5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
58d0a8d49b
pkcs11: Register ECDSA feature.
2011-11-02 20:27:55 +01:00
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
9e3b1e1495
pkcs11: Added support to encode ECDSA public keys.
2011-11-02 20:27:55 +01:00
36d1627f6e
pkcs11: Parse ECDSA public keys and find/create them on tokens.
2011-11-02 20:27:55 +01:00
574261163f
pkcs11: Added generic functions to find/create public keys on tokens.
2011-11-02 20:27:55 +01:00
a8084ee011
pkcs11: Store public key length in bits.
2011-11-02 20:27:55 +01:00
8859c1f26b
pkcs11: Fix encoding of RSA public keys.
2011-11-02 20:27:55 +01:00
dae19d448d
pkcs11: Use create_object_attr_enumerator to encode RSA public key.
2011-11-02 20:27:54 +01:00
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
c198525104
pkcs11: Function added to retrieve multiple attributes from a single object.
2011-11-02 20:27:54 +01:00
817d165cbc
pkcs11: Memory leak fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
43cd036a77
pkcs11: Invalid free fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
50ad6eacb6
pkcs11: Changed how pkcs11-manager is initialized.
...
The manager is now created directly, but events and certificate loading
is deferred.
2011-11-02 20:27:54 +01:00
cf9d45ea08
pkcs11: Add attributes to specify what we use the DH/ECDH keys for.
2011-11-02 20:27:54 +01:00
23b50b776b
pkcs11: Use callback registration for pkcs11-manager.
...
Otherwise a plugin providing X509 decoding capabilities might be unloaded
before the manager which will result in a segmentation fault when
certificates in the manager's credential sets are to be destroyed.
2011-10-31 18:45:37 +01:00
10b82be61f
pkcs11: Merged the ECDH into the DH implementation.
2011-10-31 18:45:37 +01:00
89de89be57
pkcs11: Use get_ck_attribute for ECDH.
2011-10-31 18:45:37 +01:00
cac6853180
pkcs11: Use get_ck_attribute for DH.
2011-10-31 18:45:37 +01:00
8531106578
pkcs11: Method added to library to extract a single attribute from an object.
2011-10-31 18:45:36 +01:00
6a5020fc67
pkcs11: Added names for CKA_* constants.
2011-10-31 18:45:36 +01:00
4e346b1f97
pkcs11: Added support for ECDH.
2011-10-31 18:45:36 +01:00
612e431305
pkcs11: Added definitions needed for ECDH to pkcs11.h.
2011-10-31 18:45:36 +01:00
7c78a6e631
pkcs11: Specify object class and key type when deriving DH secrets.
...
pkcs11_softtoken on OpenSolaris requires this (probably others too).
2011-10-31 18:45:36 +01:00
b730fd6fbd
pkcs11: Add features support.
2011-10-31 18:45:36 +01:00
1bb5d7c3cb
pkcs11: Added support for DH.
2011-10-31 18:45:36 +01:00
df241121fd
pkcs11: Error message fixed.
2011-10-31 18:45:35 +01:00
1bb522bc34
pkcs11: Added support to generate random numbers on a token.
2011-10-31 18:45:35 +01:00
deba3da5b0
pkcs11: Properly destroy mutex in pkcs11_hasher if no token found.
2011-10-31 18:45:29 +01:00
071903235a
Register manager of pkcs11 plugin as library object
2011-08-24 15:45:59 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
ea90042233
Provide recursive mutex' just in case the PKCS#11 library requires it
2011-06-01 12:03:44 +02:00
14bf2f689d
Use CRITICAL job priority class for long running dispatcher jobs
2011-05-16 15:24:15 +02:00
5b0bcfb1fc
Revert alloc_str changes
...
This reverts commit fdead26ffe3e2419ebe317ce69b47a
2011-04-21 13:35:31 +02:00
3e2419ebe3
Use thread save settings alloc_str function where appropriate
2011-04-21 10:48:16 +02:00
c55818ebb0
Added a (not yet implemented) plugin_t method to reload plugin configuration
2011-04-15 10:07:13 +02:00
787b5884aa
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t
2011-04-15 10:07:12 +02:00
a79eba2e9c
corrected pkcs11 error message
2011-03-01 22:19:58 +01:00
33bfdf6f37
Fixed public key construction from PKCS#11 private key
2010-12-23 10:29:01 +01:00
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
b78ca4b04c
Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
2010-11-18 08:56:12 +01:00
cfa18d14f1
Use static args for C_Initialize(), OpenSC does not get a copy of the pointers
2010-11-18 08:44:22 +01:00
9cda39923e
Added a PKCS#11 module option to enforce OS Locking functions
2010-11-12 16:14:03 +01:00
57398f621a
Do not use CKA_TRUSTED attribute for Cryptoki version < 2.20, handling all certs as trusted
2010-11-10 18:36:15 +01:00
59df2d2a6f
Add flags for PKCS#11 libraries with reduced feature set
2010-11-10 18:36:15 +01:00
d987946e80
Added a final flag to builder registration to enumerate the actually supported algorithms
2010-09-03 18:09:48 +02:00
f6697eadb9
Scheduler and processor have been moved to libstrongswan.
...
Also reverts 0c21dc000d
2010-09-02 19:04:23 +02:00
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
01e4f5f32f
Implemented public key encryption/private key decryption in PKCS#11
2010-08-11 12:12:37 +02:00
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
33ddaaabec
Added support for different encryption schemes to private/public keys
2010-08-10 18:46:30 +02:00
7c03d707a5
Create a PKCS#11 session public key if we don't find one
2010-08-06 17:32:32 +02:00
fed9407bb1
Implemented PKCS#11 RSA public key for keys found on a token
2010-08-06 17:02:41 +02:00
babed73257
Export scheme_to_mechanism conversion function
2010-08-06 17:02:01 +02:00
a02784da5d
Load certificate after enumeration
2010-08-06 17:00:23 +02:00
6e4f4d2fdf
Save/Load state of PKCS#11 hasher
2010-08-04 09:26:22 +02:00
a3aeb89227
Do initial slot enumeration manually
2010-08-04 09:26:22 +02:00
0f0fc891d8
Implemented hasher_t using PKCS#11
2010-08-04 09:26:22 +02:00
66267ea515
Defer certificate loading until all PKCS#11 modules are loaded
2010-08-04 09:26:21 +02:00
5a27bf8ad8
Provide a public PKCS#11 mechanism enumerator
2010-08-04 09:26:21 +02:00
af007ed68a
Support PKCS#11 keys requiring reauthentication for each operation
2010-08-04 09:26:21 +02:00
199b17122d
Do not try to log in if we already have a user session
2010-08-04 09:26:21 +02:00
0556667dca
Use credential sets to load smartcard keys
2010-08-04 09:26:21 +02:00
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
a0bdd5d63e
Implemented callback PIN invocation for PKCS#11 login
2010-08-04 09:26:20 +02:00
7afc00d03c
Implemented keyid discovery on all modules/slots
2010-08-04 09:26:20 +02:00
0b8b664056
Pass the PKCS11 keyid as chunk, not as string
2010-08-04 09:26:20 +02:00
353d10d590
Reuse generic passphrase build part, not a dedicated PIN part
2010-08-04 09:26:20 +02:00
5f1e4438cb
Implemented private key on top of a PKCS#11 token
2010-08-04 09:26:20 +02:00
d007ce3206
Extended the PKCS#11 object enumerator by attribute retrieval
2010-08-04 09:26:20 +02:00
ddbac66028
Use the PKCS#11 object enumerator
2010-08-04 09:26:20 +02:00
9baa41c52d
Implemented a generic PKCS#11 object enumerator
2010-08-04 09:26:20 +02:00
36c852a08b
Added enumerator for PKCS#11 tokens
2010-08-04 09:26:20 +02:00
fe876b24d9
Handle NOT_SUPPORT return value from WaitForSlot
2010-08-04 09:26:20 +02:00
66033012c9
Reenabled dlclose
2010-08-04 09:26:20 +02:00
a6d2ec331b
Implemented a credential set on top of a PKCS#11 token
2010-08-04 09:26:20 +02:00
fdd7e21225
Added a token add/remove callback function to the manager
2010-08-04 09:26:19 +02:00
6522d6c50b
Enumerate tokens and their mechanisms, wait for slot events
2010-08-04 09:26:19 +02:00
0c21dc000d
Depend on libcharon until we have a thread pool to use
2010-08-04 09:26:19 +02:00
75451ac8ba
Add enum names for CK_MECHANISM_TYPE constants
2010-08-04 09:26:19 +02:00
b3b0e57cb1
Make the PKCS#11 padding string trimming public, add null terminator
2010-08-04 09:26:19 +02:00
71151d3c1b
Added a getter for the library alias
2010-08-04 09:26:19 +02:00
2e209becbc
Moved PKCS#11 library loading to dedicated manager
2010-08-04 09:26:19 +02:00
50e1a710ea
Use locking, prefer our mutex abstraction layer
2010-08-04 09:26:19 +02:00
a6456dd640
Added enum names for PKCS#11 return values
2010-08-04 09:26:19 +02:00
e328ef4f4c
Load PKCS#11 modules defined in strongswan.conf
2010-08-04 09:26:19 +02:00
34454dc39e
Implemented an abstraction layer for PKCS#11 module loading
2010-08-04 09:26:19 +02:00
fb85d61980
Imported the free pkcs11.h header form the Scute project
2010-08-04 09:26:19 +02:00
6e862e2152
Added PKCS#11 token plugin stub
2010-08-04 09:26:18 +02:00
Tobias Brunner