diff options
Diffstat (limited to 'src/pluto/ike_alg.c')
| -rw-r--r-- | src/pluto/ike_alg.c | 47 |
1 files changed, 36 insertions, 11 deletions
diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index f833f85b5..7521dd33b 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -23,6 +23,8 @@ #include <library.h> #include <debug.h> +#include <credentials/keys/public_key.h> +#include <credentials/keys/private_key.h> #include <crypto/hashers/hasher.h> #include <crypto/crypters/crypter.h> #include <crypto/prfs/prf.h> @@ -126,7 +128,7 @@ struct dh_desc *ike_alg_get_dh_group(u_int alg) /** * Get pfsgroup for this connection */ -const struct dh_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy) +const struct dh_desc *ike_alg_pfsgroup(connection_t *c, lset_t policy) { const struct dh_desc *ret = NULL; @@ -141,7 +143,7 @@ const struct dh_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy) /** * Create an OAKLEY proposal based on alg_info and policy */ -struct db_context *ike_alg_db_new(struct connection *c, lset_t policy) +struct db_context *ike_alg_db_new(connection_t *c, lset_t policy) { struct alg_info_ike *ai = c->alg_info_ike; struct db_context *db_ctx = NULL; @@ -176,13 +178,13 @@ struct db_context *ike_alg_db_new(struct connection *c, lset_t policy) enum_show(&oakley_enc_names, ealg)); continue; } - if (!ike_alg_get_hasher(halg)) + if (!ike_alg_get_hasher(halg)) { plog("ike alg: hasher %s not present", enum_show(&oakley_hash_names, halg)); continue; } - if (!ike_alg_get_dh_group(modp)) + if (!ike_alg_get_dh_group(modp)) { plog("ike alg: dh group %s not present", enum_show(&oakley_group_names, modp)); @@ -193,20 +195,43 @@ struct db_context *ike_alg_db_new(struct connection *c, lset_t policy) if (policy & POLICY_PUBKEY) { int auth_method = 0; - private_key_t *key = get_private_key(c); + size_t key_size = 0; + key_type_t key_type = KEY_ANY; - if (key == NULL) + + if (c->spd.this.cert) + { + certificate_t *certificate = c->spd.this.cert->cert; + public_key_t *key = certificate->get_public_key(certificate); + + if (key == NULL) + { + plog("ike alg: unable to retrieve my public key"); + continue; + } + key_type = key->get_type(key); + key_size = key->get_keysize(key); + key->destroy(key); + } + else { - plog("ike alg: unable to locate my private key"); - continue; + private_key_t *key = get_private_key(c); + + if (key == NULL) + { + plog("ike alg: unable to retrieve my private key"); + continue; + } + key_type = key->get_type(key); + key_size = key->get_keysize(key); } - switch (key->get_type(key)) + switch (key_type) { case KEY_RSA: auth_method = OAKLEY_RSA_SIG; break; case KEY_ECDSA: - switch (key->get_keysize(key)) + switch (key_size) { case 32: auth_method = OAKLEY_ECDSA_256; @@ -344,7 +369,7 @@ void ike_alg_list(void) * Show IKE algorithms for this connection (result from ike= string) * and newest SA */ -void ike_alg_show_connection(struct connection *c, const char *instance) +void ike_alg_show_connection(connection_t *c, const char *instance) { struct state *st = state_with_serialno(c->newest_isakmp_sa); |