diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-06-08 20:49:45 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-06-08 20:49:45 +0000 |
| commit | c204deecaa6bf82af180d6572c9e114802efcd2a (patch) | |
| tree | 15a19b584add82ad5c7f527123dc5cc98756d098 /sbin | |
| parent | 2b6b82a6372d5fd0d03c82e54cdbfcab3519ac4d (diff) | |
cert.h: Merge with EOM 1.7
exchange.h: Merge with EOM 1.27
x509.h: Merge with EOM 1.10
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/cert.h | 6 | ||||
| -rw-r--r-- | sbin/isakmpd/exchange.h | 8 | ||||
| -rw-r--r-- | sbin/isakmpd/x509.h | 6 |
3 files changed, 12 insertions, 8 deletions
diff --git a/sbin/isakmpd/cert.h b/sbin/isakmpd/cert.h index f083c7827be..a3243bfbe96 100644 --- a/sbin/isakmpd/cert.h +++ b/sbin/isakmpd/cert.h @@ -1,5 +1,5 @@ -/* $OpenBSD: cert.h,v 1.4 1999/07/17 21:54:39 niklas Exp $ */ -/* $EOM: cert.h,v 1.6 1999/07/17 20:44:09 niklas Exp $ */ +/* $OpenBSD: cert.h,v 1.5 2000/06/08 20:49:44 niklas Exp $ */ +/* $EOM: cert.h,v 1.7 2000/05/19 05:47:52 angelos Exp $ */ /* * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. @@ -56,7 +56,7 @@ struct cert_handler { int (*cert_init) (void); void *(*cert_get) (u_int8_t *, u_int32_t); int (*cert_validate) (void *); - int (*cert_insert) (void *); + int (*cert_insert) (int, void *); void (*cert_free) (void *); int (*certreq_validate) (u_int8_t *, u_int32_t); void *(*certreq_decode) (u_int8_t *, u_int32_t); diff --git a/sbin/isakmpd/exchange.h b/sbin/isakmpd/exchange.h index ff5fe84f7d7..978a8d16253 100644 --- a/sbin/isakmpd/exchange.h +++ b/sbin/isakmpd/exchange.h @@ -1,5 +1,5 @@ -/* $OpenBSD: exchange.h,v 1.13 1999/07/17 21:54:39 niklas Exp $ */ -/* $EOM: exchange.h,v 1.26 1999/07/17 20:44:10 niklas Exp $ */ +/* $OpenBSD: exchange.h,v 1.14 2000/06/08 20:49:44 niklas Exp $ */ +/* $EOM: exchange.h,v 1.27 2000/05/19 05:47:52 angelos Exp $ */ /* * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. @@ -145,6 +145,9 @@ struct exchange { u_int8_t *id_r; size_t id_r_len; + /* Policy session identifier, where applicable */ + int policy_id; + /* Crypto info needed to encrypt/decrypt packets in this exchange. */ struct crypto_xf *crypto; int key_length; @@ -157,6 +160,7 @@ struct exchange { */ int recv_certtype, recv_certlen; void *recv_cert; + void *recv_key; /* XXX This is no longer necessary, it is covered by policy. */ diff --git a/sbin/isakmpd/x509.h b/sbin/isakmpd/x509.h index 2135e15633f..5991cd51dd3 100644 --- a/sbin/isakmpd/x509.h +++ b/sbin/isakmpd/x509.h @@ -1,5 +1,5 @@ -/* $OpenBSD: x509.h,v 1.6 2000/02/01 02:46:19 niklas Exp $ */ -/* $EOM: x509.h,v 1.9 2000/01/31 22:33:49 niklas Exp $ */ +/* $OpenBSD: x509.h,v 1.7 2000/06/08 20:49:44 niklas Exp $ */ +/* $EOM: x509.h,v 1.10 2000/05/19 05:47:53 angelos Exp $ */ /* * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. @@ -78,7 +78,7 @@ int x509_cert_get_subject (void *, u_int8_t **, u_int32_t *); /* Misc. X509 certificate functions. */ -int x509_cert_insert (void *); +int x509_cert_insert (int, void *); int x509_read_from_dir (X509_STORE *, char *, int); int x509_cert_subjectaltname (X509 *cert, u_char **, u_int *); |