19 files changed, 115 insertions, 71 deletions

diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index 0bca198f1..701cbcde3 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -20,6 +20,8 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
 	"BUILD_AGENT_SOCKET",
 	"BUILD_BLOB_ASN1_DER",
 	"BUILD_BLOB_ASN1_PEM",
+	"BUILD_BLOB_PGP",
+	"BUILD_BLOB_RFC_3110",
 	"BUILD_KEY_SIZE",
 	"BUILD_SIGNING_KEY",
 	"BUILD_SIGNING_CERT",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 4b3fb1ae4..01ccf2a5c 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -38,14 +38,18 @@ typedef builder_t* (*builder_constructor_t)(int subtype);
  * Parts to build credentials from.
  */
 enum builder_part_t {
-	/** path to a file containing an ASN1 blob, char* */
+	/** path to a file containing an ASN.1 blob, char* */
 	BUILD_FROM_FILE,
 	/** unix socket of a ssh/pgp agent, char* */
 	BUILD_AGENT_SOCKET,
-	/** DER encoded ASN1 blob, chunk_t */
+	/** DER encoded ASN.1 blob, chunk_t */
 	BUILD_BLOB_ASN1_DER,
-	/** PEM encoded ASN1 blob, null terminated char* */
+	/** PEM encoded ASN.1 blob, null terminated char* */
 	BUILD_BLOB_ASN1_PEM,
+	/**  OpenPGP key blob, chunk_t */
+	BUILD_BLOB_PGP,
+	/** RFC 3110 DNS public key blob, chunk_t */
+	BUILD_BLOB_RFC_3110,
 	/** key size in bits, as used for key generation, u_int */
 	BUILD_KEY_SIZE,
 	/** private key to use for signing, private_key_t* */
diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h
index 39ab8fe71..fb99b4756 100644
--- a/src/libstrongswan/credentials/certificates/ac.h
+++ b/src/libstrongswan/credentials/certificates/ac.h
@@ -14,8 +14,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: ac.h 3300 2007-10-12 21:53:18Z andreas $
  */
 
 /**
diff --git a/src/libstrongswan/credentials/certificates/certificate.c b/src/libstrongswan/credentials/certificates/certificate.c
index c5bc9a68d..041e2f1db 100644
--- a/src/libstrongswan/credentials/certificates/certificate.c
+++ b/src/libstrongswan/credentials/certificates/certificate.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: certificate.c 3664 2008-03-26 15:21:50Z martin $
  */
 
 #include "certificate.h"
@@ -31,11 +29,11 @@ ENUM(certificate_type_names, CERT_ANY, CERT_PGP,
 	"PGP",
 );
 
-ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_SKIPPED,
-	"VALIDATION_GOOD",
-	"VALIDATION_STALE",
-	"VALIDATION_REVOKED",
-	"VALIDATION_FAILED",
-	"VALIDATION_SKIPPED",
+ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_REVOKED,
+	"GOOD",
+	"SKIPPED",
+	"STALE",
+	"FAILED",
+	"REVOKED",
 );
 
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index 1fb151d9f..81fce5508 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -58,18 +58,20 @@ extern enum_name_t *certificate_type_names;
 
 /**
  * Result of a certificate validation.
+ *
+ * Order of values is relevant, sorted from good to bad.
  */
 enum cert_validation_t {
 	/** certificate has been validated successfully */
-	VALIDATION_GOOD,
+	VALIDATION_GOOD = 0,
+	/** validation has been skipped due to missing validation information */
+	VALIDATION_SKIPPED,
 	/** certificate has been validated, but check based on stale information */
 	VALIDATION_STALE,
-	/** certificate has been revoked */
-	VALIDATION_REVOKED,
 	/** validation failed due to a processing error */
 	VALIDATION_FAILED,
-	/** validation has been skipped due to missing validation information */
-	VALIDATION_SKIPPED,
+	/** certificate has been revoked */
+	VALIDATION_REVOKED,
 };
 
 /**
diff --git a/src/libstrongswan/credentials/certificates/crl.c b/src/libstrongswan/credentials/certificates/crl.c
index 1fdc095c1..0d6654075 100644
--- a/src/libstrongswan/credentials/certificates/crl.c
+++ b/src/libstrongswan/credentials/certificates/crl.c
@@ -12,8 +12,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: crl.c 3656 2008-03-25 22:28:27Z andreas $
  */
 
 #include "crl.h"
diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h
index 0c0493940..3fef0d710 100644
--- a/src/libstrongswan/credentials/certificates/crl.h
+++ b/src/libstrongswan/credentials/certificates/crl.h
@@ -12,8 +12,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: crl.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/credentials/certificates/ocsp_request.h b/src/libstrongswan/credentials/certificates/ocsp_request.h
index 25ecb8d35..0b1871309 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_request.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_request.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id$
  */
 
 /**
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.c b/src/libstrongswan/credentials/certificates/ocsp_response.c
index 02e12f761..c4a39e28d 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.c
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id$
  */
 
 #include "ocsp_response.h"
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h
index 3c9794956..a70f3eee4 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id$
  */
 
 /**
diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c
index 15d223e3e..5d53f0c68 100644
--- a/src/libstrongswan/credentials/certificates/x509.c
+++ b/src/libstrongswan/credentials/certificates/x509.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: x509.c 3656 2008-03-25 22:28:27Z andreas $
  */
 
 #include "x509.h"
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 704f11522..eedab78f7 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: x509.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 5ae6980be..2e9a541d4 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: credential_factory.c 4777 2008-12-09 15:57:51Z martin $
  */
 
 #include "credential_factory.h"
@@ -158,6 +156,8 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
 				case BUILD_END:
 					break;
 				case BUILD_BLOB_ASN1_DER:
+				case BUILD_BLOB_PGP:
+				case BUILD_BLOB_RFC_3110:
 				case BUILD_SERIAL:
 					builder->add(builder, part, va_arg(args, chunk_t));
 					continue;
diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h
index 42fb2df6d..5057a7aae 100644
--- a/src/libstrongswan/credentials/credential_factory.h
+++ b/src/libstrongswan/credentials/credential_factory.h
@@ -24,9 +24,6 @@
 typedef struct credential_factory_t credential_factory_t;
 typedef enum credential_type_t credential_type_t;
 
-#include <credentials/keys/private_key.h>
-#include <credentials/keys/public_key.h>
-#include <credentials/certificates/certificate.h>
 #include <credentials/builder.h>
 
 /**
diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c
index 018cab1c0..0a01d0385 100644
--- a/src/libstrongswan/credentials/keys/private_key.c
+++ b/src/libstrongswan/credentials/keys/private_key.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: private_key.c 3488 2008-02-21 15:10:02Z martin $
  */
 
 #include "private_key.h"
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index 219926af1..f38af8ff4 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: private_key.h 5003 2009-03-24 17:43:01Z martin $
  */
  
 /**
@@ -82,6 +80,14 @@ struct private_key_t {
 	public_key_t* (*get_public_key)(private_key_t *this);
 	
 	/**
+	 * Check if two private keys are equal.
+	 * 
+	 * @param other		other private key
+	 * @return			TRUE, if equality
+	 */
+	bool (*equals) (private_key_t *this, private_key_t *other);
+
+	/**
 	 * Check if a private key belongs to a public key.
 	 * 
 	 * @param public	public key
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 80b9f03c3..c94c27f0a 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -11,27 +11,60 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: public_key.c 4051 2008-06-10 09:08:27Z tobias $
  */
 
+#include <asn1/oid.h>
+
 #include "public_key.h"
 
-ENUM(key_type_names, KEY_RSA, KEY_ECDSA,
+ENUM(key_type_names, KEY_RSA, KEY_DSA,
 	"RSA",
-	"ECDSA"
+	"ECDSA",
+	"DSA"
 );
 
-ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_ECDSA_521,
-	"DEFAULT",
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
+	"UNKNOWN",
+	"RSA_EMSA_PKCS1_NULL",
 	"RSA_EMSA_PKCS1_MD5",
 	"RSA_EMSA_PKCS1_SHA1",
 	"RSA_EMSA_PKCS1_SHA256",
 	"RSA_EMSA_PKCS1_SHA384",
 	"RSA_EMSA_PKCS1_SHA512",
+	"ECDSA_WITH_NULL",
 	"ECDSA_WITH_SHA1",
 	"ECDSA-256",
 	"ECDSA-384",
 	"ECDSA-521",
 );
 
+/*
+ * Defined in header.
+ */
+signature_scheme_t signature_scheme_from_oid(int oid)
+{
+	switch (oid)
+	{
+		case OID_MD5_WITH_RSA:
+		case OID_MD5:
+			return SIGN_RSA_EMSA_PKCS1_MD5;
+		case OID_SHA1_WITH_RSA:
+		case OID_SHA1:
+			return SIGN_RSA_EMSA_PKCS1_SHA1;
+		case OID_SHA256_WITH_RSA:
+		case OID_SHA256:
+			return SIGN_RSA_EMSA_PKCS1_SHA256;
+		case OID_SHA384_WITH_RSA:
+		case OID_SHA384:
+			return SIGN_RSA_EMSA_PKCS1_SHA384;
+		case OID_SHA512_WITH_RSA:
+		case OID_SHA512:
+			return SIGN_RSA_EMSA_PKCS1_SHA512;
+		case OID_ECDSA_WITH_SHA1:
+		case OID_EC_PUBLICKEY:
+			return SIGN_ECDSA_WITH_SHA1;
+		default:
+			return SIGN_UNKNOWN;
+	}
+}
+
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 65bb5f64d..c58531b73 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: public_key.h 5003 2009-03-24 17:43:01Z martin $
  */
  
 /**
@@ -36,12 +34,14 @@ typedef enum signature_scheme_t signature_scheme_t;
  */
 enum key_type_t {
 	/** key type wildcard */
-	KEY_ANY,
+	KEY_ANY   = 0,
 	/** RSA crypto system as in PKCS#1 */
-	KEY_RSA,
+	KEY_RSA   = 1,
 	/** ECDSA as in ANSI X9.62 */
-	KEY_ECDSA,
-	/** DSS, ElGamal, ... */
+	KEY_ECDSA = 2,
+	/** DSA */
+	KEY_DSA   = 3,
+	/** ElGamal, ... */
 };
 
 /**
@@ -52,29 +52,35 @@ extern enum_name_t *key_type_names;
 /**
  * Signature scheme for signature creation
  *
- * EMSA-PKCS1 signatures are from the PKCS#1 standard. They include
- * the ASN1-OID of the used hash algorithm.
+ * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
+ * A prepended ASN.1 encoded digestInfo field contains the 
+ * OID of the used hash algorithm. The ASN.1 type of the PKCS#7
+ * variants is OCTET_STRING instead of the default BIT_STRING.
  */
 enum signature_scheme_t {
-	/** default scheme of that underlying crypto system */
-	SIGN_DEFAULT,
-	/** EMSA-PKCS1 with MD5  */
+	/** Unknown signature scheme                                       */
+	SIGN_UNKNOWN,
+	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo       */
+	SIGN_RSA_EMSA_PKCS1_NULL,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5       */
 	SIGN_RSA_EMSA_PKCS1_MD5,
-	/** EMSA-PKCS1 signature as in PKCS#1 standard using SHA1 as hash.  */
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
 	SIGN_RSA_EMSA_PKCS1_SHA1,
-	/** EMSA-PKCS1 signature as in PKCS#1 standard using SHA256 as hash. */
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256   */
 	SIGN_RSA_EMSA_PKCS1_SHA256,
-	/** EMSA-PKCS1 signature as in PKCS#1 standard using SHA384 as hash. */
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384   */
 	SIGN_RSA_EMSA_PKCS1_SHA384,
-	/** EMSA-PKCS1 signature as in PKCS#1 standard using SHA512 as hash. */
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512   */
 	SIGN_RSA_EMSA_PKCS1_SHA512,
-	/** ECDSA using SHA-1 as hash. */
+	/** ECDSA over precomputed digest                                  */
+	SIGN_ECDSA_WITH_NULL,
+	/** ECDSA with SHA-1                                               */
 	SIGN_ECDSA_WITH_SHA1,
-	/** ECDSA with SHA-256 on the P-256 curve as in RFC 4754 */
+	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754           */
 	SIGN_ECDSA_256,
-	/** ECDSA with SHA-384 on the P-384 curve as in RFC 4754 */
+	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754           */
 	SIGN_ECDSA_384,
-	/** ECDSA with SHA-512 on the P-521 curve as in RFC 4754 */
+	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754           */
 	SIGN_ECDSA_521,
 };
 
@@ -109,13 +115,21 @@ struct public_key_t {
 	/**
 	 * Encrypt a chunk of data.
 	 *
-	 * @param crypto	chunk containing plaintext data
-	 * @param plain		where to allocate encrypted data
+	 * @param plain		chunk containing plaintext data
+	 * @param crypto	where to allocate encrypted data
 	 * @return 			TRUE if data successfully encrypted
 	 */
-	bool (*encrypt)(public_key_t *this, chunk_t crypto, chunk_t *plain);
+	bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
 	
 	/**
+	 * Check if two public keys are equal.
+	 * 
+	 * @param other		other public key
+	 * @return			TRUE, if equality
+	 */
+	bool (*equals)(public_key_t *this, public_key_t *other);
+
+	/**
 	 * Get the strength of the key in bytes.
 	 * 
 	 * @return			strength of the key in bytes
@@ -152,4 +166,12 @@ struct public_key_t {
 	void (*destroy)(public_key_t *this);
 };
 
+/**
+ * Conversion of ASN.1 signature or hash OID to signature scheme.
+ * 
+ * @param oid			ASN.1 OID
+ * @return				signature_scheme, SIGN_UNKNOWN if OID is unsupported
+ */
+signature_scheme_t signature_scheme_from_oid(int oid);
+
 #endif /** PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
index f55b52c3a..c6f141446 100644
--- a/src/libstrongswan/credentials/keys/shared_key.c
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: shared_key.c 3600 2008-03-14 15:11:29Z martin $
  */
 
 #include "shared_key.h"