diff options
Diffstat (limited to 'src/libstrongswan/plugins/openssl')
5 files changed, 118 insertions, 17 deletions
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 746b5cf4b..0af89d377 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -89,22 +89,17 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ -ECHO = @ECHO@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GPERF = @GPERF@ GREP = @GREP@ INSTALL = @INSTALL@ @@ -114,6 +109,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ @@ -122,12 +118,16 @@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LINUX_HEADERS = @LINUX_HEADERS@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +NM = @NM@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ @@ -150,8 +150,7 @@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -190,6 +189,7 @@ libstrongswan_plugins = @libstrongswan_plugins@ linuxdir = @linuxdir@ localedir = @localedir@ localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index e59c4d615..5eddeb5f9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_crypter.c 4020 2008-05-28 12:20:38Z andreas $ + * $Id: openssl_crypter.c 4879 2009-02-18 19:41:33Z tobias $ */ #include "openssl_crypter.h" @@ -224,6 +224,9 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, return NULL; } break; + case ENCR_DES_ECB: + this->cipher = EVP_des_ecb(); + break; default: { char* name = lookup_algorithm(encryption_algs, algo, &key_size); diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index 1275cdfb0..d344dbd51 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_hasher.c 3898 2008-04-30 09:23:13Z tobias $ + * $Id: openssl_hasher.c 4879 2009-02-18 19:41:33Z tobias $ */ #include "openssl_hasher.h" @@ -69,7 +69,8 @@ static openssl_algorithm_t integrity_algs[] = { {HASH_SHA1, "sha1"}, {HASH_SHA256, "sha256"}, {HASH_SHA384, "sha384"}, - {HASH_SHA512, "sha512"}, + {HASH_SHA512, "sha512"}, + {HASH_MD4, "md4"}, {END_OF_LIST, NULL}, }; diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index dcc78aed6..725daff01 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -13,9 +13,10 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_plugin.c 4583 2008-11-05 12:37:37Z martin $ + * $Id: openssl_plugin.c 4879 2009-02-18 19:41:33Z tobias $ */ +#include <openssl/conf.h> #include <openssl/evp.h> #include <openssl/engine.h> #include <openssl/crypto.h> @@ -185,6 +186,7 @@ static void destroy(private_openssl_plugin_t *this) ENGINE_cleanup(); EVP_cleanup(); + CONF_modules_free(); threading_cleanup(); @@ -202,6 +204,7 @@ plugin_t *plugin_create() threading_init(); + OPENSSL_config(NULL); OpenSSL_add_all_algorithms(); /* activate support for hardware accelerators */ @@ -223,6 +226,8 @@ plugin_t *plugin_create() (crypter_constructor_t)openssl_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES, (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, + (crypter_constructor_t)openssl_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_NULL, (crypter_constructor_t)openssl_crypter_create); @@ -231,6 +236,8 @@ plugin_t *plugin_create() (hasher_constructor_t)openssl_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_MD2, (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD4, + (hasher_constructor_t)openssl_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_MD5, (hasher_constructor_t)openssl_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA256, diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index a815ce622..9730e0ab2 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: openssl_rsa_private_key.c 4564 2008-11-04 13:01:36Z martin $ + * $Id: openssl_rsa_private_key.c 4745 2008-12-03 10:12:20Z tobias $ */ #include "openssl_rsa_private_key.h" @@ -22,6 +22,7 @@ #include <openssl/evp.h> #include <openssl/rsa.h> +#include <openssl/engine.h> /** * Public exponent to use for key generation. @@ -43,6 +44,11 @@ struct private_openssl_rsa_private_key_t { * RSA object from OpenSSL */ RSA *rsa; + + /** + * TRUE if the key is from an OpenSSL ENGINE and might not be readable + */ + bool engine; /** * Keyid formed as a SHA-1 hash of a privateKey object @@ -238,9 +244,13 @@ static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *pu */ static chunk_t get_encoding(private_openssl_rsa_private_key_t *this) { - chunk_t enc = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL)); - u_char *p = enc.ptr; - i2d_RSAPrivateKey(this->rsa, &p); + chunk_t enc = chunk_empty; + if (!this->engine) + { + enc = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL)); + u_char *p = enc.ptr; + i2d_RSAPrivateKey(this->rsa, &p); + } return enc; } @@ -289,6 +299,7 @@ static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(v this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; this->public.interface.destroy = (void (*)(private_key_t *this))destroy; + this->engine = FALSE; this->keyid = NULL; this->keyid_info = NULL; this->ref = 1; @@ -347,6 +358,61 @@ static openssl_rsa_private_key_t *load(chunk_t blob) return &this->public; } +/** + * load private key from a smart card + */ +static openssl_rsa_private_key_t *load_from_smartcard(char *keyid, char *pin) +{ + private_openssl_rsa_private_key_t *this = NULL; + EVP_PKEY *key; + char *engine_id = lib->settings->get_str(lib->settings, + "library.plugins.openssl.engine_id", "pkcs11"); + + ENGINE *engine = ENGINE_by_id(engine_id); + if (!engine) + { + DBG1("engine '%s' is not available", engine_id); + return NULL; + } + + if (!ENGINE_init(engine)) + { + DBG1("failed to initialize engine '%s'", engine_id); + goto error; + } + + if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0)) + { + DBG1("failed to set PIN on engine '%s'", engine_id); + goto error; + } + + key = ENGINE_load_private_key(engine, keyid, NULL, NULL); + + if (!key) + { + DBG1("failed to load private key with ID '%s' from engine '%s'", keyid, + engine_id); + goto error; + } + ENGINE_free(engine); + + this = openssl_rsa_private_key_create_empty(); + this->rsa = EVP_PKEY_get1_RSA(key); + this->engine = TRUE; + + if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) + { + destroy(this); + return NULL; + } + return &this->public; + +error: + ENGINE_free(engine); + return NULL; +} + typedef struct private_builder_t private_builder_t; /** * Builder implementation for key loading/generation @@ -356,6 +422,10 @@ struct private_builder_t { builder_t public; /** loaded/generated private key */ openssl_rsa_private_key_t *key; + /** temporary stored smartcard key ID */ + char *keyid; + /** temporary stored smartcard pin */ + char *pin; }; /** @@ -365,6 +435,10 @@ static openssl_rsa_private_key_t *build(private_builder_t *this) { openssl_rsa_private_key_t *key = this->key; + if (this->keyid && this->pin) + { + key = load_from_smartcard(this->keyid, this->pin); + } free(this); return key; } @@ -396,6 +470,20 @@ static void add(private_builder_t *this, builder_part_t part, ...) va_end(args); return; } + case BUILD_SMARTCARD_KEYID: + { + va_start(args, part); + this->keyid = va_arg(args, char*); + va_end(args); + return; + } + case BUILD_SMARTCARD_PIN: + { + va_start(args, part); + this->pin = va_arg(args, char*); + va_end(args); + return; + } default: break; } @@ -424,6 +512,8 @@ builder_t *openssl_rsa_private_key_builder(key_type_t type) this->key = NULL; this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; this->public.build = (void*(*)(builder_t *this))build; + this->keyid = NULL; + this->pin = NULL; return &this->public; } |