diff options
Diffstat (limited to 'src/libstrongswan/plugins/pkcs1')
-rw-r--r-- | src/libstrongswan/plugins/pkcs1/Makefile.in | 5 | ||||
-rw-r--r-- | src/libstrongswan/plugins/pkcs1/pkcs1_builder.c | 72 | ||||
-rw-r--r-- | src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c | 6 |
3 files changed, 75 insertions, 8 deletions
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index a61eb1ab2..708f5a68c 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -441,6 +438,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index 767b3acf2..766832d39 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -1,8 +1,8 @@ /* + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2008-2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2000-2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -204,7 +204,6 @@ static private_key_t *parse_rsa_private_key(chunk_t blob) case PRIV_KEY_VERSION: if (object.len > 0 && *object.ptr != 0) { - DBG1(DBG_ASN, "PKCS#1 private key format is not version 1"); goto end; } break; @@ -249,6 +248,63 @@ end: } /** + * Check if the ASN.1 structure looks like an EC private key according to + * RFC 5915. + * + * ECPrivateKey :=: SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + * + * While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that + * paramaters MUST be included and publicKey SHOULD be. + */ +static bool is_ec_private_key(chunk_t blob) +{ + chunk_t data; + return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE && + asn1_unwrap(&blob, &data) == ASN1_INTEGER && + asn1_parse_integer_uint64(data) == 1 && + asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING && + asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 && + asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1; +} + +/** + * Check if the ASN.1 structure looks like a BLISS private key. + */ +static bool is_bliss_private_key(chunk_t blob) +{ + chunk_t data; + return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE && + asn1_unwrap(&blob, &data) == ASN1_OID && + asn1_unwrap(&blob, &data) == ASN1_BIT_STRING && + asn1_unwrap(&blob, &data) == ASN1_BIT_STRING && + asn1_unwrap(&blob, &data) == ASN1_BIT_STRING; +} + +/** + * Load a private key from an ASN.1 encoded blob trying to detect the type + * automatically. + */ +static private_key_t *parse_private_key(chunk_t blob) +{ + if (is_ec_private_key(blob)) + { + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + BUILD_BLOB_ASN1_DER, blob, BUILD_END); + } + else if (is_bliss_private_key(blob)) + { + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + BUILD_BLOB_ASN1_DER, blob, BUILD_END); + } + return parse_rsa_private_key(blob); +} + +/** * See header. */ public_key_t *pkcs1_public_key_load(key_type_t type, va_list args) @@ -301,6 +357,14 @@ private_key_t *pkcs1_private_key_load(key_type_t type, va_list args) } break; } - return parse_rsa_private_key(blob); + switch (type) + { + case KEY_ANY: + return parse_private_key(blob); + case KEY_RSA: + return parse_rsa_private_key(blob); + default: + return NULL; + } } diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index eb0903d47..ec1bdf565 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -43,6 +43,10 @@ METHOD(plugin_t, get_features, int, { static plugin_feature_t f[] = { PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_SDEPEND(PRIVKEY, KEY_RSA), + PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA), + PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE), PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE), PLUGIN_PROVIDE(PUBKEY, KEY_ANY), |