implemented xauth as a pluto plugin
[strongswan.git] / src / pluto / keys.h
1 /* mechanisms for preshared keys (public, private, and preshared secrets)
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
3 * Copyright (C) 2009 Andreas Steffen, Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #ifndef _KEYS_H
17 #define _KEYS_H
18
19 #include <utils/identification.h>
20 #include <credentials/keys/private_key.h>
21 #include <credentials/keys/public_key.h>
22
23 #include "certs.h"
24 #include "connections.h"
25
26 #ifndef SHARED_SECRETS_FILE
27 # define SHARED_SECRETS_FILE IPSEC_CONFDIR "/ipsec.secrets"
28 #endif
29
30 const char *shared_secrets_file;
31
32 extern void load_preshared_secrets(int whackfd);
33 extern void free_preshared_secrets(void);
34
35 extern void xauth_defaults(void);
36
37 extern bool get_xauth_secret(identification_t *user, identification_t *server,
38 chunk_t *secret);
39 extern const chunk_t *get_preshared_secret(const connection_t *c);
40 extern private_key_t *get_private_key(const connection_t *c);
41 extern private_key_t *get_x509_private_key(const cert_t *cert);
42
43 /* public key machinery */
44
45 typedef struct pubkey pubkey_t;
46
47 struct pubkey {
48 identification_t *id;
49 unsigned refcnt; /* reference counted! */
50 enum dns_auth_level dns_auth_level;
51 char *dns_sig;
52 time_t last_tried_time, last_worked_time, until_time;
53 identification_t *issuer;
54 chunk_t serial;
55 public_key_t *public_key;
56 };
57
58 typedef struct pubkey_list pubkey_list_t;
59
60 struct pubkey_list {
61 pubkey_t *key;
62 pubkey_list_t *next;
63 };
64
65 extern pubkey_list_t *pubkeys; /* keys from ipsec.conf or from certs */
66
67 extern pubkey_t *public_key_from_rsa(public_key_t *key);
68 extern pubkey_list_t *free_public_keyentry(pubkey_list_t *p);
69 extern void free_public_keys(pubkey_list_t **keys);
70 extern void free_remembered_public_keys(void);
71 extern void delete_public_keys(identification_t *id, key_type_t type,
72 identification_t *issuer, chunk_t serial);
73 extern pubkey_t *reference_key(pubkey_t *pk);
74 extern void unreference_key(pubkey_t **pkp);
75 extern bool add_public_key(identification_t *id,
76 enum dns_auth_level dns_auth_level,
77 enum pubkey_alg alg,
78 chunk_t rfc3110_key,
79 pubkey_list_t **head);
80 extern bool has_private_key(cert_t *cert);
81 extern void add_public_key_from_cert(cert_t *cert, time_t until,
82 enum dns_auth_level dns_auth_level);
83 extern void remove_x509_public_key(const cert_t *cert);
84 extern void list_public_keys(bool utc);
85
86 struct gw_info; /* forward declaration of tag (defined in dnskey.h) */
87 extern void transfer_to_public_keys(struct gw_info *gateways_from_dns
88 #ifdef USE_KEYRR
89 , pubkey_list_t **keys
90 #endif /* USE_KEYRR */
91 );
92
93 #endif /* _KEYS_H */