diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:10:02 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:10:02 +0000 |
commit | 49104abddf3d71d5abf5cf75dc7f95fa6c55fa63 (patch) | |
tree | 28f7a72e5dec4abf908fd7874bdab776281310bc /src/openac/build.c | |
parent | 7b0305f59ddab9ea026b202a8c569912e5bf9a90 (diff) | |
download | vyos-strongswan-49104abddf3d71d5abf5cf75dc7f95fa6c55fa63.tar.gz vyos-strongswan-49104abddf3d71d5abf5cf75dc7f95fa6c55fa63.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.1.8)
Diffstat (limited to 'src/openac/build.c')
-rw-r--r-- | src/openac/build.c | 125 |
1 files changed, 47 insertions, 78 deletions
diff --git a/src/openac/build.c b/src/openac/build.c index 0c6a2be3b..d03e73048 100644 --- a/src/openac/build.c +++ b/src/openac/build.c @@ -1,7 +1,7 @@ /* Build a X.509 attribute certificate * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler - * Copyright (C) 2004 Andreas Steffen - * Zuercher Hochschule Winterthur, Switzerland + * Copyright (C) 2004,2007 Andreas Steffen + * Hochschule fuer Technik Rapperswil, Switzerland * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -13,20 +13,17 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: build.c,v 1.14 2005/09/06 11:47:57 as Exp $ + * RCSID $Id: build.c 3270 2007-10-08 20:09:57Z andreas $ */ #include <stdlib.h> #include <string.h> +#include <stdio.h> -#include <freeswan.h> - -#include "../pluto/constants.h" -#include "../pluto/defs.h" -#include "../pluto/oid.h" -#include "../pluto/asn1.h" -#include "../pluto/x509.h" -#include "../pluto/log.h" +#include <asn1/oid.h> +#include <asn1/asn1.h> +#include <crypto/ietf_attr_list.h> +#include <utils/identification.h> #include "build.h" @@ -35,15 +32,15 @@ static u_char ASN1_group_oid_str[] = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04 }; -static const chunk_t ASN1_group_oid = strchunk(ASN1_group_oid_str); +static const chunk_t ASN1_group_oid = chunk_from_buf(ASN1_group_oid_str); static u_char ASN1_authorityKeyIdentifier_oid_str[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; -static const chunk_t ASN1_authorityKeyIdentifier_oid - = strchunk(ASN1_authorityKeyIdentifier_oid_str); +static const chunk_t ASN1_authorityKeyIdentifier_oid = + chunk_from_buf(ASN1_authorityKeyIdentifier_oid_str); static u_char ASN1_noRevAvail_ext_str[] = { 0x30, 0x09, @@ -53,7 +50,7 @@ static u_char ASN1_noRevAvail_ext_str[] = { 0x05, 0x00 }; -static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str); +static const chunk_t ASN1_noRevAvail_ext = chunk_from_buf(ASN1_noRevAvail_ext_str); /** * build directoryName @@ -61,7 +58,7 @@ static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str); static chunk_t build_directoryName(asn1_t tag, chunk_t name) { return asn1_wrap(tag, "m", - asn1_simple_object(ASN1_CONTEXT_C_4, name)); + asn1_simple_object(ASN1_CONTEXT_C_4, name)); } /** @@ -69,12 +66,15 @@ static chunk_t build_directoryName(asn1_t tag, chunk_t name) */ static chunk_t build_holder(void) { + identification_t *issuer = usercert->get_issuer(usercert); + identification_t *subject = usercert->get_subject(usercert); + return asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_wrap(ASN1_CONTEXT_C_0, "mm", - build_directoryName(ASN1_SEQUENCE, user->issuer), - asn1_simple_object(ASN1_INTEGER, user->serialNumber) - ), - build_directoryName(ASN1_CONTEXT_C_1, user->subject)); + asn1_wrap(ASN1_CONTEXT_C_0, "mm", + build_directoryName(ASN1_SEQUENCE, issuer->get_encoding(issuer)), + asn1_simple_object(ASN1_INTEGER, usercert->get_serialNumber(usercert)) + ), + build_directoryName(ASN1_CONTEXT_C_1, subject->get_encoding(subject))); } /** @@ -82,8 +82,10 @@ static chunk_t build_holder(void) */ static chunk_t build_v2_form(void) { + identification_t *subject = signercert->get_subject(signercert); + return asn1_wrap(ASN1_CONTEXT_C_0, "m", - build_directoryName(ASN1_SEQUENCE, signer->subject)); + build_directoryName(ASN1_SEQUENCE, subject->get_encoding(subject))); } /** @@ -96,50 +98,6 @@ static chunk_t build_attr_cert_validity(void) timetoasn1(¬After, ASN1_GENERALIZEDTIME)); } -/** - * build attributes - */ -static chunk_t build_ietfAttributes(ietfAttrList_t *list) -{ - chunk_t ietfAttributes; - ietfAttrList_t *item = list; - size_t size = 0; - u_char *pos; - - /* precalculate the total size of all values */ - while (item != NULL) - { - size_t len = item->attr->value.len; - - size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len; - item = item->next; - } - pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size); - - while (list != NULL) - { - ietfAttr_t *attr = list->attr; - asn1_t type = ASN1_NULL; - - switch (attr->kind) - { - case IETF_ATTRIBUTE_OCTETS: - type = ASN1_OCTET_STRING; - break; - case IETF_ATTRIBUTE_STRING: - type = ASN1_UTF8STRING; - break; - case IETF_ATTRIBUTE_OID: - type = ASN1_OID; - break; - } - mv_chunk(&pos, asn1_simple_object(type, attr->value)); - - list = list->next; - } - - return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes); -} /** * build attribute type @@ -157,25 +115,26 @@ static chunk_t build_attribute_type(const chunk_t type, chunk_t content) static chunk_t build_attributes(void) { return asn1_wrap(ASN1_SEQUENCE, "m", - build_attribute_type(ASN1_group_oid, - build_ietfAttributes(groups))); + build_attribute_type(ASN1_group_oid, ietfAttr_list_encode(groups))); } /** * build authorityKeyIdentifier */ -static chunk_t build_authorityKeyID(x509cert_t *signer) +static chunk_t build_authorityKeyID(x509_t *signer) { - chunk_t keyIdentifier = (signer->subjectKeyID.ptr == NULL) - ? empty_chunk - : asn1_simple_object(ASN1_CONTEXT_S_0, - signer->subjectKeyID); + identification_t *issuer = signer->get_issuer(signer); + chunk_t subjectKeyID = signer->get_subjectKeyID(signer); + + chunk_t keyIdentifier = (subjectKeyID.ptr == NULL) + ? chunk_empty + : asn1_simple_object(ASN1_CONTEXT_S_0, subjectKeyID); chunk_t authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1, - signer->issuer); + issuer->get_encoding(issuer)); chunk_t authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2, - signer->serialNumber); + signer->get_serialNumber(signer)); return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_authorityKeyIdentifier_oid, @@ -195,7 +154,7 @@ static chunk_t build_authorityKeyID(x509cert_t *signer) static chunk_t build_extensions(void) { return asn1_wrap(ASN1_SEQUENCE, "mc", - build_authorityKeyID(signer), + build_authorityKeyID(signercert), ASN1_noRevAvail_ext); } @@ -215,14 +174,24 @@ static chunk_t build_attr_cert_info(void) build_extensions()); } + /** * build an X.509 attribute certificate */ chunk_t build_attr_cert(void) { + u_char *pos; + chunk_t rawSignature, signatureValue; chunk_t attributeCertificateInfo = build_attr_cert_info(); - chunk_t signatureValue = pkcs1_build_signature(attributeCertificateInfo, - OID_SHA1, signerkey, TRUE); + + /* build the signature */ + signerkey->build_emsa_pkcs1_signature(signerkey, HASH_SHA1, + attributeCertificateInfo, &rawSignature); + pos = build_asn1_object(&signatureValue, ASN1_BIT_STRING, + 1 + rawSignature.len); + *pos++ = 0x00; + memcpy(pos, rawSignature.ptr, rawSignature.len); + free(rawSignature.ptr); return asn1_wrap(ASN1_SEQUENCE, "mcm", attributeCertificateInfo, |