PLUGINS = \
kernel-netlink \
pem \
- pkcs1 \
socket-default \
openssl \
stroke
#include "tkm_kernel_ipsec.h"
#include "tkm_public_key.h"
#include "tkm_cred.h"
+#include "tkm_encoder.h"
/**
* TKM bus listener for IKE authorize events.
creds = tkm_cred_create();
lib->credmgr->add_set(lib->credmgr, (credential_set_t*)creds);
+ /* register TKM credential encoder */
+ lib->encoding->add_encoder(lib->encoding, tkm_encoder_encode);
+
/* add handler for SEGV and ILL,
* INT and TERM are handled by sigwait() in run() */
action.sa_handler = segv_handler;
charon->bus->remove_listener(charon->bus, &listener->listener);
listener->destroy(listener);
creds->destroy(creds);
+ lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode);
deinit:
libcharon_deinit();
--- /dev/null
+/*
+ * Copyright (C) 2013 Reto Buerki
+ * Copyright (C) 2013 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <utils/debug.h>
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+
+#include "tkm_encoder.h"
+
+/**
+ * Build the SHA1 hash of pubkey(info) ASN.1 data.
+ */
+static bool hash_pubkey(chunk_t pubkey, chunk_t *hash)
+{
+ hasher_t *hasher;
+
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher || !hasher->allocate_hash(hasher, pubkey, hash))
+ {
+ DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
+ "fingerprinting failed");
+ DESTROY_IF(hasher);
+ chunk_free(&pubkey);
+ return FALSE;
+ }
+ hasher->destroy(hasher);
+ chunk_free(&pubkey);
+ return TRUE;
+}
+
+/**
+ * Encode the public key blob into subjectPublicKeyInfo.
+ */
+static bool build_pub_info(chunk_t *encoding, va_list args)
+{
+ chunk_t blob;
+
+ if (cred_encoding_args(args, CRED_PART_RSA_PUB_ASN1_DER, &blob,
+ CRED_PART_END))
+ {
+ *encoding = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
+ asn1_bitstring("c", blob));
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Build the fingerprint of the subjectPublicKeyInfo object.
+ */
+static bool build_info_sha1(chunk_t *encoding, va_list args)
+{
+ chunk_t pubkey;
+
+ if (build_pub_info(&pubkey, args))
+ {
+ return hash_pubkey(pubkey, encoding);
+ }
+ return FALSE;
+}
+
+/**
+ * Build the fingerprint of the subjectPublicKey object.
+ */
+static bool build_sha1(chunk_t *encoding, va_list args)
+{
+ chunk_t blob;
+
+ if (cred_encoding_args(args, CRED_PART_RSA_PUB_ASN1_DER, &blob,
+ CRED_PART_END))
+ {
+ return hash_pubkey(chunk_clone(blob), encoding);
+ }
+ return FALSE;
+}
+
+/**
+ * See header.
+ */
+bool tkm_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
+ va_list args)
+{
+ switch (type)
+ {
+ case KEYID_PUBKEY_INFO_SHA1:
+ return build_info_sha1(encoding, args);
+ case KEYID_PUBKEY_SHA1:
+ return build_sha1(encoding, args);
+ default:
+ return FALSE;
+ }
+}
--- /dev/null
+/*
+ * Copyright (C) 2013 Reto Buerki
+ * Copyright (C) 2013 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef TKM_ENCODER_H_
+#define TKM_ENCODER_H_
+
+#include <credentials/cred_encoding.h>
+
+/**
+ * Encoding function for TKM key fingerprints.
+ */
+bool tkm_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
+ va_list args);
+
+#endif /** TKM_ENCODER_H_ */
/*
- * Copyright (C) 2012 Reto Buerki
- * Copyright (C) 2012 Adrian-Ken Rueegsegger
+ * Copyright (C) 2012-2013 Reto Buerki
+ * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* for more details.
*/
-#include <utils/debug.h>
-
#include "tkm_public_key.h"
typedef struct private_tkm_public_key_t private_tkm_public_key_t;
tkm_public_key_t public;
/**
- * Public modulus.
+ * ASN.1 blob of pubkey.
*/
- chunk_t n;
-
- /**
- * Public exponent.
- */
- chunk_t e;
+ chunk_t asn_blob;
/**
* Reference count.
return TRUE;
}
return lib->encoding->encode(lib->encoding, type, this, fp,
- CRED_PART_RSA_MODULUS, this->n,
- CRED_PART_RSA_PUB_EXP, this->e,
+ CRED_PART_RSA_PUB_ASN1_DER, this->asn_blob,
CRED_PART_END);
}
if (ref_put(&this->ref))
{
lib->encoding->clear_cache(lib->encoding, this);
- chunk_free(&this->n);
- chunk_free(&this->e);
+ chunk_free(&this->asn_blob);
free(this);
}
}
tkm_public_key_t *tkm_public_key_load(key_type_t type, va_list args)
{
private_tkm_public_key_t *this;
- chunk_t n, e;
+ chunk_t blob = chunk_empty;
- n = e = chunk_empty;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
- case BUILD_RSA_MODULUS:
- n = va_arg(args, chunk_t);
- continue;
- case BUILD_RSA_PUB_EXP:
- e = va_arg(args, chunk_t);
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
continue;
case BUILD_END:
break;
break;
}
- if (!e.ptr || !n.ptr)
+ if (!blob.ptr)
{
return NULL;
}
},
},
.ref = 1,
- .n = chunk_clone(n),
- .e = chunk_clone(e),
+ .asn_blob = chunk_clone(blob),
);
return &this->public;