7756c0383e
pkcs11: Use plugin_features_add() in get_features()
2013-06-11 11:18:18 +02:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
d5c143e5be
Moved enum_name_t to utils folder
2012-10-24 16:00:50 +02:00
125b37af6d
Moved chunk_t to utils folder
2012-10-24 16:00:50 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
712e81306f
PKCS#11 library search using keyid uses a fallback to look for certificates
2012-10-24 13:07:54 +02:00
434902b302
Add a strongswan.conf option to disable loading of all certificates from a pkcs11 module
2012-10-24 13:07:53 +02:00
36e47a409b
Explicit pkcs11 certificate loading can enforce a module and a slot
2012-10-24 13:07:53 +02:00
5d4c27d077
Be less verbose if loading PKCS#11 certificate fails
2012-10-24 13:07:53 +02:00
fbd3863571
Add a builder to load specific pkcs11 certificates by keyid
2012-10-24 13:07:52 +02:00
ffe42fa405
If no pkcs11 public key for a private key found, search for a certificate
2012-10-24 13:07:52 +02:00
44fdc62f82
Move pkcs11 public key lookup function declaration to header file
2012-10-24 13:07:52 +02:00
3c4d383443
Added an option to reload certificates from PKCS#11 tokens on SIGHUP
2012-10-18 14:42:09 +02:00
ca1c2ee281
Copy the name of pkcs11_library_t objects
...
Strings returned by settings_t.create_section_enumerator will be freed
when the config is reloaded.
2012-10-18 14:42:09 +02:00
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
e3b2e900e6
Add a return value to hasher_t.reset()
2012-07-16 14:55:06 +02:00
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
39e807728e
RNGs' get_bytes and allocate_bytes return boolean
2012-07-16 14:53:34 +02:00
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
a190ec0ac5
Compiler warnings fixed.
2012-02-14 16:09:44 +01:00
4de8f280e1
pkcs11: Fixed a bug when creating public keys.
2011-11-09 17:39:24 +01:00
f3eef176f4
Common spelling errors fixed.
2011-11-03 19:30:17 +01:00
1bdd255ed3
pkcs11: Make public key operations on tokens optional.
2011-11-03 17:56:40 +01:00
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
58d0a8d49b
pkcs11: Register ECDSA feature.
2011-11-02 20:27:55 +01:00
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
9e3b1e1495
pkcs11: Added support to encode ECDSA public keys.
2011-11-02 20:27:55 +01:00
36d1627f6e
pkcs11: Parse ECDSA public keys and find/create them on tokens.
2011-11-02 20:27:55 +01:00
574261163f
pkcs11: Added generic functions to find/create public keys on tokens.
2011-11-02 20:27:55 +01:00
a8084ee011
pkcs11: Store public key length in bits.
2011-11-02 20:27:55 +01:00
8859c1f26b
pkcs11: Fix encoding of RSA public keys.
2011-11-02 20:27:55 +01:00
dae19d448d
pkcs11: Use create_object_attr_enumerator to encode RSA public key.
2011-11-02 20:27:54 +01:00
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
c198525104
pkcs11: Function added to retrieve multiple attributes from a single object.
2011-11-02 20:27:54 +01:00
817d165cbc
pkcs11: Memory leak fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
43cd036a77
pkcs11: Invalid free fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
50ad6eacb6
pkcs11: Changed how pkcs11-manager is initialized.
...
The manager is now created directly, but events and certificate loading
is deferred.
2011-11-02 20:27:54 +01:00
cf9d45ea08
pkcs11: Add attributes to specify what we use the DH/ECDH keys for.
2011-11-02 20:27:54 +01:00
23b50b776b
pkcs11: Use callback registration for pkcs11-manager.
...
Otherwise a plugin providing X509 decoding capabilities might be unloaded
before the manager which will result in a segmentation fault when
certificates in the manager's credential sets are to be destroyed.
2011-10-31 18:45:37 +01:00
10b82be61f
pkcs11: Merged the ECDH into the DH implementation.
2011-10-31 18:45:37 +01:00
89de89be57
pkcs11: Use get_ck_attribute for ECDH.
2011-10-31 18:45:37 +01:00
cac6853180
pkcs11: Use get_ck_attribute for DH.
2011-10-31 18:45:37 +01:00
8531106578
pkcs11: Method added to library to extract a single attribute from an object.
2011-10-31 18:45:36 +01:00
6a5020fc67
pkcs11: Added names for CKA_* constants.
2011-10-31 18:45:36 +01:00
4e346b1f97
pkcs11: Added support for ECDH.
2011-10-31 18:45:36 +01:00
612e431305
pkcs11: Added definitions needed for ECDH to pkcs11.h.
2011-10-31 18:45:36 +01:00
7c78a6e631
pkcs11: Specify object class and key type when deriving DH secrets.
...
pkcs11_softtoken on OpenSolaris requires this (probably others too).
2011-10-31 18:45:36 +01:00
Tobias Brunner