diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-08-09 09:43:35 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-08-09 09:43:35 +0000 |
commit | 9e7fb8577802de2abf191d783be5b6b953c22271 (patch) | |
tree | e6818532d3a85a8a840652f6dfc0d58d42c89a69 /src/libstrongswan/credentials/keys | |
parent | 20e652eab94f898365fdde046ed11a2dda2f165e (diff) | |
download | vyos-strongswan-9e7fb8577802de2abf191d783be5b6b953c22271.tar.gz vyos-strongswan-9e7fb8577802de2abf191d783be5b6b953c22271.zip |
New upstream release.
Diffstat (limited to 'src/libstrongswan/credentials/keys')
-rw-r--r-- | src/libstrongswan/credentials/keys/key_encoding.c | 299 | ||||
-rw-r--r-- | src/libstrongswan/credentials/keys/key_encoding.h | 203 | ||||
-rw-r--r-- | src/libstrongswan/credentials/keys/private_key.c | 12 | ||||
-rw-r--r-- | src/libstrongswan/credentials/keys/private_key.h | 9 | ||||
-rw-r--r-- | src/libstrongswan/credentials/keys/public_key.c | 8 | ||||
-rw-r--r-- | src/libstrongswan/credentials/keys/public_key.h | 11 |
6 files changed, 20 insertions, 522 deletions
diff --git a/src/libstrongswan/credentials/keys/key_encoding.c b/src/libstrongswan/credentials/keys/key_encoding.c deleted file mode 100644 index 89b25226c..000000000 --- a/src/libstrongswan/credentials/keys/key_encoding.c +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "key_encoding.h" - -#include <stdint.h> - -#include <utils/linked_list.h> -#include <utils/hashtable.h> -#include <threading/rwlock.h> - -typedef struct private_key_encoding_t private_key_encoding_t; - -/** - * Private data of an key_encoding_t object. - */ -struct private_key_encoding_t { - - /** - * Public key_encoding_t interface. - */ - key_encoding_t public; - - /** - * cached encodings, a table for each encoding_type_t, containing chunk_t* - */ - hashtable_t *cache[KEY_ENCODING_MAX]; - - /** - * Registered encoding fuctions, key_encoder_t - */ - linked_list_t *encoders; - - /** - * lock to access cache/encoders - */ - rwlock_t *lock; -}; - -/** - * See header. - */ -bool key_encoding_args(va_list args, ...) -{ - va_list parts, copy; - bool failed = FALSE; - - va_start(parts, args); - - while (!failed) - { - key_encoding_part_t current, target; - chunk_t *out, data; - - /* get the part we are looking for */ - target = va_arg(parts, key_encoding_part_t); - if (target == KEY_PART_END) - { - break; - } - out = va_arg(parts, chunk_t*); - - va_copy(copy, args); - while (!failed) - { - current = va_arg(copy, key_encoding_part_t); - if (current == KEY_PART_END) - { - failed = TRUE; - break; - } - data = va_arg(copy, chunk_t); - if (current == target) - { - *out = data; - break; - } - } - va_end(copy); - } - va_end(parts); - return !failed; -} - -/** - * hashtable hash() function - */ -static u_int hash(void *key) -{ - return (uintptr_t)key; -} - -/** - * hashtable equals() function - */ -static bool equals(void *key1, void *key2) -{ - return key1 == key2; -} - -/** - * Implementation of key_encoding_t.get_cache - */ -static bool get_cache(private_key_encoding_t *this, key_encoding_type_t type, - void *cache, chunk_t *encoding) -{ - chunk_t *chunk; - - if (type >= KEY_ENCODING_MAX || type < 0) - { - return FALSE; - } - this->lock->read_lock(this->lock); - chunk = this->cache[type]->get(this->cache[type], cache); - if (chunk) - { - *encoding = *chunk; - } - this->lock->unlock(this->lock); - return !!chunk; -} - -/** - * Implementation of key_encoding_t.encode - */ -static bool encode(private_key_encoding_t *this, key_encoding_type_t type, - void *cache, chunk_t *encoding, ...) -{ - enumerator_t *enumerator; - va_list args, copy; - key_encoder_t encode; - bool success = FALSE; - chunk_t *chunk; - - if (type >= KEY_ENCODING_MAX || type < 0) - { - return FALSE; - } - this->lock->read_lock(this->lock); - if (cache) - { - chunk = this->cache[type]->get(this->cache[type], cache); - if (chunk) - { - *encoding = *chunk; - this->lock->unlock(this->lock); - return TRUE; - } - } - va_start(args, encoding); - enumerator = this->encoders->create_enumerator(this->encoders); - while (enumerator->enumerate(enumerator, &encode)) - { - va_copy(copy, args); - success = encode(type, encoding, copy); - va_end(copy); - if (success) - { - if (cache) - { - chunk = malloc_thing(chunk_t); - *chunk = *encoding; - this->lock->unlock(this->lock); - this->lock->write_lock(this->lock); - this->cache[type]->put(this->cache[type], cache, chunk); - } - break; - } - } - enumerator->destroy(enumerator); - va_end(args); - this->lock->unlock(this->lock); - return success; -} - -/** - * Implementation of key_encoding_t.cache - */ -static void cache(private_key_encoding_t *this, key_encoding_type_t type, - void *cache, chunk_t encoding) -{ - chunk_t *chunk; - - if (type >= KEY_ENCODING_MAX || type < 0) - { - return free(encoding.ptr); - } - chunk = malloc_thing(chunk_t); - *chunk = encoding; - this->lock->write_lock(this->lock); - chunk = this->cache[type]->put(this->cache[type], cache, chunk); - this->lock->unlock(this->lock); - /* free an encoding already associated to the cache */ - if (chunk) - { - free(chunk->ptr); - free(chunk); - } -} - -/** - * Implementation of key_encoding_t.clear_cache - */ -static void clear_cache(private_key_encoding_t *this, void *cache) -{ - key_encoding_type_t type; - chunk_t *chunk; - - this->lock->write_lock(this->lock); - for (type = 0; type < KEY_ENCODING_MAX; type++) - { - chunk = this->cache[type]->remove(this->cache[type], cache); - if (chunk) - { - chunk_free(chunk); - free(chunk); - } - } - this->lock->unlock(this->lock); -} - -/** - * Implementation of key_encoding_t.add_encoder - */ -static void add_encoder(private_key_encoding_t *this, key_encoder_t encoder) -{ - this->lock->write_lock(this->lock); - this->encoders->insert_last(this->encoders, encoder); - this->lock->unlock(this->lock); -} - -/** - * Implementation of key_encoding_t.remove_encoder - */ -static void remove_encoder(private_key_encoding_t *this, key_encoder_t encoder) -{ - this->lock->write_lock(this->lock); - this->encoders->remove(this->encoders, encoder, NULL); - this->lock->unlock(this->lock); -} - -/** - * Implementation of key_encoder_t.destroy. - */ -static void destroy(private_key_encoding_t *this) -{ - key_encoding_type_t type; - - for (type = 0; type < KEY_ENCODING_MAX; type++) - { - /* We explicitly do not free remaining encodings. All keys should - * have gone now, and they are responsible for cleaning out their - * cache entries. Not flushing here allows the leak detective to - * complain if a key did not flush cached encodings. */ - this->cache[type]->destroy(this->cache[type]); - } - this->encoders->destroy(this->encoders); - this->lock->destroy(this->lock); - free(this); -} - -/** - * See header - */ -key_encoding_t *key_encoding_create() -{ - private_key_encoding_t *this = malloc_thing(private_key_encoding_t); - key_encoding_type_t type; - - this->public.encode = (bool(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t *encoding, ...))encode; - this->public.get_cache = (bool(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t *encoding))get_cache; - this->public.cache = (void(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t encoding))cache; - this->public.clear_cache = (void(*)(key_encoding_t*, void *cache))clear_cache; - this->public.add_encoder = (void(*)(key_encoding_t*, key_encoder_t encoder))add_encoder; - this->public.remove_encoder = (void(*)(key_encoding_t*, key_encoder_t encoder))remove_encoder; - this->public.destroy = (void(*)(key_encoding_t*))destroy; - - for (type = 0; type < KEY_ENCODING_MAX; type++) - { - this->cache[type] = hashtable_create(hash, equals, 8); - } - this->encoders = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - - return &this->public; -} - diff --git a/src/libstrongswan/credentials/keys/key_encoding.h b/src/libstrongswan/credentials/keys/key_encoding.h deleted file mode 100644 index d8435f4b4..000000000 --- a/src/libstrongswan/credentials/keys/key_encoding.h +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup key_encoding key_encoding - * @{ @ingroup keys - */ - -#ifndef KEY_ENCODING_H_ -#define KEY_ENCODING_H_ - -typedef struct key_encoding_t key_encoding_t; -typedef enum key_encoding_type_t key_encoding_type_t; -typedef enum key_encoding_part_t key_encoding_part_t; - -#include <library.h> - -/** - * Key encoder function implementing encoding/fingerprinting. - * - * The variable argument list takes key_encoding_part_t, followed by part - * specific arguments, terminated by KEY_PART_END. - * - * @param type format to encode the key to - * @param args list of (key_encoding_part_t, data) - * @param encoding encoding result, allocated - * @return TRUE if encoding successful - */ -typedef bool (*key_encoder_t)(key_encoding_type_t type, chunk_t *encoding, - va_list args); - -/** - * Helper function for key_encoder_t implementations to parse argument list. - * - * Key encoder functions get a variable argument list to parse. To simplify - * the job, this function reads the arguments and returns chunks for each - * part. - * The argument list of this function takes a key_encoding_part_t, followed - * by a data pointer receiving the value, terminated by KEY_PART_END. - * - * @param args argument list passed to key encoder function - * @param ... list of (key_encoding_part_t, data*) - * @return TRUE if all parts found, FALSE otherwise - */ -bool key_encoding_args(va_list args, ...); - -/** - * Encoding type of a fingerprint/private-/public-key. - * - * Fingerprints have have the KEY_ID_*, public keys the KEY_PUB_* and - * private keys the KEY_PRIV_* prefix. - */ -enum key_encoding_type_t { - /** SHA1 fingerprint over subjectPublicKeyInfo */ - KEY_ID_PUBKEY_INFO_SHA1 = 0, - /** SHA1 fingerprint over subjectPublicKey */ - KEY_ID_PUBKEY_SHA1, - /** PGPv3 fingerprint */ - KEY_ID_PGPV3, - /** PGPv4 fingerprint */ - KEY_ID_PGPV4, - - KEY_ID_MAX, - - /** PKCS#1 and similar ASN.1 key encoding */ - KEY_PUB_ASN1_DER, - KEY_PRIV_ASN1_DER, - /** subjectPublicKeyInfo encoding */ - KEY_PUB_SPKI_ASN1_DER, - /** PEM encoded PKCS#1 key */ - KEY_PUB_PEM, - KEY_PRIV_PEM, - /** PGP key encoding */ - KEY_PUB_PGP, - KEY_PRIV_PGP, - - KEY_ENCODING_MAX, -}; - -/** - * Parts of a key to encode. - */ -enum key_encoding_part_t { - /** modulus of a RSA key, n */ - KEY_PART_RSA_MODULUS, - /** public exponent of a RSA key, e */ - KEY_PART_RSA_PUB_EXP, - /** private exponent of a RSA key, d */ - KEY_PART_RSA_PRIV_EXP, - /** prime1 a RSA key, p */ - KEY_PART_RSA_PRIME1, - /** prime2 a RSA key, q */ - KEY_PART_RSA_PRIME2, - /** exponent1 a RSA key, exp1 */ - KEY_PART_RSA_EXP1, - /** exponent1 a RSA key, exp2 */ - KEY_PART_RSA_EXP2, - /** coefficient of RSA key, coeff */ - KEY_PART_RSA_COEFF, - /** a DER encoded RSA public key */ - KEY_PART_RSA_PUB_ASN1_DER, - /** a DER encoded RSA private key */ - KEY_PART_RSA_PRIV_ASN1_DER, - /** a DER encoded ECDSA public key */ - KEY_PART_ECDSA_PUB_ASN1_DER, - /** a DER encoded ECDSA private key */ - KEY_PART_ECDSA_PRIV_ASN1_DER, - - KEY_PART_END, -}; - -/** - * Private/Public key encoding and fingerprinting facility. - */ -struct key_encoding_t { - - /** - * Encode a key into a format using several key parts, optional caching. - * - * The variable argument list takes key_encoding_part_t, followed by part - * specific arguments, terminated by KEY_PART_END. - * If a cache key is given, the returned encoding points to internal data: - * do not free or modify. If no cache key is given, the encoding is - * allocated and must be freed by the caller. - * - * @param type format the key should be encoded to - * @param cache key to use for caching, NULL to not cache - * @param encoding encoding result, allocated if caching disabled - * @param ... list of (key_encoding_part_t, data) - * @return TRUE if encoding successful - */ - bool (*encode)(key_encoding_t *this, key_encoding_type_t type, void *cache, - chunk_t *encoding, ...); - - /** - * Clear all cached encodings of a given cache key. - * - * @param cache key used in encode() for caching - */ - void (*clear_cache)(key_encoding_t *this, void *cache); - - /** - * Check for a cached encoding. - * - * @param type format of the key encoding - * @param cache key to use for caching, as given to encode() - * @param encoding encoding result, internal data - * @return TRUE if cache entry found - */ - bool (*get_cache)(key_encoding_t *this, key_encoding_type_t type, - void *cache, chunk_t *encoding); - - /** - * Cache a key encoding created externally. - * - * After calling cache(), the passed encoding is owned by the key encoding - * facility. - * - * @param type format of the key encoding - * @param cache key to use for caching, as given to encode() - * @param encoding encoding to cache, gets owned by this - */ - void (*cache)(key_encoding_t *this, key_encoding_type_t type, void *cache, - chunk_t encoding); - - /** - * Register a key encoder function. - * - * @param encoder key encoder function to add - */ - void (*add_encoder)(key_encoding_t *this, key_encoder_t encoder); - - /** - * Unregister a previously registered key encoder function. - * - * @param encoder key encoder function to remove - */ - void (*remove_encoder)(key_encoding_t *this, key_encoder_t encoder); - - /** - * Destroy a key_encoding_t. - */ - void (*destroy)(key_encoding_t *this); -}; - -/** - * Create a key_encoding instance. - */ -key_encoding_t *key_encoding_create(); - -#endif /** KEY_ENCODING_H_ @}*/ diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c index c3b5ac55b..8292af495 100644 --- a/src/libstrongswan/credentials/keys/private_key.c +++ b/src/libstrongswan/credentials/keys/private_key.c @@ -20,7 +20,7 @@ */ bool private_key_equals(private_key_t *this, private_key_t *other) { - key_encoding_type_t type; + cred_encoding_type_t type; chunk_t a, b; if (this == other) @@ -28,7 +28,7 @@ bool private_key_equals(private_key_t *this, private_key_t *other) return TRUE; } - for (type = 0; type < KEY_ENCODING_MAX; type++) + for (type = 0; type < CRED_ENCODING_MAX; type++) { if (this->get_fingerprint(this, type, &a) && other->get_fingerprint(other, type, &b)) @@ -44,10 +44,10 @@ bool private_key_equals(private_key_t *this, private_key_t *other) */ bool private_key_belongs_to(private_key_t *private, public_key_t *public) { - key_encoding_type_t type; + cred_encoding_type_t type; chunk_t a, b; - for (type = 0; type < KEY_ENCODING_MAX; type++) + for (type = 0; type < CRED_ENCODING_MAX; type++) { if (private->get_fingerprint(private, type, &a) && public->get_fingerprint(public, type, &b)) @@ -63,10 +63,10 @@ bool private_key_belongs_to(private_key_t *private, public_key_t *public) */ bool private_key_has_fingerprint(private_key_t *private, chunk_t fingerprint) { - key_encoding_type_t type; + cred_encoding_type_t type; chunk_t current; - for (type = 0; type < KEY_ID_MAX; type++) + for (type = 0; type < KEYID_MAX; type++) { if (private->get_fingerprint(private, type, ¤t) && chunk_equals(current, fingerprint)) diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index d4517f296..27f4ab098 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -23,6 +23,7 @@ typedef struct private_key_t private_key_t; +#include <credentials/cred_encoding.h> #include <credentials/keys/public_key.h> /** @@ -89,11 +90,11 @@ struct private_key_t { /** * Get the fingerprint of the key. * - * @param type type of fingerprint, one of KEY_ID_* + * @param type type of fingerprint, one of KEYID_* * @param fp fingerprint, points to internal data * @return TRUE if fingerprint type supported */ - bool (*get_fingerprint)(private_key_t *this, key_encoding_type_t type, + bool (*get_fingerprint)(private_key_t *this, cred_encoding_type_t type, chunk_t *fp); /** @@ -107,11 +108,11 @@ struct private_key_t { /** * Get the key in an encoded form as a chunk. * - * @param type type of the encoding, one of KEY_PRIV_* + * @param type type of the encoding, one of PRIVKEY_* * @param encoding encoding of the key, allocated * @return TRUE if encoding supported */ - bool (*get_encoding)(private_key_t *this, key_encoding_type_t type, + bool (*get_encoding)(private_key_t *this, cred_encoding_type_t type, chunk_t *encoding); /** diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index ba3036793..ce342de33 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -47,7 +47,7 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521, */ bool public_key_equals(public_key_t *this, public_key_t *other) { - key_encoding_type_t type; + cred_encoding_type_t type; chunk_t a, b; if (this == other) @@ -55,7 +55,7 @@ bool public_key_equals(public_key_t *this, public_key_t *other) return TRUE; } - for (type = 0; type < KEY_ENCODING_MAX; type++) + for (type = 0; type < CRED_ENCODING_MAX; type++) { if (this->get_fingerprint(this, type, &a) && other->get_fingerprint(other, type, &b)) @@ -71,10 +71,10 @@ bool public_key_equals(public_key_t *this, public_key_t *other) */ bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint) { - key_encoding_type_t type; + cred_encoding_type_t type; chunk_t current; - for (type = 0; type < KEY_ID_MAX; type++) + for (type = 0; type < KEYID_MAX; type++) { if (public->get_fingerprint(public, type, ¤t) && chunk_equals(current, fingerprint)) diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index a421e7b5b..ff827a189 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -23,12 +23,11 @@ typedef struct public_key_t public_key_t; typedef enum key_type_t key_type_t; -typedef enum key_id_type_t key_id_type_t; typedef enum signature_scheme_t signature_scheme_t; #include <library.h> #include <utils/identification.h> -#include <credentials/keys/key_encoding.h> +#include <credentials/cred_encoding.h> /** * Type of a key pair, the used crypto system @@ -147,11 +146,11 @@ struct public_key_t { /** * Get the fingerprint of the key. * - * @param type type of fingerprint, one of KEY_ID_* + * @param type type of fingerprint, one of KEYID_* * @param fp fingerprint, points to internal data * @return TRUE if fingerprint type supported */ - bool (*get_fingerprint)(public_key_t *this, key_encoding_type_t type, + bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type, chunk_t *fp); /** @@ -165,11 +164,11 @@ struct public_key_t { /** * Get the key in an encoded form as a chunk. * - * @param type type of the encoding, one of KEY_PRIV_* + * @param type type of the encoding, one of PRIVKEY_* * @param encoding encoding of the key, allocated * @return TRUE if encoding supported */ - bool (*get_encoding)(public_key_t *this, key_encoding_type_t type, + bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type, chunk_t *encoding); /** |