diff options
Diffstat (limited to 'src/libstrongswan/credentials/sets')
| -rw-r--r-- | src/libstrongswan/credentials/sets/auth_cfg_wrapper.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/cert_cache.c | 30 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/cert_cache.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/mem_cred.c | 63 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/mem_cred.h | 14 |
5 files changed, 98 insertions, 15 deletions
diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 2cef23328..46bfb5c6e 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -15,7 +15,7 @@ */ #include <library.h> -#include <debug.h> +#include <utils/debug.h> #include "auth_cfg_wrapper.h" diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 968c3e31e..e8f0e7ec0 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -20,7 +20,7 @@ #include <library.h> #include <threading/rwlock.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> /** cache size, a power of 2 for fast modulo */ #define CACHE_SIZE 32 @@ -47,6 +47,11 @@ struct relation_t { certificate_t *issuer; /** + * Signature scheme used to sign this relation + */ + signature_scheme_t scheme; + + /** * Cache hits */ u_int hits; @@ -77,7 +82,8 @@ struct private_cert_cache_t { * Cache relation in a free slot/replace an other */ static void cache(private_cert_cache_t *this, - certificate_t *subject, certificate_t *issuer) + certificate_t *subject, certificate_t *issuer, + signature_scheme_t scheme) { relation_t *rel; int i, offset, try; @@ -95,6 +101,7 @@ static void cache(private_cert_cache_t *this, { rel->subject = subject->get_ref(subject); rel->issuer = issuer->get_ref(issuer); + rel->scheme = scheme; return rel->lock->unlock(rel->lock); } rel->lock->unlock(rel->lock); @@ -123,6 +130,7 @@ static void cache(private_cert_cache_t *this, } rel->subject = subject->get_ref(subject); rel->issuer = issuer->get_ref(issuer); + rel->scheme = scheme; rel->hits = 0; return rel->lock->unlock(rel->lock); } @@ -133,9 +141,11 @@ static void cache(private_cert_cache_t *this, } METHOD(cert_cache_t, issued_by, bool, - private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer) + private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer, + signature_scheme_t *schemep) { relation_t *found = NULL, *current; + signature_scheme_t scheme; int i; for (i = 0; i < CACHE_SIZE; i++) @@ -154,7 +164,11 @@ METHOD(cert_cache_t, issued_by, bool, { /* write hit counter is not locked, but not critical */ current->hits++; - found = current; + found = current;; + if (schemep) + { + *schemep = current->scheme; + } } } } @@ -165,9 +179,13 @@ METHOD(cert_cache_t, issued_by, bool, } } /* no cache hit, check and cache signature */ - if (subject->issued_by(subject, issuer)) + if (subject->issued_by(subject, issuer, &scheme)) { - cache(this, subject, issuer); + cache(this, subject, issuer, scheme); + if (schemep) + { + *schemep = scheme; + } return TRUE; } return FALSE; diff --git a/src/libstrongswan/credentials/sets/cert_cache.h b/src/libstrongswan/credentials/sets/cert_cache.h index d2721866e..2bcdbe464 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.h +++ b/src/libstrongswan/credentials/sets/cert_cache.h @@ -45,10 +45,12 @@ struct cert_cache_t { * * @param subject certificate to verify * @param issuer issuing certificate to verify subject + * @param scheme receives used signature scheme, if given * @return TRUE if subject issued by issuer */ bool (*issued_by)(cert_cache_t *this, - certificate_t *subject, certificate_t *issuer); + certificate_t *subject, certificate_t *issuer, + signature_scheme_t *scheme); /** * Flush the certificate cache. diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index e023e8443..b8da3f620 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2010-2013 Tobias Brunner * Hochschule fuer Technik Rapperwsil * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG @@ -18,7 +18,7 @@ #include "mem_cred.h" #include <threading/rwlock.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> typedef struct private_mem_cred_t private_mem_cred_t; @@ -555,14 +555,66 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, } -METHOD(mem_cred_t, clear_secrets, void, - private_mem_cred_t *this) +static void reset_secrets(private_mem_cred_t *this) { - this->lock->write_lock(this->lock); this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy)); this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); this->keys = linked_list_create(); this->shared = linked_list_create(); +} + +METHOD(mem_cred_t, replace_secrets, void, + private_mem_cred_t *this, mem_cred_t *other_set, bool clone) +{ + private_mem_cred_t *other = (private_mem_cred_t*)other_set; + enumerator_t *enumerator; + shared_entry_t *entry, *new_entry; + private_key_t *key; + + this->lock->write_lock(this->lock); + + reset_secrets(this); + + if (clone) + { + enumerator = other->keys->create_enumerator(other->keys); + while (enumerator->enumerate(enumerator, &key)) + { + this->keys->insert_last(this->keys, key->get_ref(key)); + } + enumerator->destroy(enumerator); + enumerator = other->shared->create_enumerator(other->shared); + while (enumerator->enumerate(enumerator, &entry)) + { + INIT(new_entry, + .shared = entry->shared->get_ref(entry->shared), + .owners = entry->owners->clone_offset(entry->owners, + offsetof(identification_t, clone)), + ); + this->shared->insert_last(this->shared, new_entry); + } + enumerator->destroy(enumerator); + } + else + { + while (other->keys->remove_first(other->keys, (void**)&key) == SUCCESS) + { + this->keys->insert_last(this->keys, key); + } + while (other->shared->remove_first(other->shared, + (void**)&entry) == SUCCESS) + { + this->shared->insert_last(this->shared, entry); + } + } + this->lock->unlock(this->lock); +} + +METHOD(mem_cred_t, clear_secrets, void, + private_mem_cred_t *this) +{ + this->lock->write_lock(this->lock); + reset_secrets(this); this->lock->unlock(this->lock); } @@ -619,6 +671,7 @@ mem_cred_t *mem_cred_create() .add_shared = _add_shared, .add_shared_list = _add_shared_list, .add_cdp = _add_cdp, + .replace_secrets = _replace_secrets, .clear = _clear_, .clear_secrets = _clear_secrets, .destroy = _destroy, diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index eb46b065b..d0dd51da1 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2010-2013 Tobias Brunner * Hochschule fuer Technik Rapperswil * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG @@ -27,7 +27,7 @@ typedef struct mem_cred_t mem_cred_t; #include <credentials/credential_set.h> #include <credentials/certificates/crl.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> /** * Generic in-memory credential set. @@ -101,6 +101,16 @@ struct mem_cred_t { identification_t *id, char *uri); /** + * Replace all secrets (private and shared keys) in this credential set + * with those of another. + * + * @param other credential set to get secrets from + * @param clone TRUE to clone secrets, FALSE to adopt them (they + * get removed from the other set) + */ + void (*replace_secrets)(mem_cred_t *this, mem_cred_t *other, bool clone); + + /** * Clear all credentials from the credential set. */ void (*clear)(mem_cred_t *this); |