src/pki/pki.c

   1 /*
   2  * Copyright (C) 2009 Martin Willi
   3  * Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "command.h"
  17 #include "pki.h"
  18
  19 #include <unistd.h>
  20
  21 #include <debug.h>
  22 #include <credentials/sets/callback_cred.h>
  23
  24 /**
  25  * Convert a form string to a encoding type
  26  */
  27 bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type)
  28 {
  29         if (streq(form, "der"))
  30         {
  31                 switch (type)
  32                 {
  33                         case CRED_CERTIFICATE:
  34                                 *enc = CERT_ASN1_DER;
  35                                 return TRUE;
  36                         case CRED_PRIVATE_KEY:
  37                                 *enc = PRIVKEY_ASN1_DER;
  38                                 return TRUE;
  39                         case CRED_PUBLIC_KEY:
  40                                 /* der encoded keys usually contain the complete
  41                                  * SubjectPublicKeyInfo */
  42                                 *enc = PUBKEY_SPKI_ASN1_DER;
  43                                 return TRUE;
  44                         default:
  45                                 return FALSE;
  46                 }
  47         }
  48         else if (streq(form, "pem"))
  49         {
  50                 switch (type)
  51                 {
  52                         case CRED_CERTIFICATE:
  53                                 *enc = CERT_PEM;
  54                                 return TRUE;
  55                         case CRED_PRIVATE_KEY:
  56                                 *enc = PRIVKEY_PEM;
  57                                 return TRUE;
  58                         case CRED_PUBLIC_KEY:
  59                                 *enc = PUBKEY_PEM;
  60                                 return TRUE;
  61                         default:
  62                                 return FALSE;
  63                 }
  64         }
  65         else if (streq(form, "pgp"))
  66         {
  67                 switch (type)
  68                 {
  69                         case CRED_PRIVATE_KEY:
  70                                 *enc = PRIVKEY_PGP;
  71                                 return TRUE;
  72                         case CRED_PUBLIC_KEY:
  73                                 *enc = PUBKEY_PGP;
  74                                 return TRUE;
  75                         default:
  76                                 return FALSE;
  77                 }
  78         }
  79         return FALSE;
  80 }
  81
  82 /**
  83  * Convert a digest string to a hash algorithm
  84  */
  85 hash_algorithm_t get_digest(char *name)
  86 {
  87         if (streq(name, "md5"))
  88         {
  89                 return HASH_MD5;
  90         }
  91         if (streq(name, "sha1"))
  92         {
  93                 return HASH_SHA1;
  94         }
  95         if (streq(name, "sha224"))
  96         {
  97                 return HASH_SHA224;
  98         }
  99         if (streq(name, "sha256"))
 100         {
 101                 return HASH_SHA256;
 102         }
 103         if (streq(name, "sha384"))
 104         {
 105                 return HASH_SHA384;
 106         }
 107         if (streq(name, "sha512"))
 108         {
 109                 return HASH_SHA512;
 110         }
 111         return HASH_UNKNOWN;
 112 }
 113
 114 /**
 115  * Callback credential set pki uses
 116  */
 117 static callback_cred_t *cb_set;
 118
 119 /**
 120  * Callback function to receive credentials
 121  */
 122 static shared_key_t* cb(void *data, shared_key_type_t type,
 123                                                 identification_t *me, identification_t *other,
 124                                                 id_match_t *match_me, id_match_t *match_other)
 125 {
 126         char buf[64], *label, *secret;
 127
 128         switch (type)
 129         {
 130                 case SHARED_PIN:
 131                         label = "Smartcard PIN";
 132                         break;
 133                 case SHARED_PRIVATE_KEY_PASS:
 134                         label = "Private key passphrase";
 135                         break;
 136                 default:
 137                         return NULL;
 138         }
 139         snprintf(buf, sizeof(buf), "%s: ", label);
 140         secret = getpass(buf);
 141         if (secret)
 142         {
 143                 if (match_me)
 144                 {
 145                         *match_me = ID_MATCH_PERFECT;
 146                 }
 147                 if (match_other)
 148                 {
 149                         *match_other = ID_MATCH_NONE;
 150                 }
 151                 return shared_key_create(type,
 152                                                         chunk_clone(chunk_create(secret, strlen(secret))));
 153         }
 154         return NULL;
 155 }
 156
 157 /**
 158  * Register PIN/Passphrase callback function
 159  */
 160 static void add_callback()
 161 {
 162         cb_set = callback_cred_create_shared(cb, NULL);
 163         lib->credmgr->add_set(lib->credmgr, &cb_set->set);
 164 }
 165
 166 /**
 167  * Unregister PIN/Passphrase callback function
 168  */
 169 static void remove_callback()
 170 {
 171         lib->credmgr->remove_set(lib->credmgr, &cb_set->set);
 172         cb_set->destroy(cb_set);
 173 }
 174
 175 /**
 176  * Library initialization and operation parsing
 177  */
 178 int main(int argc, char *argv[])
 179 {
 180         atexit(library_deinit);
 181         if (!library_init(NULL))
 182         {
 183                 exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 184         }
 185         if (lib->integrity &&
 186                 !lib->integrity->check_file(lib->integrity, "pki", argv[0]))
 187         {
 188                 fprintf(stderr, "integrity check of pki failed\n");
 189                 exit(SS_RC_DAEMON_INTEGRITY);
 190         }
 191         if (!lib->plugins->load(lib->plugins, NULL,
 192                         lib->settings->get_str(lib->settings, "pki.load", PLUGINS)))
 193         {
 194                 exit(SS_RC_INITIALIZATION_FAILED);
 195         }
 196
 197         add_callback();
 198         atexit(remove_callback);
 199         return command_dispatch(argc, argv);
 200 }
 201