From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 18 Jan 2012 21:33:36 +0000 (+0100)
Subject: Added support to parse PKCS#8 encoded ECDSA private keys.
X-Git-Tag: 4.6.2~33
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=db3334dc32fce5e452deab997d45f5d029b72883;p=thirdparty%2Fstrongswan.git

Added support to parse PKCS#8 encoded ECDSA private keys.
---

diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
index f79925a026..a83dc307da 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@@ -42,7 +42,7 @@ static const asn1Object_t pkinfoObjects[] = {
 static private_key_t *parse_private_key(chunk_t blob)
 {
 	asn1_parser_t *parser;
-	chunk_t object;
+	chunk_t object, params = chunk_empty;
 	int objectID;
 	private_key_t *key = NULL;
 	key_type_t type = KEY_ANY;
@@ -57,23 +57,38 @@ static private_key_t *parse_private_key(chunk_t blob)
 			case PKINFO_PRIVATE_KEY_ALGORITHM:
 			{
 				int oid = asn1_parse_algorithmIdentifier(object,
-										parser->get_level(parser) + 1, NULL);
+									parser->get_level(parser) + 1, &params);
 
-				if (oid == OID_RSA_ENCRYPTION)
+				switch (oid)
 				{
-					type = KEY_RSA;
-				}
-				else
-				{	/* key type not supported */
-					goto end;
+					case OID_RSA_ENCRYPTION:
+						type = KEY_RSA;
+						break;
+					case OID_EC_PUBLICKEY:
+						type = KEY_ECDSA;
+						break;
+					default:
+						/* key type not supported */
+						goto end;
 				}
 				break;
 			}
 			case PKINFO_PRIVATE_KEY:
 			{
 				DBG2(DBG_ASN, "-- > --");
-				key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-										 BUILD_BLOB_ASN1_DER, object, BUILD_END);
+				if (params.ptr)
+				{
+					key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
+											 type, BUILD_BLOB_ALGID_PARAMS,
+											 params, BUILD_BLOB_ASN1_DER,
+											 object, BUILD_END);
+				}
+				else
+				{
+					key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
+											 type, BUILD_BLOB_ASN1_DER, object,
+											 BUILD_END);
+				}
 				DBG2(DBG_ASN, "-- < --");
 				break;
 			}
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h
index 31965fa194..b07f2d9276 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h
@@ -25,9 +25,9 @@
 #include <credentials/keys/private_key.h>
 
 /**
- * Load an RSA private key from PKCS#8 data.
+ * Load an RSA or ECDSA private key from PKCS#8 data.
  *
- * @param type		type of the key, KEY_RSA
+ * @param type		type of the key, KEY_RSA or KEY_ECDSA
  * @param args		builder_part_t argument list
  * @return			private key, NULL on failure
  */
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
index 433da09b6a..f78c83054e 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
@@ -44,6 +44,7 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f[] = {
 		PLUGIN_REGISTER(PRIVKEY, pkcs8_private_key_load, FALSE),
 			PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+			PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
 	};
 	*features = f;
 	return countof(f);