mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-15 00:00:16 -04:00
support of PKCS#11 init arguments required by NSS softoken, patch contributed by Robert Varga
This commit is contained in:
Andreas Steffen
parent
4979e85871
commit
e0e6137dd3
@ -104,7 +104,8 @@ usage(const char *mess)
|
|||||||
" \\\n\t"
|
" \\\n\t"
|
||||||
"[--adns <pathname>]"
|
"[--adns <pathname>]"
|
||||||
"[--pkcs11module <path>]"
|
"[--pkcs11module <path>]"
|
||||||
"[--pkcs11keepstate"
|
"[--pkcs11keepstate]"
|
||||||
|
"[--pkcs11initargs <string>]"
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
" \\\n\t"
|
" \\\n\t"
|
||||||
"[--debug-none]"
|
"[--debug-none]"
|
||||||
@ -217,6 +218,11 @@ bool pkcs11_keep_state = FALSE;
|
|||||||
/* by default pluto does not allow pkcs11 proxy access via whack */
|
/* by default pluto does not allow pkcs11 proxy access via whack */
|
||||||
bool pkcs11_proxy = FALSE;
|
bool pkcs11_proxy = FALSE;
|
||||||
|
|
||||||
|
/* argument string to pass to PKCS#11 module.
|
||||||
|
* Not used for compliant modules, just for NSS softoken
|
||||||
|
*/
|
||||||
|
static const char *pkcs11_init_args = NULL;
|
||||||
|
|
||||||
int
|
int
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
@ -263,6 +269,7 @@ main(int argc, char **argv)
|
|||||||
#endif /* !USE_LWRES */
|
#endif /* !USE_LWRES */
|
||||||
{ "pkcs11module", required_argument, NULL, 'm' },
|
{ "pkcs11module", required_argument, NULL, 'm' },
|
||||||
{ "pkcs11keepstate", no_argument, NULL, 'k' },
|
{ "pkcs11keepstate", no_argument, NULL, 'k' },
|
||||||
|
{ "pkcs11initargs", required_argument, NULL, 'z' },
|
||||||
{ "pkcs11proxy", no_argument, NULL, 'y' },
|
{ "pkcs11proxy", no_argument, NULL, 'y' },
|
||||||
{ "nat_traversal", no_argument, NULL, '1' },
|
{ "nat_traversal", no_argument, NULL, '1' },
|
||||||
{ "keep_alive", required_argument, NULL, '2' },
|
{ "keep_alive", required_argument, NULL, '2' },
|
||||||
@ -432,6 +439,10 @@ main(int argc, char **argv)
|
|||||||
pkcs11_proxy = TRUE;
|
pkcs11_proxy = TRUE;
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
case 'z': /* --pkcs11initargs */
|
||||||
|
pkcs11_init_args = optarg;
|
||||||
|
continue;
|
||||||
|
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
case 'N': /* --debug-none */
|
case 'N': /* --debug-none */
|
||||||
base_debugging = DBG_NONE;
|
base_debugging = DBG_NONE;
|
||||||
@ -593,7 +604,7 @@ main(int argc, char **argv)
|
|||||||
|
|
||||||
init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf);
|
init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf);
|
||||||
init_virtual_ip(virtual_private);
|
init_virtual_ip(virtual_private);
|
||||||
scx_init(pkcs11_module_path); /* load and initialize PKCS #11 module */
|
scx_init(pkcs11_module_path, pkcs11_init_args); /* load and initialize PKCS #11 module */
|
||||||
xauth_init(); /* load and initialize XAUTH module */
|
xauth_init(); /* load and initialize XAUTH module */
|
||||||
init_rnd_pool();
|
init_rnd_pool();
|
||||||
init_secret();
|
init_secret();
|
||||||
|
|||||||
@ -690,12 +690,16 @@ scx_find_all_cert_objects(void)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* load and initialize PKCS#11 cryptoki module
|
* load and initialize PKCS#11 cryptoki module
|
||||||
|
*
|
||||||
|
* init_args should be unused when we have a PKCS#11 compliant module,
|
||||||
|
* but NSS softoken breaks that API.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
scx_init(const char* module)
|
scx_init(const char* module, const char *init_args)
|
||||||
{
|
{
|
||||||
#ifdef SMARTCARD
|
#ifdef SMARTCARD
|
||||||
|
CK_C_INITIALIZE_ARGS args = { .pReserved = init_args, };
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
|
|
||||||
if (scx_initialized)
|
if (scx_initialized)
|
||||||
@ -726,8 +730,8 @@ scx_init(const char* module)
|
|||||||
|
|
||||||
DBG(DBG_CONTROL | DBG_CRYPT,
|
DBG(DBG_CONTROL | DBG_CRYPT,
|
||||||
DBG_log("pkcs11 module initializing...")
|
DBG_log("pkcs11 module initializing...")
|
||||||
)
|
)
|
||||||
rv = pkcs11_functions->C_Initialize(NULL);
|
rv = pkcs11_functions->C_Initialize(init_args ? &args : NULL);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
{
|
{
|
||||||
plog("failed to initialize pkcs11 module: %s"
|
plog("failed to initialize pkcs11 module: %s"
|
||||||
|
|||||||
@ -69,7 +69,7 @@ extern bool pkcs11_keep_state;
|
|||||||
extern bool pkcs11_proxy;
|
extern bool pkcs11_proxy;
|
||||||
|
|
||||||
extern smartcard_t* scx_parse_number_slot_id(const char *number_slot_id);
|
extern smartcard_t* scx_parse_number_slot_id(const char *number_slot_id);
|
||||||
extern void scx_init(const char *module);
|
extern void scx_init(const char *module, const char *init_args);
|
||||||
extern void scx_finalize(void);
|
extern void scx_finalize(void);
|
||||||
extern bool scx_establish_context(smartcard_t *sc);
|
extern bool scx_establish_context(smartcard_t *sc);
|
||||||
extern bool scx_login(smartcard_t *sc);
|
extern bool scx_login(smartcard_t *sc);
|
||||||
|
|||||||
@ -173,6 +173,7 @@ static const token_info_t token_info[] =
|
|||||||
{ ARG_STR, offsetof(starter_config_t, setup.virtual_private), NULL },
|
{ ARG_STR, offsetof(starter_config_t, setup.virtual_private), NULL },
|
||||||
{ ARG_STR, offsetof(starter_config_t, setup.eapdir), NULL },
|
{ ARG_STR, offsetof(starter_config_t, setup.eapdir), NULL },
|
||||||
{ ARG_STR, offsetof(starter_config_t, setup.pkcs11module), NULL },
|
{ ARG_STR, offsetof(starter_config_t, setup.pkcs11module), NULL },
|
||||||
|
{ ARG_STR, offsetof(starter_config_t, setup.pkcs11initargs), NULL },
|
||||||
{ ARG_ENUM, offsetof(starter_config_t, setup.pkcs11keepstate), LST_bool },
|
{ ARG_ENUM, offsetof(starter_config_t, setup.pkcs11keepstate), LST_bool },
|
||||||
{ ARG_ENUM, offsetof(starter_config_t, setup.pkcs11proxy), LST_bool },
|
{ ARG_ENUM, offsetof(starter_config_t, setup.pkcs11proxy), LST_bool },
|
||||||
|
|
||||||
|
|||||||
@ -178,6 +178,7 @@ struct starter_config {
|
|||||||
char *virtual_private;
|
char *virtual_private;
|
||||||
char *eapdir;
|
char *eapdir;
|
||||||
char *pkcs11module;
|
char *pkcs11module;
|
||||||
|
char *pkcs11initargs;
|
||||||
bool pkcs11keepstate;
|
bool pkcs11keepstate;
|
||||||
bool pkcs11proxy;
|
bool pkcs11proxy;
|
||||||
|
|
||||||
|
|||||||
@ -187,6 +187,11 @@ starter_start_pluto (starter_config_t *cfg, bool debug)
|
|||||||
arg[argc++] = "--pkcs11module";
|
arg[argc++] = "--pkcs11module";
|
||||||
arg[argc++] = cfg->setup.pkcs11module;
|
arg[argc++] = cfg->setup.pkcs11module;
|
||||||
}
|
}
|
||||||
|
if (cfg->setup.pkcs11initargs)
|
||||||
|
{
|
||||||
|
arg[argc++] = "--pkcs11initargs";
|
||||||
|
arg[argc++] = cfg->setup.pkcs11initargs;
|
||||||
|
}
|
||||||
if (cfg->setup.pkcs11keepstate)
|
if (cfg->setup.pkcs11keepstate)
|
||||||
{
|
{
|
||||||
arg[argc++] = "--pkcs11keepstate";
|
arg[argc++] = "--pkcs11keepstate";
|
||||||
|
|||||||
@ -41,6 +41,7 @@ typedef enum {
|
|||||||
KW_VIRTUAL_PRIVATE,
|
KW_VIRTUAL_PRIVATE,
|
||||||
KW_EAPDIR,
|
KW_EAPDIR,
|
||||||
KW_PKCS11MODULE,
|
KW_PKCS11MODULE,
|
||||||
|
KW_PKCS11INITARGS,
|
||||||
KW_PKCS11KEEPSTATE,
|
KW_PKCS11KEEPSTATE,
|
||||||
KW_PKCS11PROXY,
|
KW_PKCS11PROXY,
|
||||||
|
|
||||||
|
|||||||
@ -50,6 +50,7 @@ virtual_private, KW_VIRTUAL_PRIVATE
|
|||||||
eap, KW_EAP
|
eap, KW_EAP
|
||||||
eapdir, KW_EAPDIR
|
eapdir, KW_EAPDIR
|
||||||
pkcs11module, KW_PKCS11MODULE
|
pkcs11module, KW_PKCS11MODULE
|
||||||
|
pkcs11initargs, KW_PKCS11INITARGS
|
||||||
pkcs11keepstate, KW_PKCS11KEEPSTATE
|
pkcs11keepstate, KW_PKCS11KEEPSTATE
|
||||||
pkcs11proxy, KW_PKCS11PROXY
|
pkcs11proxy, KW_PKCS11PROXY
|
||||||
keyexchange, KW_KEYEXCHANGE
|
keyexchange, KW_KEYEXCHANGE
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user