ikev2: Remove private AUTH_BLISS method
authorTobias Brunner <tobias@strongswan.org>
Tue, 24 Feb 2015 15:53:02 +0000 (16:53 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 4 Mar 2015 12:54:09 +0000 (13:54 +0100)
We use the new signature authentication instead for this.  This is not
backward compatible but we only released one version with BLISS support,
and the key format will change anyway with the next release.

src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c

index 5ceae0d..6c3681a 100644 (file)
@@ -38,9 +38,7 @@ ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_DS, AUTH_DSS,
        "secure password method",
        "NULL authentication",
        "digital signature");
-ENUM_NEXT(auth_method_names, AUTH_BLISS, AUTH_BLISS, AUTH_DS,
-       "BLISS signature");
-ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_BLISS,
+ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_DS,
        "XAuthInitPSK",
        "XAuthRespPSK",
        "XAuthInitRSA",
@@ -104,7 +102,6 @@ authenticator_t *authenticator_create_verifier(
                case AUTH_ECDSA_384:
                case AUTH_ECDSA_521:
                case AUTH_DS:
-               case AUTH_BLISS:
                        return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
                                                                                sent_nonce, received_init, reserved);
                case AUTH_PSK:
index 33a0076..97c042e 100644 (file)
@@ -90,11 +90,6 @@ enum auth_method_t {
        AUTH_DS = 14,
 
        /**
-        * BLISS Authentication Method
-        */
-       AUTH_BLISS = 220,
-
-       /**
         * IKEv1 initiator XAUTH with PSK, outside of IANA range
         */
        AUTH_XAUTH_INIT_PSK = 256,
index bd38196..59e1670 100644 (file)
@@ -226,11 +226,6 @@ METHOD(authenticator_t, build, status_t,
                                                return status;
                                }
                                break;
-                       case KEY_BLISS:
-                               /* we currently use SHA512 only */
-                               scheme = SIGN_BLISS_WITH_SHA512;
-                               auth_method = AUTH_BLISS;
-                               break;
                        default:
                                DBG1(DBG_IKE, "private key of type %N not supported",
                                         key_type_names, private->get_type(private));
@@ -299,10 +294,6 @@ METHOD(authenticator_t, process, status_t,
                case AUTH_ECDSA_521:
                        scheme = SIGN_ECDSA_521;
                        break;
-               case AUTH_BLISS:
-                       key_type = KEY_BLISS;
-                       scheme = SIGN_BLISS_WITH_SHA512;
-                       break;
                case AUTH_DS:
                        if (parse_signature_auth_data(&auth_data, &key_type, &scheme))
                        {