Pass type of requested key in the callback credential set

diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 69e2054f887356114641176017ee7475be20a656..16fc844ec509ee66a6e55d0aa639b93c0a4e2707 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -689,12 +689,18 @@ typedef struct {
  * Callback function to receive Passphrases
  */
 static shared_key_t* passphrase_cb(passphrase_cb_data_t *data,
+                                                               shared_key_type_t type,
                                                                identification_t *me, identification_t *other,
                                                                id_match_t *match_me, id_match_t *match_other)
 {
        chunk_t secret;
        char buf[256];
 
+       if (type != SHARED_ANY && type != SHARED_PRIVATE_KEY_PASS)
+       {
+               return NULL;
+       }
+
        if (data->try > 1)
        {
                if (data->try > 5)
@@ -744,13 +750,18 @@ typedef struct {
 /**
  * Callback function to receive PINs
  */
-static shared_key_t* pin_cb(pin_cb_data_t *data,
+static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type,
                                                        identification_t *me, identification_t *other,
                                                        id_match_t *match_me, id_match_t *match_other)
 {
        chunk_t secret;
        char buf[256];
 
+       if (type != SHARED_ANY && type != SHARED_PIN)
+       {
+               return NULL;
+       }
+
        if (!me || !chunk_equals(me->get_encoding(me), data->keyid))
        {
                return NULL;

diff --git a/src/libstrongswan/credentials/sets/callback_cred.c b/src/libstrongswan/credentials/sets/callback_cred.c
index 87a0789d37a143b8f7290b424ba95d9479026412..bff33f02961d42e519046f2052e8eb831fb960d8 100644 (file)
--- a/src/libstrongswan/credentials/sets/callback_cred.c
+++ b/src/libstrongswan/credentials/sets/callback_cred.c
@@ -49,6 +49,8 @@ typedef struct {
        enumerator_t public;
        /* backref to this */
        private_callback_cred_t *this;
+       /* type if requested key */
+       shared_key_type_t type;
        /* own identity to match */
        identification_t *me;
        /* other identity to match */
@@ -62,7 +64,7 @@ METHOD(enumerator_t, shared_enumerate, bool,
        id_match_t *match_me, id_match_t *match_other)
 {
        DESTROY_IF(this->current);
-       this->current = this->this->cb.shared(this->this->data,
+       this->current = this->this->cb.shared(this->this->data, this->type,
                                                                this->me, this->other, match_me, match_other);
        if (this->current)
        {
@@ -91,6 +93,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
                        .destroy = _shared_destroy,
                },
                .this = this,
+               .type = type,
                .me = me,
                .other = other,
        );

diff --git a/src/libstrongswan/credentials/sets/callback_cred.h b/src/libstrongswan/credentials/sets/callback_cred.h
index 9cc5b65eaf141b0478f9b2de778b8e50e4a95b53..efc4c7fa566e01f1e96aa7cc697f8d10b2342e8e 100644 (file)
--- a/src/libstrongswan/credentials/sets/callback_cred.h
+++ b/src/libstrongswan/credentials/sets/callback_cred.h
@@ -28,12 +28,14 @@ typedef struct callback_cred_t callback_cred_t;
 /**
  * Callback function to get shared keys.
  *
+ * @param type                 type of requested shared key
  * @param me                   own identity
  * @param other                        other identity
  * @param match_me             match result of own identity
  * @param match_other  match result of other identity
  */
-typedef shared_key_t* (*callback_cred_shared_cb_t)(void *data,
+typedef shared_key_t* (*callback_cred_shared_cb_t)(
+                                                               void *data, shared_key_type_t type,
                                                                identification_t *me, identification_t *other,
                                                                id_match_t *match_me, id_match_t *match_other);
 

diff --git a/src/pluto/keys.c b/src/pluto/keys.c
index dc78b0e7fa23a31bd3b9bf6498c5f2cd7d857925..12a3ccfc97d8f0d7dec8f976c48c83fc7ab9a9a4 100644 (file)
--- a/src/pluto/keys.c
+++ b/src/pluto/keys.c
@@ -554,12 +554,17 @@ typedef struct {
 /**
  * Passphrase callback to read from whack fd
  */
-static shared_key_t* whack_pass_cb(prompt_pass_t *pass,
+static shared_key_t* whack_pass_cb(prompt_pass_t *pass, shared_key_type_t type,
                                                                identification_t *me, identification_t *other,
                                                                id_match_t *match_me, id_match_t *match_other)
 {
        int n;
 
+       if (type != SHARED_ANY && type != SHARED_PRIVATE_KEY_PASS)
+       {
+               return NULL;
+       }
+
        if (pass->try > MAX_PROMPT_PASS_TRIALS)
        {
                whack_log(RC_LOG_SERIOUS, "invalid passphrase, too many trials");