programs/pluto/keys.h

   1 /* mechanisms for preshared keys (public, private, and preshared secrets)
   2  * Copyright (C) 1998-2002  D. Hugh Redelmeier.
   3  *
   4  * This program is free software; you can redistribute it and/or modify it
   5  * under the terms of the GNU General Public License as published by the
   6  * Free Software Foundation; either version 2 of the License, or (at your
   7  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   8  *
   9  * This program is distributed in the hope that it will be useful, but
  10  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  11  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * for more details.
  13  *
  14  * RCSID $Id: keys.h,v 1.7 2006/01/26 20:10:34 as Exp $
  15  */
  16
  17 #ifndef _KEYS_H
  18 #define _KEYS_H
  19
  20 #include <gmp.h>    /* GNU Multi-Precision library */
  21
  22 #include "pkcs1.h"
  23 #include "certs.h"
  24
  25 #ifndef SHARED_SECRETS_FILE
  26 # define SHARED_SECRETS_FILE  "/etc/ipsec.secrets"
  27 #endif
  28
  29 const char *shared_secrets_file;
  30
  31 extern void load_preshared_secrets(int whackfd);
  32 extern void free_preshared_secrets(void);
  33
  34 struct state;   /* forward declaration */
  35
  36 enum PrivateKeyKind {
  37     PPK_PSK,
  38  /* PPK_DSS, */ /* not implemented */
  39     PPK_RSA,
  40     PPK_PIN
  41 };
  42
  43 extern const chunk_t *get_preshared_secret(const struct connection *c);
  44 extern err_t unpack_RSA_public_key(RSA_public_key_t *rsa, const chunk_t *pubkey);
  45 extern const RSA_private_key_t *get_RSA_private_key(const struct connection *c);
  46 extern const RSA_private_key_t *get_x509_private_key(const x509cert_t *cert);
  47
  48 /* public key machinery  */
  49
  50 typedef struct pubkey pubkey_t;
  51
  52 struct pubkey {
  53     struct id id;
  54     unsigned refcnt;    /* reference counted! */
  55     enum dns_auth_level dns_auth_level;
  56     char *dns_sig;
  57     time_t installed_time
  58         , last_tried_time
  59         , last_worked_time
  60         , until_time;
  61     chunk_t issuer;
  62     chunk_t serial;
  63     enum pubkey_alg alg;
  64     union {
  65         RSA_public_key_t rsa;
  66     } u;
  67 };
  68
  69 typedef struct pubkey_list pubkey_list_t;
  70
  71 struct pubkey_list {
  72     pubkey_t *key;
  73     pubkey_list_t *next;
  74 };
  75
  76 extern pubkey_list_t *pubkeys;  /* keys from ipsec.conf or from certs */
  77
  78 extern pubkey_t *public_key_from_rsa(const RSA_public_key_t *k);
  79 extern pubkey_list_t *free_public_keyentry(pubkey_list_t *p);
  80 extern void free_public_keys(pubkey_list_t **keys);
  81 extern void free_remembered_public_keys(void);
  82 extern void delete_public_keys(const struct id *id, enum pubkey_alg alg
  83     , chunk_t issuer, chunk_t serial);
  84
  85 extern pubkey_t *reference_key(pubkey_t *pk);
  86 extern void unreference_key(pubkey_t **pkp);
  87
  88
  89 extern err_t add_public_key(const struct id *id
  90     , enum dns_auth_level dns_auth_level
  91     , enum pubkey_alg alg
  92     , const chunk_t *key
  93     , pubkey_list_t **head);
  94
  95 extern bool has_private_key(cert_t cert);
  96 extern void add_x509_public_key(x509cert_t *cert, time_t until
  97     , enum dns_auth_level dns_auth_level);
  98 extern void add_pgp_public_key(pgpcert_t *cert, time_t until
  99     , enum dns_auth_level dns_auth_level);
 100 extern void remove_x509_public_key(const x509cert_t *cert);
 101 extern void list_public_keys(bool utc);
 102
 103 struct gw_info; /* forward declaration of tag (defined in dnskey.h) */
 104 extern void transfer_to_public_keys(struct gw_info *gateways_from_dns
 105 #ifdef USE_KEYRR
 106     , pubkey_list_t **keys
 107 #endif /* USE_KEYRR */
 108     );
 109
 110 #endif /* _KEYS_H */