1 /* mechanisms for preshared keys (public, private, and preshared secrets)
2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * RCSID $Id: preshared.h,v 1.22 2002/03/22 04:13:53 dhr Exp $
17 #include <gmp.h> /* GNU MP library */
19 #ifndef SHARED_SECRETS_FILE
20 # define SHARED_SECRETS_FILE "/etc/ipsec.secrets"
23 extern const char *shared_secrets_file;
25 extern void load_preshared_secrets(void);
26 extern void free_preshared_secrets(void);
28 struct state; /* forward declaration */
32 /* PPK_DSS, */ /* not implemented */
36 extern const chunk_t *get_preshared_secret(struct connection *c);
40 char keyid[KEYID_BUF]; /* see ipsec_keyblobtoid(3) */
42 /* length of modulus n in octets: [RSA_MIN_OCTETS, RSA_MAX_OCTETS] */
47 n, /* modulus: p * q */
48 e; /* exponent: relatively prime to (p-1) * (q-1) [probably small] */
51 struct RSA_private_key {
52 struct RSA_public_key pub; /* must be at start for RSA_show_public_key */
55 d, /* private exponent: (e^-1) mod ((p-1) * (q-1)) */
56 /* help for Chinese Remainder Theorem speedup: */
57 p, /* first secret prime */
58 q, /* second secret prime */
59 dP, /* first factor's exponent: (e^-1) mod (p-1) == d mod (p-1) */
60 dQ, /* second factor's exponent: (e^-1) mod (q-1) == d mod (q-1) */
61 qInv; /* (q^-1) mod p */
64 extern void free_RSA_public_content(struct RSA_public_key *rsa);
66 extern err_t unpack_RSA_public_key(struct RSA_public_key *rsa, chunk_t *pubkey);
68 extern const struct RSA_private_key *get_RSA_private_key(struct connection *c);
70 /* public key machinery */
76 enum dns_auth_level dns_auth_level;
79 struct RSA_public_key rsa;
81 struct pubkeyrec *next;
84 extern struct pubkeyrec *pubkeys; /* keys from ipsec.conf */
86 extern struct pubkeyrec *public_key_from_rsa(const struct RSA_public_key *k);
87 extern struct pubkeyrec *free_public_key(struct pubkeyrec *p);
88 extern void free_public_keys(struct pubkeyrec **keys);
89 extern void free_remembered_public_keys(void);
90 extern void delete_public_keys(const struct id *id, enum pubkey_alg alg);
92 extern err_t add_public_key(const struct id *id
93 , enum dns_auth_level dns_auth_level
96 , struct pubkeyrec **head);
98 extern void add_x509_public_key(const x509cert_t *cert
99 , enum dns_auth_level dns_auth_level);
101 extern void remove_x509_public_key(const x509cert_t *cert);
102 extern void remember_public_keys(struct pubkeyrec **keys);
103 extern void list_public_keys(bool utc);
105 extern bool same_RSA_public_key(const struct RSA_public_key *a
106 , const struct RSA_public_key *b);