cert.c revision 1.16 
1/*	$OpenBSD: cert.c,v 1.16 2000/10/07 06:57:08 niklas Exp $	*/
2/*	$EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $	*/
3
4/*
5 * Copyright (c) 1998, 1999 Niels Provos.  All rights reserved.
6 * Copyright (c) 1999, 2000 Niklas Hallqvist.  All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 *    must display the following acknowledgement:
18 *	This product includes software developed by Ericsson Radio Systems.
19 * 4. The name of the author may not be used to endorse or promote products
20 *    derived from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34/*
35 * This code was written under funding by Ericsson Radio Systems.
36 */
37
38#include <sys/param.h>
39#include <stdio.h>
40#include <stdlib.h>
41#include <string.h>
42
43#include "sysdep.h"
44
45#include "isakmp_num.h"
46#include "log.h"
47#include "cert.h"
48
49#ifdef USE_X509
50#include "x509.h"
51#ifdef KAME
52#  include <openssl/ssl.h>
53#else
54#  include <ssl/ssl.h>
55#endif
56#endif
57
58#ifdef USE_KEYNOTE
59#include "policy.h"
60#endif
61
62struct cert_handler cert_handler[] = {
63#ifdef USE_X509
64  {
65    ISAKMP_CERTENC_X509_SIG,
66    x509_cert_init, x509_cert_get, x509_cert_validate,
67    x509_cert_insert, x509_cert_free,
68    x509_certreq_validate, x509_certreq_decode, x509_free_aca,
69    x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects
70  },
71#endif
72#ifdef USE_KEYNOTE
73  {
74    ISAKMP_CERTENC_KEYNOTE,
75    keynote_cert_init, keynote_cert_get, keynote_cert_validate,
76    keynote_cert_insert, keynote_cert_free,
77    keynote_certreq_validate, keynote_certreq_decode, keynote_free_aca,
78    keynote_cert_obtain, keynote_cert_get_key, keynote_cert_get_subjects
79  },
80#endif
81};
82
83/* Initialize all certificate handlers */
84
85int
86cert_init (void)
87{
88  int i, err = 1;
89
90  for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++)
91    if (cert_handler[i].cert_init && !(*cert_handler[i].cert_init) ())
92      err = 0;
93
94  return err;
95}
96
97struct cert_handler *
98cert_get (u_int16_t id)
99{
100  int i;
101
102  for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++)
103    if (id == cert_handler[i].id)
104      return &cert_handler[i];
105  return 0;
106}
107
108/* Decode a CERTREQ and return a parsed structure.  */
109struct certreq_aca *
110certreq_decode (u_int16_t type, u_int8_t *data, u_int32_t datalen)
111{
112  struct cert_handler *handler;
113  struct certreq_aca aca, *ret;
114
115  handler = cert_get (type);
116  if (!handler)
117    return 0;
118
119  aca.id = type;
120  aca.handler = handler;
121
122  if (datalen > 0)
123    {
124      aca.data = handler->certreq_decode (data, datalen);
125      if (!aca.data)
126	return 0;
127    }
128  else
129    aca.data = 0;
130
131  ret = malloc (sizeof aca);
132  if (!ret)
133    {
134      log_error ("certreq_decode: malloc (%d) failed", sizeof aca);
135      handler->free_aca (aca.data);
136      return 0;
137    }
138
139  memcpy (ret, &aca, sizeof aca);
140
141  return ret;
142}
143
144void
145cert_free_subjects (int n, u_int8_t **id, u_int32_t *len)
146{
147  int i;
148
149  for (i = 0; i < n; i++)
150    free (id[i]);
151  free (id);
152  free (len);
153}
154