Added support for trustchain key strength checking to rightauth option

author: Martin Willi <martin@revosec.ch> 2011-01-07 15:38:34 +0100
committer: Martin Willi <martin@revosec.ch> 2011-01-07 15:51:35 +0100
commit: 44e513a320e71e63879fef1664d19a4fe9589912 (patch)
tree: 80e17210ac792cd7d12efa1318a6f36e1531d9f9 /src
parent: 6367de28ad9b21cc8f145c7154cb29f5acca366a (diff)
download: strongswan-44e513a320e71e63879fef1664d19a4fe9589912.tar.bz2
strongswan-44e513a320e71e63879fef1664d19a4fe9589912.tar.xz
1 files changed, 13 insertions, 2 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index dc2c57e9c..ea7d17592 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -445,11 +445,22 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 
 	/* authentication metod (class, actually) */
 	if (streq(auth, "pubkey") ||
-		streq(auth, "rsasig") || streq(auth, "rsa") ||
-		streq(auth, "ecdsasig") || streq(auth, "ecdsa"))
+		strneq(auth, "rsa", strlen("rsa")) ||
+		strneq(auth, "ecdsa", strlen("ecdsa")))
 	{
+		u_int strength;
+
 		cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
 		build_crl_policy(cfg, local, msg->add_conn.crl_policy);
+
+		if (sscanf(auth, "rsa-%d", &strength) == 1)
+		{
+			cfg->add(cfg, AUTH_RULE_RSA_STRENGTH, (uintptr_t)strength);
+		}
+		if (sscanf(auth, "ecdsa-%d", &strength) == 1)
+		{
+			cfg->add(cfg, AUTH_RULE_ECDSA_STRENGTH, (uintptr_t)strength);
+		}
 	}
 	else if (streq(auth, "psk") || streq(auth, "secret"))
 	{
author	Martin Willi <martin@revosec.ch>	2011-01-07 15:38:34 +0100
committer	Martin Willi <martin@revosec.ch>	2011-01-07 15:51:35 +0100
commit	44e513a320e71e63879fef1664d19a4fe9589912 (patch)
tree	80e17210ac792cd7d12efa1318a6f36e1531d9f9 /src
parent	6367de28ad9b21cc8f145c7154cb29f5acca366a (diff)
download	strongswan-44e513a320e71e63879fef1664d19a4fe9589912.tar.bz2 strongswan-44e513a320e71e63879fef1664d19a4fe9589912.tar.xz