Commit Graph

115 Commits

Author SHA1 Message Date
Tobias Brunner 7756c0383e pkcs11: Use plugin_features_add() in get_features() 2013-06-11 11:18:18 +02:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Tobias Brunner d5c143e5be Moved enum_name_t to utils folder 2012-10-24 16:00:50 +02:00
Tobias Brunner 125b37af6d Moved chunk_t to utils folder 2012-10-24 16:00:50 +02:00
Tobias Brunner 12642a6831 Moved data structures to new collections subfolder 2012-10-24 16:00:49 +02:00
Martin Willi 712e81306f PKCS#11 library search using keyid uses a fallback to look for certificates 2012-10-24 13:07:54 +02:00
Martin Willi 434902b302 Add a strongswan.conf option to disable loading of all certificates from a pkcs11 module 2012-10-24 13:07:53 +02:00
Martin Willi 36e47a409b Explicit pkcs11 certificate loading can enforce a module and a slot 2012-10-24 13:07:53 +02:00
Martin Willi 5d4c27d077 Be less verbose if loading PKCS#11 certificate fails 2012-10-24 13:07:53 +02:00
Martin Willi fbd3863571 Add a builder to load specific pkcs11 certificates by keyid 2012-10-24 13:07:52 +02:00
Martin Willi ffe42fa405 If no pkcs11 public key for a private key found, search for a certificate 2012-10-24 13:07:52 +02:00
Martin Willi 44fdc62f82 Move pkcs11 public key lookup function declaration to header file 2012-10-24 13:07:52 +02:00
Tobias Brunner 3c4d383443 Added an option to reload certificates from PKCS#11 tokens on SIGHUP 2012-10-18 14:42:09 +02:00
Tobias Brunner ca1c2ee281 Copy the name of pkcs11_library_t objects
Strings returned by settings_t.create_section_enumerator will be freed
when the config is reloaded.
2012-10-18 14:42:09 +02:00
Tobias Brunner a05f3b2021 Make sure first argument is an int when using %.*s to print e.g. chunks 2012-09-28 18:01:49 +02:00
Martin Willi e3b2e900e6 Add a return value to hasher_t.reset() 2012-07-16 14:55:06 +02:00
Martin Willi 87dd205b61 Add a return value to hasher_t.allocate_hash() 2012-07-16 14:55:06 +02:00
Martin Willi 8bd6a30af1 Add a return value to hasher_t.get_hash() 2012-07-16 14:55:06 +02:00
Tobias Brunner 39e807728e RNGs' get_bytes and allocate_bytes return boolean 2012-07-16 14:53:34 +02:00
Tobias Brunner 26d77eb3e6 Centralized thread cancellation in processor_t
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.

callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t.  The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Tobias Brunner a190ec0ac5 Compiler warnings fixed. 2012-02-14 16:09:44 +01:00
Tobias Brunner 4de8f280e1 pkcs11: Fixed a bug when creating public keys. 2011-11-09 17:39:24 +01:00
Tobias Brunner f3eef176f4 Common spelling errors fixed. 2011-11-03 19:30:17 +01:00
Tobias Brunner 1bdd255ed3 pkcs11: Make public key operations on tokens optional. 2011-11-03 17:56:40 +01:00
Tobias Brunner 5b85b94e27 pkcs11: Make sure a key can be used for a given signature scheme. 2011-11-02 20:27:55 +01:00
Tobias Brunner 58d0a8d49b pkcs11: Register ECDSA feature. 2011-11-02 20:27:55 +01:00
Tobias Brunner fd48b220ed pkcs11: We have to create our own hashes for some signature schemes. 2011-11-02 20:27:55 +01:00
Tobias Brunner 30a3ede8ce pkcs11: Lookup the public key of a private key by CKA_ID.
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
Tobias Brunner 5d2fccf439 pkcs11: Search for private keys in a more generic way.
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
Tobias Brunner 9e3b1e1495 pkcs11: Added support to encode ECDSA public keys. 2011-11-02 20:27:55 +01:00
Tobias Brunner 36d1627f6e pkcs11: Parse ECDSA public keys and find/create them on tokens. 2011-11-02 20:27:55 +01:00
Tobias Brunner 574261163f pkcs11: Added generic functions to find/create public keys on tokens. 2011-11-02 20:27:55 +01:00
Tobias Brunner a8084ee011 pkcs11: Store public key length in bits. 2011-11-02 20:27:55 +01:00
Tobias Brunner 8859c1f26b pkcs11: Fix encoding of RSA public keys. 2011-11-02 20:27:55 +01:00
Tobias Brunner dae19d448d pkcs11: Use create_object_attr_enumerator to encode RSA public key. 2011-11-02 20:27:54 +01:00
Tobias Brunner b0319fe860 pkcs11: Instead of a mutex use a new session to do multipart operations. 2011-11-02 20:27:54 +01:00
Tobias Brunner c198525104 pkcs11: Function added to retrieve multiple attributes from a single object. 2011-11-02 20:27:54 +01:00
Tobias Brunner 817d165cbc pkcs11: Memory leak fixed in DH/ECDH implementation. 2011-11-02 20:27:54 +01:00
Tobias Brunner 43cd036a77 pkcs11: Invalid free fixed in DH/ECDH implementation. 2011-11-02 20:27:54 +01:00
Tobias Brunner 50ad6eacb6 pkcs11: Changed how pkcs11-manager is initialized.
The manager is now created directly, but events and certificate loading
is deferred.
2011-11-02 20:27:54 +01:00
Tobias Brunner cf9d45ea08 pkcs11: Add attributes to specify what we use the DH/ECDH keys for. 2011-11-02 20:27:54 +01:00
Tobias Brunner 23b50b776b pkcs11: Use callback registration for pkcs11-manager.
Otherwise a plugin providing X509 decoding capabilities might be unloaded
before the manager which will result in a segmentation fault when
certificates in the manager's credential sets are to be destroyed.
2011-10-31 18:45:37 +01:00
Tobias Brunner 10b82be61f pkcs11: Merged the ECDH into the DH implementation. 2011-10-31 18:45:37 +01:00
Tobias Brunner 89de89be57 pkcs11: Use get_ck_attribute for ECDH. 2011-10-31 18:45:37 +01:00
Tobias Brunner cac6853180 pkcs11: Use get_ck_attribute for DH. 2011-10-31 18:45:37 +01:00
Tobias Brunner 8531106578 pkcs11: Method added to library to extract a single attribute from an object. 2011-10-31 18:45:36 +01:00
Tobias Brunner 6a5020fc67 pkcs11: Added names for CKA_* constants. 2011-10-31 18:45:36 +01:00
Tobias Brunner 4e346b1f97 pkcs11: Added support for ECDH. 2011-10-31 18:45:36 +01:00
Tobias Brunner 612e431305 pkcs11: Added definitions needed for ECDH to pkcs11.h. 2011-10-31 18:45:36 +01:00
Tobias Brunner 7c78a6e631 pkcs11: Specify object class and key type when deriving DH secrets.
pkcs11_softtoken on OpenSolaris requires this (probably others too).
2011-10-31 18:45:36 +01:00