diff options
| author | Martin Willi <martin@revosec.ch> | 2012-11-23 16:27:31 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-12-19 10:32:07 +0100 |
| commit | 7f9fedc9bdef67824f2e4cfd8e658cd5dcc1f474 (patch) | |
| tree | c18e7d06dc42b23817669fb6779a8c1c64deddf7 | |
| parent | c1005c120c63f727e8ee2cb7d8deb3a834376bc8 (diff) | |
| download | strongswan-7f9fedc9bdef67824f2e4cfd8e658cd5dcc1f474.tar.bz2 strongswan-7f9fedc9bdef67824f2e4cfd8e658cd5dcc1f474.tar.xz | |
Unify PKCS#9 set_attribute* methods to a single add_attribute
This way the PKCS#9 implementation does not have to know
the encoding types for values
| -rw-r--r-- | src/libstrongswan/crypto/pkcs7.c | 11 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/pkcs9.c | 44 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/pkcs9.h | 12 | ||||
| -rw-r--r-- | src/scepclient/scep.c | 9 |
4 files changed, 17 insertions, 59 deletions
diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c index 687603589..6b7e725e3 100644 --- a/src/libstrongswan/crypto/pkcs7.c +++ b/src/libstrongswan/crypto/pkcs7.c @@ -930,17 +930,16 @@ METHOD(pkcs7_t, build_signedData, bool, return FALSE; } hasher->destroy(hasher); - this->attributes->set_attribute(this->attributes, - OID_PKCS9_MESSAGE_DIGEST, - messageDigest); - free(messageDigest.ptr); + this->attributes->add_attribute(this->attributes, + OID_PKCS9_MESSAGE_DIGEST, + asn1_wrap(ASN1_OCTET_STRING, "m", messageDigest)); /* take the current time as signingTime */ now = time(NULL); signingTime = asn1_from_time(&now, ASN1_UTCTIME); - this->attributes->set_attribute_raw(this->attributes, + this->attributes->add_attribute(this->attributes, OID_PKCS9_SIGNING_TIME, signingTime); - this->attributes->set_attribute_raw(this->attributes, + this->attributes->add_attribute(this->attributes, OID_PKCS9_CONTENT_TYPE, asn1_build_known_oid(OID_PKCS7_DATA)); diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c index d30d02efc..f1a74213e 100644 --- a/src/libstrongswan/crypto/pkcs9.c +++ b/src/libstrongswan/crypto/pkcs9.c @@ -69,32 +69,6 @@ struct attribute_t { }; /** - * return the ASN.1 encoding of a PKCS#9 attribute - */ -static asn1_t get_attribute_type(int oid) -{ - switch (oid) - { - case OID_PKCS9_CONTENT_TYPE: - return ASN1_OID; - case OID_PKCS9_SIGNING_TIME: - return ASN1_UTCTIME; - case OID_PKI_MESSAGE_TYPE: - case OID_PKI_STATUS: - case OID_PKI_FAIL_INFO: - return ASN1_PRINTABLESTRING; - case OID_PKI_SENDER_NONCE: - case OID_PKI_RECIPIENT_NONCE: - case OID_PKCS9_MESSAGE_DIGEST: - return ASN1_OCTET_STRING; - case OID_PKI_TRANS_ID: - return ASN1_PRINTABLESTRING; - default: - return ASN1_EOC; - } -} - -/** * Destroy an attribute_t object. */ static void attribute_destroy(attribute_t *this) @@ -185,23 +159,14 @@ METHOD(pkcs9_t, get_attribute, chunk_t, return chunk_empty; } -METHOD(pkcs9_t, set_attribute_raw, void, +METHOD(pkcs9_t, add_attribute, void, private_pkcs9_t *this, int oid, chunk_t value) { - attribute_t *attribute = attribute_create(oid, value); - - this->attributes->insert_last(this->attributes, attribute); + this->attributes->insert_last(this->attributes, + attribute_create(oid, value)); chunk_free(&value); } -METHOD(pkcs9_t, set_attribute, void, - private_pkcs9_t *this, int oid, chunk_t value) -{ - chunk_t attr = asn1_simple_object(get_attribute_type(oid), value); - - set_attribute_raw(this, oid, attr); -} - METHOD(pkcs9_t, destroy, void, private_pkcs9_t *this) { @@ -222,8 +187,7 @@ pkcs9_t *pkcs9_create(void) .public = { .get_encoding = _get_encoding, .get_attribute = _get_attribute, - .set_attribute = _set_attribute, - .set_attribute_raw = _set_attribute_raw, + .add_attribute = _add_attribute, .destroy = _destroy, }, .attributes = linked_list_create(), diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h index 3af000616..0c2a779a2 100644 --- a/src/libstrongswan/crypto/pkcs9.h +++ b/src/libstrongswan/crypto/pkcs9.h @@ -50,17 +50,9 @@ struct pkcs9_t { * Adds a PKCS#9 attribute. * * @param oid OID of the attribute - * @param value value of the attribute (gets cloned) + * @param value value of the attribute, with ASN1 type (gets owned) */ - void (*set_attribute) (pkcs9_t *this, int oid, chunk_t value); - - /** - * Adds a ASN.1 encoded PKCS#9 attribute. - * - * @param oid OID of the attribute - * @param value ASN.1 encoded value of the attribute (gets adopted) - */ - void (*set_attribute_raw) (pkcs9_t *this, int oid, chunk_t value); + void (*add_attribute) (pkcs9_t *this, int oid, chunk_t value); /** * Destroys the PKCS#9 attribute list. diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index 938340d21..f7a1f0b36 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -205,7 +205,8 @@ static bool add_senderNonce_attribute(pkcs9_t *pkcs9) } rng->destroy(rng); - pkcs9->set_attribute(pkcs9, OID_PKI_SENDER_NONCE, senderNonce); + pkcs9->add_attribute(pkcs9, OID_PKI_SENDER_NONCE, + asn1_wrap(ASN1_OCTET_STRING, "c", senderNonce)); return TRUE; } @@ -232,8 +233,10 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg, } pkcs9 = pkcs9_create(); - pkcs9->set_attribute(pkcs9, OID_PKI_TRANS_ID, transID); - pkcs9->set_attribute(pkcs9, OID_PKI_MESSAGE_TYPE, msgType); + pkcs9->add_attribute(pkcs9, OID_PKI_TRANS_ID, + asn1_wrap(ASN1_PRINTABLESTRING, "c", transID)); + pkcs9->add_attribute(pkcs9, OID_PKI_MESSAGE_TYPE, + asn1_wrap(ASN1_PRINTABLESTRING, "c", msgType)); if (!add_senderNonce_attribute(pkcs9)) { pkcs9->destroy(pkcs9); |