Updated to new upstream version.

1 files changed, 69 insertions, 68 deletions

diff --git a/src/pluto/x509.h b/src/pluto/x509.h
index 67730bbd0..ab0fbac9e 100644
--- a/src/pluto/x509.h
+++ b/src/pluto/x509.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
  * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
  * Copyright (C) 2002 Mario Strasser
- * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
+ * Copyright (C) 2000-2009 Andreas Steffen, Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -13,28 +13,29 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * RCSID $Id: x509.h 3252 2007-10-06 21:24:50Z andreas $
  */
 
 #ifndef _X509_H
 #define _X509_H
 
-#include "pkcs1.h"
+#include <credentials/keys/public_key.h>
+#include <credentials/keys/private_key.h>
+
+#include "constants.h"
 #include "id.h"
 
 /* Definition of generalNames kinds */
 
 typedef enum {
-    GN_OTHER_NAME =		0,
-    GN_RFC822_NAME =		1,
-    GN_DNS_NAME =		2,
-    GN_X400_ADDRESS =		3,
-    GN_DIRECTORY_NAME =		4,
-    GN_EDI_PARTY_NAME = 	5,
-    GN_URI =			6,
-    GN_IP_ADDRESS =		7,
-    GN_REGISTERED_ID =		8
+	GN_OTHER_NAME =             0,
+	GN_RFC822_NAME =            1,
+	GN_DNS_NAME =               2,
+	GN_X400_ADDRESS =           3,
+	GN_DIRECTORY_NAME =         4,
+	GN_EDI_PARTY_NAME =         5,
+	GN_URI =                    6,
+	GN_IP_ADDRESS =             7,
+	GN_REGISTERED_ID =          8
 } generalNames_t;
 
 /* access structure for a GeneralName */
@@ -42,9 +43,9 @@ typedef enum {
 typedef struct generalName generalName_t;
 
 struct generalName {
-    generalName_t   *next;
-    generalNames_t  kind;
-    chunk_t         name;
+	generalName_t   *next;
+	generalNames_t  kind;
+	chunk_t         name;
 };
 
 /* access structure for an X.509v3 certificate */
@@ -52,46 +53,42 @@ struct generalName {
 typedef struct x509cert x509cert_t;
 
 struct x509cert {
-  x509cert_t     *next;
-  time_t	 installed;
-  int		 count;
-  bool		 smartcard;
-  u_char	 authority_flags;
-  chunk_t	 certificate;
-  chunk_t          tbsCertificate;
-  u_int              version;
-  chunk_t            serialNumber;
-                /*   signature */
-  int                  sigAlg;
-  chunk_t            issuer;
-                /*   validity */
-  time_t               notBefore;
-  time_t               notAfter;
-  chunk_t            subject;
-                /*   subjectPublicKeyInfo */
-  enum pubkey_alg      subjectPublicKeyAlgorithm;
-  chunk_t              subjectPublicKey;
-  chunk_t                modulus;
-  chunk_t                publicExponent;
-                /*   issuerUniqueID */
-                /*   subjectUniqueID */
-                /*   v3 extensions */
-                /*   extension */
-                /*     extension */
-                /*       extnID */
-                /*       critical */
-                /*       extnValue */
-  bool			   isCA;
-  bool			   isOcspSigner; /* ocsp */
-  chunk_t		   subjectKeyID;
-  chunk_t		   authKeyID;
-  chunk_t		   authKeySerialNumber;
-  chunk_t		   accessLocation; /* ocsp */
-  generalName_t		   *subjectAltName;
-  generalName_t		   *crlDistributionPoints;
-		/* signatureAlgorithm */
-  int                algorithm;
-  chunk_t          signature;
+	x509cert_t     *next;
+	time_t         installed;
+	int            count;
+	bool           smartcard;
+	u_char         authority_flags;
+	chunk_t        certificate;
+	chunk_t          tbsCertificate;
+	u_int              version;
+	chunk_t            serialNumber;
+				  /*   signature */
+	int                  sigAlg;
+  	chunk_t            issuer;
+				  /*   validity */
+	time_t               notBefore;
+	time_t               notAfter;
+	chunk_t            subject;
+	public_key_t       *public_key;  
+				  /*   issuerUniqueID */
+				  /*   subjectUniqueID */
+				  /*   v3 extensions */
+				  /*   extension */
+				  /*     extension */
+				  /*       extnID */
+				  /*       critical */
+				  /*       extnValue */
+	bool                     isCA;
+	bool                     isOcspSigner; /* ocsp */
+	chunk_t                  subjectKeyID;
+	chunk_t                  authKeyID;
+	chunk_t                  authKeySerialNumber;
+	chunk_t                  accessLocation; /* ocsp */
+	generalName_t            *subjectAltName;
+	generalName_t            *crlDistributionPoints;
+				  /* signatureAlgorithm */
+	int                algorithm;
+	chunk_t          signature;
 };
 
 /* used for initialization */
@@ -105,33 +102,37 @@ extern bool same_x509cert(const x509cert_t *a, const x509cert_t *b);
 extern void hex_str(chunk_t bin, chunk_t *str);
 extern int dn_count_wildcards(chunk_t dn);
 extern int dntoa(char *dst, size_t dstlen, chunk_t dn);
-extern int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn
-    , const char* null_dn);
+extern int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn,
+						 const char* null_dn);
 extern err_t atodn(char *src, chunk_t *dn);
 extern void gntoid(struct id *id, const generalName_t *gn);
-extern void compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID);
+extern bool compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID);
 extern void select_x509cert_id(x509cert_t *cert, struct id *end_id);
 extern bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert);
 extern time_t parse_time(chunk_t blob, int level0);
 extern void parse_authorityKeyIdentifier(chunk_t blob, int level0
-    , chunk_t *authKeyID, chunk_t *authKeySerialNumber);
+	, chunk_t *authKeyID, chunk_t *authKeySerialNumber);
 extern chunk_t get_directoryName(chunk_t blob, int level, bool implicit);
 extern err_t check_validity(const x509cert_t *cert, time_t *until);
-extern bool check_signature(chunk_t tbs, chunk_t sig, int digest_alg
-    , int enc_alg, const x509cert_t *issuer_cert);
+
+extern bool x509_check_signature(chunk_t tbs, chunk_t sig, int algorithm,
+								 const x509cert_t *issuer_cert);
+extern chunk_t x509_build_signature(chunk_t tbs, int algorithm,
+									private_key_t *key, bool bit_string);
+
 extern bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until);
 extern x509cert_t* add_x509cert(x509cert_t *cert);
-extern x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid
-    , x509cert_t* chain);
-extern void build_x509cert(x509cert_t *cert, const RSA_public_key_t *cert_key
-    , const RSA_private_key_t *signer_key);
+extern x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid,
+								x509cert_t* chain);
+extern void build_x509cert(x509cert_t *cert, public_key_t *cert_key,
+						   private_key_t *signer_key);
 extern chunk_t build_subjectAltNames(generalName_t *subjectAltNames);
 extern void share_x509cert(x509cert_t *cert);
 extern void release_x509cert(x509cert_t *cert);
 extern void free_x509cert(x509cert_t *cert);
 extern void store_x509certs(x509cert_t **firstcert, bool strict);
-extern void list_x509cert_chain(const char *caption, x509cert_t* cert
-    , u_char auth_flags, bool utc);
+extern void list_x509cert_chain(const char *caption, x509cert_t* cert,
+								u_char auth_flags, bool utc);
 extern void list_x509_end_certs(bool utc);
 extern void free_generalNames(generalName_t* gn, bool free_name);