cert.c revision 1.16
1/* $OpenBSD: cert.c,v 1.16 2000/10/07 06:57:08 niklas Exp $ */ 2/* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */ 3 4/* 5 * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. 6 * Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by Ericsson Radio Systems. 19 * 4. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34/* 35 * This code was written under funding by Ericsson Radio Systems. 36 */ 37 38#include <sys/param.h> 39#include <stdio.h> 40#include <stdlib.h> 41#include <string.h> 42 43#include "sysdep.h" 44 45#include "isakmp_num.h" 46#include "log.h" 47#include "cert.h" 48 49#ifdef USE_X509 50#include "x509.h" 51#ifdef KAME 52# include <openssl/ssl.h> 53#else 54# include <ssl/ssl.h> 55#endif 56#endif 57 58#ifdef USE_KEYNOTE 59#include "policy.h" 60#endif 61 62struct cert_handler cert_handler[] = { 63#ifdef USE_X509 64 { 65 ISAKMP_CERTENC_X509_SIG, 66 x509_cert_init, x509_cert_get, x509_cert_validate, 67 x509_cert_insert, x509_cert_free, 68 x509_certreq_validate, x509_certreq_decode, x509_free_aca, 69 x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects 70 }, 71#endif 72#ifdef USE_KEYNOTE 73 { 74 ISAKMP_CERTENC_KEYNOTE, 75 keynote_cert_init, keynote_cert_get, keynote_cert_validate, 76 keynote_cert_insert, keynote_cert_free, 77 keynote_certreq_validate, keynote_certreq_decode, keynote_free_aca, 78 keynote_cert_obtain, keynote_cert_get_key, keynote_cert_get_subjects 79 }, 80#endif 81}; 82 83/* Initialize all certificate handlers */ 84 85int 86cert_init (void) 87{ 88 int i, err = 1; 89 90 for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) 91 if (cert_handler[i].cert_init && !(*cert_handler[i].cert_init) ()) 92 err = 0; 93 94 return err; 95} 96 97struct cert_handler * 98cert_get (u_int16_t id) 99{ 100 int i; 101 102 for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) 103 if (id == cert_handler[i].id) 104 return &cert_handler[i]; 105 return 0; 106} 107 108/* Decode a CERTREQ and return a parsed structure. */ 109struct certreq_aca * 110certreq_decode (u_int16_t type, u_int8_t *data, u_int32_t datalen) 111{ 112 struct cert_handler *handler; 113 struct certreq_aca aca, *ret; 114 115 handler = cert_get (type); 116 if (!handler) 117 return 0; 118 119 aca.id = type; 120 aca.handler = handler; 121 122 if (datalen > 0) 123 { 124 aca.data = handler->certreq_decode (data, datalen); 125 if (!aca.data) 126 return 0; 127 } 128 else 129 aca.data = 0; 130 131 ret = malloc (sizeof aca); 132 if (!ret) 133 { 134 log_error ("certreq_decode: malloc (%d) failed", sizeof aca); 135 handler->free_aca (aca.data); 136 return 0; 137 } 138 139 memcpy (ret, &aca, sizeof aca); 140 141 return ret; 142} 143 144void 145cert_free_subjects (int n, u_int8_t **id, u_int32_t *len) 146{ 147 int i; 148 149 for (i = 0; i < n; i++) 150 free (id[i]); 151 free (id); 152 free (len); 153} 154