summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:25:24 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:25:24 +0000
commit41787e147279ff0695e9d759487266a60b80867b (patch)
tree8f28566c8fd7106c80d2536d2df540dbb4499cc5 /src/libstrongswan/credentials
parentc3e7f611ea8273c6b3909cb006ade4903a74aad0 (diff)
downloadvyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.tar.gz
vyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.3.2)
Diffstat (limited to 'src/libstrongswan/credentials')
-rw-r--r--src/libstrongswan/credentials/builder.c2
-rw-r--r--src/libstrongswan/credentials/builder.h10
-rw-r--r--src/libstrongswan/credentials/certificates/ac.h2
-rw-r--r--src/libstrongswan/credentials/certificates/certificate.c14
-rw-r--r--src/libstrongswan/credentials/certificates/certificate.h12
-rw-r--r--src/libstrongswan/credentials/certificates/crl.c2
-rw-r--r--src/libstrongswan/credentials/certificates/crl.h2
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_request.h2
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_response.c2
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_response.h2
-rw-r--r--src/libstrongswan/credentials/certificates/x509.c2
-rw-r--r--src/libstrongswan/credentials/certificates/x509.h2
-rw-r--r--src/libstrongswan/credentials/credential_factory.c4
-rw-r--r--src/libstrongswan/credentials/credential_factory.h3
-rw-r--r--src/libstrongswan/credentials/keys/private_key.c2
-rw-r--r--src/libstrongswan/credentials/keys/private_key.h10
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c45
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h66
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.c2
19 files changed, 115 insertions, 71 deletions
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index 0bca198f1..701cbcde3 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -20,6 +20,8 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_AGENT_SOCKET",
"BUILD_BLOB_ASN1_DER",
"BUILD_BLOB_ASN1_PEM",
+ "BUILD_BLOB_PGP",
+ "BUILD_BLOB_RFC_3110",
"BUILD_KEY_SIZE",
"BUILD_SIGNING_KEY",
"BUILD_SIGNING_CERT",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 4b3fb1ae4..01ccf2a5c 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -38,14 +38,18 @@ typedef builder_t* (*builder_constructor_t)(int subtype);
* Parts to build credentials from.
*/
enum builder_part_t {
- /** path to a file containing an ASN1 blob, char* */
+ /** path to a file containing an ASN.1 blob, char* */
BUILD_FROM_FILE,
/** unix socket of a ssh/pgp agent, char* */
BUILD_AGENT_SOCKET,
- /** DER encoded ASN1 blob, chunk_t */
+ /** DER encoded ASN.1 blob, chunk_t */
BUILD_BLOB_ASN1_DER,
- /** PEM encoded ASN1 blob, null terminated char* */
+ /** PEM encoded ASN.1 blob, null terminated char* */
BUILD_BLOB_ASN1_PEM,
+ /** OpenPGP key blob, chunk_t */
+ BUILD_BLOB_PGP,
+ /** RFC 3110 DNS public key blob, chunk_t */
+ BUILD_BLOB_RFC_3110,
/** key size in bits, as used for key generation, u_int */
BUILD_KEY_SIZE,
/** private key to use for signing, private_key_t* */
diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h
index 39ab8fe71..fb99b4756 100644
--- a/src/libstrongswan/credentials/certificates/ac.h
+++ b/src/libstrongswan/credentials/certificates/ac.h
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: ac.h 3300 2007-10-12 21:53:18Z andreas $
*/
/**
diff --git a/src/libstrongswan/credentials/certificates/certificate.c b/src/libstrongswan/credentials/certificates/certificate.c
index c5bc9a68d..041e2f1db 100644
--- a/src/libstrongswan/credentials/certificates/certificate.c
+++ b/src/libstrongswan/credentials/certificates/certificate.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: certificate.c 3664 2008-03-26 15:21:50Z martin $
*/
#include "certificate.h"
@@ -31,11 +29,11 @@ ENUM(certificate_type_names, CERT_ANY, CERT_PGP,
"PGP",
);
-ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_SKIPPED,
- "VALIDATION_GOOD",
- "VALIDATION_STALE",
- "VALIDATION_REVOKED",
- "VALIDATION_FAILED",
- "VALIDATION_SKIPPED",
+ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_REVOKED,
+ "GOOD",
+ "SKIPPED",
+ "STALE",
+ "FAILED",
+ "REVOKED",
);
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index 1fb151d9f..81fce5508 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -58,18 +58,20 @@ extern enum_name_t *certificate_type_names;
/**
* Result of a certificate validation.
+ *
+ * Order of values is relevant, sorted from good to bad.
*/
enum cert_validation_t {
/** certificate has been validated successfully */
- VALIDATION_GOOD,
+ VALIDATION_GOOD = 0,
+ /** validation has been skipped due to missing validation information */
+ VALIDATION_SKIPPED,
/** certificate has been validated, but check based on stale information */
VALIDATION_STALE,
- /** certificate has been revoked */
- VALIDATION_REVOKED,
/** validation failed due to a processing error */
VALIDATION_FAILED,
- /** validation has been skipped due to missing validation information */
- VALIDATION_SKIPPED,
+ /** certificate has been revoked */
+ VALIDATION_REVOKED,
};
/**
diff --git a/src/libstrongswan/credentials/certificates/crl.c b/src/libstrongswan/credentials/certificates/crl.c
index 1fdc095c1..0d6654075 100644
--- a/src/libstrongswan/credentials/certificates/crl.c
+++ b/src/libstrongswan/credentials/certificates/crl.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crl.c 3656 2008-03-25 22:28:27Z andreas $
*/
#include "crl.h"
diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h
index 0c0493940..3fef0d710 100644
--- a/src/libstrongswan/credentials/certificates/crl.h
+++ b/src/libstrongswan/credentials/certificates/crl.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crl.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/credentials/certificates/ocsp_request.h b/src/libstrongswan/credentials/certificates/ocsp_request.h
index 25ecb8d35..0b1871309 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_request.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_request.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.c b/src/libstrongswan/credentials/certificates/ocsp_response.c
index 02e12f761..c4a39e28d 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.c
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "ocsp_response.h"
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h
index 3c9794956..a70f3eee4 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c
index 15d223e3e..5d53f0c68 100644
--- a/src/libstrongswan/credentials/certificates/x509.c
+++ b/src/libstrongswan/credentials/certificates/x509.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509.c 3656 2008-03-25 22:28:27Z andreas $
*/
#include "x509.h"
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 704f11522..eedab78f7 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 5ae6980be..2e9a541d4 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: credential_factory.c 4777 2008-12-09 15:57:51Z martin $
*/
#include "credential_factory.h"
@@ -158,6 +156,8 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
case BUILD_END:
break;
case BUILD_BLOB_ASN1_DER:
+ case BUILD_BLOB_PGP:
+ case BUILD_BLOB_RFC_3110:
case BUILD_SERIAL:
builder->add(builder, part, va_arg(args, chunk_t));
continue;
diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h
index 42fb2df6d..5057a7aae 100644
--- a/src/libstrongswan/credentials/credential_factory.h
+++ b/src/libstrongswan/credentials/credential_factory.h
@@ -24,9 +24,6 @@
typedef struct credential_factory_t credential_factory_t;
typedef enum credential_type_t credential_type_t;
-#include <credentials/keys/private_key.h>
-#include <credentials/keys/public_key.h>
-#include <credentials/certificates/certificate.h>
#include <credentials/builder.h>
/**
diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c
index 018cab1c0..0a01d0385 100644
--- a/src/libstrongswan/credentials/keys/private_key.c
+++ b/src/libstrongswan/credentials/keys/private_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: private_key.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "private_key.h"
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index 219926af1..f38af8ff4 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: private_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -82,6 +80,14 @@ struct private_key_t {
public_key_t* (*get_public_key)(private_key_t *this);
/**
+ * Check if two private keys are equal.
+ *
+ * @param other other private key
+ * @return TRUE, if equality
+ */
+ bool (*equals) (private_key_t *this, private_key_t *other);
+
+ /**
* Check if a private key belongs to a public key.
*
* @param public public key
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 80b9f03c3..c94c27f0a 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -11,27 +11,60 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: public_key.c 4051 2008-06-10 09:08:27Z tobias $
*/
+#include <asn1/oid.h>
+
#include "public_key.h"
-ENUM(key_type_names, KEY_RSA, KEY_ECDSA,
+ENUM(key_type_names, KEY_RSA, KEY_DSA,
"RSA",
- "ECDSA"
+ "ECDSA",
+ "DSA"
);
-ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_ECDSA_521,
- "DEFAULT",
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
+ "UNKNOWN",
+ "RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
"RSA_EMSA_PKCS1_SHA1",
"RSA_EMSA_PKCS1_SHA256",
"RSA_EMSA_PKCS1_SHA384",
"RSA_EMSA_PKCS1_SHA512",
+ "ECDSA_WITH_NULL",
"ECDSA_WITH_SHA1",
"ECDSA-256",
"ECDSA-384",
"ECDSA-521",
);
+/*
+ * Defined in header.
+ */
+signature_scheme_t signature_scheme_from_oid(int oid)
+{
+ switch (oid)
+ {
+ case OID_MD5_WITH_RSA:
+ case OID_MD5:
+ return SIGN_RSA_EMSA_PKCS1_MD5;
+ case OID_SHA1_WITH_RSA:
+ case OID_SHA1:
+ return SIGN_RSA_EMSA_PKCS1_SHA1;
+ case OID_SHA256_WITH_RSA:
+ case OID_SHA256:
+ return SIGN_RSA_EMSA_PKCS1_SHA256;
+ case OID_SHA384_WITH_RSA:
+ case OID_SHA384:
+ return SIGN_RSA_EMSA_PKCS1_SHA384;
+ case OID_SHA512_WITH_RSA:
+ case OID_SHA512:
+ return SIGN_RSA_EMSA_PKCS1_SHA512;
+ case OID_ECDSA_WITH_SHA1:
+ case OID_EC_PUBLICKEY:
+ return SIGN_ECDSA_WITH_SHA1;
+ default:
+ return SIGN_UNKNOWN;
+ }
+}
+
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 65bb5f64d..c58531b73 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -36,12 +34,14 @@ typedef enum signature_scheme_t signature_scheme_t;
*/
enum key_type_t {
/** key type wildcard */
- KEY_ANY,
+ KEY_ANY = 0,
/** RSA crypto system as in PKCS#1 */
- KEY_RSA,
+ KEY_RSA = 1,
/** ECDSA as in ANSI X9.62 */
- KEY_ECDSA,
- /** DSS, ElGamal, ... */
+ KEY_ECDSA = 2,
+ /** DSA */
+ KEY_DSA = 3,
+ /** ElGamal, ... */
};
/**
@@ -52,29 +52,35 @@ extern enum_name_t *key_type_names;
/**
* Signature scheme for signature creation
*
- * EMSA-PKCS1 signatures are from the PKCS#1 standard. They include
- * the ASN1-OID of the used hash algorithm.
+ * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
+ * A prepended ASN.1 encoded digestInfo field contains the
+ * OID of the used hash algorithm. The ASN.1 type of the PKCS#7
+ * variants is OCTET_STRING instead of the default BIT_STRING.
*/
enum signature_scheme_t {
- /** default scheme of that underlying crypto system */
- SIGN_DEFAULT,
- /** EMSA-PKCS1 with MD5 */
+ /** Unknown signature scheme */
+ SIGN_UNKNOWN,
+ /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
+ SIGN_RSA_EMSA_PKCS1_NULL,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
SIGN_RSA_EMSA_PKCS1_MD5,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA1 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
SIGN_RSA_EMSA_PKCS1_SHA1,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA256 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
SIGN_RSA_EMSA_PKCS1_SHA256,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA384 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
SIGN_RSA_EMSA_PKCS1_SHA384,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA512 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
SIGN_RSA_EMSA_PKCS1_SHA512,
- /** ECDSA using SHA-1 as hash. */
+ /** ECDSA over precomputed digest */
+ SIGN_ECDSA_WITH_NULL,
+ /** ECDSA with SHA-1 */
SIGN_ECDSA_WITH_SHA1,
- /** ECDSA with SHA-256 on the P-256 curve as in RFC 4754 */
+ /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
SIGN_ECDSA_256,
- /** ECDSA with SHA-384 on the P-384 curve as in RFC 4754 */
+ /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
SIGN_ECDSA_384,
- /** ECDSA with SHA-512 on the P-521 curve as in RFC 4754 */
+ /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
};
@@ -109,13 +115,21 @@ struct public_key_t {
/**
* Encrypt a chunk of data.
*
- * @param crypto chunk containing plaintext data
- * @param plain where to allocate encrypted data
+ * @param plain chunk containing plaintext data
+ * @param crypto where to allocate encrypted data
* @return TRUE if data successfully encrypted
*/
- bool (*encrypt)(public_key_t *this, chunk_t crypto, chunk_t *plain);
+ bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
/**
+ * Check if two public keys are equal.
+ *
+ * @param other other public key
+ * @return TRUE, if equality
+ */
+ bool (*equals)(public_key_t *this, public_key_t *other);
+
+ /**
* Get the strength of the key in bytes.
*
* @return strength of the key in bytes
@@ -152,4 +166,12 @@ struct public_key_t {
void (*destroy)(public_key_t *this);
};
+/**
+ * Conversion of ASN.1 signature or hash OID to signature scheme.
+ *
+ * @param oid ASN.1 OID
+ * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported
+ */
+signature_scheme_t signature_scheme_from_oid(int oid);
+
#endif /** PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
index f55b52c3a..c6f141446 100644
--- a/src/libstrongswan/credentials/keys/shared_key.c
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: shared_key.c 3600 2008-03-14 15:11:29Z martin $
*/
#include "shared_key.h"