ikev2: Remove private AUTH_BLISS method

We use the new signature authentication instead for this.  This is not
backward compatible but we only released one version with BLISS support,
and the key format will change anyway with the next release.

diff --git a/src/libcharon/sa/authenticator.c b/src/libcharon/sa/authenticator.c
index 5ceae0d64122a6a8b0f9c9b8ed02391b40a3e512..6c3681a2d2d37e6c6bd0805a3129b3fb09c186ac 100644 (file)
--- a/src/libcharon/sa/authenticator.c
+++ b/src/libcharon/sa/authenticator.c
@@ -38,9 +38,7 @@ ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_DS, AUTH_DSS,
        "secure password method",
        "NULL authentication",
        "digital signature");
-ENUM_NEXT(auth_method_names, AUTH_BLISS, AUTH_BLISS, AUTH_DS,
-       "BLISS signature");
-ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_BLISS,
+ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_DS,
        "XAuthInitPSK",
        "XAuthRespPSK",
        "XAuthInitRSA",
@@ -104,7 +102,6 @@ authenticator_t *authenticator_create_verifier(
                case AUTH_ECDSA_384:
                case AUTH_ECDSA_521:
                case AUTH_DS:
-               case AUTH_BLISS:
                        return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
                                                                                sent_nonce, received_init, reserved);
                case AUTH_PSK:

diff --git a/src/libcharon/sa/authenticator.h b/src/libcharon/sa/authenticator.h
index 33a007666e633729ed9f6e867c0586084cf0d7dd..97c042e7142a06db7b8795e7e315cf32704a948b 100644 (file)
--- a/src/libcharon/sa/authenticator.h
+++ b/src/libcharon/sa/authenticator.h
@@ -89,11 +89,6 @@ enum auth_method_t {
         */
        AUTH_DS = 14,
 
-       /**
-        * BLISS Authentication Method
-        */
-       AUTH_BLISS = 220,
-
        /**
         * IKEv1 initiator XAUTH with PSK, outside of IANA range
         */

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index bd38196239cc24742d06cc813fe675d46d52f59d..59e16701082787e2ec8ddbb21478b4c461bec5e4 100644 (file)
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -226,11 +226,6 @@ METHOD(authenticator_t, build, status_t,
                                                return status;
                                }
                                break;
-                       case KEY_BLISS:
-                               /* we currently use SHA512 only */
-                               scheme = SIGN_BLISS_WITH_SHA512;
-                               auth_method = AUTH_BLISS;
-                               break;
                        default:
                                DBG1(DBG_IKE, "private key of type %N not supported",
                                         key_type_names, private->get_type(private));
@@ -299,10 +294,6 @@ METHOD(authenticator_t, process, status_t,
                case AUTH_ECDSA_521:
                        scheme = SIGN_ECDSA_521;
                        break;
-               case AUTH_BLISS:
-                       key_type = KEY_BLISS;
-                       scheme = SIGN_BLISS_WITH_SHA512;
-                       break;
                case AUTH_DS:
                        if (parse_signature_auth_data(&auth_data, &key_type, &scheme))
                        {