diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2011-11-03 17:56:40 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2011-11-03 17:56:40 +0100 |
| commit | 1bdd255ed3d1f08b5d7c815cc6589945288f4f28 (patch) | |
| tree | a12c72f48df873289de85c5f90e573c7b42a9aa8 | |
| parent | 5b85b94e27cd21fc79ef2e08e9256cde5dec7ff0 (diff) | |
| download | strongswan-1bdd255ed3d1f08b5d7c815cc6589945288f4f28.tar.bz2 strongswan-1bdd255ed3d1f08b5d7c815cc6589945288f4f28.tar.xz | |
pkcs11: Make public key operations on tokens optional.
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index fc085e6ae..183fce53a 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -200,17 +200,6 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(DH, MODP_768_BIT), PLUGIN_PROVIDE(DH, MODP_CUSTOM), }; - static plugin_feature_t f_rng[] = { - PLUGIN_REGISTER(RNG, pkcs11_rng_create), - PLUGIN_PROVIDE(RNG, RNG_STRONG), - PLUGIN_PROVIDE(RNG, RNG_TRUE), - }; - static plugin_feature_t f_key[] = { - PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE), - PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), - PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE), - PLUGIN_PROVIDE(PUBKEY, KEY_RSA), - }; static plugin_feature_t f_ecdh[] = { PLUGIN_REGISTER(DH, pkcs11_dh_create), PLUGIN_PROVIDE(DH, ECP_192_BIT), @@ -219,9 +208,18 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(DH, ECP_384_BIT), PLUGIN_PROVIDE(DH, ECP_521_BIT), }; - static plugin_feature_t f_ecdsa[] = { - /* *_connect is already registered for KEY_ANY */ + static plugin_feature_t f_rng[] = { + PLUGIN_REGISTER(RNG, pkcs11_rng_create), + PLUGIN_PROVIDE(RNG, RNG_STRONG), + PLUGIN_PROVIDE(RNG, RNG_TRUE), + }; + static plugin_feature_t f_privkey[] = { + PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + }; + static plugin_feature_t f_pubkey[] = { PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), }; static plugin_feature_t f_manager[] = { @@ -230,8 +228,8 @@ METHOD(plugin_t, get_features, int, PLUGIN_DEPENDS(CERT_DECODE, CERT_X509), }; static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) + - countof(f_key) + countof(f_ecdh) + - countof(f_ecdsa) + countof(f_manager)] = {}; + countof(f_ecdh) + countof(f_privkey) + + countof(f_pubkey) + countof(f_manager)] = {}; static int count = 0; if (!count) @@ -239,7 +237,14 @@ METHOD(plugin_t, get_features, int, bool use_ecc = lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_ecc", FALSE); add_features(f, f_manager, countof(f_manager), &count); - add_features(f, f_key, countof(f_key), &count); + /* private key handling for EC keys is not disabled by use_ecc */ + add_features(f, f_privkey, countof(f_privkey), &count); + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.use_pubkey", FALSE)) + { + add_features(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1), + &count); + } if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) { @@ -259,10 +264,6 @@ METHOD(plugin_t, get_features, int, add_features(f, f_ecdh, countof(f_ecdh), &count); } } - if (use_ecc) - { - add_features(f, f_ecdsa, countof(f_ecdsa), &count); - } } *features = f; return count; |