal data
 	 * @return			TRUE if fingerprint type supported
 	 */
-	bool (*get_fingerprint)(private_key_t *this, key_encoding_type_t type,
+	bool (*get_fingerprint)(private_key_t *this, cred_encoding_type_t type,
 							chunk_t *fp);
 
 	/**
@@ -107,11 +108,11 @@ struct private_key_t {
 	/**
 	 * Get the key in an encoded form as a chunk.
 	 *
-	 * @param type		type of the encoding, one of KEY_PRIV_*
+	 * @param type		type of the encoding, one of PRIVKEY_*
 	 * @param encoding	encoding of the key, allocated
 	 * @return			TRUE if encoding supported
 	 */
-	bool (*get_encoding)(private_key_t *this, key_encoding_type_t type,
+	bool (*get_encoding)(private_key_t *this, cred_encoding_type_t type,
 						 chunk_t *encoding);
 
 	/**
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index ba3036793..ce342de33 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -47,7 +47,7 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
  */
 bool public_key_equals(public_key_t *this, public_key_t *other)
 {
-	key_encoding_type_t type;
+	cred_encoding_type_t type;
 	chunk_t a, b;
 
 	if (this == other)
@@ -55,7 +55,7 @@ bool public_key_equals(public_key_t *this, public_key_t *other)
 		return TRUE;
 	}
 
-	for (type = 0; type < KEY_ENCODING_MAX; type++)
+	for (type = 0; type < CRED_ENCODING_MAX; type++)
 	{
 		if (this->get_fingerprint(this, type, &a) &&
 			other->get_fingerprint(other, type, &b))
@@ -71,10 +71,10 @@ bool public_key_equals(public_key_t *this, public_key_t *other)
  */
 bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint)
 {
-	key_encoding_type_t type;
+	cred_encoding_type_t type;
 	chunk_t current;
 
-	for (type = 0; type < KEY_ID_MAX; type++)
+	for (type = 0; type < KEYID_MAX; type++)
 	{
 		if (public->get_fingerprint(public, type, &current) &&
 			chunk_equals(current, fingerprint))
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index a421e7b5b..ff827a189 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -23,12 +23,11 @@
 
 typedef struct public_key_t public_key_t;
 typedef enum key_type_t key_type_t;
-typedef enum key_id_type_t key_id_type_t;
 typedef enum signature_scheme_t signature_scheme_t;
 
 #include <library.h>
 #include <utils/identification.h>
-#include <credentials/keys/key_encoding.h>
+#include <credentials/cred_encoding.h>
 
 /**
  * Type of a key pair, the used crypto system
@@ -147,11 +146,11 @@ struct public_key_t {
 	/**
 	 * Get the fingerprint of the key.
 	 *
-	 * @param type		type of fingerprint, one of KEY_ID_*
+	 * @param type		type of fingerprint, one of KEYID_*
 	 * @param fp		fingerprint, points to internal data
 	 * @return			TRUE if fingerprint type supported
 	 */
-	bool (*get_fingerprint)(public_key_t *this, key_encoding_type_t type,
+	bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type,
 							chunk_t *fp);
 
 	/**
@@ -165,11 +164,11 @@ struct public_key_t {
 	/**
 	 * Get the key in an encoded form as a chunk.
 	 *
-	 * @param type		type of the encoding, one of KEY_PRIV_*
+	 * @param type		type of the encoding, one of PRIVKEY_*
 	 * @param encoding	encoding of the key, allocated
 	 * @return			TRUE if encoding supported
 	 */
-	bool (*get_encoding)(public_key_t *this, key_encoding_type_t type,
+	bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type,
 						 chunk_t *encoding);
 
 	/**