From 6a2a9bfb4892d61f9c6aad7c87168f7f2fd3aa94 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 24 Feb 2015 16:53:02 +0100
Subject: [PATCH] ikev2: Remove private AUTH_BLISS method

We use the new signature authentication instead for this.  This is not
backward compatible but we only released one version with BLISS support,
and the key format will change anyway with the next release.
---
 src/libcharon/sa/authenticator.c                         | 5 +----
 src/libcharon/sa/authenticator.h                         | 5 -----
 .../sa/ikev2/authenticators/pubkey_authenticator.c       | 9 ---------
 3 files changed, 1 insertion(+), 18 deletions(-)

diff --git a/src/libcharon/sa/authenticator.c b/src/libcharon/sa/authenticator.c
index 5ceae0d641..6c3681a2d2 100644
--- a/src/libcharon/sa/authenticator.c
+++ b/src/libcharon/sa/authenticator.c
@@ -38,9 +38,7 @@ ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_DS, AUTH_DSS,
 	"secure password method",
 	"NULL authentication",
 	"digital signature");
-ENUM_NEXT(auth_method_names, AUTH_BLISS, AUTH_BLISS, AUTH_DS,
-	"BLISS signature");
-ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_BLISS,
+ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_DS,
 	"XAuthInitPSK",
 	"XAuthRespPSK",
 	"XAuthInitRSA",
@@ -104,7 +102,6 @@ authenticator_t *authenticator_create_verifier(
 		case AUTH_ECDSA_384:
 		case AUTH_ECDSA_521:
 		case AUTH_DS:
-		case AUTH_BLISS:
 			return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
 										sent_nonce, received_init, reserved);
 		case AUTH_PSK:
diff --git a/src/libcharon/sa/authenticator.h b/src/libcharon/sa/authenticator.h
index 33a007666e..97c042e714 100644
--- a/src/libcharon/sa/authenticator.h
+++ b/src/libcharon/sa/authenticator.h
@@ -89,11 +89,6 @@ enum auth_method_t {
 	 */
 	AUTH_DS = 14,
 
-	/**
-	 * BLISS Authentication Method
-	 */
-	AUTH_BLISS = 220,
-
 	/**
 	 * IKEv1 initiator XAUTH with PSK, outside of IANA range
 	 */
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index bd38196239..59e1670108 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -226,11 +226,6 @@ METHOD(authenticator_t, build, status_t,
 						return status;
 				}
 				break;
-			case KEY_BLISS:
-				/* we currently use SHA512 only */
-				scheme = SIGN_BLISS_WITH_SHA512;
-				auth_method = AUTH_BLISS;
-				break;
 			default:
 				DBG1(DBG_IKE, "private key of type %N not supported",
 					 key_type_names, private->get_type(private));
@@ -299,10 +294,6 @@ METHOD(authenticator_t, process, status_t,
 		case AUTH_ECDSA_521:
 			scheme = SIGN_ECDSA_521;
 			break;
-		case AUTH_BLISS:
-			key_type = KEY_BLISS;
-			scheme = SIGN_BLISS_WITH_SHA512;
-			break;
 		case AUTH_DS:
 			if (parse_signature_auth_data(&auth_data, &key_type, &scheme))
 			{
-- 
2.47.2