diff options
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_cred.c | 13 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/callback_cred.c | 5 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/callback_cred.h | 4 | ||||
| -rw-r--r-- | src/pluto/keys.c | 7 |
4 files changed, 25 insertions, 4 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 69e2054f8..16fc844ec 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -689,12 +689,18 @@ typedef struct { * Callback function to receive Passphrases */ static shared_key_t* passphrase_cb(passphrase_cb_data_t *data, + shared_key_type_t type, identification_t *me, identification_t *other, id_match_t *match_me, id_match_t *match_other) { chunk_t secret; char buf[256]; + if (type != SHARED_ANY && type != SHARED_PRIVATE_KEY_PASS) + { + return NULL; + } + if (data->try > 1) { if (data->try > 5) @@ -744,13 +750,18 @@ typedef struct { /** * Callback function to receive PINs */ -static shared_key_t* pin_cb(pin_cb_data_t *data, +static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type, identification_t *me, identification_t *other, id_match_t *match_me, id_match_t *match_other) { chunk_t secret; char buf[256]; + if (type != SHARED_ANY && type != SHARED_PIN) + { + return NULL; + } + if (!me || !chunk_equals(me->get_encoding(me), data->keyid)) { return NULL; diff --git a/src/libstrongswan/credentials/sets/callback_cred.c b/src/libstrongswan/credentials/sets/callback_cred.c index 87a0789d3..bff33f029 100644 --- a/src/libstrongswan/credentials/sets/callback_cred.c +++ b/src/libstrongswan/credentials/sets/callback_cred.c @@ -49,6 +49,8 @@ typedef struct { enumerator_t public; /* backref to this */ private_callback_cred_t *this; + /* type if requested key */ + shared_key_type_t type; /* own identity to match */ identification_t *me; /* other identity to match */ @@ -62,7 +64,7 @@ METHOD(enumerator_t, shared_enumerate, bool, id_match_t *match_me, id_match_t *match_other) { DESTROY_IF(this->current); - this->current = this->this->cb.shared(this->this->data, + this->current = this->this->cb.shared(this->this->data, this->type, this->me, this->other, match_me, match_other); if (this->current) { @@ -91,6 +93,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, .destroy = _shared_destroy, }, .this = this, + .type = type, .me = me, .other = other, ); diff --git a/src/libstrongswan/credentials/sets/callback_cred.h b/src/libstrongswan/credentials/sets/callback_cred.h index 9cc5b65ea..efc4c7fa5 100644 --- a/src/libstrongswan/credentials/sets/callback_cred.h +++ b/src/libstrongswan/credentials/sets/callback_cred.h @@ -28,12 +28,14 @@ typedef struct callback_cred_t callback_cred_t; /** * Callback function to get shared keys. * + * @param type type of requested shared key * @param me own identity * @param other other identity * @param match_me match result of own identity * @param match_other match result of other identity */ -typedef shared_key_t* (*callback_cred_shared_cb_t)(void *data, +typedef shared_key_t* (*callback_cred_shared_cb_t)( + void *data, shared_key_type_t type, identification_t *me, identification_t *other, id_match_t *match_me, id_match_t *match_other); diff --git a/src/pluto/keys.c b/src/pluto/keys.c index dc78b0e7f..12a3ccfc9 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -554,12 +554,17 @@ typedef struct { /** * Passphrase callback to read from whack fd */ -static shared_key_t* whack_pass_cb(prompt_pass_t *pass, +static shared_key_t* whack_pass_cb(prompt_pass_t *pass, shared_key_type_t type, identification_t *me, identification_t *other, id_match_t *match_me, id_match_t *match_other) { int n; + if (type != SHARED_ANY && type != SHARED_PRIVATE_KEY_PASS) + { + return NULL; + } + if (pass->try > MAX_PROMPT_PASS_TRIALS) { whack_log(RC_LOG_SERIOUS, "invalid passphrase, too many trials"); |