3 files changed, 19 insertions, 5 deletions

diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index 701cbcde3..8a799d3cd 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -19,9 +19,11 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
 	"BUILD_FROM_FILE",
 	"BUILD_AGENT_SOCKET",
 	"BUILD_BLOB_ASN1_DER",
-	"BUILD_BLOB_ASN1_PEM",
+	"BUILD_BLOB_PEM",
 	"BUILD_BLOB_PGP",
 	"BUILD_BLOB_RFC_3110",
+	"BUILD_PASSPHRASE",
+	"BUILD_PASSPHRASE_CALLBACK",
 	"BUILD_KEY_SIZE",
 	"BUILD_SIGNING_KEY",
 	"BUILD_SIGNING_CERT",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 01ccf2a5c..9c73f6e7c 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -44,12 +44,18 @@ enum builder_part_t {
 	BUILD_AGENT_SOCKET,
 	/** DER encoded ASN.1 blob, chunk_t */
 	BUILD_BLOB_ASN1_DER,
-	/** PEM encoded ASN.1 blob, null terminated char* */
-	BUILD_BLOB_ASN1_PEM,
+	/** PEM encoded ASN.1/PGP blob, chunk_t */
+	BUILD_BLOB_PEM,
 	/**  OpenPGP key blob, chunk_t */
 	BUILD_BLOB_PGP,
 	/** RFC 3110 DNS public key blob, chunk_t */
 	BUILD_BLOB_RFC_3110,
+	/** passphrase for e.g. PEM decryption, chunk_t */
+	BUILD_PASSPHRASE,
+	/** passphrase callback, chunk_t(*fn)(void *user, int try), void *user.
+	 *  The callback is invoked until the returned passphrase is accepted, or
+	 *  a zero-length passphrase is returned. Try starts at 1. */
+	BUILD_PASSPHRASE_CALLBACK,
 	/** key size in bits, as used for key generation, u_int */
 	BUILD_KEY_SIZE,
 	/** private key to use for signing, private_key_t* */
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index e55df0398..38bbc672a 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -142,7 +142,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
 	builder_t *builder;
 	builder_part_t part;
 	va_list args;
-	void* construct = NULL;
+	void* construct = NULL, *fn, *data;
 	
 	enumerator = create_builder_enumerator(this, type, subtype);
 	while (enumerator->enumerate(enumerator, &builder))
@@ -155,9 +155,11 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
 			{
 				case BUILD_END:
 					break;
+				case BUILD_BLOB_PEM:
 				case BUILD_BLOB_ASN1_DER:
 				case BUILD_BLOB_PGP:
 				case BUILD_BLOB_RFC_3110:
+				case BUILD_PASSPHRASE:
 				case BUILD_SERIAL:
 					builder->add(builder, part, va_arg(args, chunk_t));
 					continue;
@@ -171,7 +173,6 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
 				case BUILD_NOT_AFTER_TIME:
 					builder->add(builder, part, va_arg(args, time_t));
 					continue;
-				case BUILD_BLOB_ASN1_PEM:
 				case BUILD_FROM_FILE:
 				case BUILD_AGENT_SOCKET:
 				case BUILD_SIGNING_KEY:
@@ -188,6 +189,11 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
 				case BUILD_SMARTCARD_PIN:
 					builder->add(builder, part, va_arg(args, void*));
 					continue;
+				case BUILD_PASSPHRASE_CALLBACK:
+					fn = va_arg(args, void*);
+					data = va_arg(args, void*);
+					builder->add(builder, part, fn, data);
+					continue;
 				/* no default to get a compiler warning */
 			}
 			break;