diff options
author | Jiří Klimeš <jklimes@redhat.com> | 2014-05-02 13:01:55 +0200 |
---|---|---|
committer | Jiří Klimeš <jklimes@redhat.com> | 2014-05-12 10:46:41 +0200 |
commit | b3e39d42758c678935e7a33aea48c03f7a2b2763 (patch) | |
tree | b8a33164b09efb9e1a237946e51b2120d1ae8d0f /libnm-util/crypto.c | |
parent | a9f5494d4d7d1fb6071730324ee99b5c77fc0fa0 (diff) | |
download | NetworkManager-b3e39d42758c678935e7a33aea48c03f7a2b2763.tar.gz |
libnm-util: allow AES cipher for private keys
and add a testcase to check the encryption with AES.
Diffstat (limited to 'libnm-util/crypto.c')
-rw-r--r-- | libnm-util/crypto.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/libnm-util/crypto.c b/libnm-util/crypto.c index c2a93b3bef..0ac4fbacd4 100644 --- a/libnm-util/crypto.c +++ b/libnm-util/crypto.c @@ -206,6 +206,8 @@ parse_old_openssl_key_file (const GByteArray *contents, cipher = g_strdup (p); } else if (!strcasecmp (p, "DES-CBC")) { cipher = g_strdup (p); + } else if (!strcasecmp (p, "AES-128-CBC")) { + cipher = g_strdup (p); } else { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERR_UNKNOWN_KEY_TYPE, @@ -378,12 +380,12 @@ error: } static char * -make_des_key (const char *cipher, - const char *salt, - const gsize salt_len, - const char *password, - gsize *out_len, - GError **error) +make_des_aes_key (const char *cipher, + const char *salt, + const gsize salt_len, + const char *password, + gsize *out_len, + GError **error) { char *key; guint32 digest_len; @@ -398,6 +400,8 @@ make_des_key (const char *cipher, digest_len = 24; else if (!strcmp (cipher, "DES-CBC")) digest_len = 8; + else if (!strcmp (cipher, "AES-128-CBC")) + digest_len = 16; else { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERR_UNKNOWN_CIPHER, @@ -454,8 +458,8 @@ decrypt_key (const char *cipher, if (!bin_iv) return NULL; - /* Convert the PIN and IV into a DES key */ - key = make_des_key (cipher, bin_iv, bin_iv_len, password, &key_len, error); + /* Convert the password and IV into a DES or AES key */ + key = make_des_aes_key (cipher, bin_iv, bin_iv_len, password, &key_len, error); if (!key || !key_len) goto out; |