summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/pkcs1
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/pkcs1')
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in5
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_builder.c72
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c6
3 files changed, 75 insertions, 8 deletions
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index a61eb1ab2..708f5a68c 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index 767b3acf2..766832d39 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -1,8 +1,8 @@
/*
+ * Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2008-2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
* Copyright (C) 2000-2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -204,7 +204,6 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
case PRIV_KEY_VERSION:
if (object.len > 0 && *object.ptr != 0)
{
- DBG1(DBG_ASN, "PKCS#1 private key format is not version 1");
goto end;
}
break;
@@ -249,6 +248,63 @@ end:
}
/**
+ * Check if the ASN.1 structure looks like an EC private key according to
+ * RFC 5915.
+ *
+ * ECPrivateKey :=: SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ *
+ * While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that
+ * paramaters MUST be included and publicKey SHOULD be.
+ */
+static bool is_ec_private_key(chunk_t blob)
+{
+ chunk_t data;
+ return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE &&
+ asn1_unwrap(&blob, &data) == ASN1_INTEGER &&
+ asn1_parse_integer_uint64(data) == 1 &&
+ asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING &&
+ asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 &&
+ asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1;
+}
+
+/**
+ * Check if the ASN.1 structure looks like a BLISS private key.
+ */
+static bool is_bliss_private_key(chunk_t blob)
+{
+ chunk_t data;
+ return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE &&
+ asn1_unwrap(&blob, &data) == ASN1_OID &&
+ asn1_unwrap(&blob, &data) == ASN1_BIT_STRING &&
+ asn1_unwrap(&blob, &data) == ASN1_BIT_STRING &&
+ asn1_unwrap(&blob, &data) == ASN1_BIT_STRING;
+}
+
+/**
+ * Load a private key from an ASN.1 encoded blob trying to detect the type
+ * automatically.
+ */
+static private_key_t *parse_private_key(chunk_t blob)
+{
+ if (is_ec_private_key(blob))
+ {
+ return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ BUILD_BLOB_ASN1_DER, blob, BUILD_END);
+ }
+ else if (is_bliss_private_key(blob))
+ {
+ return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ BUILD_BLOB_ASN1_DER, blob, BUILD_END);
+ }
+ return parse_rsa_private_key(blob);
+}
+
+/**
* See header.
*/
public_key_t *pkcs1_public_key_load(key_type_t type, va_list args)
@@ -301,6 +357,14 @@ private_key_t *pkcs1_private_key_load(key_type_t type, va_list args)
}
break;
}
- return parse_rsa_private_key(blob);
+ switch (type)
+ {
+ case KEY_ANY:
+ return parse_private_key(blob);
+ case KEY_RSA:
+ return parse_rsa_private_key(blob);
+ default:
+ return NULL;
+ }
}
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
index eb0903d47..ec1bdf565 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -43,6 +43,10 @@ METHOD(plugin_t, get_features, int,
{
static plugin_feature_t f[] = {
PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_SDEPEND(PRIVKEY, KEY_RSA),
+ PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA),
+ PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE),
PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE),
PLUGIN_PROVIDE(PUBKEY, KEY_ANY),