Build dedicated plugin lists for each strongSwan component
[strongswan.git] / src / pki / pki.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "command.h"
17 #include "pki.h"
18
19 #include <unistd.h>
20
21 #include <debug.h>
22 #include <credentials/sets/callback_cred.h>
23
24 /**
25 * Convert a form string to a encoding type
26 */
27 bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type)
28 {
29 if (streq(form, "der"))
30 {
31 switch (type)
32 {
33 case CRED_CERTIFICATE:
34 *enc = CERT_ASN1_DER;
35 return TRUE;
36 case CRED_PRIVATE_KEY:
37 *enc = PRIVKEY_ASN1_DER;
38 return TRUE;
39 case CRED_PUBLIC_KEY:
40 /* der encoded keys usually contain the complete
41 * SubjectPublicKeyInfo */
42 *enc = PUBKEY_SPKI_ASN1_DER;
43 return TRUE;
44 default:
45 return FALSE;
46 }
47 }
48 else if (streq(form, "pem"))
49 {
50 switch (type)
51 {
52 case CRED_CERTIFICATE:
53 *enc = CERT_PEM;
54 return TRUE;
55 case CRED_PRIVATE_KEY:
56 *enc = PRIVKEY_PEM;
57 return TRUE;
58 case CRED_PUBLIC_KEY:
59 *enc = PUBKEY_PEM;
60 return TRUE;
61 default:
62 return FALSE;
63 }
64 }
65 else if (streq(form, "pgp"))
66 {
67 switch (type)
68 {
69 case CRED_PRIVATE_KEY:
70 *enc = PRIVKEY_PGP;
71 return TRUE;
72 case CRED_PUBLIC_KEY:
73 *enc = PUBKEY_PGP;
74 return TRUE;
75 default:
76 return FALSE;
77 }
78 }
79 return FALSE;
80 }
81
82 /**
83 * Convert a digest string to a hash algorithm
84 */
85 hash_algorithm_t get_digest(char *name)
86 {
87 if (streq(name, "md5"))
88 {
89 return HASH_MD5;
90 }
91 if (streq(name, "sha1"))
92 {
93 return HASH_SHA1;
94 }
95 if (streq(name, "sha224"))
96 {
97 return HASH_SHA224;
98 }
99 if (streq(name, "sha256"))
100 {
101 return HASH_SHA256;
102 }
103 if (streq(name, "sha384"))
104 {
105 return HASH_SHA384;
106 }
107 if (streq(name, "sha512"))
108 {
109 return HASH_SHA512;
110 }
111 return HASH_UNKNOWN;
112 }
113
114 /**
115 * Callback credential set pki uses
116 */
117 static callback_cred_t *cb_set;
118
119 /**
120 * Callback function to receive credentials
121 */
122 static shared_key_t* cb(void *data, shared_key_type_t type,
123 identification_t *me, identification_t *other,
124 id_match_t *match_me, id_match_t *match_other)
125 {
126 char buf[64], *label, *secret;
127
128 switch (type)
129 {
130 case SHARED_PIN:
131 label = "Smartcard PIN";
132 break;
133 case SHARED_PRIVATE_KEY_PASS:
134 label = "Private key passphrase";
135 break;
136 default:
137 return NULL;
138 }
139 snprintf(buf, sizeof(buf), "%s: ", label);
140 secret = getpass(buf);
141 if (secret)
142 {
143 if (match_me)
144 {
145 *match_me = ID_MATCH_PERFECT;
146 }
147 if (match_other)
148 {
149 *match_other = ID_MATCH_NONE;
150 }
151 return shared_key_create(type,
152 chunk_clone(chunk_create(secret, strlen(secret))));
153 }
154 return NULL;
155 }
156
157 /**
158 * Register PIN/Passphrase callback function
159 */
160 static void add_callback()
161 {
162 cb_set = callback_cred_create_shared(cb, NULL);
163 lib->credmgr->add_set(lib->credmgr, &cb_set->set);
164 }
165
166 /**
167 * Unregister PIN/Passphrase callback function
168 */
169 static void remove_callback()
170 {
171 lib->credmgr->remove_set(lib->credmgr, &cb_set->set);
172 cb_set->destroy(cb_set);
173 }
174
175 /**
176 * Library initialization and operation parsing
177 */
178 int main(int argc, char *argv[])
179 {
180 atexit(library_deinit);
181 if (!library_init(NULL))
182 {
183 exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
184 }
185 if (lib->integrity &&
186 !lib->integrity->check_file(lib->integrity, "pki", argv[0]))
187 {
188 fprintf(stderr, "integrity check of pki failed\n");
189 exit(SS_RC_DAEMON_INTEGRITY);
190 }
191 if (!lib->plugins->load(lib->plugins, NULL,
192 lib->settings->get_str(lib->settings, "pki.load", PLUGINS)))
193 {
194 exit(SS_RC_INITIALIZATION_FAILED);
195 }
196
197 add_callback();
198 atexit(remove_callback);
199 return command_dispatch(argc, argv);
200 }
201