From: Reto Buerki Date: Wed, 30 Jan 2013 14:36:03 +0000 (+0100) Subject: Do not hardwire keys to KEY_RSA X-Git-Tag: 5.0.3rc1~39^2~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0063e03325157ac9f92b6ba033341734aa9ad647;p=thirdparty%2Fstrongswan.git Do not hardwire keys to KEY_RSA Make the TKM private and public keys more easily extendable by determining the associated key type dynamically. --- diff --git a/src/charon-tkm/src/tkm/tkm_private_key.c b/src/charon-tkm/src/tkm/tkm_private_key.c index 6169414549..9e3f96c950 100644 --- a/src/charon-tkm/src/tkm/tkm_private_key.c +++ b/src/charon-tkm/src/tkm/tkm_private_key.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2012 Reto Buerki - * Copyright (C) 2012 Adrian-Ken Rueegsegger + * Copyright (C) 2012-2013 Reto Buerki + * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -39,6 +39,11 @@ struct private_tkm_private_key_t { */ identification_t *id; + /** + * Key type. + */ + key_type_t key_type; + /** * Reference count. */ @@ -49,7 +54,7 @@ struct private_tkm_private_key_t { METHOD(private_key_t, get_type, key_type_t, private_tkm_private_key_t *this) { - return KEY_RSA; + return this->key_type; } METHOD(private_key_t, sign, bool, @@ -158,5 +163,25 @@ tkm_private_key_t *tkm_private_key_init(identification_t * const id) .id = id->clone(id), ); + /* get key type from associated public key */ + certificate_t *cert; + cert = lib->credmgr->get_cert(lib->credmgr, CERT_ANY, KEY_ANY, id, FALSE); + if (!cert) + { + destroy(this); + return NULL; + } + + public_key_t *pubkey = cert->get_public_key(cert); + if (!pubkey) + { + cert->destroy(cert); + destroy(this); + return NULL; + } + this->key_type = pubkey->get_type(pubkey); + pubkey->destroy(pubkey); + cert->destroy(cert); + return &this->public; } diff --git a/src/charon-tkm/src/tkm/tkm_public_key.c b/src/charon-tkm/src/tkm/tkm_public_key.c index e3f64ddba6..9ebdc29e6a 100644 --- a/src/charon-tkm/src/tkm/tkm_public_key.c +++ b/src/charon-tkm/src/tkm/tkm_public_key.c @@ -14,6 +14,8 @@ * for more details. */ +#include + #include "tkm_public_key.h" typedef struct private_tkm_public_key_t private_tkm_public_key_t; @@ -33,6 +35,11 @@ struct private_tkm_public_key_t { */ chunk_t asn_blob; + /** + * Key type. + */ + key_type_t key_type; + /** * Reference count. */ @@ -42,7 +49,7 @@ struct private_tkm_public_key_t { METHOD(public_key_t, get_type, key_type_t, private_tkm_public_key_t *this) { - return KEY_RSA; + return this->key_type; } METHOD(public_key_t, verify, bool, @@ -79,9 +86,17 @@ METHOD(public_key_t, get_fingerprint, bool, { return TRUE; } - return lib->encoding->encode(lib->encoding, type, this, fp, - CRED_PART_RSA_PUB_ASN1_DER, this->asn_blob, - CRED_PART_END); + switch(this->key_type) + { + case KEY_RSA: + return lib->encoding->encode(lib->encoding, type, this, fp, + CRED_PART_RSA_PUB_ASN1_DER, + this->asn_blob, CRED_PART_END); + default: + DBG1(DBG_LIB, "%N public key not supported, fingerprinting failed", + key_type_names, this->key_type); + return FALSE; + } } METHOD(public_key_t, get_ref, public_key_t*, @@ -147,6 +162,7 @@ tkm_public_key_t *tkm_public_key_load(key_type_t type, va_list args) }, .ref = 1, .asn_blob = chunk_clone(blob), + .key_type = type, ); return &this->public; diff --git a/src/charon-tkm/src/tkm/tkm_public_key.h b/src/charon-tkm/src/tkm/tkm_public_key.h index a469f7524f..383c7dd4c4 100644 --- a/src/charon-tkm/src/tkm/tkm_public_key.h +++ b/src/charon-tkm/src/tkm/tkm_public_key.h @@ -1,6 +1,6 @@ /* - * Copyright (C) 2012 Reto Buerki - * Copyright (C) 2012 Adrian-Ken Rueegsegger + * Copyright (C) 2012-2013 Reto Buerki + * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -35,9 +35,7 @@ struct tkm_public_key_t { /** * Load a TKM public key. * - * Accepts BUILD_RSA_* components. - * - * @param type type of the key, must be KEY_RSA + * @param type type of the key * @param args builder_part_t argument list * @return loaded key, NULL on failure */