diff options
author | James Yonan <james@openvpn.net> | 2010-12-09 11:21:04 +0000 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-03-25 09:38:28 +0100 |
commit | cf69617bbea45a15423c4188daa9386debcbe1ec (patch) | |
tree | c3786b3116633d98e037c76f3ced6378e05edcad /manage.h | |
parent | 98c6662472adf7228e4265328aa8d067aa41695f (diff) | |
download | openvpn-cf69617bbea45a15423c4188daa9386debcbe1ec.tar.gz openvpn-cf69617bbea45a15423c4188daa9386debcbe1ec.tar.xz openvpn-cf69617bbea45a15423c4188daa9386debcbe1ec.zip |
Added "management-external-key" option. This option can be used
instead of "key" in client mode, and allows the client to run
without the need to load the actual private key. When the SSL
protocol needs to perform an RSA sign operation, the data to
be signed will be sent to the management interface via a
notification as follows:
>RSA_SIGN:[BASE64_DATA]
The management interface client should then sign BASE64_DATA
using the private key and return the signature as follows:
rsa-sig
[BASE64_SIG_LINE]
.
.
.
END
This capability is intended to allow the use of arbitrary
cryptographic service providers with OpenVPN via the
management interface.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6708 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'manage.h')
-rw-r--r-- | manage.h | 24 |
1 files changed, 22 insertions, 2 deletions
@@ -264,16 +264,23 @@ struct man_connection { struct command_line *in; struct buffer_list *out; -#ifdef MANAGEMENT_DEF_AUTH +#ifdef MANAGEMENT_IN_EXTRA # define IEC_UNDEF 0 # define IEC_CLIENT_AUTH 1 # define IEC_CLIENT_PF 2 + +# define IEC_STATEFUL_BASE 16 +# define IEC_RSA_SIGN_PRE 16 +# define IEC_RSA_SIGN 17 +# define IEC_RSA_SIGN_FINAL 18 int in_extra_cmd; + struct buffer_list *in_extra; +#ifdef MANAGEMENT_DEF_AUTH unsigned long in_extra_cid; unsigned int in_extra_kid; - struct buffer_list *in_extra; int env_filter_level; #endif +#endif struct event_set *es; bool state_realtime; @@ -285,6 +292,10 @@ struct man_connection { const char *up_query_type; int up_query_mode; struct user_pass up_query; + +#ifdef MANAGMENT_EXTERNAL_KEY + struct buffer_list *rsa_sig; +#endif }; struct management @@ -314,6 +325,9 @@ struct management *management_init (void); # define MF_CLIENT_PF (1<<7) #endif # define MF_UNIX_SOCK (1<<8) +#ifdef MANAGMENT_EXTERNAL_KEY +# define MF_EXTERNAL_KEY (1<<9) +#endif bool management_open (struct management *man, const char *addr, @@ -374,6 +388,12 @@ void management_learn_addr (struct management *management, const bool primary); #endif +#ifdef MANAGMENT_EXTERNAL_KEY + +char *management_query_rsa_sig (struct management *man, const char *b64_data); + +#endif + static inline bool management_connected (const struct management *man) { |