diff options
author | Othmar Gsenger <otti@anytun.org> | 2007-12-27 11:13:13 +0000 |
---|---|---|
committer | Othmar Gsenger <otti@anytun.org> | 2007-12-27 11:13:13 +0000 |
commit | 6dc4f1912caf7f01f4b977ff8aaa50be61db2aba (patch) | |
tree | d7a281c430052e04156265d9ab3108c631360a5e /keyexchange/isakmpd-20041012/cert.c | |
parent | removed old isakmpd (diff) |
adden new isakmpd
Diffstat (limited to 'keyexchange/isakmpd-20041012/cert.c')
-rw-r--r-- | keyexchange/isakmpd-20041012/cert.c | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/keyexchange/isakmpd-20041012/cert.c b/keyexchange/isakmpd-20041012/cert.c new file mode 100644 index 0000000..d04b964 --- /dev/null +++ b/keyexchange/isakmpd-20041012/cert.c @@ -0,0 +1,160 @@ +/* $OpenBSD: cert.c,v 1.28 2004/06/14 09:55:41 ho Exp $ */ +/* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. + * Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/param.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "sysdep.h" + +#include "isakmp_num.h" +#include "log.h" +#include "cert.h" + +#ifdef USE_X509 +#include "x509.h" +#endif + +#ifdef USE_KEYNOTE +#include "policy.h" +#endif + +struct cert_handler cert_handler[] = { +#ifdef USE_X509 + { + ISAKMP_CERTENC_X509_SIG, + x509_cert_init, x509_crl_init, x509_cert_get, x509_cert_validate, + x509_cert_insert, x509_cert_free, + x509_certreq_validate, x509_certreq_decode, x509_free_aca, + x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects, + x509_cert_dup, x509_serialize, x509_printable, x509_from_printable + }, +#endif +#ifdef USE_KEYNOTE + { + ISAKMP_CERTENC_KEYNOTE, + keynote_cert_init, NULL, keynote_cert_get, keynote_cert_validate, + keynote_cert_insert, keynote_cert_free, + keynote_certreq_validate, keynote_certreq_decode, keynote_free_aca, + keynote_cert_obtain, keynote_cert_get_key, keynote_cert_get_subjects, + keynote_cert_dup, keynote_serialize, keynote_printable, + keynote_from_printable + }, +#endif +}; + +/* Initialize all certificate handlers */ +int +cert_init(void) +{ + size_t i; + int err = 1; + + for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) + if (cert_handler[i].cert_init && + !(*cert_handler[i].cert_init)()) + err = 0; + + return err; +} + +int +crl_init(void) +{ + size_t i; + int err = 1; + + for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) + if (cert_handler[i].crl_init && !(*cert_handler[i].crl_init)()) + err = 0; + + return err; +} + +struct cert_handler * +cert_get(u_int16_t id) +{ + size_t i; + + for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) + if (id == cert_handler[i].id) + return &cert_handler[i]; + return 0; +} + +/* + * Decode the certificate request of type TYPE contained in DATA extending + * DATALEN bytes. Return a certreq_aca structure which the caller is + * responsible for deallocating. + */ +struct certreq_aca * +certreq_decode(u_int16_t type, u_int8_t *data, u_int32_t datalen) +{ + struct cert_handler *handler; + struct certreq_aca aca, *ret; + + handler = cert_get(type); + if (!handler) + return 0; + + aca.id = type; + aca.handler = handler; + + if (datalen > 0) { + aca.data = handler->certreq_decode(data, datalen); + if (!aca.data) + return 0; + } else + aca.data = 0; + + ret = malloc(sizeof aca); + if (!ret) { + log_error("certreq_decode: malloc (%lu) failed", + (unsigned long)sizeof aca); + handler->free_aca(aca.data); + return 0; + } + memcpy(ret, &aca, sizeof aca); + return ret; +} + +void +cert_free_subjects(int n, u_int8_t **id, u_int32_t *len) +{ + int i; + + for (i = 0; i < n; i++) + free(id[i]); + free(id); + free(len); +} |