sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-08 00:02:03 -04:00
Code Issues Projects Releases Wiki Activity

swanctl: Add 'private' directory/section to load any type of private key

Browse Source
This commit is contained in:
Tobias Brunner 2016-09-30 15:16:42 +02:00
parent 05ccde0a8b
commit 7caba2eb55
4 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/swanctl/Makefile.am
View File

@ -70,6 +70,7 @@ install-data-local: swanctl.conf
test -e "$(DESTDIR)$(swanctldir)/x509crl" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509crl" || true test -e "$(DESTDIR)$(swanctldir)/x509crl" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509crl" || true
test -e "$(DESTDIR)$(swanctldir)/x509ac" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ac" || true test -e "$(DESTDIR)$(swanctldir)/x509ac" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ac" || true
test -e "$(DESTDIR)$(swanctldir)/pubkey" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/pubkey" || true test -e "$(DESTDIR)$(swanctldir)/pubkey" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/pubkey" || true
test -e "$(DESTDIR)$(swanctldir)/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/private" || true
test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true
test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true
test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true

15
src/swanctl/commands/load_creds.c
View File

@ -2,6 +2,7 @@
* Copyright (C) 2014 Martin Willi * Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG * Copyright (C) 2014 revosec AG
* *
* Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2015 Andreas Steffen * Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil * HSR Hochschule fuer Technik Rapperswil
* *
@ -128,7 +129,8 @@ static bool load_key(vici_conn_t *conn, command_format_options_t format,
req = vici_begin("load-key"); req = vici_begin("load-key");
if (streq(type, "pkcs8")) if (streq(type, "private") ||
streq(type, "pkcs8"))
{ /* as used by vici */ { /* as used by vici */
vici_add_key_valuef(req, "type", "any"); vici_add_key_valuef(req, "type", "any");
} }
@ -251,6 +253,7 @@ static bool determine_credtype(char *type, credential_type_t *credtype,
credential_type_t credtype; credential_type_t credtype;
int subtype; int subtype;
} map[] = { } map[] = {
{ "private", CRED_PRIVATE_KEY, KEY_ANY, },
{ "pkcs8", CRED_PRIVATE_KEY, KEY_ANY, }, { "pkcs8", CRED_PRIVATE_KEY, KEY_ANY, },
{ "rsa", CRED_PRIVATE_KEY, KEY_RSA, }, { "rsa", CRED_PRIVATE_KEY, KEY_RSA, },
{ "ecdsa", CRED_PRIVATE_KEY, KEY_ECDSA, }, { "ecdsa", CRED_PRIVATE_KEY, KEY_ECDSA, },
@ -565,6 +568,7 @@ static bool load_secret(vici_conn_t *conn, settings_t *cfg,
"eap", "eap",
"xauth", "xauth",
"ike", "ike",
"private",
"rsa", "rsa",
"ecdsa", "ecdsa",
"bliss", "bliss",
@ -700,10 +704,11 @@ int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR); load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
load_certs(conn, format, "pubkey", SWANCTL_PUBKEYDIR); load_certs(conn, format, "pubkey", SWANCTL_PUBKEYDIR);
load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR); load_keys(conn, format, noprompt, cfg, "private", SWANCTL_PRIVATEDIR);
load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR); load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR); load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR); load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR);
load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR);
load_containers(conn, format, noprompt, cfg, "pkcs12", SWANCTL_PKCS12DIR); load_containers(conn, format, noprompt, cfg, "pkcs12", SWANCTL_PKCS12DIR);

6
src/swanctl/swanctl.h
View File

@ -2,6 +2,7 @@
* Copyright (C) 2014 Martin Willi * Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG * Copyright (C) 2014 revosec AG
* *
* Copyright (C) 2016 Tobias Brunner
* Copyright (C) 2015 Andreas Steffen * Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil * HSR Hochschule fuer Technik Rapperswil
* *
@ -64,6 +65,11 @@
*/ */
#define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey" #define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey"
/**
* Directory for private keys
*/
#define SWANCTL_PRIVATEDIR SWANCTLDIR "/private"
/** /**
* Directory for RSA private keys * Directory for RSA private keys
*/ */

9
src/swanctl/swanctl.opt
View File

@ -835,6 +835,15 @@ secrets.ike<suffix>.id<suffix> =
may be specified, each having an _id_ prefix, if a secret is shared between may be specified, each having an _id_ prefix, if a secret is shared between
multiple peers. multiple peers.
secrets.private<suffix> { # }
Private key decryption passphrase for a key in the _private_ folder.
secrets.private<suffix>.file =
File name in the _private_ folder for which this passphrase should be used.
secrets.private<suffix>.secret
Value of decryption passphrase for private key.
secrets.rsa<suffix> { # } secrets.rsa<suffix> { # }
Private key decryption passphrase for a key in the _rsa_ folder. Private key decryption passphrase for a key in the _rsa_ folder.