Tobias Brunner
7756c0383e
pkcs11: Use plugin_features_add() in get_features()
2013-06-11 11:18:18 +02:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
d5c143e5be
Moved enum_name_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
125b37af6d
Moved chunk_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Martin Willi
712e81306f
PKCS#11 library search using keyid uses a fallback to look for certificates
2012-10-24 13:07:54 +02:00
Martin Willi
434902b302
Add a strongswan.conf option to disable loading of all certificates from a pkcs11 module
2012-10-24 13:07:53 +02:00
Martin Willi
36e47a409b
Explicit pkcs11 certificate loading can enforce a module and a slot
2012-10-24 13:07:53 +02:00
Martin Willi
5d4c27d077
Be less verbose if loading PKCS#11 certificate fails
2012-10-24 13:07:53 +02:00
Martin Willi
fbd3863571
Add a builder to load specific pkcs11 certificates by keyid
2012-10-24 13:07:52 +02:00
Martin Willi
ffe42fa405
If no pkcs11 public key for a private key found, search for a certificate
2012-10-24 13:07:52 +02:00
Martin Willi
44fdc62f82
Move pkcs11 public key lookup function declaration to header file
2012-10-24 13:07:52 +02:00
Tobias Brunner
3c4d383443
Added an option to reload certificates from PKCS#11 tokens on SIGHUP
2012-10-18 14:42:09 +02:00
Tobias Brunner
ca1c2ee281
Copy the name of pkcs11_library_t objects
...
Strings returned by settings_t.create_section_enumerator will be freed
when the config is reloaded.
2012-10-18 14:42:09 +02:00
Tobias Brunner
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
Martin Willi
e3b2e900e6
Add a return value to hasher_t.reset()
2012-07-16 14:55:06 +02:00
Martin Willi
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
Martin Willi
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
Tobias Brunner
39e807728e
RNGs' get_bytes and allocate_bytes return boolean
2012-07-16 14:53:34 +02:00
Tobias Brunner
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Tobias Brunner
a190ec0ac5
Compiler warnings fixed.
2012-02-14 16:09:44 +01:00
Tobias Brunner
4de8f280e1
pkcs11: Fixed a bug when creating public keys.
2011-11-09 17:39:24 +01:00
Tobias Brunner
f3eef176f4
Common spelling errors fixed.
2011-11-03 19:30:17 +01:00
Tobias Brunner
1bdd255ed3
pkcs11: Make public key operations on tokens optional.
2011-11-03 17:56:40 +01:00
Tobias Brunner
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
Tobias Brunner
58d0a8d49b
pkcs11: Register ECDSA feature.
2011-11-02 20:27:55 +01:00
Tobias Brunner
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
Tobias Brunner
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
Tobias Brunner
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
Tobias Brunner
9e3b1e1495
pkcs11: Added support to encode ECDSA public keys.
2011-11-02 20:27:55 +01:00
Tobias Brunner
36d1627f6e
pkcs11: Parse ECDSA public keys and find/create them on tokens.
2011-11-02 20:27:55 +01:00
Tobias Brunner
574261163f
pkcs11: Added generic functions to find/create public keys on tokens.
2011-11-02 20:27:55 +01:00
Tobias Brunner
a8084ee011
pkcs11: Store public key length in bits.
2011-11-02 20:27:55 +01:00
Tobias Brunner
8859c1f26b
pkcs11: Fix encoding of RSA public keys.
2011-11-02 20:27:55 +01:00
Tobias Brunner
dae19d448d
pkcs11: Use create_object_attr_enumerator to encode RSA public key.
2011-11-02 20:27:54 +01:00
Tobias Brunner
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
Tobias Brunner
c198525104
pkcs11: Function added to retrieve multiple attributes from a single object.
2011-11-02 20:27:54 +01:00
Tobias Brunner
817d165cbc
pkcs11: Memory leak fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
Tobias Brunner
43cd036a77
pkcs11: Invalid free fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
Tobias Brunner
50ad6eacb6
pkcs11: Changed how pkcs11-manager is initialized.
...
The manager is now created directly, but events and certificate loading
is deferred.
2011-11-02 20:27:54 +01:00
Tobias Brunner
cf9d45ea08
pkcs11: Add attributes to specify what we use the DH/ECDH keys for.
2011-11-02 20:27:54 +01:00
Tobias Brunner
23b50b776b
pkcs11: Use callback registration for pkcs11-manager.
...
Otherwise a plugin providing X509 decoding capabilities might be unloaded
before the manager which will result in a segmentation fault when
certificates in the manager's credential sets are to be destroyed.
2011-10-31 18:45:37 +01:00
Tobias Brunner
10b82be61f
pkcs11: Merged the ECDH into the DH implementation.
2011-10-31 18:45:37 +01:00
Tobias Brunner
89de89be57
pkcs11: Use get_ck_attribute for ECDH.
2011-10-31 18:45:37 +01:00
Tobias Brunner
cac6853180
pkcs11: Use get_ck_attribute for DH.
2011-10-31 18:45:37 +01:00
Tobias Brunner
8531106578
pkcs11: Method added to library to extract a single attribute from an object.
2011-10-31 18:45:36 +01:00
Tobias Brunner
6a5020fc67
pkcs11: Added names for CKA_* constants.
2011-10-31 18:45:36 +01:00
Tobias Brunner
4e346b1f97
pkcs11: Added support for ECDH.
2011-10-31 18:45:36 +01:00
Tobias Brunner
612e431305
pkcs11: Added definitions needed for ECDH to pkcs11.h.
2011-10-31 18:45:36 +01:00
Tobias Brunner
7c78a6e631
pkcs11: Specify object class and key type when deriving DH secrets.
...
pkcs11_softtoken on OpenSolaris requires this (probably others too).
2011-10-31 18:45:36 +01:00