aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tlsv1_cred.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-08-16 06:34:21 (GMT)
committerJouni Malinen <j@w1.fi>2009-08-16 06:34:21 (GMT)
commit1b8409a0a57d444509d62bbbce505836c1b8cbdf (patch)
treec81a5ae42e33452dd809804848c4b271a63428a6 /src/tls/tlsv1_cred.c
parentb2cc805619cd60fdbb6fdc869f7716ab1d02a7bd (diff)
downloadhostap-1b8409a0a57d444509d62bbbce505836c1b8cbdf.zip
hostap-1b8409a0a57d444509d62bbbce505836c1b8cbdf.tar.gz
hostap-1b8409a0a57d444509d62bbbce505836c1b8cbdf.tar.bz2
Support PEM format RSA private key with internal TLS implementation
Diffstat (limited to 'src/tls/tlsv1_cred.c')
-rw-r--r--src/tls/tlsv1_cred.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/src/tls/tlsv1_cred.c b/src/tls/tlsv1_cred.c
index d556467..c79ad4a 100644
--- a/src/tls/tlsv1_cred.c
+++ b/src/tls/tlsv1_cred.c
@@ -68,6 +68,8 @@ static int tlsv1_add_cert_der(struct x509_certificate **chain,
static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
static const char *pem_cert_end = "-----END CERTIFICATE-----";
+static const char *pem_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
+static const char *pem_key_end = "-----END RSA PRIVATE KEY-----";
static const u8 * search_tag(const char *tag, const u8 *buf, size_t len)
@@ -209,10 +211,37 @@ int tlsv1_set_cert(struct tlsv1_credentials *cred, const char *cert,
}
+static int tlsv1_set_key_pem(struct tlsv1_credentials *cred,
+ const u8 *key, size_t len)
+{
+ const u8 *pos, *end;
+ unsigned char *der;
+ size_t der_len;
+
+ pos = search_tag(pem_key_begin, key, len);
+ if (!pos)
+ return -1;
+
+ pos += os_strlen(pem_key_begin);
+ end = search_tag(pem_key_end, pos, key + len - pos);
+ if (!end)
+ return -1;
+
+ der = base64_decode(pos, end - pos, &der_len);
+ if (!der)
+ return -1;
+ cred->key = crypto_private_key_import(der, der_len);
+ os_free(der);
+ return cred->key ? 0 : -1;
+}
+
+
static int tlsv1_set_key(struct tlsv1_credentials *cred,
const u8 *key, size_t len)
{
cred->key = crypto_private_key_import(key, len);
+ if (cred->key == NULL)
+ tlsv1_set_key_pem(cred, key, len);
if (cred->key == NULL) {
wpa_printf(MSG_INFO, "TLSv1: Failed to parse private key");
return -1;