From: Martin Willi <martin@revosec.ch>
Date: Thu, 25 Nov 2010 14:27:31 +0000 (+0100)
Subject: Added key strength constraints support to conftest
X-Git-Tag: 4.5.1~224
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a73e040cd5e21e91dbaea3d360e6c7fb24b37872;p=thirdparty%2Fstrongswan.git

Added key strength constraints support to conftest
---

diff --git a/src/conftest/config.c b/src/conftest/config.c
index cd74dcb393..77a8facb30 100644
--- a/src/conftest/config.c
+++ b/src/conftest/config.c
@@ -244,6 +244,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
 	enumerator_t *enumerator;
 	identification_t *lid, *rid;
 	char *child;
+	uintptr_t strength;
 
 	ike_cfg = load_ike_config(this, settings, config);
 	peer_cfg = peer_cfg_create(config, 2, ike_cfg, CERT_ALWAYS_SEND,
@@ -261,6 +262,16 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
 	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
 	rid = identification_create_from_string(
 				settings->get_str(settings, "configs.%s.rid", "%any", config));
+	strength = settings->get_int(settings, "configs.%s.rsa_strength", 0);
+	if (strength)
+	{
+		auth->add(auth, AUTH_RULE_RSA_STRENGTH, strength);
+	}
+	strength = settings->get_int(settings, "configs.%s.ecdsa_strength", 0);
+	if (strength)
+	{
+		auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength);
+	}
 	auth->add(auth, AUTH_RULE_IDENTITY, rid);
 	peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);