1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
/* mechanisms for preshared keys (public, private, and preshared secrets)
* Copyright (C) 1998-2002 D. Hugh Redelmeier.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* RCSID $Id: keys.h,v 1.30 2003/06/18 15:17:21 dhr Exp $
*/
#include <gmp.h> /* GNU MP library */
#ifndef SHARED_SECRETS_FILE
# define SHARED_SECRETS_FILE "/etc/ipsec.secrets"
#endif
const char *shared_secrets_file;
extern void load_preshared_secrets(void);
extern void free_preshared_secrets(void);
struct state; /* forward declaration */
enum PrivateKeyKind {
PPK_PSK,
/* PPK_DSS, */ /* not implemented */
PPK_RSA
};
extern const chunk_t *get_preshared_secret(const struct connection *c);
struct RSA_public_key
{
char keyid[KEYID_BUF]; /* see ipsec_keyblobtoid(3) */
/* length of modulus n in octets: [RSA_MIN_OCTETS, RSA_MAX_OCTETS] */
unsigned k;
/* public: */
MP_INT
n, /* modulus: p * q */
e; /* exponent: relatively prime to (p-1) * (q-1) [probably small] */
};
struct RSA_private_key {
struct RSA_public_key pub; /* must be at start for RSA_show_public_key */
MP_INT
d, /* private exponent: (e^-1) mod ((p-1) * (q-1)) */
/* help for Chinese Remainder Theorem speedup: */
p, /* first secret prime */
q, /* second secret prime */
dP, /* first factor's exponent: (e^-1) mod (p-1) == d mod (p-1) */
dQ, /* second factor's exponent: (e^-1) mod (q-1) == d mod (q-1) */
qInv; /* (q^-1) mod p */
};
extern void free_RSA_public_content(struct RSA_public_key *rsa);
extern err_t unpack_RSA_public_key(struct RSA_public_key *rsa, const chunk_t *pubkey);
extern const struct RSA_private_key *get_RSA_private_key(const struct connection *c);
/* public key machinery */
struct pubkey {
struct id id;
unsigned refcnt; /* reference counted! */
enum dns_auth_level dns_auth_level;
char *dns_sig;
time_t created_time
, last_tried_time
, last_worked_time;
enum pubkey_alg alg;
union {
struct RSA_public_key rsa;
} u;
};
struct pubkey_list {
struct pubkey *key;
struct pubkey_list *next;
};
extern struct pubkey_list *pubkeys; /* keys from ipsec.conf */
extern struct pubkey *public_key_from_rsa(const struct RSA_public_key *k);
extern struct pubkey_list *free_public_keyentry(struct pubkey_list *p);
extern void free_public_keys(struct pubkey_list **keys);
extern void free_remembered_public_keys(void);
extern void delete_public_keys(const struct id *id, enum pubkey_alg alg);
extern struct pubkey *reference_key(struct pubkey *pk);
extern void unreference_key(struct pubkey **pkp);
extern err_t add_public_key(const struct id *id
, enum dns_auth_level dns_auth_level
, enum pubkey_alg alg
, const chunk_t *key
, struct pubkey_list **head);
extern void transfer_to_public_keys(struct gw_info *gateways_from_dns
#ifdef USE_KEYRR
, struct pubkey_list **keys
#endif /* USE_KEYRR */
);
extern bool same_RSA_public_key(const struct RSA_public_key *a
, const struct RSA_public_key *b);
|
