cert.c revision 1.24
1/* $OpenBSD: cert.c,v 1.24 2003/06/03 14:28:16 ho Exp $ */ 2/* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */ 3 4/* 5 * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. 6 * Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29/* 30 * This code was written under funding by Ericsson Radio Systems. 31 */ 32 33#include <sys/param.h> 34#include <stdio.h> 35#include <stdlib.h> 36#include <string.h> 37 38#include "sysdep.h" 39 40#include "isakmp_num.h" 41#include "log.h" 42#include "cert.h" 43 44#ifdef USE_X509 45#include "x509.h" 46#endif 47 48#ifdef USE_KEYNOTE 49#include "policy.h" 50#endif 51 52struct cert_handler cert_handler[] = { 53#ifdef USE_X509 54 { 55 ISAKMP_CERTENC_X509_SIG, 56 x509_cert_init, x509_crl_init, x509_cert_get, x509_cert_validate, 57 x509_cert_insert, x509_cert_free, 58 x509_certreq_validate, x509_certreq_decode, x509_free_aca, 59 x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects, 60 x509_cert_dup, x509_serialize, x509_printable, x509_from_printable 61 }, 62#endif 63#ifdef USE_KEYNOTE 64 { 65 ISAKMP_CERTENC_KEYNOTE, 66 keynote_cert_init, NULL, keynote_cert_get, keynote_cert_validate, 67 keynote_cert_insert, keynote_cert_free, 68 keynote_certreq_validate, keynote_certreq_decode, keynote_free_aca, 69 keynote_cert_obtain, keynote_cert_get_key, keynote_cert_get_subjects, 70 keynote_cert_dup, keynote_serialize, keynote_printable, 71 keynote_from_printable 72 }, 73#endif 74}; 75 76/* Initialize all certificate handlers */ 77 78int 79cert_init (void) 80{ 81 int i, err = 1; 82 83 for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) 84 if (cert_handler[i].cert_init && !(*cert_handler[i].cert_init) ()) 85 err = 0; 86 87 return err; 88} 89 90int 91crl_init (void) 92{ 93 int i, err = 1; 94 95 for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) 96 if (cert_handler[i].crl_init && !(*cert_handler[i].crl_init) ()) 97 err = 0; 98 99 return err; 100} 101 102struct cert_handler * 103cert_get (u_int16_t id) 104{ 105 int i; 106 107 for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) 108 if (id == cert_handler[i].id) 109 return &cert_handler[i]; 110 return 0; 111} 112 113/* 114 * Decode the certificate request of type TYPE contained in DATA extending 115 * DATALEN bytes. Return a certreq_aca structure which the caller is 116 * responsible for deallocating. 117 */ 118struct certreq_aca * 119certreq_decode (u_int16_t type, u_int8_t *data, u_int32_t datalen) 120{ 121 struct cert_handler *handler; 122 struct certreq_aca aca, *ret; 123 124 handler = cert_get (type); 125 if (!handler) 126 return 0; 127 128 aca.id = type; 129 aca.handler = handler; 130 131 if (datalen > 0) 132 { 133 aca.data = handler->certreq_decode (data, datalen); 134 if (!aca.data) 135 return 0; 136 } 137 else 138 aca.data = 0; 139 140 ret = malloc (sizeof aca); 141 if (!ret) 142 { 143 log_error ("certreq_decode: malloc (%lu) failed", 144 (unsigned long)sizeof aca); 145 handler->free_aca (aca.data); 146 return 0; 147 } 148 149 memcpy (ret, &aca, sizeof aca); 150 151 return ret; 152} 153 154void 155cert_free_subjects (int n, u_int8_t **id, u_int32_t *len) 156{ 157 int i; 158 159 for (i = 0; i < n; i++) 160 free (id[i]); 161 free (id); 162 free (len); 163} 164