diff options
Diffstat (limited to 'src/libstrongswan/plugins/pkcs11')
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/Makefile.in | 12 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_creds.c | 37 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_library.c | 48 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_library.h | 15 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_manager.c | 6 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 39 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c | 24 |
7 files changed, 18 insertions, 163 deletions
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 8d6bad565..1a67f88cc 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c index 6783699e5..a81ec1147 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c @@ -55,16 +55,6 @@ struct private_pkcs11_creds_t { * Find certificates, optionally trusted */ static void find_certificates(private_pkcs11_creds_t *this, -<<<<<<< HEAD - CK_SESSION_HANDLE session, CK_BBOOL trusted) -{ - CK_OBJECT_CLASS class = CKO_CERTIFICATE; - CK_CERTIFICATE_TYPE type = CKC_X_509; - CK_ATTRIBUTE tmpl[] = { - {CKA_CLASS, &class, sizeof(class)}, - {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, - {CKA_TRUSTED, &trusted, sizeof(trusted)}, -======= CK_SESSION_HANDLE session) { CK_OBJECT_CLASS class = CKO_CERTIFICATE; @@ -73,16 +63,12 @@ static void find_certificates(private_pkcs11_creds_t *this, CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, ->>>>>>> upstream/4.5.1 }; CK_OBJECT_HANDLE object; CK_ATTRIBUTE attr[] = { {CKA_VALUE, NULL, 0}, {CKA_LABEL, NULL, 0}, -<<<<<<< HEAD -======= {CKA_TRUSTED, &trusted, sizeof(trusted)} ->>>>>>> upstream/4.5.1 }; enumerator_t *enumerator; linked_list_t *raw; @@ -90,13 +76,6 @@ static void find_certificates(private_pkcs11_creds_t *this, struct { chunk_t value; chunk_t label; -<<<<<<< HEAD - } *entry; - - raw = linked_list_create(); - enumerator = this->lib->create_object_enumerator(this->lib, - session, tmpl, countof(tmpl), attr, countof(attr)); -======= bool trusted; } *entry; int count = countof(attr); @@ -110,7 +89,6 @@ static void find_certificates(private_pkcs11_creds_t *this, } enumerator = this->lib->create_object_enumerator(this->lib, session, tmpl, countof(tmpl), attr, count); ->>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, &object)) { entry = malloc(sizeof(*entry)); @@ -118,10 +96,7 @@ static void find_certificates(private_pkcs11_creds_t *this, chunk_create(attr[0].pValue, attr[0].ulValueLen)); entry->label = chunk_clone( chunk_create(attr[1].pValue, attr[1].ulValueLen)); -<<<<<<< HEAD -======= entry->trusted = trusted; ->>>>>>> upstream/4.5.1 raw->insert_last(raw, entry); } enumerator->destroy(enumerator); @@ -134,17 +109,10 @@ static void find_certificates(private_pkcs11_creds_t *this, if (cert) { DBG1(DBG_CFG, " loaded %strusted cert '%.*s'", -<<<<<<< HEAD - trusted ? "" : "un", entry->label.len, entry->label.ptr); - /* trusted certificates are also returned as untrusted */ - this->untrusted->insert_last(this->untrusted, cert); - if (trusted) -======= entry->trusted ? "" : "un", entry->label.len, entry->label.ptr); /* trusted certificates are also returned as untrusted */ this->untrusted->insert_last(this->untrusted, cert); if (entry->trusted) ->>>>>>> upstream/4.5.1 { this->trusted->insert_last(this->trusted, cert->get_ref(cert)); } @@ -177,12 +145,7 @@ static bool load_certificates(private_pkcs11_creds_t *this) return FALSE; } -<<<<<<< HEAD - find_certificates(this, session, CK_TRUE); - find_certificates(this, session, CK_FALSE); -======= find_certificates(this, session); ->>>>>>> upstream/4.5.1 this->lib->f->C_CloseSession(session); return TRUE; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index 6d819da34..6f7926808 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -466,14 +466,11 @@ struct private_pkcs11_library_t { * Name as passed to the constructor */ char *name; -<<<<<<< HEAD -======= /** * Supported feature set */ pkcs11_feature_t features; ->>>>>>> upstream/4.5.1 }; METHOD(pkcs11_library_t, get_name, char*, @@ -482,15 +479,12 @@ METHOD(pkcs11_library_t, get_name, char*, return this->name; } -<<<<<<< HEAD -======= METHOD(pkcs11_library_t, get_features, pkcs11_feature_t, private_pkcs11_library_t *this) { return this->features; } ->>>>>>> upstream/4.5.1 /** * Object enumerator */ @@ -783,11 +777,6 @@ static CK_RV UnlockMutex(CK_VOID_PTR data) } /** -<<<<<<< HEAD - * Initialize a PKCS#11 library - */ -static bool initialize(private_pkcs11_library_t *this, char *name, char *file) -======= * Check if the library has at least a given cryptoki version */ static bool has_version(CK_INFO *info, int major, int minor) @@ -814,27 +803,19 @@ static void check_features(private_pkcs11_library_t *this, CK_INFO *info) */ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, bool os_locking) ->>>>>>> upstream/4.5.1 { CK_C_GetFunctionList pC_GetFunctionList; CK_INFO info; CK_RV rv; -<<<<<<< HEAD - CK_C_INITIALIZE_ARGS args = { -======= static CK_C_INITIALIZE_ARGS args = { ->>>>>>> upstream/4.5.1 .CreateMutex = CreateMutex, .DestroyMutex = DestroyMutex, .LockMutex = LockMutex, .UnlockMutex = UnlockMutex, }; -<<<<<<< HEAD -======= static CK_C_INITIALIZE_ARGS args_os = { .flags = CKF_OS_LOCKING_OK, }; ->>>>>>> upstream/4.5.1 pC_GetFunctionList = dlsym(this->handle, "C_GetFunctionList"); if (!pC_GetFunctionList) @@ -849,16 +830,6 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, name, ck_rv_names, rv); return FALSE; } -<<<<<<< HEAD - - rv = this->public.f->C_Initialize(&args); - if (rv == CKR_CANT_LOCK) - { /* try OS locking */ - memset(&args, 0, sizeof(args)); - args.flags = CKF_OS_LOCKING_OK; - rv = this->public.f->C_Initialize(&args); - } -======= if (os_locking) { rv = CKR_CANT_LOCK; @@ -872,7 +843,6 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, os_locking = TRUE; rv = this->public.f->C_Initialize(&args_os); } ->>>>>>> upstream/4.5.1 if (rv != CKR_OK) { DBG1(DBG_CFG, "C_Initialize() error for '%s': %N", @@ -898,40 +868,26 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, DBG1(DBG_CFG, " %s: %s v%d.%d", info.manufacturerID, info.libraryDescription, info.libraryVersion.major, info.libraryVersion.minor); -<<<<<<< HEAD - if (args.flags & CKF_OS_LOCKING_OK) - { - DBG1(DBG_CFG, " uses OS locking functions"); - } -======= if (os_locking) { DBG1(DBG_CFG, " uses OS locking functions"); } check_features(this, &info); ->>>>>>> upstream/4.5.1 return TRUE; } /** * See header */ -<<<<<<< HEAD -pkcs11_library_t *pkcs11_library_create(char *name, char *file) -======= pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) ->>>>>>> upstream/4.5.1 { private_pkcs11_library_t *this; INIT(this, .public = { .get_name = _get_name, -<<<<<<< HEAD -======= .get_features = _get_features, ->>>>>>> upstream/4.5.1 .create_object_enumerator = _create_object_enumerator, .create_mechanism_enumerator = _create_mechanism_enumerator, .destroy = _destroy, @@ -947,11 +903,7 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) return NULL; } -<<<<<<< HEAD - if (!initialize(this, name, file)) -======= if (!initialize(this, name, file, os_locking)) ->>>>>>> upstream/4.5.1 { dlclose(this->handle); free(this); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h index 384258089..abe023448 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -21,10 +21,7 @@ #ifndef PKCS11_LIBRARY_H_ #define PKCS11_LIBRARY_H_ -<<<<<<< HEAD -======= typedef enum pkcs11_feature_t pkcs11_feature_t; ->>>>>>> upstream/4.5.1 typedef struct pkcs11_library_t pkcs11_library_t; #include "pkcs11.h" @@ -33,8 +30,6 @@ typedef struct pkcs11_library_t pkcs11_library_t; #include <utils/enumerator.h> /** -<<<<<<< HEAD -======= * Optional PKCS#11 features some libraries support, some not */ enum pkcs11_feature_t { @@ -45,7 +40,6 @@ enum pkcs11_feature_t { }; /** ->>>>>>> upstream/4.5.1 * A loaded and initialized PKCS#11 library. */ struct pkcs11_library_t { @@ -63,8 +57,6 @@ struct pkcs11_library_t { char* (*get_name)(pkcs11_library_t *this); /** -<<<<<<< HEAD -======= * Get the feature set supported by this library. * * @return ORed set of features supported @@ -72,7 +64,6 @@ struct pkcs11_library_t { pkcs11_feature_t (*get_features)(pkcs11_library_t *this); /** ->>>>>>> upstream/4.5.1 * Create an enumerator over CK_OBJECT_HANDLE using a search template. * * An optional attribute array is automatically filled in with the @@ -130,15 +121,9 @@ void pkcs11_library_trim(char *str, int len); * * @param name an arbitrary name, for debugging * @param file pkcs11 library file to dlopen() -<<<<<<< HEAD - * @return library abstraction - */ -pkcs11_library_t *pkcs11_library_create(char *name, char *file); -======= * @param os_lock enforce OS Locking for this library * @return library abstraction */ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_lock); ->>>>>>> upstream/4.5.1 #endif /** PKCS11_LIBRARY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index b7ca3538c..431cd6a2c 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -369,18 +369,14 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module); if (!entry->path) { - DBG1(DBG_CFG, "PKCS11 module '%s' misses library path", module); + DBG1(DBG_CFG, "PKCS11 module '%s' lacks library path", module); free(entry); continue; } -<<<<<<< HEAD - entry->lib = pkcs11_library_create(module, entry->path); -======= entry->lib = pkcs11_library_create(module, entry->path, lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.modules.%s.os_locking", FALSE, module)); ->>>>>>> upstream/4.5.1 if (!entry->lib) { free(entry); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index b02873870..7b537cfa7 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -26,11 +26,6 @@ #include "pkcs11_public_key.h" #include "pkcs11_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "pkcs11"; - ->>>>>>> upstream/4.5.1 typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t; /** @@ -106,6 +101,12 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, } } +METHOD(plugin_t, get_name, char*, + private_pkcs11_plugin_t *this) +{ + return "pkcs11"; +} + METHOD(plugin_t, destroy, void, private_pkcs11_plugin_t *this) { @@ -139,6 +140,8 @@ plugin_t *pkcs11_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -151,31 +154,17 @@ plugin_t *pkcs11_plugin_create() if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) { -<<<<<<< HEAD - lib->crypto->add_hasher(lib->crypto, HASH_MD2, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, -======= - lib->crypto->add_hasher(lib->crypto, HASH_MD2, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index 6d2c93c98..b4cc7a805 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -401,20 +401,6 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) }; CK_OBJECT_HANDLE object; CK_KEY_TYPE type; -<<<<<<< HEAD - CK_BBOOL reauth; - CK_ATTRIBUTE attr[] = { - {CKA_KEY_TYPE, &type, sizeof(type)}, - {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)}, - {CKA_MODULUS, NULL, 0}, - {CKA_PUBLIC_EXPONENT, NULL, 0}, - }; - enumerator_t *enumerator; - chunk_t modulus, pubexp; - - enumerator = this->lib->create_object_enumerator(this->lib, - this->session, tmpl, countof(tmpl), attr, countof(attr)); -======= CK_BBOOL reauth = FALSE; CK_ATTRIBUTE attr[] = { {CKA_KEY_TYPE, &type, sizeof(type)}, @@ -433,28 +419,18 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) } enumerator = this->lib->create_object_enumerator(this->lib, this->session, tmpl, countof(tmpl), attr, count); ->>>>>>> upstream/4.5.1 if (enumerator->enumerate(enumerator, &object)) { switch (type) { case CKK_RSA: -<<<<<<< HEAD - if (attr[2].ulValueLen == -1 || attr[3].ulValueLen == -1) -======= if (attr[1].ulValueLen == -1 || attr[2].ulValueLen == -1) ->>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed"); break; } -<<<<<<< HEAD - modulus = chunk_create(attr[2].pValue, attr[2].ulValueLen); - pubexp = chunk_create(attr[3].pValue, attr[3].ulValueLen); -======= modulus = chunk_create(attr[1].pValue, attr[1].ulValueLen); pubexp = chunk_create(attr[2].pValue, attr[2].ulValueLen); ->>>>>>> upstream/4.5.1 this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_RSA_MODULUS, modulus, BUILD_RSA_PUB_EXP, pubexp, BUILD_END); |