moved RAW public key support to a separate plugin (pubkey)

2025-11-22 00:01:45 -05:00 · 2008-05-08 13:16:42 +00:00 · 2008-05-08 13:16:42 +00:00 · affd7a90ba
commit affd7a90ba
parent 0395eb7c08
9 changed files with 252 additions and 39 deletions
--- a/configure.in
+++ b/configure.in
@ -254,6 +254,17 @@ AC_ARG_ENABLE(
 	x509=true
 )

+AC_ARG_ENABLE(
+	[pubkey],
+	AS_HELP_STRING([--disable-pubkey],[disable RAW public key support plugin. (default is NO).]),
+	[if test x$enableval = xyes; then
+		pubkey=true
+	 else
+		pubkey=false
+	fi],
+	pubkey=true
+)
+
 AC_ARG_ENABLE(
 	[hmac],
 	AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]),
@ -660,6 +671,7 @@ AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
 AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
 AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
 AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
+AM_CONDITIONAL(USE_PUBKEY, test x$pubkey = xtrue)
 AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
 AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue)
 AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
@ -722,6 +734,7 @@ AC_OUTPUT(
 	src/libstrongswan/plugins/hmac/Makefile
 	src/libstrongswan/plugins/xcbc/Makefile
 	src/libstrongswan/plugins/x509/Makefile
+	src/libstrongswan/plugins/pubkey/Makefile
 	src/libstrongswan/plugins/curl/Makefile
 	src/libstrongswan/plugins/ldap/Makefile
 	src/libstrongswan/plugins/mysql/Makefile
--- a/src/charon/plugins/medsrv/Makefile.am
+++ b/src/charon/plugins/medsrv/Makefile.am
@ -6,7 +6,6 @@ AM_CFLAGS = -rdynamic
 plugin_LTLIBRARIES = libcharon-medsrv.la
 libcharon_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
 			      medsrv_creds.h medsrv_creds.c \
-			      medsrv_config.h medsrv_config.c \
-			      medsrv_pubkey.h medsrv_pubkey.c
+			      medsrv_config.h medsrv_config.c
 libcharon_medsrv_la_LDFLAGS = -module

--- a/src/charon/plugins/medsrv/medsrv_creds.c
+++ b/src/charon/plugins/medsrv/medsrv_creds.c
@ -16,7 +16,6 @@
 */

 #include "medsrv_creds.h"
-#include "medsrv_pubkey.h"

 #include <daemon.h>
 #include <library.h>
@ -60,6 +59,7 @@ typedef struct {
 static bool cert_enumerator_enumerate(cert_enumerator_t *this,
 									  certificate_t **cert)
 {
+	certificate_t *trusted;
 	public_key_t *public;
 	chunk_t chunk;

@ -73,8 +73,15 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
 		{
 			if (this->type == KEY_ANY || this->type == public->get_type(public))
 			{
-				*cert = this->current = (certificate_t*)medsrv_pubkey_create(public);
-				return TRUE;
+				trusted = lib->creds->create(lib->creds,
+										CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+										BUILD_PUBLIC_KEY, public, BUILD_END);
+				if (trusted)
+				{
+					*cert = this->current = trusted;
+					return TRUE;
+				}
+				continue;
 			}
 			public->destroy(public);
 		}
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@ -128,6 +128,10 @@ if USE_X509
  SUBDIRS += plugins/x509
 endif

+if USE_PUBKEY
+  SUBDIRS += plugins/pubkey
+endif
+
 if USE_CURL
  SUBDIRS += plugins/curl
 endif
--- a/src/libstrongswan/plugins/pubkey/Makefile.am
+++ b/src/libstrongswan/plugins/pubkey/Makefile.am
@ -0,0 +1,11 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-pubkey.la
+
+libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \
+  pubkey_cert.h pubkey_cert.c
+libstrongswan_pubkey_la_LDFLAGS = -module
+
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
@ -15,19 +15,21 @@
 * $Id$
 */

-#include "medsrv_pubkey.h"
+#include "pubkey_cert.h"

-typedef struct private_medsrv_pubkey_t private_medsrv_pubkey_t;
+#include <debug.h>
+
+typedef struct private_pubkey_cert_t private_pubkey_cert_t;

 /**
- * private data of medsrv_pubkey
+ * private data of pubkey_cert
 */
-struct private_medsrv_pubkey_t {
+struct private_pubkey_cert_t {

 	/**
 	 * public functions
 	 */
-	medsrv_pubkey_t public;
+	pubkey_cert_t public;
 	
 	/**
 	 * wrapped public key
@ -48,7 +50,7 @@ struct private_medsrv_pubkey_t {
 /**
 * Implementation of certificate_t.get_type
 */
-static certificate_type_t get_type(private_medsrv_pubkey_t *this)
+static certificate_type_t get_type(private_pubkey_cert_t *this)
 {
 	return CERT_TRUSTED_PUBKEY;
 }
@ -56,7 +58,7 @@ static certificate_type_t get_type(private_medsrv_pubkey_t *this)
 /**
 * Implementation of certificate_t.get_subject
 */
-static identification_t* get_subject(private_medsrv_pubkey_t *this)
+static identification_t* get_subject(private_pubkey_cert_t *this)
 {
 	return this->key->get_id(this->key, ID_PUBKEY_SHA1);
 }
@ -64,7 +66,7 @@ static identification_t* get_subject(private_medsrv_pubkey_t *this)
 /**
 * Implementation of certificate_t.get_issuer
 */
-static identification_t* get_issuer(private_medsrv_pubkey_t *this)
+static identification_t* get_issuer(private_pubkey_cert_t *this)
 {
 	return this->issuer;
 }
@ -72,7 +74,7 @@ static identification_t* get_issuer(private_medsrv_pubkey_t *this)
 /**
 * Implementation of certificate_t.has_subject.
 */
-static id_match_t has_subject(private_medsrv_pubkey_t *this,
+static id_match_t has_subject(private_pubkey_cert_t *this,
 							  identification_t *subject)
 {
 	identification_t *id;
@ -88,7 +90,7 @@ static id_match_t has_subject(private_medsrv_pubkey_t *this,
 /**
 * Implementation of certificate_t.has_subject.
 */
-static id_match_t has_issuer(private_medsrv_pubkey_t *this,
+static id_match_t has_issuer(private_pubkey_cert_t *this,
 							 identification_t *issuer)
 {
 	return ID_MATCH_NONE;
@ -97,9 +99,9 @@ static id_match_t has_issuer(private_medsrv_pubkey_t *this,
 /**
 * Implementation of certificate_t.equals.
 */
-static bool equals(private_medsrv_pubkey_t *this, certificate_t *other)
+static bool equals(private_pubkey_cert_t *this, certificate_t *other)
 {
-	if (this == (private_medsrv_pubkey_t*)other)
+	if (this == (private_pubkey_cert_t*)other)
 	{
 		return TRUE;
 	}
@ -113,7 +115,7 @@ static bool equals(private_medsrv_pubkey_t *this, certificate_t *other)
 /**
 * Implementation of certificate_t.issued_by
 */
-static bool issued_by(private_medsrv_pubkey_t *this, certificate_t *issuer)
+static bool issued_by(private_pubkey_cert_t *this, certificate_t *issuer)
 {
 	return equals(this, issuer);
 }
@ -121,7 +123,7 @@ static bool issued_by(private_medsrv_pubkey_t *this, certificate_t *issuer)
 /**
 * Implementation of certificate_t.get_public_key
 */
-static public_key_t* get_public_key(private_medsrv_pubkey_t *this)
+static public_key_t* get_public_key(private_pubkey_cert_t *this)
 {
 	this->key->get_ref(this->key);
 	return this->key;
@ -129,7 +131,7 @@ static public_key_t* get_public_key(private_medsrv_pubkey_t *this)
 /**
 * Implementation of certificate_t.get_validity.
 */
-static bool get_validity(private_medsrv_pubkey_t *this, time_t *when,
+static bool get_validity(private_pubkey_cert_t *this, time_t *when,
 						 time_t *not_before, time_t *not_after)
 {
 	if (not_before)
@ -154,7 +156,7 @@ static bool is_newer(certificate_t *this, certificate_t *that)
 /**
 * Implementation of certificate_t.get_encoding.
 */
-static chunk_t get_encoding(private_medsrv_pubkey_t *this)
+static chunk_t get_encoding(private_pubkey_cert_t *this)
 {
 	return this->key->get_encoding(this->key);
 }
@ -162,16 +164,16 @@ static chunk_t get_encoding(private_medsrv_pubkey_t *this)
 /**
 * Implementation of certificate_t.get_ref
 */
-static private_medsrv_pubkey_t* get_ref(private_medsrv_pubkey_t *this)
+static private_pubkey_cert_t* get_ref(private_pubkey_cert_t *this)
 {
 	ref_get(&this->ref);
 	return this;
 }

 /**
- * Implementation of medsrv_pubkey_t.destroy
+ * Implementation of pubkey_cert_t.destroy
 */
-static void destroy(private_medsrv_pubkey_t *this)
+static void destroy(private_pubkey_cert_t *this)
 {
 	if (ref_put(&this->ref))
 	{
@ -184,9 +186,9 @@ static void destroy(private_medsrv_pubkey_t *this)
 /*
 * see header file
 */
-medsrv_pubkey_t *medsrv_pubkey_create(public_key_t *key)
+static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
 {
-	private_medsrv_pubkey_t *this = malloc_thing(private_medsrv_pubkey_t);
+	private_pubkey_cert_t *this = malloc_thing(private_pubkey_cert_t);
 	
 	this->public.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
 	this->public.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
@ -209,3 +211,74 @@ medsrv_pubkey_t *medsrv_pubkey_create(public_key_t *key)
 	return &this->public;
 }

+typedef struct private_builder_t private_builder_t;
+/**
+ * Builder implementation for key loading
+ */
+struct private_builder_t {
+	/** implements the builder interface */
+	builder_t public;
+	/** loaded public key */
+	pubkey_cert_t *key;
+};
+
+/**
+ * Implementation of builder_t.build
+ */
+static pubkey_cert_t *build(private_builder_t *this)
+{
+	pubkey_cert_t *key = this->key;
+	
+	free(this);
+	return key;
+}
+
+/**
+ * Implementation of builder_t.add
+ */
+static void add(private_builder_t *this, builder_part_t part, ...)
+{
+	va_list args;
+	
+	if (this->key)
+	{
+		DBG1("ignoring surplus build part %N", builder_part_names, part);
+		return;
+	}
+	
+	switch (part)
+	{
+		case BUILD_PUBLIC_KEY:
+		{
+			va_start(args, part);
+			this->key = pubkey_cert_create(va_arg(args, public_key_t*));
+			va_end(args);
+			break;
+		}
+		default:
+			DBG1("ignoring unsupported build part %N", builder_part_names, part);
+			break;
+	}
+}
+
+/**
+ * Builder construction function
+ */
+builder_t *pubkey_cert_builder(certificate_type_t type)
+{
+	private_builder_t *this;
+	
+	if (type != CERT_TRUSTED_PUBKEY)
+	{
+		return NULL;
+	}
+	
+	this = malloc_thing(private_builder_t);
+	
+	this->key = NULL;
+	this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
+	this->public.build = (void*(*)(builder_t *this))build;
+	
+	return &this->public;
+}
+
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
@ -16,22 +16,21 @@
 */

 /**
- * @defgroup medsrv_pubkey medsrv_pubkey
- * @{ @ingroup medsrv
+ * @defgroup pubkey_cert pubkey_cert
+ * @{ @ingroup certificates
 */

-#ifndef MEDSRV_PUBKEY_H_
-#define MEDSRV_PUBKEY_H_
+#ifndef PUBKEY_CERT_H_
+#define PUBKEY_CERT_H_

-#include <credentials/keys/public_key.h>
 #include <credentials/certificates/certificate.h>

-typedef struct medsrv_pubkey_t medsrv_pubkey_t;
+typedef struct pubkey_cert_t pubkey_cert_t;

 /**
 * A trusted public key wrapped into certificate of type CERT_TRUSTED_PUBKEY.
 */
-struct medsrv_pubkey_t {
+struct pubkey_cert_t {

 	/**
 	 * Implements certificate_t.
@ -40,13 +39,13 @@ struct medsrv_pubkey_t {
 };

 /**
- * Create a wrapped public key instance using a public_key.
+ * Create the builder for a trusted public key.
 *
- * The certifcate uses the public_key ID as subject.
+ * The builders add() function takes BUILD_PUBLIC_KEY to enwrap.
 *
- * @param key		public key to wrap
- * @return			public key implementing certificate interface
+ * @param type		type of the certificate, must be CERT_pubkey_cert
+ * @return 			builder instance
 */
-medsrv_pubkey_t *medsrv_pubkey_create(public_key_t *key);
+builder_t *pubkey_cert_builder(certificate_type_t type);

-#endif /* MEDSRV_PUBKEY_H_ @}*/
+#endif /* PUBKEY_CERT_H_ @}*/
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "pubkey_plugin.h"
+
+#include <library.h>
+#include "pubkey_cert.h"
+
+typedef struct private_pubkey_plugin_t private_pubkey_plugin_t;
+
+/**
+ * private data of pubkey_plugin
+ */
+struct private_pubkey_plugin_t {
+
+	/**
+	 * public functions
+	 */
+	pubkey_plugin_t public;
+};
+
+/**
+ * Implementation of pubkey_plugin_t.pubkeytroy
+ */
+static void destroy(private_pubkey_plugin_t *this)
+{
+	lib->creds->remove_builder(lib->creds,
+							   (builder_constructor_t)pubkey_cert_builder);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+	private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t);
+	
+	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+
+	lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+							(builder_constructor_t)pubkey_cert_builder);
+
+	return &this->public.plugin;
+}
+
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pubkey_p pubkey
+ * @ingroup plugins
+ *
+ * @defgroup pubkey_plugin pubkey_plugin
+ * @{ @ingroup pubkey_p
+ */
+
+#ifndef PUBKEY_PLUGIN_H_
+#define PUBKEY_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct pubkey_plugin_t pubkey_plugin_t;
+
+/**
+ * Plugin implementing CERT_TRUSTED_PUBKEY certificate type.
+ */
+struct pubkey_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+/**
+ * Create a pubkey_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /* PUBKEY_PLUGIN_H_ @}*/