Added key strength constraints support to conftest

author Martin Willi <martin@revosec.ch>

Thu, 25 Nov 2010 14:27:31 +0000 (15:27 +0100)

committer Martin Willi <martin@revosec.ch>

Wed, 5 Jan 2011 15:45:53 +0000 (16:45 +0100)
author Martin Willi <martin@revosec.ch>
Thu, 25 Nov 2010 14:27:31 +0000 (15:27 +0100)
committer Martin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:45:53 +0000 (16:45 +0100)
diff --git a/src/conftest/config.c b/src/conftest/config.c

index cd74dcb393c0811710432ddee013efa54fe418c5..77a8facb30a3a239531c449516b0882997437707 100644 (file)
--- a/src/conftest/config.c
+++ b/src/conftest/config.c
@@ -244,6 +244,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
         enumerator_t *enumerator;
         identification_t *lid, *rid;
         char *child;
+       uintptr_t strength;
  
         ike_cfg = load_ike_config(this, settings, config);
         peer_cfg = peer_cfg_create(config, 2, ike_cfg, CERT_ALWAYS_SEND,
@@ -261,6 +262,16 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
         auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
         rid = identification_create_from_string(
                                 settings->get_str(settings, "configs.%s.rid", "%any", config));
+       strength = settings->get_int(settings, "configs.%s.rsa_strength", 0);
+       if (strength)
+       {
+               auth->add(auth, AUTH_RULE_RSA_STRENGTH, strength);
+       }
+       strength = settings->get_int(settings, "configs.%s.ecdsa_strength", 0);
+       if (strength)
+       {
+               auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength);
+       }
         auth->add(auth, AUTH_RULE_IDENTITY, rid);
         peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
author	Martin Willi <martin@revosec.ch>
	Thu, 25 Nov 2010 14:27:31 +0000 (15:27 +0100)
committer	Martin Willi <martin@revosec.ch>
	Wed, 5 Jan 2011 15:45:53 +0000 (16:45 +0100)