1 files changed, 160 insertions, 0 deletions

diff --git a/keyexchange/isakmpd-20041012/cert.c b/keyexchange/isakmpd-20041012/cert.c
new file mode 100644
index 0000000..d04b964
--- /dev/null
+++ b/keyexchange/isakmpd-20041012/cert.c
@@ -0,0 +1,160 @@
+/* $OpenBSD: cert.c,v 1.28 2004/06/14 09:55:41 ho Exp $	 */
+/* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $	 */
+
+/*
+ * Copyright (c) 1998, 1999 Niels Provos.  All rights reserved.
+ * Copyright (c) 1999, 2000 Niklas Hallqvist.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This code was written under funding by Ericsson Radio Systems.
+ */
+
+#include <sys/param.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "sysdep.h"
+
+#include "isakmp_num.h"
+#include "log.h"
+#include "cert.h"
+
+#ifdef USE_X509
+#include "x509.h"
+#endif
+
+#ifdef USE_KEYNOTE
+#include "policy.h"
+#endif
+
+struct cert_handler cert_handler[] = {
+#ifdef USE_X509
+    {
+	ISAKMP_CERTENC_X509_SIG,
+	x509_cert_init, x509_crl_init, x509_cert_get, x509_cert_validate,
+	x509_cert_insert, x509_cert_free,
+	x509_certreq_validate, x509_certreq_decode, x509_free_aca,
+	x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects,
+	x509_cert_dup, x509_serialize, x509_printable, x509_from_printable
+    },
+#endif
+#ifdef USE_KEYNOTE
+    {
+	ISAKMP_CERTENC_KEYNOTE,
+	keynote_cert_init, NULL, keynote_cert_get, keynote_cert_validate,
+	keynote_cert_insert, keynote_cert_free,
+	keynote_certreq_validate, keynote_certreq_decode, keynote_free_aca,
+	keynote_cert_obtain, keynote_cert_get_key, keynote_cert_get_subjects,
+	keynote_cert_dup, keynote_serialize, keynote_printable,
+	keynote_from_printable
+    },
+#endif
+};
+
+/* Initialize all certificate handlers */
+int
+cert_init(void)
+{
+	size_t	i;
+	int	err = 1;
+
+	for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++)
+		if (cert_handler[i].cert_init &&
+		    !(*cert_handler[i].cert_init)())
+			err = 0;
+
+	return err;
+}
+
+int
+crl_init(void)
+{
+	size_t	i;
+	int	err = 1;
+
+	for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++)
+		if (cert_handler[i].crl_init && !(*cert_handler[i].crl_init)())
+			err = 0;
+
+	return err;
+}
+
+struct cert_handler *
+cert_get(u_int16_t id)
+{
+	size_t	i;
+
+	for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++)
+		if (id == cert_handler[i].id)
+			return &cert_handler[i];
+	return 0;
+}
+
+/*
+ * Decode the certificate request of type TYPE contained in DATA extending
+ * DATALEN bytes.  Return a certreq_aca structure which the caller is
+ * responsible for deallocating.
+ */
+struct certreq_aca *
+certreq_decode(u_int16_t type, u_int8_t *data, u_int32_t datalen)
+{
+	struct cert_handler *handler;
+	struct certreq_aca aca, *ret;
+
+	handler = cert_get(type);
+	if (!handler)
+		return 0;
+
+	aca.id = type;
+	aca.handler = handler;
+
+	if (datalen > 0) {
+		aca.data = handler->certreq_decode(data, datalen);
+		if (!aca.data)
+			return 0;
+	} else
+		aca.data = 0;
+
+	ret = malloc(sizeof aca);
+	if (!ret) {
+		log_error("certreq_decode: malloc (%lu) failed",
+		    (unsigned long)sizeof aca);
+		handler->free_aca(aca.data);
+		return 0;
+	}
+	memcpy(ret, &aca, sizeof aca);
+	return ret;
+}
+
+void
+cert_free_subjects(int n, u_int8_t **id, u_int32_t *len)
+{
+	int	i;
+
+	for (i = 0; i < n; i++)
+		free(id[i]);
+	free(id);
+	free(len);
+}