• Dan Williams's avatar
    libnm-util: add nm_utils_rsa_key_encrypt() and fix crypto padding mixups · 8c35e96b
    Dan Williams authored
    To be backwards compatible clients need to handle both paths to private
    keys and the decrypted private key data, which is what used to get passed
    in the private-key and phase2-private-key attributes of the 802.1x setting.
    When moving a connection around between system-settings and user-settings,
    if the private key is decrypted data, the settings service needs to store
    that decrypted data somewhere so that the key can be sent to NM during
    the connection process.
    But we don't want to store the decrypted private key data, so we have to
    re-encrypt it (possibly generating a private key password if one wasn't
    sent with the decrypted data) and save it to disk, then send NM a path
    to that private key during connection.
    To help clients do this, and so that they don't have to carry around
    multiple crypto implementations depending on whether they want to use
    NSS or gnutls/gcrypt, add a helper to libnm-util.
    Furthermore, I misunderstood a bunch of stuff with crypto padding when
    writing the encrypt/decrypt functions long ago, so fix that up.  Don't
    return padding as part of the decrypted data, and make sure to verify
    the padding's expected lengths and values when decrypting.  Many thanks
    to Nalin Dahyabhai for pointing me in the right direction.
nm-utils.h 6.3 KB