diff options
Diffstat (limited to 'src/libstrongswan/credentials')
-rw-r--r-- | src/libstrongswan/credentials/auth_cfg.c | 48 | ||||
-rw-r--r-- | src/libstrongswan/credentials/builder.c | 5 | ||||
-rw-r--r-- | src/libstrongswan/credentials/builder.h | 7 | ||||
-rw-r--r-- | src/libstrongswan/credentials/cred_encoding.h | 4 | ||||
-rw-r--r-- | src/libstrongswan/credentials/keys/public_key.c | 36 | ||||
-rw-r--r-- | src/libstrongswan/credentials/keys/public_key.h | 21 | ||||
-rw-r--r-- | src/libstrongswan/credentials/sets/cert_cache.c | 41 | ||||
-rw-r--r-- | src/libstrongswan/credentials/sets/mem_cred.c | 113 | ||||
-rw-r--r-- | src/libstrongswan/credentials/sets/mem_cred.h | 40 |
9 files changed, 271 insertions, 44 deletions
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 3ec9491ed..8a3e659fd 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi - * Copyright (C) 2016 Andreas Steffeb + * Copyright (C) 2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -547,22 +547,24 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, signature_scheme_t scheme; key_type_t key; } schemes[] = { - { "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, }, - { "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, }, - { "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, }, - { "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, }, - { "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, }, - { "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, }, - { "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, }, - { "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, }, - { "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, }, - { "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, }, - { "sha256", SIGN_ECDSA_256, KEY_ECDSA, }, - { "sha384", SIGN_ECDSA_384, KEY_ECDSA, }, - { "sha512", SIGN_ECDSA_521, KEY_ECDSA, }, - { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, }, - { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, }, - { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, }, + { "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, }, + { "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, }, + { "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, }, + { "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, }, + { "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, }, + { "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, }, + { "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, }, + { "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, }, + { "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, }, + { "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, }, + { "sha256", SIGN_ECDSA_256, KEY_ECDSA, }, + { "sha384", SIGN_ECDSA_384, KEY_ECDSA, }, + { "sha512", SIGN_ECDSA_521, KEY_ECDSA, }, + { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, }, + { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, }, + { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, }, + { "identity", SIGN_ED25519, KEY_ED25519, }, + { "identity", SIGN_ED448, KEY_ED448, }, }; if (expected_strength != AUTH_RULE_MAX) @@ -592,6 +594,18 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, is_ike = strpfx(token, "ike:"); continue; } + if (streq(token, "ed25519") || streq(token, "ike:ed25519")) + { + expected_type = KEY_ED25519; + is_ike = strpfx(token, "ike:"); + continue; + } + if (streq(token, "ed448") || streq(token, "ike:ed448")) + { + expected_type = KEY_ED448; + is_ike = strpfx(token, "ike:"); + continue; + } if (streq(token, "bliss") || streq(token, "ike:bliss")) { expected_type = KEY_BLISS; diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index ddb64ef88..baa17c47d 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -44,6 +45,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_CRL_DISTRIBUTION_POINTS", "BUILD_OCSP_ACCESS_LOCATIONS", "BUILD_PATHLEN", + "BUILD_ADDRBLOCKS", "BUILD_PERMITTED_NAME_CONSTRAINTS", "BUILD_EXCLUDED_NAME_CONSTRAINTS", "BUILD_CERTIFICATE_POLICIES", @@ -70,5 +72,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_SAFE_PRIMES", "BUILD_SHARES", "BUILD_THRESHOLD", + "BUILD_EDDSA_PRIV_ASN1_DER", "BUILD_END", ); diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index 627e0934d..1c6f5001b 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -1,6 +1,7 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -99,6 +100,8 @@ enum builder_part_t { BUILD_OCSP_ACCESS_LOCATIONS, /** certificate path length constraint */ BUILD_PATHLEN, + /** RFC3779 addressBlock, linked_list_t* of traffic_selector_t* */ + BUILD_ADDRBLOCKS, /** permitted X509 name constraints, linked_list_t* of identification_t* */ BUILD_PERMITTED_NAME_CONSTRAINTS, /** excluded X509 name constraints, linked_list_t* of identification_t* */ @@ -151,6 +154,8 @@ enum builder_part_t { BUILD_SHARES, /** minimum number of participating private key shares */ BUILD_THRESHOLD, + /** DER encoded ASN.1 EdDSA private key */ + BUILD_EDDSA_PRIV_ASN1_DER, /** end of variable argument builder list */ BUILD_END, }; diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h index b4d1f4c3c..0b6536430 100644 --- a/src/libstrongswan/credentials/cred_encoding.h +++ b/src/libstrongswan/credentials/cred_encoding.h @@ -144,6 +144,10 @@ enum cred_encoding_part_t { CRED_PART_PKCS10_ASN1_DER, /** a PGP encoded certificate */ CRED_PART_PGP_CERT, + /** a DER encoded EdDSA public key */ + CRED_PART_EDDSA_PUB_ASN1_DER, + /** a DER encoded EdDSA private key */ + CRED_PART_EDDSA_PRIV_ASN1_DER, /** a DER encoded BLISS public key */ CRED_PART_BLISS_PUB_ASN1_DER, /** a DER encoded BLISS private key */ diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index 03f93b1d3..2c76ad680 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -24,6 +24,8 @@ ENUM(key_type_names, KEY_ANY, KEY_BLISS, "RSA", "ECDSA", "DSA", + "ED25519", + "ED448", "BLISS" ); @@ -48,6 +50,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512, "ECDSA-256", "ECDSA-384", "ECDSA-521", + "ED25519", + "ED448", "BLISS_WITH_SHA2_256", "BLISS_WITH_SHA2_384", "BLISS_WITH_SHA2_512", @@ -151,6 +155,10 @@ signature_scheme_t signature_scheme_from_oid(int oid) return SIGN_ECDSA_WITH_SHA384_DER; case OID_ECDSA_WITH_SHA512: return SIGN_ECDSA_WITH_SHA512_DER; + case OID_ED25519: + return SIGN_ED25519; + case OID_ED448: + return SIGN_ED448; case OID_BLISS_PUBLICKEY: case OID_BLISS_WITH_SHA2_512: return SIGN_BLISS_WITH_SHA2_512; @@ -210,6 +218,10 @@ int signature_scheme_to_oid(signature_scheme_t scheme) return OID_ECDSA_WITH_SHA384; case SIGN_ECDSA_WITH_SHA512_DER: return OID_ECDSA_WITH_SHA512; + case SIGN_ED25519: + return OID_ED25519; + case SIGN_ED448: + return OID_ED448; case SIGN_BLISS_WITH_SHA2_256: return OID_BLISS_WITH_SHA2_256; case SIGN_BLISS_WITH_SHA2_384: @@ -236,15 +248,17 @@ static struct { key_type_t type; int max_keysize; } scheme_map[] = { - { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 }, - { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 }, - { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 }, - { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 }, - { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 }, - { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 }, - { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 }, - { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 }, - { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 } + { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 }, + { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 }, + { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 }, + { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 }, + { SIGN_ED25519, KEY_ED25519, 0 }, + { SIGN_ED448, KEY_ED448, 0 }, + { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 }, + { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 }, + { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 } }; /** @@ -323,6 +337,10 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme) case SIGN_ECDSA_384: case SIGN_ECDSA_521: return KEY_ECDSA; + case SIGN_ED25519: + return KEY_ED25519; + case SIGN_ED448: + return KEY_ED448; case SIGN_BLISS_WITH_SHA2_256: case SIGN_BLISS_WITH_SHA2_384: case SIGN_BLISS_WITH_SHA2_512: diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 236128234..06c1aa488 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Copyright (C) 2014-2016 Andreas Steffen + * Copyright (C) 2014-2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -37,16 +37,19 @@ typedef enum encryption_scheme_t encryption_scheme_t; */ enum key_type_t { /** key type wildcard */ - KEY_ANY = 0, + KEY_ANY = 0, /** RSA crypto system as in PKCS#1 */ - KEY_RSA = 1, + KEY_RSA = 1, /** ECDSA as in ANSI X9.62 */ - KEY_ECDSA = 2, + KEY_ECDSA = 2, /** DSA */ - KEY_DSA = 3, + KEY_DSA = 3, + /** Ed25519 PureEdDSA instance as in RFC 8032 */ + KEY_ED25519 = 4, + /** Ed448 PureEdDSA instance as in RFC 8032 */ + KEY_ED448 = 5, /** BLISS */ - KEY_BLISS = 4, - /** ElGamal, ... */ + KEY_BLISS = 6, }; /** @@ -102,6 +105,10 @@ enum signature_scheme_t { SIGN_ECDSA_384, /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */ SIGN_ECDSA_521, + /** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix (RFC TBA) */ + SIGN_ED25519, + /** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix (RFC TBA) */ + SIGN_ED448, /** BLISS with SHA-2_256 */ SIGN_BLISS_WITH_SHA2_256, /** BLISS with SHA-2_384 */ diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 60720dc57..24fdb194b 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -20,6 +21,7 @@ #include <library.h> #include <threading/rwlock.h> #include <collections/linked_list.h> +#include <credentials/certificates/crl.h> /** cache size, a power of 2 for fast modulo */ #define CACHE_SIZE 32 @@ -88,6 +90,43 @@ static void cache(private_cert_cache_t *this, int i, offset, try; u_int total_hits = 0; + /* cache a CRL by replacing a previous CRL cache entry if present */ + if (subject->get_type(subject) == CERT_X509_CRL) + { + crl_t *crl, *cached_crl; + + /* cache a delta CRL ? */ + crl = (crl_t*)subject; + + for (i = 0; i < CACHE_SIZE; i++) + { + rel = &this->relations[i]; + + if (rel->subject && + rel->subject->get_type(rel->subject) == CERT_X509_CRL && + rel->lock->try_write_lock(rel->lock)) + { + /* double-check having lock */ + if (rel->subject->get_type(rel->subject) == CERT_X509_CRL && + rel->issuer->equals(rel->issuer, issuer)) + { + cached_crl = (crl_t*)rel->subject; + + if (cached_crl->is_delta_crl(cached_crl, NULL) == + crl->is_delta_crl(crl, NULL) && + crl_is_newer(crl, cached_crl)) + { + rel->subject->destroy(rel->subject); + rel->subject = subject->get_ref(subject); + rel->scheme = scheme; + return rel->lock->unlock(rel->lock); + } + } + rel->lock->unlock(rel->lock); + } + } + } + /* check for a unused relation slot first */ for (i = 0; i < CACHE_SIZE; i++) { diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 0f8bff23f..53e035f98 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -370,14 +370,42 @@ METHOD(mem_cred_t, add_key, void, this->lock->unlock(this->lock); } +METHOD(mem_cred_t, remove_key, bool, + private_mem_cred_t *this, chunk_t fp) +{ + enumerator_t *enumerator; + private_key_t *current; + bool found = FALSE; + + this->lock->write_lock(this->lock); + + enumerator = this->keys->create_enumerator(this->keys); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current->has_fingerprint(current, fp)) + { + this->keys->remove_at(this->keys, enumerator); + current->destroy(current); + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + + this->lock->unlock(this->lock); + return found; +} + /** * Shared key entry */ typedef struct { - /* shared key */ + /** shared key */ shared_key_t *shared; - /* list of owners, identification_t */ + /** list of owners, identification_t */ linked_list_t *owners; + /** optional unique identifier */ + char *id; } shared_entry_t; /** @@ -388,11 +416,12 @@ static void shared_entry_destroy(shared_entry_t *entry) entry->owners->destroy_offset(entry->owners, offsetof(identification_t, destroy)); entry->shared->destroy(entry->shared); + free(entry->id); free(entry); } /** - * Check if two shared key entries equal + * Check if two shared key entries are equal (ignoring the unique identifier) */ static bool shared_entry_equals(shared_entry_t *a, shared_entry_t *b) { @@ -528,8 +557,9 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, (void*)shared_filter, data, (void*)shared_data_destroy); } -METHOD(mem_cred_t, add_shared_list, void, - private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners) +METHOD(mem_cred_t, add_shared_unique, void, + private_mem_cred_t *this, char *id, shared_key_t *shared, + linked_list_t* owners) { shared_entry_t *current, *new; enumerator_t *enumerator; @@ -537,6 +567,7 @@ METHOD(mem_cred_t, add_shared_list, void, INIT(new, .shared = shared, .owners = owners, + .id = strdupnull(id), ); this->lock->write_lock(this->lock); @@ -544,7 +575,10 @@ METHOD(mem_cred_t, add_shared_list, void, enumerator = this->shared->create_enumerator(this->shared); while (enumerator->enumerate(enumerator, ¤t)) { - if (shared_entry_equals(current, new)) + /* always replace keys with the same unique identifier, only compare + * them if both have no unique id assigned */ + if ((id && streq(id, current->id)) || + (!id && !current->id && shared_entry_equals(current, new))) { this->shared->remove_at(this->shared, enumerator); shared_entry_destroy(current); @@ -558,6 +592,12 @@ METHOD(mem_cred_t, add_shared_list, void, this->lock->unlock(this->lock); } +METHOD(mem_cred_t, add_shared_list, void, + private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners) +{ + add_shared_unique(this, NULL, shared, owners); +} + METHOD(mem_cred_t, add_shared, void, private_mem_cred_t *this, shared_key_t *shared, ...) { @@ -580,6 +620,63 @@ METHOD(mem_cred_t, add_shared, void, add_shared_list(this, shared, owners); } +METHOD(mem_cred_t, remove_shared_unique, void, + private_mem_cred_t *this, char *id) +{ + enumerator_t *enumerator; + shared_entry_t *current; + + if (!id) + { + return; + } + + this->lock->write_lock(this->lock); + + enumerator = this->shared->create_enumerator(this->shared); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (streq(id, current->id)) + { + this->shared->remove_at(this->shared, enumerator); + shared_entry_destroy(current); + break; + } + } + enumerator->destroy(enumerator); + + this->lock->unlock(this->lock); +} + +/** + * Filter unique ids of shared keys (ingore secrets without unique id) + */ +static bool unique_filter(void *unused, + shared_entry_t **in, char **id) +{ + shared_entry_t *entry = *in; + + if (!entry->id) + { + return FALSE; + } + if (id) + { + *id = entry->id; + } + return TRUE; +} + +METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*, + private_mem_cred_t *this) +{ + this->lock->read_lock(this->lock); + return enumerator_create_filter( + this->shared->create_enumerator(this->shared), + (void*)unique_filter, this->lock, + (void*)this->lock->unlock); +} + /** * Certificate distribution point */ @@ -817,8 +914,12 @@ mem_cred_t *mem_cred_create() .get_cert_ref = _get_cert_ref, .add_crl = _add_crl, .add_key = _add_key, + .remove_key = _remove_key, .add_shared = _add_shared, .add_shared_list = _add_shared_list, + .add_shared_unique = _add_shared_unique, + .remove_shared_unique = _remove_shared_unique, + .create_unique_shared_enumerator = _create_unique_shared_enumerator, .add_cdp = _add_cdp, .replace_certs = _replace_certs, .replace_secrets = _replace_secrets, diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index 51f0b8c30..135515260 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -1,6 +1,7 @@ /* - * Copyright (C) 2010-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2010-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -87,6 +88,14 @@ struct mem_cred_t { void (*add_key)(mem_cred_t *this, private_key_t *key); /** + * Remove a private key from the credential set. + * + * @param fp fingerprint of the key to remove + * @return TRUE if the key was found and removed + */ + bool (*remove_key)(mem_cred_t *this, chunk_t fp); + + /** * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set @@ -104,6 +113,33 @@ struct mem_cred_t { linked_list_t *owners); /** + * Add a shared key to the credential set, associated with the given unique + * identifier. + * + * If a shared key with the same id already exists it is replaced. + * + * @param id unique identifier of this key (cloned) + * @param shared shared key to add, gets owned by set + * @param ... NULL terminated list of owners (identification_t*) + */ + void (*add_shared_unique)(mem_cred_t *this, char *id, shared_key_t *shared, + linked_list_t *owners); + + /** + * Remove a shared key by its unique identifier. + * + * @param id unique identifier of this key + */ + void (*remove_shared_unique)(mem_cred_t *this, char *id); + + /** + * Create an enumerator over the unique identifiers of shared keys. + * + * @return enumerator over char* + */ + enumerator_t *(*create_unique_shared_enumerator)(mem_cred_t *this); + + /** * Add a certificate distribution point to the set. * * @param type type of the certificate |