Changed memory management and attribute handling in PKCS#9 wrapper.

author: Tobias Brunner <tobias@strongswan.org> 2012-05-11 17:28:03 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2012-06-11 17:09:20 +0200
commit: 2bf125f0edca72a7dc5cf94dba0ca4c3e4ca9fa5 (patch)
tree: 337861f4f885e02a03d5e3daa85658406fa9116d
parent: f912fedc9b02c591cadf3aa16df7a7c8ccc4e0d9 (diff)
download: strongswan-2bf125f0edca72a7dc5cf94dba0ca4c3e4ca9fa5.tar.bz2
strongswan-2bf125f0edca72a7dc5cf94dba0ca4c3e4ca9fa5.tar.xz
3 files changed, 40 insertions, 112 deletions
diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c
index b8ee8ce7a..749e8818f 100644
--- a/src/libstrongswan/crypto/pkcs7.c
+++ b/src/libstrongswan/crypto/pkcs7.c
@@ -355,7 +355,8 @@ end:
 		{
 			chunk_t messageDigest;
 
-			messageDigest = this->attributes->get_messageDigest(this->attributes);
+			messageDigest = this->attributes->get_attribute(this->attributes,
+													OID_PKCS9_MESSAGE_DIGEST);
 			if (messageDigest.ptr == NULL)
 			{
 				DBG1(DBG_LIB, "messageDigest attribute not found");
@@ -374,7 +375,6 @@ end:
 				{
 					DBG1(DBG_LIB, "hash algorithm %N not supported",
 						 hash_algorithm_names, algorithm);
-					free(messageDigest.ptr);
 					return FALSE;
 				}
 				hasher->allocate_hash(hasher, this->data, &hash);
@@ -382,7 +382,6 @@ end:
 				DBG3(DBG_LIB, "hash: %B", &hash);
 
 				valid = chunk_equals(messageDigest, hash);
-				free(messageDigest.ptr);
 				free(hash.ptr);
 				if (valid)
 				{
@@ -841,7 +840,9 @@ METHOD(pkcs7_t, build_signedData, bool,
 	{
 		if (this->data.ptr != NULL)
 		{
+			chunk_t messageDigest, signingTime, attributes;
 			hasher_t *hasher;
+			time_t now;
 
 			hasher = lib->crypto->create_hasher(lib->crypto, alg);
 			if (hasher == NULL)
@@ -850,26 +851,23 @@ METHOD(pkcs7_t, build_signedData, bool,
 					 hash_algorithm_names, alg);
 				return FALSE;
 			}
-
-			/* take the current time as signingTime */
-			time_t now = time(NULL);
-			chunk_t signingTime = asn1_from_time(&now, ASN1_UTCTIME);
-
-			chunk_t messageDigest, attributes;
-
 			hasher->allocate_hash(hasher, this->data, &messageDigest);
 			hasher->destroy(hasher);
 			this->attributes->set_attribute(this->attributes,
-									OID_PKCS9_CONTENT_TYPE,
-									asn1_build_known_oid(OID_PKCS7_DATA));
-			this->attributes->set_messageDigest(this->attributes,
+									OID_PKCS9_MESSAGE_DIGEST,
 									messageDigest);
-			this->attributes->set_attribute(this->attributes,
+			free(messageDigest.ptr);
+
+			/* take the current time as signingTime */
+			now = time(NULL);
+			signingTime = asn1_from_time(&now, ASN1_UTCTIME);
+			this->attributes->set_attribute_raw(this->attributes,
 									OID_PKCS9_SIGNING_TIME, signingTime);
-			attributes = this->attributes->get_encoding(this->attributes);
+			this->attributes->set_attribute_raw(this->attributes,
+									OID_PKCS9_CONTENT_TYPE,
+									asn1_build_known_oid(OID_PKCS7_DATA));
 
-			free(messageDigest.ptr);
-			free(signingTime.ptr);
+			attributes = this->attributes->get_encoding(this->attributes);
 
 			private_key->sign(private_key, scheme, attributes, &encryptedDigest);
 			authenticatedAttributes = chunk_clone(attributes);
diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c
index 63a615238..d24ab1b80 100644
--- a/src/libstrongswan/crypto/pkcs9.c
+++ b/src/libstrongswan/crypto/pkcs9.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C)2008 Andreas Steffen
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2008 Andreas Steffen
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -74,58 +75,6 @@ struct attribute_t {
 };
 
 /**
- * PKCS#9 attribute type OIDs
- */
-static chunk_t ASN1_contentType_oid = chunk_from_chars(
-	0x06, 0x09,
-		  0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
-);
-static chunk_t ASN1_messageDigest_oid = chunk_from_chars(
-	0x06, 0x09,
-		  0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04
-);
-static chunk_t ASN1_signingTime_oid = chunk_from_chars(
-	0x06, 0x09,
-		  0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x05
-);
-static chunk_t ASN1_messageType_oid = chunk_from_chars(
-	0x06, 0x0A,
-		  0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02
-);
-static chunk_t ASN1_senderNonce_oid = chunk_from_chars(
-	0x06, 0x0A,
-		  0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05
-);
-static chunk_t ASN1_transId_oid = chunk_from_chars(
-	0x06, 0x0A,
-		  0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07
-);
-
-/**
- * return the ASN.1 encoded OID of a PKCS#9 attribute
- */
-static chunk_t asn1_attributeIdentifier(int oid)
-{
-	switch (oid)
-	{
-		case OID_PKCS9_CONTENT_TYPE:
-			return ASN1_contentType_oid;
-		case OID_PKCS9_MESSAGE_DIGEST:
-			return ASN1_messageDigest_oid;
-		case OID_PKCS9_SIGNING_TIME:
-			return ASN1_signingTime_oid;
-		case OID_PKI_MESSAGE_TYPE:
-			return ASN1_messageType_oid;
-		case OID_PKI_SENDER_NONCE:
-			return ASN1_senderNonce_oid;
-		case OID_PKI_TRANS_ID:
-			return ASN1_transId_oid;;
-		default:
-			return chunk_empty;
-	}
-}
-
-/**
  * return the ASN.1 encoding of a PKCS#9 attribute
  */
 static asn1_t asn1_attributeType(int oid)
@@ -188,8 +137,8 @@ static attribute_t *attribute_create(int oid, chunk_t value)
 		.destroy = attribute_destroy,
 		.oid = oid,
 		.value = chunk_clone(value),
-		.encoding = asn1_wrap(ASN1_SEQUENCE, "cm",
-							asn1_attributeIdentifier(oid),
+		.encoding = asn1_wrap(ASN1_SEQUENCE, "mm",
+							asn1_build_known_oid(oid),
 							asn1_simple_object(ASN1_SET, value)),
 	);
 
@@ -263,43 +212,30 @@ METHOD(pkcs9_t, get_attribute, chunk_t,
 		}
 	}
 	enumerator->destroy(enumerator);
+	if (value.ptr &&
+		!asn1_parse_simple_object(&value, asn1_attributeType(oid), 0,
+								  oid_names[oid].name))
+	{
+		return chunk_empty;
+	}
 	return value;
 }
 
-METHOD(pkcs9_t, set_attribute, void,
+METHOD(pkcs9_t, set_attribute_raw, void,
 	private_pkcs9_t *this, int oid, chunk_t value)
 {
 	attribute_t *attribute = attribute_create(oid, value);
 
-	this->attributes->insert_last(this->attributes, (void*)attribute);
-}
-
-METHOD(pkcs9_t, get_messageDigest, chunk_t,
-	private_pkcs9_t *this)
-{
-	const int oid = OID_PKCS9_MESSAGE_DIGEST;
-	chunk_t value = get_attribute(this, oid);
-
-	if (value.ptr == NULL)
-	{
-		return chunk_empty;
-	}
-	if (!asn1_parse_simple_object(&value, asn1_attributeType(oid), 0,
-								  oid_names[oid].name))
-	{
-		return chunk_empty;
-	}
-	return chunk_clone(value);
+	this->attributes->insert_last(this->attributes, attribute);
+	chunk_free(&value);
 }
 
-METHOD(pkcs9_t, set_messageDigest, void,
-	private_pkcs9_t *this, chunk_t value)
+METHOD(pkcs9_t, set_attribute, void,
+	private_pkcs9_t *this, int oid, chunk_t value)
 {
-	const int oid = OID_PKCS9_MESSAGE_DIGEST;
-	chunk_t messageDigest = asn1_simple_object(asn1_attributeType(oid), value);
+	chunk_t attr = asn1_simple_object(asn1_attributeType(oid), value);
 
-	set_attribute(this, oid, messageDigest);
-	free(messageDigest.ptr);
+	set_attribute_raw(this, oid, attr);
 }
 
 METHOD(pkcs9_t, destroy, void,
@@ -323,8 +259,7 @@ static private_pkcs9_t *pkcs9_create_empty(void)
 			.get_encoding = _get_encoding,
 			.get_attribute = _get_attribute,
 			.set_attribute = _set_attribute,
-			.get_messageDigest = _get_messageDigest,
-			.set_messageDigest = _set_messageDigest,
+			.set_attribute_raw = _set_attribute_raw,
 			.destroy = _destroy,
 		},
 		.attributes = linked_list_create(),
diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h
index 5b85692d6..c442d4441 100644
--- a/src/libstrongswan/crypto/pkcs9.h
+++ b/src/libstrongswan/crypto/pkcs9.h
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Andreas Steffen
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
@@ -46,7 +47,7 @@ struct pkcs9_t {
 	 * Gets a PKCS#9 attribute
 	 *
 	 * @param oid			OID of the attribute
-	 * @return				ASN.1 encoded value of the attribute
+	 * @return				value of the attribute (internal data)
 	 */
 	chunk_t (*get_attribute) (pkcs9_t *this, int oid);
 
@@ -54,23 +55,17 @@ struct pkcs9_t {
 	 * Adds a PKCS#9 attribute
 	 *
 	 * @param oid			OID of the attribute
-	 * @param value			ASN.1 encoded value of the attribute
+	 * @param value			value of the attribute (gets cloned)
 	 */
 	void (*set_attribute) (pkcs9_t *this, int oid, chunk_t value);
 
 	/**
-	 * Gets a PKCS#9 messageDigest attribute
+	 * Adds a ASN.1 encoded PKCS#9 attribute
 	 *
-	 * @return				messageDigest
-	 */
-	chunk_t (*get_messageDigest) (pkcs9_t *this);
-
-	/**
-	 * Add a PKCS#9 messageDigest attribute
-	 *
-	 * @param value			messageDigest
+	 * @param oid			OID of the attribute
+	 * @param value			ASN.1 encoded value of the attribute (gets adopted)
 	 */
-	void (*set_messageDigest) (pkcs9_t *this, chunk_t value);
+	void (*set_attribute_raw) (pkcs9_t *this, int oid, chunk_t value);
 
 	/**
 	 * Destroys the PKCS#9 attribute list.
author	Tobias Brunner <tobias@strongswan.org>	2012-05-11 17:28:03 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2012-06-11 17:09:20 +0200
commit	2bf125f0edca72a7dc5cf94dba0ca4c3e4ca9fa5 (patch)
tree	337861f4f885e02a03d5e3daa85658406fa9116d
parent	f912fedc9b02c591cadf3aa16df7a7c8ccc4e0d9 (diff)
download	strongswan-2bf125f0edca72a7dc5cf94dba0ca4c3e4ca9fa5.tar.bz2 strongswan-2bf125f0edca72a7dc5cf94dba0ca4c3e4ca9fa5.tar.xz