diff options
author | Tobias Brunner <tobias@strongswan.org> | 2008-04-18 11:24:45 +0000 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2008-04-18 11:24:45 +0000 |
commit | 6439267a8c7f22d2a4a221457fea2a26e2a7ff6d (patch) | |
tree | cc3b714d0831a09f701d2b64d350e75890d78dbf /src/libstrongswan | |
parent | eed87e1d766a2f74ae0017b01a8fd026dddb7156 (diff) | |
download | strongswan-6439267a8c7f22d2a4a221457fea2a26e2a7ff6d.tar.bz2 strongswan-6439267a8c7f22d2a4a221457fea2a26e2a7ff6d.tar.xz |
support for hash and URL encoded certificate payloads in charon
Diffstat (limited to 'src/libstrongswan')
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 26 | ||||
-rw-r--r-- | src/libstrongswan/utils/identification.c | 9 | ||||
-rw-r--r-- | src/libstrongswan/utils/identification.h | 5 |
3 files changed, 37 insertions, 3 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 9b6bdb630..0b3ea68f5 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -4,6 +4,7 @@ * Copyright (C) 2002 Mario Strasser * Copyright (C) 2000-2006 Andreas Steffen * Copyright (C) 2006-2008 Martin Willi + * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -68,6 +69,11 @@ struct private_x509_cert_t { * X.509 certificate encoding in ASN.1 DER format */ chunk_t encoding; + + /** + * SHA1 hash of the DER encoding of this X.509 certificate + */ + chunk_t encoding_hash; /** * X.509 certificate body over which signature is computed @@ -904,6 +910,12 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje identification_t *current; enumerator_t *enumerator; id_match_t match, best; + + if (this->encoding_hash.ptr && subject->get_type(subject) == ID_CERT_DER_SHA1 && + chunk_equals(this->encoding_hash, subject->get_encoding(subject))) + { + return ID_MATCH_PERFECT; + } best = this->subject->matches(this->subject, subject); enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames); @@ -1152,6 +1164,7 @@ static void destroy(private_x509_cert_t *this) DESTROY_IF(this->public_key); DESTROY_IF(this->authKeyIdentifier); chunk_free(&this->encoding); + chunk_free(&this->encoding_hash); free(this); } } @@ -1184,6 +1197,7 @@ static private_x509_cert_t* create_empty(void) this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator; this->encoding = chunk_empty; + this->encoding_hash = chunk_empty; this->public_key = NULL; this->subject = NULL; this->issuer = NULL; @@ -1218,6 +1232,18 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk) { this->flags |= X509_SELF_SIGNED; } + + hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (hasher != NULL) + { + hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); + hasher->destroy(hasher); + } + else + { + DBG1(" unable to create hash of certificate, SHA1 not supported"); + } + return this; } diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 4eead4a9f..e44ba7d6f 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -50,11 +50,12 @@ ENUM_BEGIN(id_type_names, ID_ANY, ID_KEY_ID, "ID_DER_ASN1_DN", "ID_DER_ASN1_GN", "ID_KEY_ID"); -ENUM_NEXT(id_type_names, ID_DER_ASN1_GN_URI, ID_PUBKEY_SHA1, ID_KEY_ID, +ENUM_NEXT(id_type_names, ID_DER_ASN1_GN_URI, ID_CERT_DER_SHA1, ID_KEY_ID, "ID_DER_ASN1_GN_URI", "ID_PUBKEY_INFO_SHA1", - "ID_PUBKEY_SHA1"); -ENUM_END(id_type_names, ID_PUBKEY_SHA1); + "ID_PUBKEY_SHA1", + "ID_CERT_DER_SHA1"); +ENUM_END(id_type_names, ID_CERT_DER_SHA1); /** * X.501 acronyms for well known object identifiers (OIDs) @@ -941,6 +942,7 @@ static int print(FILE *stream, const struct printf_info *info, case ID_KEY_ID: case ID_PUBKEY_INFO_SHA1: case ID_PUBKEY_SHA1: + case ID_CERT_DER_SHA1: return fprintf(stream, "%#B", &this->encoded); case ID_DER_ASN1_GN_URI: { @@ -1175,6 +1177,7 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t en case ID_DER_ASN1_GN_URI: case ID_PUBKEY_INFO_SHA1: case ID_PUBKEY_SHA1: + case ID_CERT_DER_SHA1: default: break; } diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index 31c49c269..29318ce47 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -137,6 +137,11 @@ enum id_type_t { * SHA1 hash over PKCS#1 subjectPublicKey */ ID_PUBKEY_SHA1, + + /** + * SHA1 hash of the binary DER encoding of a certificate + */ + ID_CERT_DER_SHA1, }; /** |