diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-09-30 15:16:42 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-10-05 11:33:36 +0200 |
| commit | 7caba2eb5524be6b51943bcc3d2cb0e4c5ecc09a (patch) | |
| tree | 1e7f57d72c8558d1ca051f3bf1cf371228bea4b8 | |
| parent | 05ccde0a8bd9d669fa186aa4d4a3d37d2a8155c1 (diff) | |
| download | strongswan-7caba2eb5524be6b51943bcc3d2cb0e4c5ecc09a.tar.bz2 strongswan-7caba2eb5524be6b51943bcc3d2cb0e4c5ecc09a.tar.xz | |
swanctl: Add 'private' directory/section to load any type of private key
| -rw-r--r-- | src/swanctl/Makefile.am | 1 | ||||
| -rw-r--r-- | src/swanctl/commands/load_creds.c | 15 | ||||
| -rw-r--r-- | src/swanctl/swanctl.h | 6 | ||||
| -rw-r--r-- | src/swanctl/swanctl.opt | 9 |
4 files changed, 26 insertions, 5 deletions
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am index 409387849..9ca759ea3 100644 --- a/src/swanctl/Makefile.am +++ b/src/swanctl/Makefile.am @@ -70,6 +70,7 @@ install-data-local: swanctl.conf test -e "$(DESTDIR)$(swanctldir)/x509crl" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509crl" || true test -e "$(DESTDIR)$(swanctldir)/x509ac" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ac" || true test -e "$(DESTDIR)$(swanctldir)/pubkey" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/pubkey" || true + test -e "$(DESTDIR)$(swanctldir)/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/private" || true test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c index 4647934f7..6278f66b4 100644 --- a/src/swanctl/commands/load_creds.c +++ b/src/swanctl/commands/load_creds.c @@ -2,6 +2,7 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -128,7 +129,8 @@ static bool load_key(vici_conn_t *conn, command_format_options_t format, req = vici_begin("load-key"); - if (streq(type, "pkcs8")) + if (streq(type, "private") || + streq(type, "pkcs8")) { /* as used by vici */ vici_add_key_valuef(req, "type", "any"); } @@ -251,6 +253,7 @@ static bool determine_credtype(char *type, credential_type_t *credtype, credential_type_t credtype; int subtype; } map[] = { + { "private", CRED_PRIVATE_KEY, KEY_ANY, }, { "pkcs8", CRED_PRIVATE_KEY, KEY_ANY, }, { "rsa", CRED_PRIVATE_KEY, KEY_RSA, }, { "ecdsa", CRED_PRIVATE_KEY, KEY_ECDSA, }, @@ -565,6 +568,7 @@ static bool load_secret(vici_conn_t *conn, settings_t *cfg, "eap", "xauth", "ike", + "private", "rsa", "ecdsa", "bliss", @@ -700,10 +704,11 @@ int load_creds_cfg(vici_conn_t *conn, command_format_options_t format, load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR); load_certs(conn, format, "pubkey", SWANCTL_PUBKEYDIR); - load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR); - load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR); - load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR); - load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR); + load_keys(conn, format, noprompt, cfg, "private", SWANCTL_PRIVATEDIR); + load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR); + load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR); + load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR); + load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR); load_containers(conn, format, noprompt, cfg, "pkcs12", SWANCTL_PKCS12DIR); diff --git a/src/swanctl/swanctl.h b/src/swanctl/swanctl.h index 560e89513..eac1fc6d0 100644 --- a/src/swanctl/swanctl.h +++ b/src/swanctl/swanctl.h @@ -2,6 +2,7 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -65,6 +66,11 @@ #define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey" /** + * Directory for private keys + */ +#define SWANCTL_PRIVATEDIR SWANCTLDIR "/private" + +/** * Directory for RSA private keys */ #define SWANCTL_RSADIR SWANCTLDIR "/rsa" diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index c4d9f86d6..a7d6d9fc3 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -835,6 +835,15 @@ secrets.ike<suffix>.id<suffix> = may be specified, each having an _id_ prefix, if a secret is shared between multiple peers. +secrets.private<suffix> { # } + Private key decryption passphrase for a key in the _private_ folder. + +secrets.private<suffix>.file = + File name in the _private_ folder for which this passphrase should be used. + +secrets.private<suffix>.secret + Value of decryption passphrase for private key. + secrets.rsa<suffix> { # } Private key decryption passphrase for a key in the _rsa_ folder. |