strongswan.org
Wiki/Project Management
Downloads
Gitweb
projects
/
strongswan.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
353d10d
)
Pass the PKCS11 keyid as chunk, not as string
author
Martin Willi
<martin@revosec.ch>
Fri, 16 Jul 2010 08:48:29 +0000
(10:48 +0200)
committer
Martin Willi
<martin@revosec.ch>
Wed, 4 Aug 2010 07:26:20 +0000
(09:26 +0200)
src/libcharon/plugins/stroke/stroke_cred.c
patch
|
blob
|
history
src/libstrongswan/credentials/builder.h
patch
|
blob
|
history
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
patch
|
blob
|
history
src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
patch
|
blob
|
history
diff --git
a/src/libcharon/plugins/stroke/stroke_cred.c
b/src/libcharon/plugins/stroke/stroke_cred.c
index
d683afa
..
6f59dbe
100644
(file)
--- a/
src/libcharon/plugins/stroke/stroke_cred.c
+++ b/
src/libcharon/plugins/stroke/stroke_cred.c
@@
-932,6
+932,7
@@
static void load_secrets(private_stroke_cred_t *this, char *file, int level,
char smartcard[64], keyid[64], module[64], *pos;
private_key_t *key;
u_int slot;
char smartcard[64], keyid[64], module[64], *pos;
private_key_t *key;
u_int slot;
+ chunk_t chunk;
enum {
SC_FORMAT_SLOT_MODULE_KEYID,
SC_FORMAT_SLOT_KEYID,
enum {
SC_FORMAT_SLOT_MODULE_KEYID,
SC_FORMAT_SLOT_KEYID,
@@
-998,6
+999,7
@@
static void load_secrets(private_stroke_cred_t *this, char *file, int level,
goto error;
}
goto error;
}
+ chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
switch (format)
{
case SC_FORMAT_SLOT_MODULE_KEYID:
switch (format)
{
case SC_FORMAT_SLOT_MODULE_KEYID:
@@
-1005,23
+1007,24
@@
static void load_secrets(private_stroke_cred_t *this, char *file, int level,
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PKCS11_SLOT, slot,
BUILD_PKCS11_MODULE, module,
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PKCS11_SLOT, slot,
BUILD_PKCS11_MODULE, module,
- BUILD_PKCS11_KEYID,
keyid
,
+ BUILD_PKCS11_KEYID,
chunk
,
BUILD_PASSPHRASE, secret, BUILD_END);
break;
case SC_FORMAT_SLOT_KEYID:
key = lib->creds->create(lib->creds,
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PKCS11_SLOT, slot,
BUILD_PASSPHRASE, secret, BUILD_END);
break;
case SC_FORMAT_SLOT_KEYID:
key = lib->creds->create(lib->creds,
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PKCS11_SLOT, slot,
- BUILD_PKCS11_KEYID,
keyid
,
+ BUILD_PKCS11_KEYID,
chunk
,
BUILD_PASSPHRASE, secret, BUILD_END);
break;
case SC_FORMAT_KEYID:
key = lib->creds->create(lib->creds,
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PASSPHRASE, secret, BUILD_END);
break;
case SC_FORMAT_KEYID:
key = lib->creds->create(lib->creds,
CRED_PRIVATE_KEY, KEY_ANY,
- BUILD_PKCS11_KEYID,
keyid
,
+ BUILD_PKCS11_KEYID,
chunk
,
BUILD_PASSPHRASE, secret, BUILD_END);
break;
}
BUILD_PASSPHRASE, secret, BUILD_END);
break;
}
+ free(chunk.ptr);
if (key)
{
DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr);
if (key)
{
DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr);
diff --git
a/src/libstrongswan/credentials/builder.h
b/src/libstrongswan/credentials/builder.h
index
891c178
..
24d8ce8
100644
(file)
--- a/
src/libstrongswan/credentials/builder.h
+++ b/
src/libstrongswan/credentials/builder.h
@@
-107,7
+107,7
@@
enum builder_part_t {
BUILD_PKCS11_MODULE,
/** slot specifier for a token in a PKCS#11 module, int */
BUILD_PKCS11_SLOT,
BUILD_PKCS11_MODULE,
/** slot specifier for a token in a PKCS#11 module, int */
BUILD_PKCS11_SLOT,
- /** key ID of a key on a token,
null terminated char*
*/
+ /** key ID of a key on a token,
chunk_t
*/
BUILD_PKCS11_KEYID,
/** modulus (n) of a RSA key, chunk_t */
BUILD_RSA_MODULUS,
BUILD_PKCS11_KEYID,
/** modulus (n) of a RSA key, chunk_t */
BUILD_RSA_MODULUS,
diff --git
a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index
d596fcf
..
3bca342
100644
(file)
--- a/
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@
-451,9
+451,9
@@
openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
{
#ifndef OPENSSL_NO_ENGINE
private_openssl_rsa_private_key_t *this;
{
#ifndef OPENSSL_NO_ENGINE
private_openssl_rsa_private_key_t *this;
- char *
keyid = NULL, *
engine_id = NULL;
+ char *engine_id = NULL;
char keyname[64], pin[32];;
char keyname[64], pin[32];;
- chunk_t secret = chunk_empty;
+ chunk_t secret = chunk_empty
, keyid = chunk_empty;
;
EVP_PKEY *key;
ENGINE *engine;
int slot = -1;
EVP_PKEY *key;
ENGINE *engine;
int slot = -1;
@@
-463,7
+463,7
@@
openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
switch (va_arg(args, builder_part_t))
{
case BUILD_PKCS11_KEYID:
switch (va_arg(args, builder_part_t))
{
case BUILD_PKCS11_KEYID:
- keyid = va_arg(args, ch
ar*
);
+ keyid = va_arg(args, ch
unk_t
);
continue;
case BUILD_PASSPHRASE:
secret = va_arg(args, chunk_t);
continue;
case BUILD_PASSPHRASE:
secret = va_arg(args, chunk_t);
@@
-481,19
+481,22
@@
openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
}
break;
}
}
break;
}
- if (!keyid
|| !secret.len || !secret.ptr
)
+ if (!keyid
.len || keyid.len > 40 || !secret.len
)
{
return NULL;
}
{
return NULL;
}
- if (slot == -1)
+ memset(keyname, 0, sizeof(keyname));
+ if (slot != -1)
{
{
- snprintf(keyname, sizeof(keyname), "%
s", keyid
);
+ snprintf(keyname, sizeof(keyname), "%
d:", slot
);
}
}
- else
+ if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
{
{
-
snprintf(keyname, sizeof(keyname), "%d:%s", slot, keyid)
;
+
return NULL
;
}
}
+ chunk_to_hex(keyid, keyname + strlen(keyname), FALSE);
+
snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
if (!engine_id)
snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
if (!engine_id)
@@
-504,7
+507,7
@@
openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
engine = ENGINE_by_id(engine_id);
if (!engine)
{
engine = ENGINE_by_id(engine_id);
if (!engine)
{
- DBG
1
(DBG_LIB, "engine '%s' is not available", engine_id);
+ DBG
2
(DBG_LIB, "engine '%s' is not available", engine_id);
return NULL;
}
if (!ENGINE_init(engine))
return NULL;
}
if (!ENGINE_init(engine))
diff --git
a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index
cce6afb
..
0084fb4
100644
(file)
--- a/
src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/
src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@
-276,17
+276,18
@@
static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid)
pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
{
private_pkcs11_private_key_t *this;
pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
{
private_pkcs11_private_key_t *this;
- char *keyid = NULL, *module = NULL;
+ char *module = NULL;
+ chunk_t keyid, pin;
int slot = -1;
CK_RV rv;
int slot = -1;
CK_RV rv;
- chunk_t chunk, pin = chunk_empty;
+ keyid = pin = chunk_empty;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
case BUILD_PKCS11_KEYID:
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
case BUILD_PKCS11_KEYID:
- keyid = va_arg(args, ch
ar*
);
+ keyid = va_arg(args, ch
unk_t
);
continue;
case BUILD_PASSPHRASE:
pin = va_arg(args, chunk_t);
continue;
case BUILD_PASSPHRASE:
pin = va_arg(args, chunk_t);
@@
-304,7
+305,7
@@
pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
}
break;
}
}
break;
}
- if (!keyid
|| !pin.ptr
|| !pin.len || !module || slot == -1)
+ if (!keyid
.len
|| !pin.len || !module || slot == -1)
{ /* we currently require all parameters, TODO: search for pubkeys */
return NULL;
}
{ /* we currently require all parameters, TODO: search for pubkeys */
return NULL;
}
@@
-356,14
+357,11
@@
pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
return NULL;
}
return NULL;
}
- chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
- if (!find_key(this, chunk))
+ if (!find_key(this, keyid))
{
{
- free(chunk.ptr);
destroy(this);
return NULL;
}
destroy(this);
return NULL;
}
- free(chunk.ptr);
return &this->public;
}
return &this->public;
}
projects / strongswan.git / commitdiff