New upstream version 5.5.1

3 files changed, 75 insertions, 8 deletions

diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index a61eb1ab2..708f5a68c 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index 767b3acf2..766832d39 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -1,8 +1,8 @@
 /*
+ * Copyright (C) 2008-2016 Tobias Brunner
  * Copyright (C) 2008-2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2000-2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -204,7 +204,6 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
 			case PRIV_KEY_VERSION:
 				if (object.len > 0 && *object.ptr != 0)
 				{
-					DBG1(DBG_ASN, "PKCS#1 private key format is not version 1");
 					goto end;
 				}
 				break;
@@ -249,6 +248,63 @@ end:
 }
 
 /**
+ * Check if the ASN.1 structure looks like an EC private key according to
+ * RFC 5915.
+ *
+ * ECPrivateKey :=: SEQUENCE {
+ *   version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ *   privateKey     OCTET STRING,
+ *   parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ *   publicKey  [1] BIT STRING OPTIONAL
+ * }
+ *
+ * While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that
+ * paramaters MUST be included and publicKey SHOULD be.
+ */
+static bool is_ec_private_key(chunk_t blob)
+{
+	chunk_t data;
+	return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE &&
+		   asn1_unwrap(&blob, &data) == ASN1_INTEGER &&
+		   asn1_parse_integer_uint64(data) == 1 &&
+		   asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING &&
+		   asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 &&
+		   asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1;
+}
+
+/**
+ * Check if the ASN.1 structure looks like a BLISS private key.
+ */
+static bool is_bliss_private_key(chunk_t blob)
+{
+	chunk_t data;
+	return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE &&
+		   asn1_unwrap(&blob, &data) == ASN1_OID &&
+		   asn1_unwrap(&blob, &data) == ASN1_BIT_STRING &&
+		   asn1_unwrap(&blob, &data) == ASN1_BIT_STRING &&
+		   asn1_unwrap(&blob, &data) == ASN1_BIT_STRING;
+}
+
+/**
+ * Load a private key from an ASN.1 encoded blob trying to detect the type
+ * automatically.
+ */
+static private_key_t *parse_private_key(chunk_t blob)
+{
+	if (is_ec_private_key(blob))
+	{
+		return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+								  BUILD_BLOB_ASN1_DER, blob, BUILD_END);
+	}
+	else if (is_bliss_private_key(blob))
+	{
+		return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+								  BUILD_BLOB_ASN1_DER, blob, BUILD_END);
+	}
+	return parse_rsa_private_key(blob);
+}
+
+/**
  * See header.
  */
 public_key_t *pkcs1_public_key_load(key_type_t type, va_list args)
@@ -301,6 +357,14 @@ private_key_t *pkcs1_private_key_load(key_type_t type, va_list args)
 		}
 		break;
 	}
-	return parse_rsa_private_key(blob);
+	switch (type)
+	{
+		case KEY_ANY:
+			return parse_private_key(blob);
+		case KEY_RSA:
+			return parse_rsa_private_key(blob);
+		default:
+			return NULL;
+	}
 }
 
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
index eb0903d47..ec1bdf565 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -43,6 +43,10 @@ METHOD(plugin_t, get_features, int,
 {
 	static plugin_feature_t f[] = {
 		PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE),
+			PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+				PLUGIN_SDEPEND(PRIVKEY, KEY_RSA),
+				PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA),
+		PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE),
 			PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
 		PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE),
 			PLUGIN_PROVIDE(PUBKEY, KEY_ANY),