Tobias Brunner
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
Tobias Brunner
58d0a8d49b
pkcs11: Register ECDSA feature.
2011-11-02 20:27:55 +01:00
Tobias Brunner
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
Tobias Brunner
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
Tobias Brunner
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
Tobias Brunner
9e3b1e1495
pkcs11: Added support to encode ECDSA public keys.
2011-11-02 20:27:55 +01:00
Tobias Brunner
36d1627f6e
pkcs11: Parse ECDSA public keys and find/create them on tokens.
2011-11-02 20:27:55 +01:00
Tobias Brunner
574261163f
pkcs11: Added generic functions to find/create public keys on tokens.
2011-11-02 20:27:55 +01:00
Tobias Brunner
a8084ee011
pkcs11: Store public key length in bits.
2011-11-02 20:27:55 +01:00
Tobias Brunner
8859c1f26b
pkcs11: Fix encoding of RSA public keys.
2011-11-02 20:27:55 +01:00
Tobias Brunner
dae19d448d
pkcs11: Use create_object_attr_enumerator to encode RSA public key.
2011-11-02 20:27:54 +01:00
Tobias Brunner
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
Tobias Brunner
c198525104
pkcs11: Function added to retrieve multiple attributes from a single object.
2011-11-02 20:27:54 +01:00
Tobias Brunner
817d165cbc
pkcs11: Memory leak fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
Tobias Brunner
43cd036a77
pkcs11: Invalid free fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
Tobias Brunner
50ad6eacb6
pkcs11: Changed how pkcs11-manager is initialized.
...
The manager is now created directly, but events and certificate loading
is deferred.
2011-11-02 20:27:54 +01:00
Tobias Brunner
cf9d45ea08
pkcs11: Add attributes to specify what we use the DH/ECDH keys for.
2011-11-02 20:27:54 +01:00
Tobias Brunner
23b50b776b
pkcs11: Use callback registration for pkcs11-manager.
...
Otherwise a plugin providing X509 decoding capabilities might be unloaded
before the manager which will result in a segmentation fault when
certificates in the manager's credential sets are to be destroyed.
2011-10-31 18:45:37 +01:00
Tobias Brunner
10b82be61f
pkcs11: Merged the ECDH into the DH implementation.
2011-10-31 18:45:37 +01:00
Tobias Brunner
89de89be57
pkcs11: Use get_ck_attribute for ECDH.
2011-10-31 18:45:37 +01:00
Tobias Brunner
cac6853180
pkcs11: Use get_ck_attribute for DH.
2011-10-31 18:45:37 +01:00
Tobias Brunner
8531106578
pkcs11: Method added to library to extract a single attribute from an object.
2011-10-31 18:45:36 +01:00
Tobias Brunner
6a5020fc67
pkcs11: Added names for CKA_* constants.
2011-10-31 18:45:36 +01:00
Tobias Brunner
4e346b1f97
pkcs11: Added support for ECDH.
2011-10-31 18:45:36 +01:00
Tobias Brunner
612e431305
pkcs11: Added definitions needed for ECDH to pkcs11.h.
2011-10-31 18:45:36 +01:00
Tobias Brunner
7c78a6e631
pkcs11: Specify object class and key type when deriving DH secrets.
...
pkcs11_softtoken on OpenSolaris requires this (probably others too).
2011-10-31 18:45:36 +01:00
Tobias Brunner
b730fd6fbd
pkcs11: Add features support.
2011-10-31 18:45:36 +01:00
Tobias Brunner
1bb5d7c3cb
pkcs11: Added support for DH.
2011-10-31 18:45:36 +01:00
Tobias Brunner
df241121fd
pkcs11: Error message fixed.
2011-10-31 18:45:35 +01:00
Tobias Brunner
1bb522bc34
pkcs11: Added support to generate random numbers on a token.
2011-10-31 18:45:35 +01:00
Tobias Brunner
deba3da5b0
pkcs11: Properly destroy mutex in pkcs11_hasher if no token found.
2011-10-31 18:45:29 +01:00
Martin Willi
071903235a
Register manager of pkcs11 plugin as library object
2011-08-24 15:45:59 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Martin Willi
ea90042233
Provide recursive mutex' just in case the PKCS#11 library requires it
2011-06-01 12:03:44 +02:00
Martin Willi
14bf2f689d
Use CRITICAL job priority class for long running dispatcher jobs
2011-05-16 15:24:15 +02:00
Martin Willi
5b0bcfb1fc
Revert alloc_str changes
...
This reverts commit fdead26ffe
.
This reverts commit 3e2419ebe3
.
This reverts commit 17ce69b47a
.
2011-04-21 13:35:31 +02:00
Martin Willi
3e2419ebe3
Use thread save settings alloc_str function where appropriate
2011-04-21 10:48:16 +02:00
Martin Willi
c55818ebb0
Added a (not yet implemented) plugin_t method to reload plugin configuration
2011-04-15 10:07:13 +02:00
Martin Willi
787b5884aa
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t
2011-04-15 10:07:12 +02:00
Andreas Steffen
a79eba2e9c
corrected pkcs11 error message
2011-03-01 22:19:58 +01:00
Martin Willi
33bfdf6f37
Fixed public key construction from PKCS#11 private key
2010-12-23 10:29:01 +01:00
Andreas Steffen
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
Martin Willi
b78ca4b04c
Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
2010-11-18 08:56:12 +01:00
Martin Willi
cfa18d14f1
Use static args for C_Initialize(), OpenSC does not get a copy of the pointers
2010-11-18 08:44:22 +01:00
Martin Willi
9cda39923e
Added a PKCS#11 module option to enforce OS Locking functions
2010-11-12 16:14:03 +01:00
Martin Willi
57398f621a
Do not use CKA_TRUSTED attribute for Cryptoki version < 2.20, handling all certs as trusted
2010-11-10 18:36:15 +01:00
Martin Willi
59df2d2a6f
Add flags for PKCS#11 libraries with reduced feature set
2010-11-10 18:36:15 +01:00
Martin Willi
d987946e80
Added a final flag to builder registration to enumerate the actually supported algorithms
2010-09-03 18:09:48 +02:00
Tobias Brunner
f6697eadb9
Scheduler and processor have been moved to libstrongswan.
...
Also reverts 0c21dc000d
as the dependency
to libcharon is no longer required.
2010-09-02 19:04:23 +02:00
Martin Willi
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
Martin Willi
01e4f5f32f
Implemented public key encryption/private key decryption in PKCS#11
2010-08-11 12:12:37 +02:00
Martin Willi
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
Martin Willi
33ddaaabec
Added support for different encryption schemes to private/public keys
2010-08-10 18:46:30 +02:00
Martin Willi
7c03d707a5
Create a PKCS#11 session public key if we don't find one
2010-08-06 17:32:32 +02:00
Martin Willi
fed9407bb1
Implemented PKCS#11 RSA public key for keys found on a token
2010-08-06 17:02:41 +02:00
Martin Willi
babed73257
Export scheme_to_mechanism conversion function
2010-08-06 17:02:01 +02:00
Martin Willi
a02784da5d
Load certificate after enumeration
2010-08-06 17:00:23 +02:00
Martin Willi
6e4f4d2fdf
Save/Load state of PKCS#11 hasher
2010-08-04 09:26:22 +02:00
Martin Willi
a3aeb89227
Do initial slot enumeration manually
2010-08-04 09:26:22 +02:00
Martin Willi
0f0fc891d8
Implemented hasher_t using PKCS#11
2010-08-04 09:26:22 +02:00
Martin Willi
66267ea515
Defer certificate loading until all PKCS#11 modules are loaded
2010-08-04 09:26:21 +02:00
Martin Willi
5a27bf8ad8
Provide a public PKCS#11 mechanism enumerator
2010-08-04 09:26:21 +02:00
Martin Willi
af007ed68a
Support PKCS#11 keys requiring reauthentication for each operation
2010-08-04 09:26:21 +02:00
Martin Willi
199b17122d
Do not try to log in if we already have a user session
2010-08-04 09:26:21 +02:00
Martin Willi
0556667dca
Use credential sets to load smartcard keys
2010-08-04 09:26:21 +02:00
Martin Willi
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
Martin Willi
a0bdd5d63e
Implemented callback PIN invocation for PKCS#11 login
2010-08-04 09:26:20 +02:00
Martin Willi
7afc00d03c
Implemented keyid discovery on all modules/slots
2010-08-04 09:26:20 +02:00
Martin Willi
0b8b664056
Pass the PKCS11 keyid as chunk, not as string
2010-08-04 09:26:20 +02:00
Martin Willi
353d10d590
Reuse generic passphrase build part, not a dedicated PIN part
2010-08-04 09:26:20 +02:00
Martin Willi
5f1e4438cb
Implemented private key on top of a PKCS#11 token
2010-08-04 09:26:20 +02:00
Martin Willi
d007ce3206
Extended the PKCS#11 object enumerator by attribute retrieval
2010-08-04 09:26:20 +02:00
Martin Willi
ddbac66028
Use the PKCS#11 object enumerator
2010-08-04 09:26:20 +02:00
Martin Willi
9baa41c52d
Implemented a generic PKCS#11 object enumerator
2010-08-04 09:26:20 +02:00
Martin Willi
36c852a08b
Added enumerator for PKCS#11 tokens
2010-08-04 09:26:20 +02:00
Martin Willi
fe876b24d9
Handle NOT_SUPPORT return value from WaitForSlot
2010-08-04 09:26:20 +02:00
Martin Willi
66033012c9
Reenabled dlclose
2010-08-04 09:26:20 +02:00
Martin Willi
a6d2ec331b
Implemented a credential set on top of a PKCS#11 token
2010-08-04 09:26:20 +02:00
Martin Willi
fdd7e21225
Added a token add/remove callback function to the manager
2010-08-04 09:26:19 +02:00
Martin Willi
6522d6c50b
Enumerate tokens and their mechanisms, wait for slot events
2010-08-04 09:26:19 +02:00
Martin Willi
0c21dc000d
Depend on libcharon until we have a thread pool to use
2010-08-04 09:26:19 +02:00
Martin Willi
75451ac8ba
Add enum names for CK_MECHANISM_TYPE constants
2010-08-04 09:26:19 +02:00
Martin Willi
b3b0e57cb1
Make the PKCS#11 padding string trimming public, add null terminator
2010-08-04 09:26:19 +02:00
Martin Willi
71151d3c1b
Added a getter for the library alias
2010-08-04 09:26:19 +02:00
Martin Willi
2e209becbc
Moved PKCS#11 library loading to dedicated manager
2010-08-04 09:26:19 +02:00
Martin Willi
50e1a710ea
Use locking, prefer our mutex abstraction layer
2010-08-04 09:26:19 +02:00
Martin Willi
a6456dd640
Added enum names for PKCS#11 return values
2010-08-04 09:26:19 +02:00
Martin Willi
e328ef4f4c
Load PKCS#11 modules defined in strongswan.conf
2010-08-04 09:26:19 +02:00
Martin Willi
34454dc39e
Implemented an abstraction layer for PKCS#11 module loading
2010-08-04 09:26:19 +02:00
Martin Willi
fb85d61980
Imported the free pkcs11.h header form the Scute project
2010-08-04 09:26:19 +02:00
Martin Willi
6e862e2152
Added PKCS#11 token plugin stub
2010-08-04 09:26:18 +02:00