From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 8 Oct 2020 07:40:12 +0000 (+0200)
Subject: swanctl: Support any key type for decrypted keys
X-Git-Tag: 5.9.1rc1~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30d47ea4cb3c7f1cf7b0217095db3beea3c54fa6;p=thirdparty%2Fstrongswan.git

swanctl: Support any key type for decrypted keys

The previous code required explicit support for a particular key type,
of which Ed25519 and Ed448 were missing.  While a fallback to `any` would
have been possible (this is already the case for unencrypted keys in the
`private` and `pkcs8` directories, which are not parsed by swanctl), it's
not necessary (as long as swanctl and the daemon are from the same release)
and does not require the daemon to detect the key type again.

Fixes #3586.
---

diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index c592d3b7f3..2c1947dd1e 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -195,26 +195,21 @@ static bool load_key_anytype(load_ctx_t *ctx, char *path,
 {
 	bool loaded = FALSE;
 	chunk_t encoding;
+	char *type;
 
 	if (!private->get_encoding(private, PRIVKEY_ASN1_DER, &encoding))
 	{
 		fprintf(stderr, "encoding private key from '%s' failed\n", path);
 		return FALSE;
 	}
-	switch (private->get_type(private))
+	type = enum_to_name(key_type_names, private->get_type(private));
+	if (type)
 	{
-		case KEY_RSA:
-			loaded = load_key(ctx, path, "rsa", encoding);
-			break;
-		case KEY_ECDSA:
-			loaded = load_key(ctx, path, "ecdsa", encoding);
-			break;
-		case KEY_BLISS:
-			loaded = load_key(ctx, path, "bliss", encoding);
-			break;
-		default:
-			fprintf(stderr, "unsupported key type in '%s'\n", path);
-			break;
+		loaded = load_key(ctx, path, type, encoding);
+	}
+	if (!loaded)
+	{
+		fprintf(stderr, "unsupported key type in '%s'\n", path);
 	}
 	chunk_clear(&encoding);
 	return loaded;