ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

pki: Add generic 'priv' key type that loads any type of private key

This commit is contained in:
Tobias Brunner 2016-08-31 17:57:12 +02:00
parent 4a6f97d00b
commit 05ccde0a8b
12 changed files with 59 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/pki/commands/issue.c
View File

@ -117,6 +117,11 @@ static int issue()
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
else if (streq(arg, "priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_ANY;
}
else if (!streq(arg, "pub"))
{
error = "invalid input type";
@ -580,7 +585,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
{"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
{"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",

11
src/pki/commands/keyid.c
View File

@ -26,7 +26,7 @@
static int keyid()
{
credential_type_t type = CRED_PRIVATE_KEY;
int subtype = KEY_RSA;
int subtype = KEY_ANY;
certificate_t *cert;
private_key_t *private;
public_key_t *public;
@ -60,6 +60,11 @@ static int keyid()
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
else if (streq(arg, "priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_ANY;
}
else if (streq(arg, "pub"))
{
type = CRED_PUBLIC_KEY;
@ -172,11 +177,11 @@ static void __attribute__ ((constructor))reg()
command_register((command_t)
{ keyid, 'k', "keyid",
"calculate key identifiers of a key/certificate",
{"[--in file] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]"},
{"[--in file] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
{"type", 't', 1, "type of key, default: rsa"},
{"type", 't', 1, "type of key, default: priv"},
}
});
}

7
src/pki/commands/print.c
View File

@ -89,6 +89,11 @@ static int print()
type = CRED_CERTIFICATE;
subtype = CERT_TRUSTED_PUBKEY;
}
else if (streq(arg, "priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_ANY;
}
else if (streq(arg, "rsa") ||
streq(arg, "rsa-priv"))
{
@ -176,7 +181,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t)
{ print, 'a', "print",
"print a credential in a human readable form",
{"[--in file] [--type x509|crl|ac|pub|rsa|ecdsa|bliss]"},
{"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},

11
src/pki/commands/pub.c
View File

@ -28,7 +28,7 @@ static int pub()
{
cred_encoding_type_t form = PUBKEY_SPKI_ASN1_DER;
credential_type_t type = CRED_PRIVATE_KEY;
int subtype = KEY_RSA;
int subtype = KEY_ANY;
certificate_t *cert;
private_key_t *private;
public_key_t *public;
@ -59,6 +59,11 @@ static int pub()
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
else if (streq(arg, "priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_ANY;
}
else if (streq(arg, "pub"))
{
type = CRED_PUBLIC_KEY;
@ -189,13 +194,13 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
pub, 'p', "pub",
"extract the public key from a private key/certificate",
{"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]",
{"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv|pub|pkcs10|x509]",
"[--outform der|pem|dnskey|sshkey]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
{"keyid", 'x', 1, "keyid on smartcard of private key"},
{"type", 't', 1, "type of credential, default: rsa"},
{"type", 't', 1, "type of credential, default: priv"},
{"outform", 'f', 1, "encoding of extracted public key, default: der"},
}
});

10
src/pki/commands/req.c
View File

@ -30,7 +30,7 @@
static int req()
{
cred_encoding_type_t form = CERT_ASN1_DER;
key_type_t type = KEY_RSA;
key_type_t type = KEY_ANY;
hash_algorithm_t digest = HASH_UNKNOWN;
certificate_t *cert = NULL;
private_key_t *private = NULL;
@ -62,6 +62,10 @@ static int req()
{
type = KEY_BLISS;
}
else if (streq(arg, "priv"))
{
type = KEY_ANY;
}
else
{
error = "invalid input type";
@ -194,14 +198,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
{" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
{" [--in file] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name",
"[--san subjectAltName]+ [--password challengePassword]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
"[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "private key input file, default: stdin"},
{"type", 't', 1, "type of input key, default: rsa"},
{"type", 't', 1, "type of input key, default: priv"},
{"dn", 'd', 1, "subject distinguished name"},
{"san", 'a', 1, "subjectAltName to include in cert request"},
{"password",'p', 1, "challengePassword to include in cert request"},

8
src/pki/commands/self.c
View File

@ -94,6 +94,10 @@ static int self()
{
type = KEY_BLISS;
}
else if (streq(arg, "priv"))
{
type = KEY_ANY;
}
else
{
error = "invalid input type";
@ -417,7 +421,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
self, 's', "self",
"create a self signed certificate",
{" [--in file|--keyid hex] [--type rsa|ecdsa|bliss]",
{" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
@ -431,7 +435,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "private key input file, default: stdin"},
{"keyid", 'x', 1, "keyid on smartcard of private key"},
{"type", 't', 1, "type of input key, default: rsa"},
{"type", 't', 1, "type of input key, default: priv"},
{"dn", 'd', 1, "subject and issuer distinguished name"},
{"san", 'a', 1, "subjectAltName to include in certificate"},
{"lifetime", 'l', 1, "days the certificate is valid, default: 1095"},

7
src/pki/man/pki---issue.1.in
View File

@ -67,9 +67,10 @@ Public key or PKCS#10 certificate request file to issue. If not given the
key/request is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
Type of the input. One of \fIpub\fR (public key), \fIrsa\fR (RSA private key),
\fIecdsa\fR (ECDSA private key), or \fIpkcs10\fR (PKCS#10 certificate request),
defaults to \fIpub\fR.
Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key),
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
private key) or \fIpkcs10\fR (PKCS#10 certificate request), defaults to
\fIpub\fR.
.TP
.BI "\-k, \-\-cakey " file
CA private key file. Either this or

8
src/pki/man/pki---keyid.1.in
View File

@ -44,10 +44,10 @@ Read command line options from \fIfile\fR.
Input file. If not given the input is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
private key), \fIbliss\fR (BLISS private key), \fIpub\fR (public key),
\fIpkcs10\fR (PKCS#10 certificate request), \fIx509\fR (X.509 certificate),
defaults to \fIrsa\fR.
Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
\fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS private key),
\fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate request),
\fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
.
.SH "EXAMPLES"
.

5
src/pki/man/pki---print.1.in
View File

@ -46,8 +46,9 @@ Input file. If not given the input is read from \fISTDIN\fR.
.BI "\-t, \-\-type " type
Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
private key), defaults to \fIx509\fR.
\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private
key), \fIbliss\fR (BLISS private key), \fIpriv\fR (private key), defaults to
\fIx509\fR.
.
.SH "SEE ALSO"
.

7
src/pki/man/pki---pub.1.in
View File

@ -47,10 +47,9 @@ Read command line options from \fIfile\fR.
Input file. If not given the input is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
private key), \fIpub\fR (public key),
\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate),
defaults to \fIrsa\fR.
Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
\fIecdsa\fR (ECDSA private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10
certificate request), or \fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
.TP
.BI "\-f, \-\-outform " encoding
Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR

3
src/pki/man/pki---req.1.in
View File

@ -49,7 +49,8 @@ Read command line options from \fIfile\fR.
Private key input file. If not given the key is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
defaults to \fIpriv\fR.
.TP
.BI "\-d, \-\-dn " distinguished-name
Subject distinguished name (DN). Required.

3
src/pki/man/pki---self.1.in
View File

@ -68,7 +68,8 @@ Private key input file. If not given the key is read from \fISTDIN\fR.
Key ID of a private key on a smartcard.
.TP
.BI "\-t, \-\-type " type
Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
defaults to \fIpriv\fR.
.TP
.BI "\-d, \-\-dn " distinguished-name
Subject and issuer distinguished name (DN). Required.