char smartcard[64], keyid[64], module[64], *pos;
private_key_t *key;
u_int slot;
+ chunk_t chunk;
enum {
SC_FORMAT_SLOT_MODULE_KEYID,
SC_FORMAT_SLOT_KEYID,
goto error;
}
+ chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
switch (format)
{
case SC_FORMAT_SLOT_MODULE_KEYID:
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PKCS11_SLOT, slot,
BUILD_PKCS11_MODULE, module,
- BUILD_PKCS11_KEYID, keyid,
+ BUILD_PKCS11_KEYID, chunk,
BUILD_PASSPHRASE, secret, BUILD_END);
break;
case SC_FORMAT_SLOT_KEYID:
key = lib->creds->create(lib->creds,
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PKCS11_SLOT, slot,
- BUILD_PKCS11_KEYID, keyid,
+ BUILD_PKCS11_KEYID, chunk,
BUILD_PASSPHRASE, secret, BUILD_END);
break;
case SC_FORMAT_KEYID:
key = lib->creds->create(lib->creds,
CRED_PRIVATE_KEY, KEY_ANY,
- BUILD_PKCS11_KEYID, keyid,
+ BUILD_PKCS11_KEYID, chunk,
BUILD_PASSPHRASE, secret, BUILD_END);
break;
}
+ free(chunk.ptr);
if (key)
{
DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr);
BUILD_PKCS11_MODULE,
/** slot specifier for a token in a PKCS#11 module, int */
BUILD_PKCS11_SLOT,
- /** key ID of a key on a token, null terminated char* */
+ /** key ID of a key on a token, chunk_t */
BUILD_PKCS11_KEYID,
/** modulus (n) of a RSA key, chunk_t */
BUILD_RSA_MODULUS,
{
#ifndef OPENSSL_NO_ENGINE
private_openssl_rsa_private_key_t *this;
- char *keyid = NULL, *engine_id = NULL;
+ char *engine_id = NULL;
char keyname[64], pin[32];;
- chunk_t secret = chunk_empty;
+ chunk_t secret = chunk_empty, keyid = chunk_empty;;
EVP_PKEY *key;
ENGINE *engine;
int slot = -1;
switch (va_arg(args, builder_part_t))
{
case BUILD_PKCS11_KEYID:
- keyid = va_arg(args, char*);
+ keyid = va_arg(args, chunk_t);
continue;
case BUILD_PASSPHRASE:
secret = va_arg(args, chunk_t);
}
break;
}
- if (!keyid || !secret.len || !secret.ptr)
+ if (!keyid.len || keyid.len > 40 || !secret.len)
{
return NULL;
}
- if (slot == -1)
+ memset(keyname, 0, sizeof(keyname));
+ if (slot != -1)
{
- snprintf(keyname, sizeof(keyname), "%s", keyid);
+ snprintf(keyname, sizeof(keyname), "%d:", slot);
}
- else
+ if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
{
- snprintf(keyname, sizeof(keyname), "%d:%s", slot, keyid);
+ return NULL;
}
+ chunk_to_hex(keyid, keyname + strlen(keyname), FALSE);
+
snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
if (!engine_id)
engine = ENGINE_by_id(engine_id);
if (!engine)
{
- DBG1(DBG_LIB, "engine '%s' is not available", engine_id);
+ DBG2(DBG_LIB, "engine '%s' is not available", engine_id);
return NULL;
}
if (!ENGINE_init(engine))
pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
{
private_pkcs11_private_key_t *this;
- char *keyid = NULL, *module = NULL;
+ char *module = NULL;
+ chunk_t keyid, pin;
int slot = -1;
CK_RV rv;
- chunk_t chunk, pin = chunk_empty;
+ keyid = pin = chunk_empty;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
case BUILD_PKCS11_KEYID:
- keyid = va_arg(args, char*);
+ keyid = va_arg(args, chunk_t);
continue;
case BUILD_PASSPHRASE:
pin = va_arg(args, chunk_t);
}
break;
}
- if (!keyid || !pin.ptr || !pin.len || !module || slot == -1)
+ if (!keyid.len || !pin.len || !module || slot == -1)
{ /* we currently require all parameters, TODO: search for pubkeys */
return NULL;
}
return NULL;
}
- chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
- if (!find_key(this, chunk))
+ if (!find_key(this, keyid))
{
- free(chunk.ptr);
destroy(this);
return NULL;
}
- free(chunk.ptr);
return &this->public;
}
projects / thirdparty / strongswan.git / commitdiff
