summaryrefslogtreecommitdiff
path: root/src/openac/build.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2007-10-26 14:10:02 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2007-10-26 14:10:02 +0000
commit49104abddf3d71d5abf5cf75dc7f95fa6c55fa63 (patch)
tree28f7a72e5dec4abf908fd7874bdab776281310bc /src/openac/build.c
parent7b0305f59ddab9ea026b202a8c569912e5bf9a90 (diff)
downloadvyos-strongswan-49104abddf3d71d5abf5cf75dc7f95fa6c55fa63.tar.gz
vyos-strongswan-49104abddf3d71d5abf5cf75dc7f95fa6c55fa63.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.1.8)
Diffstat (limited to 'src/openac/build.c')
-rw-r--r--src/openac/build.c125
1 files changed, 47 insertions, 78 deletions
diff --git a/src/openac/build.c b/src/openac/build.c
index 0c6a2be3b..d03e73048 100644
--- a/src/openac/build.c
+++ b/src/openac/build.c
@@ -1,7 +1,7 @@
/* Build a X.509 attribute certificate
* Copyright (C) 2002 Ueli Galizzi, Ariane Seiler
- * Copyright (C) 2004 Andreas Steffen
- * Zuercher Hochschule Winterthur, Switzerland
+ * Copyright (C) 2004,2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,20 +13,17 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: build.c,v 1.14 2005/09/06 11:47:57 as Exp $
+ * RCSID $Id: build.c 3270 2007-10-08 20:09:57Z andreas $
*/
#include <stdlib.h>
#include <string.h>
+#include <stdio.h>
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/oid.h"
-#include "../pluto/asn1.h"
-#include "../pluto/x509.h"
-#include "../pluto/log.h"
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <crypto/ietf_attr_list.h>
+#include <utils/identification.h>
#include "build.h"
@@ -35,15 +32,15 @@ static u_char ASN1_group_oid_str[] = {
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04
};
-static const chunk_t ASN1_group_oid = strchunk(ASN1_group_oid_str);
+static const chunk_t ASN1_group_oid = chunk_from_buf(ASN1_group_oid_str);
static u_char ASN1_authorityKeyIdentifier_oid_str[] = {
0x06, 0x03,
0x55, 0x1d, 0x23
};
-static const chunk_t ASN1_authorityKeyIdentifier_oid
- = strchunk(ASN1_authorityKeyIdentifier_oid_str);
+static const chunk_t ASN1_authorityKeyIdentifier_oid =
+ chunk_from_buf(ASN1_authorityKeyIdentifier_oid_str);
static u_char ASN1_noRevAvail_ext_str[] = {
0x30, 0x09,
@@ -53,7 +50,7 @@ static u_char ASN1_noRevAvail_ext_str[] = {
0x05, 0x00
};
-static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str);
+static const chunk_t ASN1_noRevAvail_ext = chunk_from_buf(ASN1_noRevAvail_ext_str);
/**
* build directoryName
@@ -61,7 +58,7 @@ static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str);
static chunk_t build_directoryName(asn1_t tag, chunk_t name)
{
return asn1_wrap(tag, "m",
- asn1_simple_object(ASN1_CONTEXT_C_4, name));
+ asn1_simple_object(ASN1_CONTEXT_C_4, name));
}
/**
@@ -69,12 +66,15 @@ static chunk_t build_directoryName(asn1_t tag, chunk_t name)
*/
static chunk_t build_holder(void)
{
+ identification_t *issuer = usercert->get_issuer(usercert);
+ identification_t *subject = usercert->get_subject(usercert);
+
return asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_wrap(ASN1_CONTEXT_C_0, "mm",
- build_directoryName(ASN1_SEQUENCE, user->issuer),
- asn1_simple_object(ASN1_INTEGER, user->serialNumber)
- ),
- build_directoryName(ASN1_CONTEXT_C_1, user->subject));
+ asn1_wrap(ASN1_CONTEXT_C_0, "mm",
+ build_directoryName(ASN1_SEQUENCE, issuer->get_encoding(issuer)),
+ asn1_simple_object(ASN1_INTEGER, usercert->get_serialNumber(usercert))
+ ),
+ build_directoryName(ASN1_CONTEXT_C_1, subject->get_encoding(subject)));
}
/**
@@ -82,8 +82,10 @@ static chunk_t build_holder(void)
*/
static chunk_t build_v2_form(void)
{
+ identification_t *subject = signercert->get_subject(signercert);
+
return asn1_wrap(ASN1_CONTEXT_C_0, "m",
- build_directoryName(ASN1_SEQUENCE, signer->subject));
+ build_directoryName(ASN1_SEQUENCE, subject->get_encoding(subject)));
}
/**
@@ -96,50 +98,6 @@ static chunk_t build_attr_cert_validity(void)
timetoasn1(&notAfter, ASN1_GENERALIZEDTIME));
}
-/**
- * build attributes
- */
-static chunk_t build_ietfAttributes(ietfAttrList_t *list)
-{
- chunk_t ietfAttributes;
- ietfAttrList_t *item = list;
- size_t size = 0;
- u_char *pos;
-
- /* precalculate the total size of all values */
- while (item != NULL)
- {
- size_t len = item->attr->value.len;
-
- size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len;
- item = item->next;
- }
- pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size);
-
- while (list != NULL)
- {
- ietfAttr_t *attr = list->attr;
- asn1_t type = ASN1_NULL;
-
- switch (attr->kind)
- {
- case IETF_ATTRIBUTE_OCTETS:
- type = ASN1_OCTET_STRING;
- break;
- case IETF_ATTRIBUTE_STRING:
- type = ASN1_UTF8STRING;
- break;
- case IETF_ATTRIBUTE_OID:
- type = ASN1_OID;
- break;
- }
- mv_chunk(&pos, asn1_simple_object(type, attr->value));
-
- list = list->next;
- }
-
- return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes);
-}
/**
* build attribute type
@@ -157,25 +115,26 @@ static chunk_t build_attribute_type(const chunk_t type, chunk_t content)
static chunk_t build_attributes(void)
{
return asn1_wrap(ASN1_SEQUENCE, "m",
- build_attribute_type(ASN1_group_oid,
- build_ietfAttributes(groups)));
+ build_attribute_type(ASN1_group_oid, ietfAttr_list_encode(groups)));
}
/**
* build authorityKeyIdentifier
*/
-static chunk_t build_authorityKeyID(x509cert_t *signer)
+static chunk_t build_authorityKeyID(x509_t *signer)
{
- chunk_t keyIdentifier = (signer->subjectKeyID.ptr == NULL)
- ? empty_chunk
- : asn1_simple_object(ASN1_CONTEXT_S_0,
- signer->subjectKeyID);
+ identification_t *issuer = signer->get_issuer(signer);
+ chunk_t subjectKeyID = signer->get_subjectKeyID(signer);
+
+ chunk_t keyIdentifier = (subjectKeyID.ptr == NULL)
+ ? chunk_empty
+ : asn1_simple_object(ASN1_CONTEXT_S_0, subjectKeyID);
chunk_t authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1,
- signer->issuer);
+ issuer->get_encoding(issuer));
chunk_t authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2,
- signer->serialNumber);
+ signer->get_serialNumber(signer));
return asn1_wrap(ASN1_SEQUENCE, "cm",
ASN1_authorityKeyIdentifier_oid,
@@ -195,7 +154,7 @@ static chunk_t build_authorityKeyID(x509cert_t *signer)
static chunk_t build_extensions(void)
{
return asn1_wrap(ASN1_SEQUENCE, "mc",
- build_authorityKeyID(signer),
+ build_authorityKeyID(signercert),
ASN1_noRevAvail_ext);
}
@@ -215,14 +174,24 @@ static chunk_t build_attr_cert_info(void)
build_extensions());
}
+
/**
* build an X.509 attribute certificate
*/
chunk_t build_attr_cert(void)
{
+ u_char *pos;
+ chunk_t rawSignature, signatureValue;
chunk_t attributeCertificateInfo = build_attr_cert_info();
- chunk_t signatureValue = pkcs1_build_signature(attributeCertificateInfo,
- OID_SHA1, signerkey, TRUE);
+
+ /* build the signature */
+ signerkey->build_emsa_pkcs1_signature(signerkey, HASH_SHA1,
+ attributeCertificateInfo, &rawSignature);
+ pos = build_asn1_object(&signatureValue, ASN1_BIT_STRING,
+ 1 + rawSignature.len);
+ *pos++ = 0x00;
+ memcpy(pos, rawSignature.ptr, rawSignature.len);
+ free(rawSignature.ptr);
return asn1_wrap(ASN1_SEQUENCE, "mcm",
attributeCertificateInfo,