From c0bbddfa42bfc9838a634873f44e733d9251ada6 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 1 Apr 2013 13:51:37 +0200 Subject: Try to load raw keys from ipsec.conf as PKCS#1 blob first The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before. --- src/libcharon/plugins/stroke/stroke_cred.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'src/libcharon') diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index eda746f7e..6c47a7b06 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -291,17 +291,24 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*, } else if (strncaseeq(filename, "0x", 2) || strncaseeq(filename, "0s", 2)) { - chunk_t printable_key, rfc3110_key; + chunk_t printable_key, raw_key; public_key_t *key; printable_key = chunk_create(filename + 2, strlen(filename) - 2); - rfc3110_key = strncaseeq(filename, "0x", 2) ? + raw_key = strncaseeq(filename, "0x", 2) ? chunk_from_hex(printable_key, NULL) : chunk_from_base64(printable_key, NULL); - key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - BUILD_BLOB_DNSKEY, rfc3110_key, + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + BUILD_BLOB_ASN1_DER, raw_key, BUILD_END); - free(rfc3110_key.ptr); + if (!key) + { /* try RFC 3110 format (as it accepts nearly any blob, the above has + * to be tried first) */ + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_DNSKEY, raw_key, + BUILD_END); + } + chunk_free(&raw_key); if (key) { cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, -- cgit v1.2.3