pkcs11: Add features support.
This commit is contained in:
parent
1bb5d7c3cb
commit
b730fd6fbd
|
@ -269,11 +269,16 @@ pkcs11_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
|
||||||
/*
|
/*
|
||||||
* Described in header.
|
* Described in header.
|
||||||
*/
|
*/
|
||||||
pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group)
|
pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group,
|
||||||
|
chunk_t g, chunk_t p)
|
||||||
{
|
{
|
||||||
|
|
||||||
diffie_hellman_params_t *params;
|
diffie_hellman_params_t *params;
|
||||||
|
|
||||||
|
if (group == MODP_CUSTOM)
|
||||||
|
{
|
||||||
|
return create_generic(group, p.len, g, p);
|
||||||
|
}
|
||||||
|
|
||||||
params = diffie_hellman_get_params(group);
|
params = diffie_hellman_get_params(group);
|
||||||
if (!params)
|
if (!params)
|
||||||
{
|
{
|
||||||
|
@ -283,15 +288,3 @@ pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group)
|
||||||
params->generator, params->prime);
|
params->generator, params->prime);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* Described in header.
|
|
||||||
*/
|
|
||||||
pkcs11_dh_t *pkcs11_dh_create_custom(diffie_hellman_group_t group,
|
|
||||||
chunk_t g, chunk_t p)
|
|
||||||
{
|
|
||||||
if (group == MODP_CUSTOM)
|
|
||||||
{
|
|
||||||
return create_generic(group, p.len, g, p);
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
|
@ -40,20 +40,12 @@ struct pkcs11_dh_t {
|
||||||
* Creates a new pkcs11_dh_t object.
|
* Creates a new pkcs11_dh_t object.
|
||||||
*
|
*
|
||||||
* @param group Diffie Hellman group number to use
|
* @param group Diffie Hellman group number to use
|
||||||
|
* @param g generator in case group is MODP_CUSTOM
|
||||||
|
* @param p prime in case group is MODP_CUSTOM
|
||||||
* @return pkcs11_dh_t object, NULL if not supported
|
* @return pkcs11_dh_t object, NULL if not supported
|
||||||
*/
|
*/
|
||||||
pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group);
|
pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group,
|
||||||
|
chunk_t g, chunk_t p);
|
||||||
/**
|
|
||||||
* Creates a new pkcs11_dh_t object for MODP_CUSTOM.
|
|
||||||
*
|
|
||||||
* @param group MODP_CUSTOM
|
|
||||||
* @param g generator
|
|
||||||
* @param p prime
|
|
||||||
* @return pkcs11_dh_t object, NULL if not supported
|
|
||||||
*/
|
|
||||||
pkcs11_dh_t *pkcs11_dh_create_custom(diffie_hellman_group_t group,
|
|
||||||
chunk_t g, chunk_t p);
|
|
||||||
|
|
||||||
#endif /** PKCS11_DH_H_ @}*/
|
#endif /** PKCS11_DH_H_ @}*/
|
||||||
|
|
||||||
|
|
|
@ -112,23 +112,94 @@ METHOD(plugin_t, get_name, char*,
|
||||||
return "pkcs11";
|
return "pkcs11";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add a set of features
|
||||||
|
*/
|
||||||
|
static inline void add_features(plugin_feature_t *f, plugin_feature_t *n,
|
||||||
|
int count, int *pos)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
for (i = 0; i < count; i++)
|
||||||
|
{
|
||||||
|
f[(*pos)++] = n[i];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
METHOD(plugin_t, get_features, int,
|
||||||
|
private_pkcs11_plugin_t *this, plugin_feature_t *features[])
|
||||||
|
{
|
||||||
|
static plugin_feature_t f_hash[] = {
|
||||||
|
PLUGIN_REGISTER(HASHER, pkcs11_hasher_create),
|
||||||
|
PLUGIN_PROVIDE(HASHER, HASH_MD2),
|
||||||
|
PLUGIN_PROVIDE(HASHER, HASH_MD5),
|
||||||
|
PLUGIN_PROVIDE(HASHER, HASH_SHA1),
|
||||||
|
PLUGIN_PROVIDE(HASHER, HASH_SHA256),
|
||||||
|
PLUGIN_PROVIDE(HASHER, HASH_SHA384),
|
||||||
|
PLUGIN_PROVIDE(HASHER, HASH_SHA512),
|
||||||
|
};
|
||||||
|
static plugin_feature_t f_dh[] = {
|
||||||
|
PLUGIN_REGISTER(DH, pkcs11_dh_create),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_2048_BIT),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_2048_224),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_2048_256),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_1536_BIT),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_6144_BIT),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_8192_BIT),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_1024_BIT),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_1024_160),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_768_BIT),
|
||||||
|
PLUGIN_PROVIDE(DH, MODP_CUSTOM),
|
||||||
|
};
|
||||||
|
static plugin_feature_t f_rng[] = {
|
||||||
|
PLUGIN_REGISTER(RNG, pkcs11_rng_create),
|
||||||
|
PLUGIN_PROVIDE(RNG, RNG_STRONG),
|
||||||
|
PLUGIN_PROVIDE(RNG, RNG_TRUE),
|
||||||
|
};
|
||||||
|
static plugin_feature_t f_key[] = {
|
||||||
|
PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE),
|
||||||
|
PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
|
||||||
|
PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE),
|
||||||
|
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
|
||||||
|
};
|
||||||
|
static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) +
|
||||||
|
countof(f_key)] = {};
|
||||||
|
static int count = 0;
|
||||||
|
|
||||||
|
if (!count)
|
||||||
|
{ /* initialize only once */
|
||||||
|
add_features(f, f_key, countof(f_key), &count);
|
||||||
|
if (lib->settings->get_bool(lib->settings,
|
||||||
|
"libstrongswan.plugins.pkcs11.use_hasher", FALSE))
|
||||||
|
{
|
||||||
|
add_features(f, f_hash, countof(f_hash), &count);
|
||||||
|
}
|
||||||
|
if (lib->settings->get_bool(lib->settings,
|
||||||
|
"libstrongswan.plugins.pkcs11.use_rng", FALSE))
|
||||||
|
{
|
||||||
|
add_features(f, f_rng, countof(f_rng), &count);
|
||||||
|
}
|
||||||
|
if (lib->settings->get_bool(lib->settings,
|
||||||
|
"libstrongswan.plugins.pkcs11.use_dh", FALSE))
|
||||||
|
{
|
||||||
|
add_features(f, f_dh, countof(f_dh), &count);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*features = f;
|
||||||
|
return count;
|
||||||
|
}
|
||||||
|
|
||||||
METHOD(plugin_t, destroy, void,
|
METHOD(plugin_t, destroy, void,
|
||||||
private_pkcs11_plugin_t *this)
|
private_pkcs11_plugin_t *this)
|
||||||
{
|
{
|
||||||
pkcs11_creds_t *creds;
|
pkcs11_creds_t *creds;
|
||||||
|
|
||||||
lib->creds->remove_builder(lib->creds,
|
|
||||||
(builder_function_t)pkcs11_private_key_connect);
|
|
||||||
while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS)
|
while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS)
|
||||||
{
|
{
|
||||||
lib->credmgr->remove_set(lib->credmgr, &creds->set);
|
lib->credmgr->remove_set(lib->credmgr, &creds->set);
|
||||||
creds->destroy(creds);
|
creds->destroy(creds);
|
||||||
}
|
}
|
||||||
lib->crypto->remove_hasher(lib->crypto,
|
|
||||||
(hasher_constructor_t)pkcs11_hasher_create);
|
|
||||||
lib->crypto->remove_rng(lib->crypto, (rng_constructor_t)pkcs11_rng_create);
|
|
||||||
lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)pkcs11_dh_create_custom);
|
|
||||||
lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)pkcs11_dh_create);
|
|
||||||
this->creds->destroy(this->creds);
|
this->creds->destroy(this->creds);
|
||||||
lib->set(lib, "pkcs11-manager", NULL);
|
lib->set(lib, "pkcs11-manager", NULL);
|
||||||
this->manager->destroy(this->manager);
|
this->manager->destroy(this->manager);
|
||||||
|
@ -150,7 +221,7 @@ plugin_t *pkcs11_plugin_create()
|
||||||
.public = {
|
.public = {
|
||||||
.plugin = {
|
.plugin = {
|
||||||
.get_name = _get_name,
|
.get_name = _get_name,
|
||||||
.reload = (void*)return_false,
|
.get_features = _get_features,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -162,56 +233,6 @@ plugin_t *pkcs11_plugin_create()
|
||||||
|
|
||||||
lib->set(lib, "pkcs11-manager", this->manager);
|
lib->set(lib, "pkcs11-manager", this->manager);
|
||||||
|
|
||||||
if (lib->settings->get_bool(lib->settings,
|
|
||||||
"libstrongswan.plugins.pkcs11.use_hasher", FALSE))
|
|
||||||
{
|
|
||||||
lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this),
|
|
||||||
(hasher_constructor_t)pkcs11_hasher_create);
|
|
||||||
lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this),
|
|
||||||
(hasher_constructor_t)pkcs11_hasher_create);
|
|
||||||
lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this),
|
|
||||||
(hasher_constructor_t)pkcs11_hasher_create);
|
|
||||||
lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this),
|
|
||||||
(hasher_constructor_t)pkcs11_hasher_create);
|
|
||||||
lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this),
|
|
||||||
(hasher_constructor_t)pkcs11_hasher_create);
|
|
||||||
lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this),
|
|
||||||
(hasher_constructor_t)pkcs11_hasher_create);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (lib->settings->get_bool(lib->settings,
|
|
||||||
"libstrongswan.plugins.pkcs11.use_rng", FALSE))
|
|
||||||
{
|
|
||||||
lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this),
|
|
||||||
(rng_constructor_t)pkcs11_rng_create);
|
|
||||||
lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this),
|
|
||||||
(rng_constructor_t)pkcs11_rng_create);
|
|
||||||
lib->crypto->add_rng(lib->crypto, RNG_WEAK, get_name(this),
|
|
||||||
(rng_constructor_t)pkcs11_rng_create);
|
|
||||||
}
|
|
||||||
|
|
||||||
lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
|
|
||||||
(builder_function_t)pkcs11_private_key_connect);
|
|
||||||
lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
|
|
||||||
(builder_function_t)pkcs11_public_key_load);
|
|
||||||
|
|
||||||
lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this),
|
|
||||||
(dh_constructor_t)pkcs11_dh_create);
|
|
||||||
lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this),
|
|
||||||
(dh_constructor_t)pkcs11_dh_create);
|
|
||||||
lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this),
|
|
||||||
(dh_constructor_t)pkcs11_dh_create);
|
|
||||||
lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this),
|
|
||||||
(dh_constructor_t)pkcs11_dh_create);
|
|
||||||
lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this),
|
|
||||||
(dh_constructor_t)pkcs11_dh_create);
|
|
||||||
lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this),
|
|
||||||
(dh_constructor_t)pkcs11_dh_create);
|
|
||||||
lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this),
|
|
||||||
(dh_constructor_t)pkcs11_dh_create);
|
|
||||||
lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this),
|
|
||||||
(dh_constructor_t)pkcs11_dh_create_custom);
|
|
||||||
|
|
||||||
enumerator = this->manager->create_token_enumerator(this->manager);
|
enumerator = this->manager->create_token_enumerator(this->manager);
|
||||||
while (enumerator->enumerate(enumerator, &p11, &slot))
|
while (enumerator->enumerate(enumerator, &p11, &slot))
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue