summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials')
-rw-r--r--src/libstrongswan/credentials/auth_cfg.c48
-rw-r--r--src/libstrongswan/credentials/builder.c5
-rw-r--r--src/libstrongswan/credentials/builder.h7
-rw-r--r--src/libstrongswan/credentials/cred_encoding.h4
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c36
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h21
-rw-r--r--src/libstrongswan/credentials/sets/cert_cache.c41
-rw-r--r--src/libstrongswan/credentials/sets/mem_cred.c113
-rw-r--r--src/libstrongswan/credentials/sets/mem_cred.h40
9 files changed, 271 insertions, 44 deletions
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 3ec9491ed..8a3e659fd 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
- * Copyright (C) 2016 Andreas Steffeb
+ * Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -547,22 +547,24 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
signature_scheme_t scheme;
key_type_t key;
} schemes[] = {
- { "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
- { "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
- { "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, },
- { "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, },
- { "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, },
- { "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, },
- { "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
- { "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
- { "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
- { "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, },
- { "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
- { "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
- { "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
- { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
- { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
- { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
+ { "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
+ { "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
+ { "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, },
+ { "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, },
+ { "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, },
+ { "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, },
+ { "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
+ { "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
+ { "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
+ { "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, },
+ { "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
+ { "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
+ { "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
+ { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
+ { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
+ { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
+ { "identity", SIGN_ED25519, KEY_ED25519, },
+ { "identity", SIGN_ED448, KEY_ED448, },
};
if (expected_strength != AUTH_RULE_MAX)
@@ -592,6 +594,18 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
is_ike = strpfx(token, "ike:");
continue;
}
+ if (streq(token, "ed25519") || streq(token, "ike:ed25519"))
+ {
+ expected_type = KEY_ED25519;
+ is_ike = strpfx(token, "ike:");
+ continue;
+ }
+ if (streq(token, "ed448") || streq(token, "ike:ed448"))
+ {
+ expected_type = KEY_ED448;
+ is_ike = strpfx(token, "ike:");
+ continue;
+ }
if (streq(token, "bliss") || streq(token, "ike:bliss"))
{
expected_type = KEY_BLISS;
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index ddb64ef88..baa17c47d 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -44,6 +45,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_CRL_DISTRIBUTION_POINTS",
"BUILD_OCSP_ACCESS_LOCATIONS",
"BUILD_PATHLEN",
+ "BUILD_ADDRBLOCKS",
"BUILD_PERMITTED_NAME_CONSTRAINTS",
"BUILD_EXCLUDED_NAME_CONSTRAINTS",
"BUILD_CERTIFICATE_POLICIES",
@@ -70,5 +72,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_SAFE_PRIMES",
"BUILD_SHARES",
"BUILD_THRESHOLD",
+ "BUILD_EDDSA_PRIV_ASN1_DER",
"BUILD_END",
);
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 627e0934d..1c6f5001b 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -99,6 +100,8 @@ enum builder_part_t {
BUILD_OCSP_ACCESS_LOCATIONS,
/** certificate path length constraint */
BUILD_PATHLEN,
+ /** RFC3779 addressBlock, linked_list_t* of traffic_selector_t* */
+ BUILD_ADDRBLOCKS,
/** permitted X509 name constraints, linked_list_t* of identification_t* */
BUILD_PERMITTED_NAME_CONSTRAINTS,
/** excluded X509 name constraints, linked_list_t* of identification_t* */
@@ -151,6 +154,8 @@ enum builder_part_t {
BUILD_SHARES,
/** minimum number of participating private key shares */
BUILD_THRESHOLD,
+ /** DER encoded ASN.1 EdDSA private key */
+ BUILD_EDDSA_PRIV_ASN1_DER,
/** end of variable argument builder list */
BUILD_END,
};
diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h
index b4d1f4c3c..0b6536430 100644
--- a/src/libstrongswan/credentials/cred_encoding.h
+++ b/src/libstrongswan/credentials/cred_encoding.h
@@ -144,6 +144,10 @@ enum cred_encoding_part_t {
CRED_PART_PKCS10_ASN1_DER,
/** a PGP encoded certificate */
CRED_PART_PGP_CERT,
+ /** a DER encoded EdDSA public key */
+ CRED_PART_EDDSA_PUB_ASN1_DER,
+ /** a DER encoded EdDSA private key */
+ CRED_PART_EDDSA_PRIV_ASN1_DER,
/** a DER encoded BLISS public key */
CRED_PART_BLISS_PUB_ASN1_DER,
/** a DER encoded BLISS private key */
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 03f93b1d3..2c76ad680 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -24,6 +24,8 @@ ENUM(key_type_names, KEY_ANY, KEY_BLISS,
"RSA",
"ECDSA",
"DSA",
+ "ED25519",
+ "ED448",
"BLISS"
);
@@ -48,6 +50,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
"ECDSA-256",
"ECDSA-384",
"ECDSA-521",
+ "ED25519",
+ "ED448",
"BLISS_WITH_SHA2_256",
"BLISS_WITH_SHA2_384",
"BLISS_WITH_SHA2_512",
@@ -151,6 +155,10 @@ signature_scheme_t signature_scheme_from_oid(int oid)
return SIGN_ECDSA_WITH_SHA384_DER;
case OID_ECDSA_WITH_SHA512:
return SIGN_ECDSA_WITH_SHA512_DER;
+ case OID_ED25519:
+ return SIGN_ED25519;
+ case OID_ED448:
+ return SIGN_ED448;
case OID_BLISS_PUBLICKEY:
case OID_BLISS_WITH_SHA2_512:
return SIGN_BLISS_WITH_SHA2_512;
@@ -210,6 +218,10 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
return OID_ECDSA_WITH_SHA384;
case SIGN_ECDSA_WITH_SHA512_DER:
return OID_ECDSA_WITH_SHA512;
+ case SIGN_ED25519:
+ return OID_ED25519;
+ case SIGN_ED448:
+ return OID_ED448;
case SIGN_BLISS_WITH_SHA2_256:
return OID_BLISS_WITH_SHA2_256;
case SIGN_BLISS_WITH_SHA2_384:
@@ -236,15 +248,17 @@ static struct {
key_type_t type;
int max_keysize;
} scheme_map[] = {
- { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
- { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
- { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
- { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
- { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
- { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
- { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
- { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
- { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
+ { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
+ { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
+ { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
+ { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
+ { SIGN_ED25519, KEY_ED25519, 0 },
+ { SIGN_ED448, KEY_ED448, 0 },
+ { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
+ { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
+ { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
};
/**
@@ -323,6 +337,10 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
case SIGN_ECDSA_384:
case SIGN_ECDSA_521:
return KEY_ECDSA;
+ case SIGN_ED25519:
+ return KEY_ED25519;
+ case SIGN_ED448:
+ return KEY_ED448;
case SIGN_BLISS_WITH_SHA2_256:
case SIGN_BLISS_WITH_SHA2_384:
case SIGN_BLISS_WITH_SHA2_512:
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 236128234..06c1aa488 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2016 Andreas Steffen
+ * Copyright (C) 2014-2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -37,16 +37,19 @@ typedef enum encryption_scheme_t encryption_scheme_t;
*/
enum key_type_t {
/** key type wildcard */
- KEY_ANY = 0,
+ KEY_ANY = 0,
/** RSA crypto system as in PKCS#1 */
- KEY_RSA = 1,
+ KEY_RSA = 1,
/** ECDSA as in ANSI X9.62 */
- KEY_ECDSA = 2,
+ KEY_ECDSA = 2,
/** DSA */
- KEY_DSA = 3,
+ KEY_DSA = 3,
+ /** Ed25519 PureEdDSA instance as in RFC 8032 */
+ KEY_ED25519 = 4,
+ /** Ed448 PureEdDSA instance as in RFC 8032 */
+ KEY_ED448 = 5,
/** BLISS */
- KEY_BLISS = 4,
- /** ElGamal, ... */
+ KEY_BLISS = 6,
};
/**
@@ -102,6 +105,10 @@ enum signature_scheme_t {
SIGN_ECDSA_384,
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
+ /** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix (RFC TBA) */
+ SIGN_ED25519,
+ /** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix (RFC TBA) */
+ SIGN_ED448,
/** BLISS with SHA-2_256 */
SIGN_BLISS_WITH_SHA2_256,
/** BLISS with SHA-2_384 */
diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c
index 60720dc57..24fdb194b 100644
--- a/src/libstrongswan/credentials/sets/cert_cache.c
+++ b/src/libstrongswan/credentials/sets/cert_cache.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -20,6 +21,7 @@
#include <library.h>
#include <threading/rwlock.h>
#include <collections/linked_list.h>
+#include <credentials/certificates/crl.h>
/** cache size, a power of 2 for fast modulo */
#define CACHE_SIZE 32
@@ -88,6 +90,43 @@ static void cache(private_cert_cache_t *this,
int i, offset, try;
u_int total_hits = 0;
+ /* cache a CRL by replacing a previous CRL cache entry if present */
+ if (subject->get_type(subject) == CERT_X509_CRL)
+ {
+ crl_t *crl, *cached_crl;
+
+ /* cache a delta CRL ? */
+ crl = (crl_t*)subject;
+
+ for (i = 0; i < CACHE_SIZE; i++)
+ {
+ rel = &this->relations[i];
+
+ if (rel->subject &&
+ rel->subject->get_type(rel->subject) == CERT_X509_CRL &&
+ rel->lock->try_write_lock(rel->lock))
+ {
+ /* double-check having lock */
+ if (rel->subject->get_type(rel->subject) == CERT_X509_CRL &&
+ rel->issuer->equals(rel->issuer, issuer))
+ {
+ cached_crl = (crl_t*)rel->subject;
+
+ if (cached_crl->is_delta_crl(cached_crl, NULL) ==
+ crl->is_delta_crl(crl, NULL) &&
+ crl_is_newer(crl, cached_crl))
+ {
+ rel->subject->destroy(rel->subject);
+ rel->subject = subject->get_ref(subject);
+ rel->scheme = scheme;
+ return rel->lock->unlock(rel->lock);
+ }
+ }
+ rel->lock->unlock(rel->lock);
+ }
+ }
+ }
+
/* check for a unused relation slot first */
for (i = 0; i < CACHE_SIZE; i++)
{
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index 0f8bff23f..53e035f98 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -370,14 +370,42 @@ METHOD(mem_cred_t, add_key, void,
this->lock->unlock(this->lock);
}
+METHOD(mem_cred_t, remove_key, bool,
+ private_mem_cred_t *this, chunk_t fp)
+{
+ enumerator_t *enumerator;
+ private_key_t *current;
+ bool found = FALSE;
+
+ this->lock->write_lock(this->lock);
+
+ enumerator = this->keys->create_enumerator(this->keys);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (current->has_fingerprint(current, fp))
+ {
+ this->keys->remove_at(this->keys, enumerator);
+ current->destroy(current);
+ found = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ this->lock->unlock(this->lock);
+ return found;
+}
+
/**
* Shared key entry
*/
typedef struct {
- /* shared key */
+ /** shared key */
shared_key_t *shared;
- /* list of owners, identification_t */
+ /** list of owners, identification_t */
linked_list_t *owners;
+ /** optional unique identifier */
+ char *id;
} shared_entry_t;
/**
@@ -388,11 +416,12 @@ static void shared_entry_destroy(shared_entry_t *entry)
entry->owners->destroy_offset(entry->owners,
offsetof(identification_t, destroy));
entry->shared->destroy(entry->shared);
+ free(entry->id);
free(entry);
}
/**
- * Check if two shared key entries equal
+ * Check if two shared key entries are equal (ignoring the unique identifier)
*/
static bool shared_entry_equals(shared_entry_t *a, shared_entry_t *b)
{
@@ -528,8 +557,9 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
(void*)shared_filter, data, (void*)shared_data_destroy);
}
-METHOD(mem_cred_t, add_shared_list, void,
- private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners)
+METHOD(mem_cred_t, add_shared_unique, void,
+ private_mem_cred_t *this, char *id, shared_key_t *shared,
+ linked_list_t* owners)
{
shared_entry_t *current, *new;
enumerator_t *enumerator;
@@ -537,6 +567,7 @@ METHOD(mem_cred_t, add_shared_list, void,
INIT(new,
.shared = shared,
.owners = owners,
+ .id = strdupnull(id),
);
this->lock->write_lock(this->lock);
@@ -544,7 +575,10 @@ METHOD(mem_cred_t, add_shared_list, void,
enumerator = this->shared->create_enumerator(this->shared);
while (enumerator->enumerate(enumerator, &current))
{
- if (shared_entry_equals(current, new))
+ /* always replace keys with the same unique identifier, only compare
+ * them if both have no unique id assigned */
+ if ((id && streq(id, current->id)) ||
+ (!id && !current->id && shared_entry_equals(current, new)))
{
this->shared->remove_at(this->shared, enumerator);
shared_entry_destroy(current);
@@ -558,6 +592,12 @@ METHOD(mem_cred_t, add_shared_list, void,
this->lock->unlock(this->lock);
}
+METHOD(mem_cred_t, add_shared_list, void,
+ private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners)
+{
+ add_shared_unique(this, NULL, shared, owners);
+}
+
METHOD(mem_cred_t, add_shared, void,
private_mem_cred_t *this, shared_key_t *shared, ...)
{
@@ -580,6 +620,63 @@ METHOD(mem_cred_t, add_shared, void,
add_shared_list(this, shared, owners);
}
+METHOD(mem_cred_t, remove_shared_unique, void,
+ private_mem_cred_t *this, char *id)
+{
+ enumerator_t *enumerator;
+ shared_entry_t *current;
+
+ if (!id)
+ {
+ return;
+ }
+
+ this->lock->write_lock(this->lock);
+
+ enumerator = this->shared->create_enumerator(this->shared);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (streq(id, current->id))
+ {
+ this->shared->remove_at(this->shared, enumerator);
+ shared_entry_destroy(current);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ this->lock->unlock(this->lock);
+}
+
+/**
+ * Filter unique ids of shared keys (ingore secrets without unique id)
+ */
+static bool unique_filter(void *unused,
+ shared_entry_t **in, char **id)
+{
+ shared_entry_t *entry = *in;
+
+ if (!entry->id)
+ {
+ return FALSE;
+ }
+ if (id)
+ {
+ *id = entry->id;
+ }
+ return TRUE;
+}
+
+METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*,
+ private_mem_cred_t *this)
+{
+ this->lock->read_lock(this->lock);
+ return enumerator_create_filter(
+ this->shared->create_enumerator(this->shared),
+ (void*)unique_filter, this->lock,
+ (void*)this->lock->unlock);
+}
+
/**
* Certificate distribution point
*/
@@ -817,8 +914,12 @@ mem_cred_t *mem_cred_create()
.get_cert_ref = _get_cert_ref,
.add_crl = _add_crl,
.add_key = _add_key,
+ .remove_key = _remove_key,
.add_shared = _add_shared,
.add_shared_list = _add_shared_list,
+ .add_shared_unique = _add_shared_unique,
+ .remove_shared_unique = _remove_shared_unique,
+ .create_unique_shared_enumerator = _create_unique_shared_enumerator,
.add_cdp = _add_cdp,
.replace_certs = _replace_certs,
.replace_secrets = _replace_secrets,
diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h
index 51f0b8c30..135515260 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.h
+++ b/src/libstrongswan/credentials/sets/mem_cred.h
@@ -1,6 +1,7 @@
/*
- * Copyright (C) 2010-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010-2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -87,6 +88,14 @@ struct mem_cred_t {
void (*add_key)(mem_cred_t *this, private_key_t *key);
/**
+ * Remove a private key from the credential set.
+ *
+ * @param fp fingerprint of the key to remove
+ * @return TRUE if the key was found and removed
+ */
+ bool (*remove_key)(mem_cred_t *this, chunk_t fp);
+
+ /**
* Add a shared key to the credential set.
*
* @param shared shared key to add, gets owned by set
@@ -104,6 +113,33 @@ struct mem_cred_t {
linked_list_t *owners);
/**
+ * Add a shared key to the credential set, associated with the given unique
+ * identifier.
+ *
+ * If a shared key with the same id already exists it is replaced.
+ *
+ * @param id unique identifier of this key (cloned)
+ * @param shared shared key to add, gets owned by set
+ * @param ... NULL terminated list of owners (identification_t*)
+ */
+ void (*add_shared_unique)(mem_cred_t *this, char *id, shared_key_t *shared,
+ linked_list_t *owners);
+
+ /**
+ * Remove a shared key by its unique identifier.
+ *
+ * @param id unique identifier of this key
+ */
+ void (*remove_shared_unique)(mem_cred_t *this, char *id);
+
+ /**
+ * Create an enumerator over the unique identifiers of shared keys.
+ *
+ * @return enumerator over char*
+ */
+ enumerator_t *(*create_unique_shared_enumerator)(mem_cred_t *this);
+
+ /**
* Add a certificate distribution point to the set.
*
* @param type type of the certificate
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 19:30:16 +0000