diff options
| -rwxr-xr-x | src/charon/plugins/stroke/stroke.c | 33 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/certificates/x509.h | 11 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/keys/shared_key.c | 84 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/keys/shared_key.h | 9 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 9 |
5 files changed, 106 insertions, 40 deletions
diff --git a/src/charon/plugins/stroke/stroke.c b/src/charon/plugins/stroke/stroke.c index 9d112844d..920533d22 100755 --- a/src/charon/plugins/stroke/stroke.c +++ b/src/charon/plugins/stroke/stroke.c @@ -570,7 +570,7 @@ static chunk_t get_key(private_shared_key_t *this) /** * create a shared key */ -static private_shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key) +static private_shared_key_t *private_shared_key_create(shared_key_type_t type, chunk_t key) { private_shared_key_t *this = malloc_thing(private_shared_key_t); @@ -739,9 +739,6 @@ static x509_t* load_cert(char *path, x509_flag_t flag) cert->destroy(cert); return NULL; } - - /* set cert flags to flag but keep X509_SELF_SIGNED property */ - x509->set_flags(x509, flag | (flags & X509_SELF_SIGNED)); /* check validity */ { @@ -777,11 +774,7 @@ static certificate_t* add_x509_cert(private_stroke_t *this, x509_t* x509) { if (current->equals(current, cert)) { - x509_flag_t flags = x509->get_flags(x509); - x509_t *x509c = (x509_t*)current; - - /* cert already in queue - add flags and discard */ - x509c->set_flags(x509c, flags | x509c->get_flags(x509c)); + /* cert already in queue */ cert->destroy(cert); cert = current; new = FALSE; @@ -912,7 +905,7 @@ static void load_peer_cert(private_stroke_t *this, snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename); } - x509 = load_cert(path, X509_PEER); + x509 = load_cert(path, 0); if (x509) { @@ -1232,7 +1225,7 @@ static void load_secrets(private_stroke_t *this) DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh); goto error; } - shared_key = shared_key_create(type, secret); + shared_key = private_shared_key_create(type, secret); DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type, ids.len > 0 ? (char*)ids.ptr : "%any"); DBG4(DBG_CFG, " secret:", secret); @@ -2643,7 +2636,8 @@ static void stroke_list_certs(char *label, x509_flag_t flags, bool utc, FILE *ou x509_t *x509 = (x509_t*)cert; x509_flag_t x509_flags = x509->get_flags(x509); - if (x509_flags & flags) + /* list only if flag is set, or flags == 0 (ignoring self-signed) */ + if ((x509_flags & flags) || (flags == (x509_flags & ~X509_SELF_SIGNED))) { enumerator_t *enumerator; identification_t *altName; @@ -2721,12 +2715,9 @@ static void stroke_list_certs(char *label, x509_flag_t flags, bool utc, FILE *ou id = public->get_id(public, ID_PUBKEY_SHA1); keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (flags & X509_PEER) - { - private = charon->credentials->get_private( + private = charon->credentials->get_private( charon->credentials, - public->get_type(public), id, NULL); - } + public->get_type(public), keyid, NULL); fprintf(out, " pubkey: %N %d bits%s\n", key_type_names, public->get_type(public), public->get_keysize(public) * 8, @@ -2915,22 +2906,22 @@ static void stroke_list(private_stroke_t *this, stroke_msg_t *msg, FILE *out) if (msg->list.flags & LIST_CERTS) { stroke_list_certs("X.509 End Entity Certificates", - X509_PEER, msg->list.utc, out); + 0, msg->list.utc, out); } if (msg->list.flags & LIST_CACERTS) { stroke_list_certs("X.509 CA Certificates", - X509_CA, msg->list.utc, out); + X509_CA, msg->list.utc, out); } if (msg->list.flags & LIST_OCSPCERTS) { stroke_list_certs("X.509 OCSP Signer Certificates", - X509_OCSP_SIGNER, msg->list.utc, out); + X509_OCSP_SIGNER, msg->list.utc, out); } if (msg->list.flags & LIST_AACERTS) { stroke_list_certs("X.509 AA Certificates", - X509_AA, msg->list.utc, out); + X509_AA, msg->list.utc, out); } if (msg->list.flags & LIST_ACERTS) { diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index a4f9d1ff3..9d4054710 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -37,10 +37,8 @@ enum x509_flag_t { X509_AA = (1<<1), /** cert has OCSP signer constraint */ X509_OCSP_SIGNER = (1<<2), - /** cert belongs to an end entity */ - X509_PEER = (1<<3), /** cert is self-signed */ - X509_SELF_SIGNED = (1<<4), + X509_SELF_SIGNED = (1<<3), }; /** @@ -69,13 +67,6 @@ struct x509_t { x509_flag_t (*get_flags)(x509_t *this); /** - * Set the flags for this certificate. - * - * @param flags set of flags - */ - void (*set_flags)(x509_t *this, x509_flag_t flags); - - /** * Get the certificate serial number. * * @return chunk pointing to internal serial number diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c index 66b45a003..1ca848b20 100644 --- a/src/libstrongswan/credentials/keys/shared_key.c +++ b/src/libstrongswan/credentials/keys/shared_key.c @@ -25,3 +25,87 @@ ENUM(shared_key_type_names, SHARED_ANY, SHARED_PIN, "PIN", ); +typedef struct private_shared_key_t private_shared_key_t; + +/** + * private data of shared_key + */ +struct private_shared_key_t { + + /** + * public functions + */ + shared_key_t public; + + /** + * type of this shared key + */ + shared_key_type_t type; + + /** + * associated shared key data + */ + chunk_t key; + + /** + * reference counter + */ + refcount_t ref; +}; + +/** + * Implements shared_key_t.get_type + */ +static shared_key_type_t get_type(private_shared_key_t *this) +{ + return this->type; +} + +/** + * Implements shared_key_t.get_key + */ +static chunk_t get_key(private_shared_key_t *this) +{ + return this->key; +} + +/** + * Implements shared_key_t.get_ref + */ +static shared_key_t* get_ref(private_shared_key_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +/** + * Implementation of shared_key_t.destroy + */ +static void destroy(private_shared_key_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->key.ptr); + free(this); + } +} + +/* + * see header file + */ +shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key) +{ + private_shared_key_t *this = malloc_thing(private_shared_key_t); + + this->public.get_type = (shared_key_type_t (*)(shared_key_t *this))get_type; + this->public.get_key = (chunk_t (*)(shared_key_t *this))get_key; + this->public.get_ref = (shared_key_t* (*)(shared_key_t *this))get_ref; + this->public.destroy = (void(*)(shared_key_t*))destroy; + + this->type = type; + this->key = key; + this->ref = 1; + + return &this->public; +} + diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h index 86586a7c7..ceb1309b7 100644 --- a/src/libstrongswan/credentials/keys/shared_key.h +++ b/src/libstrongswan/credentials/keys/shared_key.h @@ -83,4 +83,13 @@ struct shared_key_t { void (*destroy)(shared_key_t *this); }; +/** + * A simple private key implementation + * + * @param type type of the shared key + * @param key key data, gets owned by instance + * @return simple shared key instance + */ +shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key); + #endif /** SHARED_KEY_H_ @} */ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 47a841c51..a044c60a0 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1012,14 +1012,6 @@ static private_x509_cert_t* get_ref(private_x509_cert_t *this) } /** - * Implementation of x509_cert_t.set_flags. - */ -static void set_flags(private_x509_cert_t *this, x509_flag_t flags) -{ - this->flags = flags; -} - -/** * Implementation of x509_cert_t.get_flags. */ static x509_flag_t get_flags(private_x509_cert_t *this) @@ -1167,7 +1159,6 @@ static x509_cert_t *load(chunk_t chunk) this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals; this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy; - this->public.interface.set_flags = (void (*)(x509_t*, x509_flag_t flags))set_flags; this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier; |