From: Martin Willi Date: Mon, 29 Apr 2013 09:19:57 +0000 (+0200) Subject: keychain: add a stub for a credential plugin using OS X Keychain Services X-Git-Tag: 5.1.0rc1~25^2~32 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7b8edabd8a6ff47d33f3ca47915179b073c72ec7;p=thirdparty%2Fstrongswan.git keychain: add a stub for a credential plugin using OS X Keychain Services --- diff --git a/configure.in b/configure.in index 53d06a3b48..f1524c24b5 100644 --- a/configure.in +++ b/configure.in @@ -218,6 +218,7 @@ ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.]) ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.]) ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) ARG_ENABL_SET([agent], [enables the ssh-agent signing plugin.]) +ARG_ENABL_SET([keychain], [enables OS X Keychain Services credential set.]) ARG_ENABL_SET([pkcs11], [enables the PKCS11 token support plugin.]) ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.]) ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.]) @@ -1012,6 +1013,7 @@ ADD_PLUGIN([af-alg], [s charon openac scepclient pki scripts medsr ADD_PLUGIN([fips-prf], [s charon nm cmd]) ADD_PLUGIN([gmp], [s charon openac scepclient pki scripts manager medsrv attest nm cmd]) ADD_PLUGIN([agent], [s charon nm cmd]) +ADD_PLUGIN([keychain], [s charon cmd]) ADD_PLUGIN([xcbc], [s charon nm cmd]) ADD_PLUGIN([cmac], [s charon nm cmd]) ADD_PLUGIN([hmac], [s charon scripts nm cmd]) @@ -1148,6 +1150,7 @@ AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue) AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue) AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue) AM_CONDITIONAL(USE_AGENT, test x$agent = xtrue) +AM_CONDITIONAL(USE_KEYCHAIN, test x$keychain = xtrue) AM_CONDITIONAL(USE_PKCS11, test x$pkcs11 = xtrue) AM_CONDITIONAL(USE_CTR, test x$ctr = xtrue) AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue) @@ -1349,6 +1352,7 @@ AC_CONFIG_FILES([ src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile + src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index bde5f710a3..82d2159ce9 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -423,6 +423,13 @@ if MONOLITHIC endif endif +if USE_KEYCHAIN + SUBDIRS += plugins/keychain +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/keychain/libstrongswan-keychain.la +endif +endif + if USE_PKCS11 SUBDIRS += plugins/pkcs11 if MONOLITHIC diff --git a/src/libstrongswan/plugins/keychain/Makefile.am b/src/libstrongswan/plugins/keychain/Makefile.am new file mode 100644 index 0000000000..e0d25b686f --- /dev/null +++ b/src/libstrongswan/plugins/keychain/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-keychain.la +else +plugin_LTLIBRARIES = libstrongswan-keychain.la +endif + +libstrongswan_keychain_la_SOURCES = \ + keychain_plugin.h keychain_plugin.c \ + keychain_creds.h keychain_creds.c + +libstrongswan_keychain_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/keychain/keychain_creds.c b/src/libstrongswan/plugins/keychain/keychain_creds.c new file mode 100644 index 0000000000..d3331fa407 --- /dev/null +++ b/src/libstrongswan/plugins/keychain/keychain_creds.c @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "keychain_creds.h" + +#include + +typedef struct private_keychain_creds_t private_keychain_creds_t; + +/** + * Private data of an keychain_creds_t object. + */ +struct private_keychain_creds_t { + + /** + * Public keychain_creds_t interface. + */ + keychain_creds_t public; +}; + +METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, + private_keychain_creds_t *this, certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + return enumerator_create_empty(); +} + +METHOD(keychain_creds_t, destroy, void, + private_keychain_creds_t *this) +{ + free(this); +} + +/** + * See header + */ +keychain_creds_t *keychain_creds_create() +{ + private_keychain_creds_t *this; + + INIT(this, + .public = { + .set = { + .create_shared_enumerator = (void*)enumerator_create_empty, + .create_private_enumerator = (void*)enumerator_create_empty, + .create_cert_enumerator = _create_cert_enumerator, + .create_cdp_enumerator = (void*)enumerator_create_empty, + .cache_cert = (void*)nop, + }, + .destroy = _destroy, + }, + ); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/keychain/keychain_creds.h b/src/libstrongswan/plugins/keychain/keychain_creds.h new file mode 100644 index 0000000000..f2ca5d75c8 --- /dev/null +++ b/src/libstrongswan/plugins/keychain/keychain_creds.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup keychain_creds keychain_creds + * @{ @ingroup keychain + */ + +#ifndef KEYCHAIN_CREDS_H_ +#define KEYCHAIN_CREDS_H_ + +typedef struct keychain_creds_t keychain_creds_t; + +#include + +/** + * Credential set using OS X Keychain Services. + */ +struct keychain_creds_t { + + /** + * Implements credential_set_t. + */ + credential_set_t set; + + /** + * Destroy a keychain_creds_t. + */ + void (*destroy)(keychain_creds_t *this); +}; + +/** + * Create a keychain_creds instance. + */ +keychain_creds_t *keychain_creds_create(); + +#endif /** KEYCHAIN_CREDS_H_ @}*/ diff --git a/src/libstrongswan/plugins/keychain/keychain_plugin.c b/src/libstrongswan/plugins/keychain/keychain_plugin.c new file mode 100644 index 0000000000..5ce7b16fb3 --- /dev/null +++ b/src/libstrongswan/plugins/keychain/keychain_plugin.c @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "keychain_plugin.h" +#include "keychain_creds.h" + +#include + +typedef struct private_keychain_plugin_t private_keychain_plugin_t; + +/** + * private data of keychain_plugin + */ +struct private_keychain_plugin_t { + + /** + * public functions + */ + keychain_plugin_t public; + + /** + * System level Keychain Services credential set + */ + keychain_creds_t *creds; +}; + +METHOD(plugin_t, get_name, char*, + private_keychain_plugin_t *this) +{ + return "keychain"; +} + +METHOD(plugin_t, destroy, void, + private_keychain_plugin_t *this) +{ + lib->credmgr->remove_set(lib->credmgr, &this->creds->set); + this->creds->destroy(this->creds); + free(this); +} + +/* + * see header file + */ +plugin_t *keychain_plugin_create() +{ + private_keychain_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .destroy = _destroy, + }, + }, + .creds = keychain_creds_create(), + ); + + lib->credmgr->add_set(lib->credmgr, &this->creds->set); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/keychain/keychain_plugin.h b/src/libstrongswan/plugins/keychain/keychain_plugin.h new file mode 100644 index 0000000000..482f173c3c --- /dev/null +++ b/src/libstrongswan/plugins/keychain/keychain_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup keychain keychain + * @ingroup plugins + * + * @defgroup keychain_plugin keychain_plugin + * @{ @ingroup keychain + */ + +#ifndef KEYCHAIN_PLUGIN_H_ +#define KEYCHAIN_PLUGIN_H_ + +#include + +typedef struct keychain_plugin_t keychain_plugin_t; + +/** + * Plugin providing OS X Keychain Services support. + */ +struct keychain_plugin_t { + + /** + * Implements plugin interface, + */ + plugin_t plugin; +}; + +#endif /** KEYCHAIN_PLUGIN_H_ @}*/