char *identity;
};
-/**
- * Callback function to prompt for secret
- */
-static shared_key_t* callback_shared(private_cmd_creds_t *this,
- shared_key_type_t type,
- identification_t *me, identification_t *other,
- id_match_t *match_me, id_match_t *match_other)
+CALLBACK(callback_shared, shared_key_t*,
+ private_cmd_creds_t *this, shared_key_type_t type, identification_t *me,
+ identification_t *other, const char *msg, id_match_t *match_me,
+ id_match_t *match_other)
{
shared_key_t *shared;
char *label, *pwd = NULL;
.creds = mem_cred_create(),
.prompted = SHARED_ANY,
);
- this->cb = callback_cred_create_shared((void*)callback_shared, this);
+ this->cb = callback_cred_create_shared(callback_shared, this);
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
lib->credmgr->add_set(lib->credmgr, &this->cb->set);
METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
private_nm_creds_t *this, shared_key_type_t type, identification_t *me,
- identification_t *other)
+ identification_t *other, const char *msg)
{
shared_enumerator_t *enumerator;
chunk_t key;
METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
private_android_creds_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
return this->creds->set.create_shared_enumerator(&this->creds->set,
- type, me, other);
+ type, me, other, msg);
}
METHOD(android_creds_t, load_user_certificate, certificate_t*,
/**
* Password query callback
*/
-static shared_key_t* password_cb(private_xpc_channels_t *this,
- shared_key_type_t type,
- identification_t *me, identification_t *other,
- id_match_t *match_me, id_match_t *match_other)
+CALLBACK(password_cb, shared_key_t*,
+ private_xpc_channels_t *this, shared_key_type_t type, identification_t *me,
+ identification_t *other, const char *msg, id_match_t *match_me,
+ id_match_t *match_other)
{
shared_key_t *shared = NULL;
ike_sa_t *ike_sa;
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
- this->creds = callback_cred_create_shared(
- (callback_cred_shared_cb_t)password_cb, this);
+ this->creds = callback_cred_create_shared(password_cb, this);
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
return &this->public;
shared_key_t *shared;
chunk_t key;
- shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL, NULL);
if (!shared)
{
return FALSE;
shared_key_t *shared;
chunk_t key;
- shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL, NULL);
if (shared == NULL)
{
return FALSE;
size_t len;
shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP,
- this->peer, this->server);
+ this->peer, this->server, NULL);
if (shared == NULL)
{
DBG1(DBG_IKE, "no EAP key found for '%Y' - '%Y'",
chunk_t concat;
hasher_t *hasher;
- shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other, NULL);
if (shared == NULL)
{
DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'", me, other);
chunk_t password;
/* try to find a stored NT_HASH first */
- shared = lib->credmgr->get_shared(lib->credmgr, SHARED_NT_HASH, me, other);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_NT_HASH, me, other,
+ NULL);
if (shared )
{
*nt_hash = chunk_clone(shared->get_key(shared));
}
/* fallback to plaintext password */
- shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, me, other, NULL);
if (shared)
{
password = utf8_to_utf16le(shared->get_key(shared));
METHOD(ha_creds_t, create_shared_enumerator, enumerator_t*,
ha_creds_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
shared_enum_t *enumerator;
METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
private_load_tester_creds_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
shared_key_t *shared;
METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
private_sql_cred_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
shared_enumerator_t *e;
bool me_defined, other_defined;
/**
* Callback function to receive passphrases
*/
-static shared_key_t* passphrase_cb(passphrase_cb_data_t *data,
- shared_key_type_t type, identification_t *me,
- identification_t *other, id_match_t *match_me,
- id_match_t *match_other)
+CALLBACK(passphrase_cb, shared_key_t*,
+ passphrase_cb_data_t *data, shared_key_type_t type, identification_t *me,
+ identification_t *other, const char *msg, id_match_t *match_me,
+ id_match_t *match_other)
{
static const int max_tries = 3;
shared_key_t *shared;
/**
* Callback function to receive PINs
*/
-static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type,
- identification_t *me, identification_t *other,
- id_match_t *match_me, id_match_t *match_other)
+CALLBACK(pin_cb, shared_key_t*,
+ pin_cb_data_t *data, shared_key_type_t type, identification_t *me,
+ identification_t *other, const char *msg, id_match_t *match_me,
+ id_match_t *match_other)
{
chunk_t secret;
char buf[256];
.card = smartcard,
.keyid = chunk,
};
- cb = callback_cred_create_shared((void*)pin_cb, &pin_data);
+ cb = callback_cred_create_shared(pin_cb, &pin_data);
lib->credmgr->add_local_set(lib->credmgr, &cb->set, FALSE);
}
else
pp_data.cache = mem_cred_create();
lib->credmgr->add_local_set(lib->credmgr, &pp_data.cache->set, FALSE);
/* use callback credential set to prompt for the passphrase */
- cb = callback_cred_create_shared((void*)passphrase_cb, &pp_data);
+ cb = callback_cred_create_shared(passphrase_cb, &pp_data);
lib->credmgr->add_local_set(lib->credmgr, &cb->set, FALSE);
*result = lib->creds->create(lib->creds, type, subtype,
METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
private_uci_creds_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
shared_enumerator_t *e;
chunk_t pass;
};
-/**
- * Callback credential set function
- */
-static shared_key_t* shared_cb(private_xauth_eap_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other,
- id_match_t *match_me, id_match_t *match_other)
+CALLBACK(shared_cb, shared_key_t*,
+ private_xauth_eap_t *this, shared_key_type_t type, identification_t *me,
+ identification_t *other, const char *msg, id_match_t *match_me,
+ id_match_t *match_other)
{
shared_key_t *shared;
.peer = peer->clone(peer),
);
- this->cred = callback_cred_create_shared((void*)shared_cb, this);
+ this->cred = callback_cred_create_shared(shared_cb, this);
return &this->public;
}
/* FALL */
case XAUTH_USER_PASSWORD:
shared = lib->credmgr->get_shared(lib->credmgr, type,
- this->peer, this->server);
+ this->peer, this->server,
+ NULL);
if (!shared)
{
DBG1(DBG_IKE, "no XAuth %s found for '%Y' - '%Y'",
}
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_EAP, this->server, this->peer);
+ SHARED_EAP, this->server, this->peer,
+ NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
if (chunk_equals_const(shared->get_key(shared), pass))
other_id = any_id;
}
shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
- my_id, other_id);
+ my_id, other_id, NULL);
if (!shared_key)
{
DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]",
if (my_id && other_id)
{
shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
- my_id, other_id);
+ my_id, other_id, NULL);
}
DESTROY_IF(my_id);
DESTROY_IF(other_id);
other_id = this->ike_sa->get_other_id(this->ike_sa);
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
my_id, auth_method_names, AUTH_PSK);
- key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id, other_id);
+ key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id, other_id,
+ NULL);
if (!key)
{
DBG1(DBG_IKE, "no shared key found for '%Y' - '%Y'", my_id, other_id);
my_id = this->ike_sa->get_my_id(this->ike_sa);
other_id = this->ike_sa->get_other_id(this->ike_sa);
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_IKE, my_id, other_id);
+ SHARED_IKE, my_id, other_id, NULL);
while (!authenticated && enumerator->enumerate(enumerator, &key, NULL, NULL))
{
keys_found++;
{
shared_key_t *key;
- key = lib->credmgr->get_shared(lib->credmgr, SHARED_PPK, ppk_id, NULL);
+ key = lib->credmgr->get_shared(lib->credmgr, SHARED_PPK, ppk_id, NULL, NULL);
if (!key)
{
if (this->peer_cfg->ppk_required(this->peer_cfg))
{
/* check if we have at least one PPK available */
keys = lib->credmgr->create_shared_enumerator(lib->credmgr, SHARED_PPK,
- NULL, NULL);
+ NULL, NULL, NULL);
if (keys->enumerate(keys, &key, NULL, NULL))
{
use_ppk = TRUE;
DESTROY_IF(this->client);
this->client = identification_create_from_data(authi);
shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, this->client,
- NULL);
+ NULL, NULL);
if (!shared)
{
DBG1(DBG_CFG, "no shared secret found for '%Y'", this->client);
/* we currently use the EAP type of shared secret */
shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP,
- this->client, NULL);
+ this->client, NULL, NULL);
if (!shared)
{
DBG1(DBG_CFG, "no shared secret found for %Y", this->client);
shared_key_type_t type;
identification_t *me;
identification_t *other;
+ char *msg;
} shared_data_t;
/** enumerator over local and global sets */
static void destroy_shared_data(shared_data_t *data)
{
data->this->lock->unlock(data->this->lock);
+ free(data->msg);
free(data);
}
*/
static enumerator_t *create_shared(credential_set_t *set, shared_data_t *data)
{
- return set->create_shared_enumerator(set, data->type, data->me, data->other);
+ return set->create_shared_enumerator(set, data->type, data->me, data->other,
+ data->msg);
}
METHOD(credential_manager_t, create_shared_enumerator, enumerator_t*,
private_credential_manager_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
shared_data_t *data;
.type = type,
.me = me,
.other = other,
+ .msg = strdupnull(msg),
);
this->lock->read_lock(this->lock);
return enumerator_create_nested(create_sets_enumerator(this),
METHOD(credential_manager_t, get_shared, shared_key_t*,
private_credential_manager_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
shared_key_t *current, *found = NULL;
id_match_t best_me = ID_MATCH_NONE, best_other = ID_MATCH_NONE;
id_match_t match_me, match_other;
enumerator_t *enumerator;
- enumerator = create_shared_enumerator(this, type, me, other);
+ enumerator = create_shared_enumerator(this, type, me, other, msg);
while (enumerator->enumerate(enumerator, ¤t, &match_me, &match_other))
{
if (match_other > best_other ||
* shared_key_t*, id_match_t me, id_match_t other
* But must accept values for the id_matches.
*
+ * @note The optional message should be a simple text that has been
+ * sanitized and does not end with e.g. ":".
+ *
* @param type kind of requested shared key
* @param first first subject between key is shared
* @param second second subject between key is shared
+ * @param msg optional message that could be displayed to a user
* @return enumerator over (shared_key_t*,id_match_t,id_match_t)
*/
enumerator_t *(*create_shared_enumerator)(credential_manager_t *this,
shared_key_type_t type,
- identification_t *first, identification_t *second);
+ identification_t *first, identification_t *second,
+ const char *msg);
/**
* Create an enumerator over all Certificate Distribution Points.
*
/**
* Get the best matching shared key for two IDs.
*
+ * @note The optional message should be a simple text that has been
+ * sanitized and does not end with e.g. ":".
+ *
* @param type kind of requested shared key
* @param me own identity
* @param other peer identity
+ * @param msg optional message that could be displayed to a user
* @return shared_key_t, NULL if none found
*/
shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other);
+ identification_t *me, identification_t *other,
+ const char *msg);
/**
* Get a private key to create a signature.
*
* @param type kind of requested shared key
* @param me own identity
* @param other other identity who owns that secret
+ * @param msg optional message that could be displayed to a user
* @return enumerator as described above
*/
enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
shared_key_type_t type,
- identification_t *me, identification_t *other);
+ identification_t *me, identification_t *other,
+ const char *msg);
/**
* Create an enumerator over certificate distribution points.
identification_t *me;
/* other identity to match */
identification_t *other;
+ /* optional msg */
+ char *msg;
/* current shared key */
shared_key_t *current;
} shared_enumerator_t;
VA_ARGS_VGET(args, out, match_me, match_other);
DESTROY_IF(this->current);
this->current = this->this->cb.shared(this->this->data, this->type,
- this->me, this->other, match_me, match_other);
+ this->me, this->other, this->msg, match_me,
+ match_other);
if (this->current)
{
*out = this->current;
shared_enumerator_t *this)
{
DESTROY_IF(this->current);
+ free(this->msg);
free(this);
}
METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
private_callback_cred_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
shared_enumerator_t *enumerator;
.type = type,
.me = me,
.other = other,
+ .msg = strdupnull(msg),
);
return &enumerator->public;
}
* @param type type of requested shared key
* @param me own identity
* @param other other identity
+ * @param msg optional message that could be displayed to a user
* @param match_me match result of own identity
* @param match_other match result of other identity
*/
typedef shared_key_t* (*callback_cred_shared_cb_t)(
void *data, shared_key_type_t type,
identification_t *me, identification_t *other,
- id_match_t *match_me, id_match_t *match_other);
+ const char *msg, id_match_t *match_me,
+ id_match_t *match_other);
/**
* Generic callback using user specified callback functions.
METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
private_mem_cred_t *this, shared_key_type_t type,
- identification_t *me, identification_t *other)
+ identification_t *me, identification_t *other, const char *msg)
{
shared_data_t *data;
bool success = FALSE;
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PRIVATE_KEY_PASS, NULL, NULL);
+ SHARED_PRIVATE_KEY_PASS, NULL, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
key = shared->get_key(shared);
bool found = FALSE, success = FALSE;
id = identification_create_from_encoding(ID_KEY_ID, keyid);
- enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PIN, id, NULL);
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, SHARED_PIN,
+ id, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
found = TRUE;
}
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PRIVATE_KEY_PASS, NULL, NULL);
+ SHARED_PRIVATE_KEY_PASS, NULL, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
chunk_t passphrase, chunk;
bool found = FALSE, success = FALSE;
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PIN, this->keyid, NULL);
+ SHARED_PIN, this->keyid, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
found = TRUE;
}
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PIN, this->keyid, NULL);
+ SHARED_PIN, this->keyid, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
found = TRUE;
calculated = chunk_alloca(signer->get_block_size(signer));
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PRIVATE_KEY_PASS, NULL, NULL);
+ SHARED_PRIVATE_KEY_PASS, NULL, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
if (!pkcs12_derive_key(hash, shared->get_key(shared), salt, iterations,
bool success = FALSE;
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PRIVATE_KEY_PASS, NULL, NULL);
+ SHARED_PRIVATE_KEY_PASS, NULL, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
if (pkcs5->decrypt(pkcs5, shared->get_key(shared), data, decrypted))
private_key_t *private_key = NULL;
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PRIVATE_KEY_PASS, NULL, NULL);
+ SHARED_PRIVATE_KEY_PASS, NULL, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
chunk_t decrypted;
/* check for optional PIN */
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
- SHARED_PIN, this->keyid, NULL);
+ SHARED_PIN, this->keyid, NULL, NULL);
if (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
pin = shared->get_key(shared);
/**
* Callback function to receive credentials
*/
-static shared_key_t* cb(void *data, shared_key_type_t type,
- identification_t *me, identification_t *other,
- id_match_t *match_me, id_match_t *match_other)
+CALLBACK(cb, shared_key_t*,
+ void *data, shared_key_type_t type, identification_t *me,
+ identification_t *other, const char *msg, id_match_t *match_me,
+ id_match_t *match_other)
{
char buf[64], *label, *secret = NULL;
shared_key_t *shared;
mem_cred_t *cache;
} cb_data_t;
-/**
- * Callback function to prompt for private key passwords
- */
CALLBACK(password_cb, shared_key_t*,
- cb_data_t *data, shared_key_type_t type,
- identification_t *me, identification_t *other,
- id_match_t *match_me, id_match_t *match_other)
+ cb_data_t *data, shared_key_type_t type, identification_t *me,
+ identification_t *other, const char *msg, id_match_t *match_me,
+ id_match_t *match_other)
{
shared_key_t *shared;
char *pwd = NULL;