From 49104abddf3d71d5abf5cf75dc7f95fa6c55fa63 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Fri, 26 Oct 2007 14:10:02 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.1.8) --- src/libstrongswan/credential_store.h | 43 +++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 15 deletions(-) (limited to 'src/libstrongswan/credential_store.h') diff --git a/src/libstrongswan/credential_store.h b/src/libstrongswan/credential_store.h index dcbe43f52..62b6ad2d5 100755 --- a/src/libstrongswan/credential_store.h +++ b/src/libstrongswan/credential_store.h @@ -87,17 +87,6 @@ struct credential_store_t { */ rsa_public_key_t* (*get_rsa_public_key) (credential_store_t *this, identification_t *id); - /** - * @brief Returns the RSA private key belonging to an RSA public key - * - * The returned rsa_private_key_t must be destroyed by the caller after usage. - * - * @param this calling object - * @param pubkey public key - * @return private key, or NULL if not found - */ - rsa_private_key_t* (*get_rsa_private_key) (credential_store_t *this, rsa_public_key_t *pubkey); - /** * @brief Is there a matching RSA private key belonging to an RSA public key? * @@ -144,6 +133,20 @@ struct credential_store_t { */ ca_info_t* (*get_issuer) (credential_store_t *this, x509_t* cert); + /** + * @brief RSA private key belonging to an RSA public key + * + * + * @param this calling object + * @param pubkey public key used to find the matching private key + * @param hash_algorithm hash algorithm to be used for signature + * @param data data block to be signed + * @param signature signature to be returned + * @return status of the signature process - SUCCESS if successful + */ + status_t (*rsa_signature) (credential_store_t *this, rsa_public_key_t *pubkey, hash_algorithm_t hash_algorithm, + chunk_t data, chunk_t *signature); + /** * @brief Verify an RSA signature given the ID of the signer * @@ -154,7 +157,8 @@ struct credential_store_t { * @param issuer_p issuer of the signer's certificate (if not self-signed). * @return status of the verification - SUCCESS if successful */ - status_t (*verify_signature) (credential_store_t *this, chunk_t hash, chunk_t sig, identification_t *id, ca_info_t **issuer_p); + status_t (*verify_signature) (credential_store_t *this, chunk_t hash, chunk_t sig, identification_t *id, + ca_info_t **issuer_p); /** * @brief Verify an X.509 certificate up to trust anchor without any status checks @@ -239,6 +243,14 @@ struct credential_store_t { */ iterator_t* (*create_cainfo_iterator) (credential_store_t *this); + /** + * @brief Create an iterator over all attribute certificates. + * + * @param this calling object + * @return iterator + */ + iterator_t* (*create_acert_iterator) (credential_store_t *this); + /** * @brief Loads ca certificates from a default directory. * @@ -288,12 +300,13 @@ struct credential_store_t { /** * @brief Loads secrets in ipsec.secrets * - * Currently, all RSA private key files must be in unencrypted form - * either in DER or PEM format. + * RSA private key files can be either in DER or PEM format + * Optional encryption with a passphrase supported * * @param this calling object + * @param reload are the secrets to be reloaded */ - void (*load_secrets) (credential_store_t *this); + void (*load_secrets) (credential_store_t *this, bool reload); /** * @brief Destroys a credential_store_t object. -- cgit v1.2.3