pkcs11: Make public key operations on tokens optional.
authorTobias Brunner <tobias@strongswan.org>
Thu, 3 Nov 2011 16:56:40 +0000 (17:56 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 3 Nov 2011 16:56:40 +0000 (17:56 +0100)
src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c

index fc085e6..183fce5 100644 (file)
@@ -200,17 +200,6 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(DH, MODP_768_BIT),
                        PLUGIN_PROVIDE(DH, MODP_CUSTOM),
        };
                        PLUGIN_PROVIDE(DH, MODP_768_BIT),
                        PLUGIN_PROVIDE(DH, MODP_CUSTOM),
        };
-       static plugin_feature_t f_rng[] = {
-               PLUGIN_REGISTER(RNG, pkcs11_rng_create),
-                       PLUGIN_PROVIDE(RNG, RNG_STRONG),
-                       PLUGIN_PROVIDE(RNG, RNG_TRUE),
-       };
-       static plugin_feature_t f_key[] = {
-               PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE),
-                       PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
-               PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE),
-                       PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
-       };
        static plugin_feature_t f_ecdh[] = {
                PLUGIN_REGISTER(DH, pkcs11_dh_create),
                        PLUGIN_PROVIDE(DH, ECP_192_BIT),
        static plugin_feature_t f_ecdh[] = {
                PLUGIN_REGISTER(DH, pkcs11_dh_create),
                        PLUGIN_PROVIDE(DH, ECP_192_BIT),
@@ -219,9 +208,18 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(DH, ECP_384_BIT),
                        PLUGIN_PROVIDE(DH, ECP_521_BIT),
        };
                        PLUGIN_PROVIDE(DH, ECP_384_BIT),
                        PLUGIN_PROVIDE(DH, ECP_521_BIT),
        };
-       static plugin_feature_t f_ecdsa[] = {
-               /* *_connect is already registered for KEY_ANY */
+       static plugin_feature_t f_rng[] = {
+               PLUGIN_REGISTER(RNG, pkcs11_rng_create),
+                       PLUGIN_PROVIDE(RNG, RNG_STRONG),
+                       PLUGIN_PROVIDE(RNG, RNG_TRUE),
+       };
+       static plugin_feature_t f_privkey[] = {
+               PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE),
+                       PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+       };
+       static plugin_feature_t f_pubkey[] = {
                PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE),
                PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE),
+                       PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
                        PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
        };
        static plugin_feature_t f_manager[] = {
                        PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
        };
        static plugin_feature_t f_manager[] = {
@@ -230,8 +228,8 @@ METHOD(plugin_t, get_features, int,
                                PLUGIN_DEPENDS(CERT_DECODE, CERT_X509),
        };
        static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) +
                                PLUGIN_DEPENDS(CERT_DECODE, CERT_X509),
        };
        static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) +
-                                                         countof(f_key) + countof(f_ecdh) +
-                                                         countof(f_ecdsa) + countof(f_manager)] = {};
+                                                         countof(f_ecdh) + countof(f_privkey) +
+                                                         countof(f_pubkey) + countof(f_manager)] = {};
        static int count = 0;
 
        if (!count)
        static int count = 0;
 
        if (!count)
@@ -239,7 +237,14 @@ METHOD(plugin_t, get_features, int,
                bool use_ecc = lib->settings->get_bool(lib->settings,
                                                        "libstrongswan.plugins.pkcs11.use_ecc", FALSE);
                add_features(f, f_manager, countof(f_manager), &count);
                bool use_ecc = lib->settings->get_bool(lib->settings,
                                                        "libstrongswan.plugins.pkcs11.use_ecc", FALSE);
                add_features(f, f_manager, countof(f_manager), &count);
-               add_features(f, f_key, countof(f_key), &count);
+               /* private key handling for EC keys is not disabled by use_ecc */
+               add_features(f, f_privkey, countof(f_privkey), &count);
+               if (lib->settings->get_bool(lib->settings,
+                                                       "libstrongswan.plugins.pkcs11.use_pubkey", FALSE))
+               {
+                       add_features(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1),
+                                                &count);
+               }
                if (lib->settings->get_bool(lib->settings,
                                                        "libstrongswan.plugins.pkcs11.use_hasher", FALSE))
                {
                if (lib->settings->get_bool(lib->settings,
                                                        "libstrongswan.plugins.pkcs11.use_hasher", FALSE))
                {
@@ -259,10 +264,6 @@ METHOD(plugin_t, get_features, int,
                                add_features(f, f_ecdh, countof(f_ecdh), &count);
                        }
                }
                                add_features(f, f_ecdh, countof(f_ecdh), &count);
                        }
                }
-               if (use_ecc)
-               {
-                       add_features(f, f_ecdsa, countof(f_ecdsa), &count);
-               }
        }
        *features = f;
        return count;
        }
        *features = f;
        return count;