ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Explicit pkcs11 certificate loading can enforce a module and a slot

This commit is contained in:
Martin Willi 2012-10-17 14:21:06 +02:00
parent 5d4c27d077
commit 36e47a409b
2 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
View File

@ -269,7 +269,8 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
pkcs11_manager_t *manager; pkcs11_manager_t *manager;
pkcs11_library_t *p11; pkcs11_library_t *p11;
certificate_t *cert = NULL; certificate_t *cert = NULL;
CK_SLOT_ID slot; CK_SLOT_ID current, slot = -1;
char *module = NULL;
while (TRUE) while (TRUE)
{ {
@ -278,6 +279,12 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
case BUILD_PKCS11_KEYID: case BUILD_PKCS11_KEYID:
keyid = va_arg(args, chunk_t); keyid = va_arg(args, chunk_t);
continue; continue;
case BUILD_PKCS11_SLOT:
slot = va_arg(args, int);
continue;
case BUILD_PKCS11_MODULE:
module = va_arg(args, char*);
continue;
case BUILD_END: case BUILD_END:
break; break;
default: default:
@ -296,7 +303,7 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
return NULL; return NULL;
} }
enumerator = manager->create_token_enumerator(manager); enumerator = manager->create_token_enumerator(manager);
while (enumerator->enumerate(enumerator, &p11, &slot)) while (enumerator->enumerate(enumerator, &p11, &current))
{ {
CK_OBJECT_CLASS class = CKO_CERTIFICATE; CK_OBJECT_CLASS class = CKO_CERTIFICATE;
CK_CERTIFICATE_TYPE type = CKC_X_509; CK_CERTIFICATE_TYPE type = CKC_X_509;
@ -312,7 +319,16 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
CK_SESSION_HANDLE session; CK_SESSION_HANDLE session;
CK_RV rv; CK_RV rv;
rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, if (slot != -1 && slot != current)
{
continue;
}
if (module && !streq(module, p11->get_name(p11)))
{
continue;
}
rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
&session); &session);
if (rv != CKR_OK) if (rv != CKR_OK)
{ {

3
src/libstrongswan/plugins/pkcs11/pkcs11_creds.h
View File

@ -68,7 +68,8 @@ pkcs11_creds_t *pkcs11_creds_create(pkcs11_library_t *p11, CK_SLOT_ID slot);
/** /**
* Load a specific certificate from a token. * Load a specific certificate from a token.
* *
* Accepts a BUILD_PKCS11_KEYID as the only argument. * Requires a BUILD_PKCS11_KEYID argument, and optionally BUILD_PKCS11_MODULE
* and/or BUILD_PKCS11_SLOT.
* *
* @param type certificate type, must be CERT_X509 * @param type certificate type, must be CERT_X509
* @param args variable argument list, containing BUILD_PKCS11_KEYID. * @param args variable argument list, containing BUILD_PKCS11_KEYID.