diff options
Diffstat (limited to 'src/scepclient/pkcs10.c')
-rw-r--r-- | src/scepclient/pkcs10.c | 234 |
1 files changed, 119 insertions, 115 deletions
diff --git a/src/scepclient/pkcs10.c b/src/scepclient/pkcs10.c index 86267f508..cdd68431e 100644 --- a/src/scepclient/pkcs10.c +++ b/src/scepclient/pkcs10.c @@ -26,12 +26,11 @@ #include <arpa/inet.h> #include <freeswan.h> +#include <asn1/asn1.h> #include <asn1/oid.h> #include "../pluto/constants.h" #include "../pluto/defs.h" -#include "../pluto/asn1.h" -#include "../pluto/pkcs1.h" #include "../pluto/log.h" #include "../pluto/x509.h" @@ -40,66 +39,66 @@ /* some pre-coded OIDs */ static u_char ASN1_challengePassword_oid_str[] = { - 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07 + 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07 }; -static const chunk_t ASN1_challengePassword_oid = strchunk(ASN1_challengePassword_oid_str); +static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str); static u_char ASN1_extensionRequest_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E }; -static const chunk_t ASN1_extensionRequest_oid = strchunk(ASN1_extensionRequest_oid_str); +static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str); /** * @brief Adds a subjectAltName in DER-coded form to a linked list * - * @param[in,out] subjectAltNames head of the linked list of subjectAltNames - * @param[in] kind type of the subjectAltName (which is a generalName) - * @param[in] value value of the subjectAltName as an ASCII string + * @param[in,out] subjectAltNames head of the linked list of subjectAltNames + * @param[in] kind type of the subjectAltName (which is a generalName) + * @param[in] value value of the subjectAltName as an ASCII string */ void pkcs10_add_subjectAltName(generalName_t **subjectAltNames, generalNames_t kind , char *value) { - generalName_t *gn; - asn1_t asn1_type = ASN1_EOC; - chunk_t name = { value, strlen(value) }; - - switch (kind) - { - case GN_RFC822_NAME: - asn1_type = ASN1_CONTEXT_S_1; - break; - case GN_DNS_NAME: - asn1_type = ASN1_CONTEXT_S_2; - break; - case GN_IP_ADDRESS: + generalName_t *gn; + asn1_t asn1_type = ASN1_EOC; + chunk_t name = { value, strlen(value) }; + + switch (kind) { - struct in_addr addr; - - /* convert an ASCII dotted IPv4 address (e.g. 123.456.78.90) - * to a byte representation in network order - */ - if (!inet_aton(value, &addr)) - { - fprintf(stderr, "error in IPv4 subjectAltName\n"); - return; - } - asn1_type = ASN1_CONTEXT_S_7; - name.ptr = (u_char *) &addr.s_addr; - name.len = sizeof(addr.s_addr); - break; - } - default: - break; - } - - gn = alloc_thing(generalName_t, "subjectAltName"); - gn->kind = kind; - gn->name = asn1_simple_object(asn1_type, name); - gn->next = *subjectAltNames; - *subjectAltNames = gn; + case GN_RFC822_NAME: + asn1_type = ASN1_CONTEXT_S_1; + break; + case GN_DNS_NAME: + asn1_type = ASN1_CONTEXT_S_2; + break; + case GN_IP_ADDRESS: + { + struct in_addr addr; + + /* convert an ASCII dotted IPv4 address (e.g. 123.456.78.90) + * to a byte representation in network order + */ + if (!inet_aton(value, &addr)) + { + fprintf(stderr, "error in IPv4 subjectAltName\n"); + return; + } + asn1_type = ASN1_CONTEXT_S_7; + name.ptr = (u_char *) &addr.s_addr; + name.len = sizeof(addr.s_addr); + break; + } + default: + break; + } + + gn = malloc_thing(generalName_t); + gn->kind = kind; + gn->name = asn1_simple_object(asn1_type, name); + gn->next = *subjectAltNames; + *subjectAltNames = gn; } /** @@ -108,71 +107,75 @@ pkcs10_add_subjectAltName(generalName_t **subjectAltNames, generalNames_t kind * challenge password ans subjectAltNames are only included, * when avaiable in given #pkcs10_t structure * - * @param[in] pkcs10 Pointer to a #pkcs10_t structure - * @return 1 if succeeded, 0 otherwise + * @param[in] pkcs10 Pointer to a #pkcs10_t structure + * @return 1 if succeeded, 0 otherwise */ static chunk_t build_req_info_attributes(pkcs10_t* pkcs10) { - chunk_t subjectAltNames = empty_chunk; - chunk_t challengePassword = empty_chunk; - - if (pkcs10->subjectAltNames != NULL) - { - - subjectAltNames = asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_extensionRequest_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_wrap(ASN1_SEQUENCE, "m" - , build_subjectAltNames(pkcs10->subjectAltNames) - ) - ) - ); - } - - if (pkcs10->challengePassword.len > 0) - { - asn1_t type = is_printablestring(pkcs10->challengePassword) - ? ASN1_PRINTABLESTRING : ASN1_T61STRING; - - challengePassword = asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_challengePassword_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_simple_object(type, pkcs10->challengePassword) - ) - ); - } - - return asn1_wrap(ASN1_CONTEXT_C_0, "mm" - , subjectAltNames - , challengePassword); + chunk_t subjectAltNames = chunk_empty; + chunk_t challengePassword = chunk_empty; + + if (pkcs10->subjectAltNames != NULL) + { + + subjectAltNames = asn1_wrap(ASN1_SEQUENCE, "cm" + , ASN1_extensionRequest_oid + , asn1_wrap(ASN1_SET, "m" + , asn1_wrap(ASN1_SEQUENCE, "m" + , build_subjectAltNames(pkcs10->subjectAltNames) + ) + ) + ); + } + + if (pkcs10->challengePassword.len > 0) + { + asn1_t type = asn1_is_printablestring(pkcs10->challengePassword) + ? ASN1_PRINTABLESTRING : ASN1_T61STRING; + + challengePassword = asn1_wrap(ASN1_SEQUENCE, "cm" + , ASN1_challengePassword_oid + , asn1_wrap(ASN1_SET, "m" + , asn1_simple_object(type, pkcs10->challengePassword) + ) + ); + } + + return asn1_wrap(ASN1_CONTEXT_C_0, "mm" + , subjectAltNames + , challengePassword); } /** * @brief Builds a DER-code pkcs#10 certificate request * - * @param[in] pkcs10 pointer to a pkcs10_t struct - * @return DER-code pkcs10 request + * @param[in] pkcs10 pointer to a pkcs10_t struct + * @return DER-code pkcs10 request */ static chunk_t pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg) { - RSA_public_key_t *rsak = (RSA_public_key_t *) pkcs10->private_key; + chunk_t key = pkcs10->public_key->get_encoding(pkcs10->public_key); + + chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + asn1_bitstring("m", key)); - chunk_t cert_req_info = asn1_wrap(ASN1_SEQUENCE, "ccmm" - , ASN1_INTEGER_0 - , pkcs10->subject - , pkcs1_build_publicKeyInfo(rsak) - , build_req_info_attributes(pkcs10)); + chunk_t cert_req_info = asn1_wrap(ASN1_SEQUENCE, "ccmm", + ASN1_INTEGER_0, + pkcs10->subject, + keyInfo, + build_req_info_attributes(pkcs10)); - chunk_t signature = pkcs1_build_signature(cert_req_info - , signature_alg, pkcs10->private_key, TRUE); + chunk_t signature = x509_build_signature(cert_req_info, signature_alg, + pkcs10->private_key, TRUE); - return asn1_wrap(ASN1_SEQUENCE, "mcm" - , cert_req_info - , asn1_algorithmIdentifier(signature_alg) - , signature); + return asn1_wrap(ASN1_SEQUENCE, "mcm", + cert_req_info, + asn1_algorithmIdentifier(signature_alg), + signature); } /** @@ -183,38 +186,39 @@ pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg) * (e.g. commonName, organization) are needed. An optional challenge * password or some subjectAltNames may be included. * - * @param[in] key rsakey of type #rsakey_t - * @param[in] subject DER-coded subject distinguished name - * @param[in] challengePassword challenge password or empty_chunk - * @param[in] subjectAltNames linked list of subjectAltNames or NULL - * @return pointer to a #pkcs10_t object + * @param[in] key rsakey of type #rsakey_t + * @param[in] subject DER-coded subject distinguished name + * @param[in] challengePassword challenge password or chunk_empty + * @param[in] subjectAltNames linked list of subjectAltNames or NULL + * @return pointer to a #pkcs10_t object */ -pkcs10_t* -pkcs10_build(RSA_private_key_t *key, chunk_t subject, chunk_t challengePassword -, generalName_t *subjectAltNames, int signature_alg) +pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public, + chunk_t subject, chunk_t challengePassword, + generalName_t *subjectAltNames, int signature_alg) { - pkcs10_t *pkcs10 = alloc_thing(pkcs10_t, "pkcs10_t"); + pkcs10_t *pkcs10 = malloc_thing(pkcs10_t); - pkcs10->subject = subject; - pkcs10->private_key = key; - pkcs10->challengePassword = challengePassword; - pkcs10->subjectAltNames = subjectAltNames; + pkcs10->subject = subject; + pkcs10->private_key = private; + pkcs10->public_key = public; + pkcs10->challengePassword = challengePassword; + pkcs10->subjectAltNames = subjectAltNames; - pkcs10->request = pkcs10_build_request(pkcs10, signature_alg); - return pkcs10; + pkcs10->request = pkcs10_build_request(pkcs10, signature_alg); + return pkcs10; } /** * @brief Frees the resources used by an #pkcs10_t object * - * @param[in] pkcs10 #pkcs10_t to free + * @param[in] pkcs10 #pkcs10_t to free */ void pkcs10_free(pkcs10_t *pkcs10) { - if (pkcs10 != NULL) - { - freeanychunk(pkcs10->request); - pfree(pkcs10); - } + if (pkcs10 != NULL) + { + free(pkcs10->request.ptr); + free(pkcs10); + } } |