aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/conftest/hooks/ike_auth_fill.c2
-rw-r--r--src/conftest/hooks/pretend_auth.c4
-rw-r--r--src/libcharon/encoding/payloads/cert_payload.c23
-rw-r--r--src/libcharon/encoding/payloads/cert_payload.h16
-rw-r--r--src/libcharon/sa/tasks/ike_cert_post.c10
5 files changed, 30 insertions, 25 deletions
diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c
index ac26d1bfe..7362c19f4 100644
--- a/src/conftest/hooks/ike_auth_fill.c
+++ b/src/conftest/hooks/ike_auth_fill.c
@@ -108,7 +108,7 @@ METHOD(listener_t, message, bool,
diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH;
data = chunk_alloc(diff);
memset(data.ptr, 0x12, data.len);
- pld = cert_payload_create_custom(201, data, CERTIFICATE);
+ pld = cert_payload_create_custom(CERTIFICATE, 201, data);
message->add_payload(message, &pld->payload_interface);
DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff);
}
diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c
index b8f961403..10b13c6ac 100644
--- a/src/conftest/hooks/pretend_auth.c
+++ b/src/conftest/hooks/pretend_auth.c
@@ -154,7 +154,7 @@ static void build_certs(private_pretend_auth_t *this,
cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
if (cert)
{
- payload = cert_payload_create_from_cert(cert, CERTIFICATE);
+ payload = cert_payload_create_from_cert(CERTIFICATE, cert);
if (payload)
{
DBG1(DBG_IKE, "pretending end entity cert \"%Y\"",
@@ -167,7 +167,7 @@ static void build_certs(private_pretend_auth_t *this,
{
if (type == AUTH_RULE_IM_CERT)
{
- payload = cert_payload_create_from_cert(cert, CERTIFICATE);
+ payload = cert_payload_create_from_cert(CERTIFICATE, cert);
if (payload)
{
DBG1(DBG_IKE, "pretending issuer cert \"%Y\"",
diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c
index af726ad62..3a230b91e 100644
--- a/src/libcharon/encoding/payloads/cert_payload.c
+++ b/src/libcharon/encoding/payloads/cert_payload.c
@@ -304,10 +304,12 @@ cert_payload_t *cert_payload_create(payload_type_t type)
/*
* Described in header
*/
-cert_payload_t *cert_payload_create_from_cert(certificate_t *cert, payload_type_t type)
+cert_payload_t *cert_payload_create_from_cert(payload_type_t type,
+ certificate_t *cert)
{
- private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(type);
+ private_cert_payload_t *this;
+ this = (private_cert_payload_t*)cert_payload_create(type);
switch (cert->get_type(cert))
{
case CERT_X509:
@@ -326,33 +328,38 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert, payload_type_
return NULL;
}
this->payload_length = get_header_length(this) + this->data.len;
+
return &this->public;
}
/*
* Described in header
*/
-cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url,
- payload_type_t type)
+cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url)
{
- private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(type);
+ private_cert_payload_t *this;
+ this = (private_cert_payload_t*)cert_payload_create(CERTIFICATE);
this->encoding = ENC_X509_HASH_AND_URL;
this->data = chunk_cat("cc", hash, chunk_create(url, strlen(url)));
this->payload_length = get_header_length(this) + this->data.len;
+
return &this->public;
}
/*
* Described in header
*/
-cert_payload_t *cert_payload_create_custom(cert_encoding_t encoding,
- chunk_t data, payload_type_t type)
+cert_payload_t *cert_payload_create_custom(payload_type_t type,
+ cert_encoding_t encoding, chunk_t data)
{
- private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(type);
+ private_cert_payload_t *this;
+ this = (private_cert_payload_t*)cert_payload_create(type);
this->encoding = encoding;
this->data = data;
this->payload_length = get_header_length(this) + this->data.len;
+
return &this->public;
}
+
diff --git a/src/libcharon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h
index c237d7dea..d85a463ca 100644
--- a/src/libcharon/encoding/payloads/cert_payload.h
+++ b/src/libcharon/encoding/payloads/cert_payload.h
@@ -55,9 +55,7 @@ enum cert_encoding_t {
extern enum_name_t *cert_encoding_names;
/**
- * Class representing an IKEv2 CERT payload.
- *
- * The CERT payload format is described in RFC section 3.6.
+ * Class representing an IKEv1/IKEv2 CERT payload.
*/
struct cert_payload_t {
@@ -121,17 +119,16 @@ cert_payload_t *cert_payload_create(payload_type_t type);
* @param cert certificate to embed
* @return cert_payload_t object
*/
-cert_payload_t *cert_payload_create_from_cert(certificate_t *cert, payload_type_t type);
+cert_payload_t *cert_payload_create_from_cert(payload_type_t type,
+ certificate_t *cert);
/**
- * Creates a certificate payload with hash and URL encoding of a certificate.
+ * Creates an IKEv2 certificate payload with hash and URL encoding.
*
- * @param type payload type (for IKEv1 or IKEv2)
* @param hash hash of the DER encoded certificate (get's cloned)
- * @param url the URL to locate the certificate (get's cloned)
* @return cert_payload_t object
*/
-cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url, payload_type_t type);
+cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url);
/**
* Creates a custom certificate payload using type and associated data.
@@ -141,6 +138,7 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url, p
* @param data associated data (gets owned)
* @return cert_payload_t object
*/
-cert_payload_t *cert_payload_create_custom(cert_encoding_t encoding, chunk_t data, payload_type_t type);
+cert_payload_t *cert_payload_create_custom(payload_type_t type,
+ cert_encoding_t encoding, chunk_t data);
#endif /** CERT_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/sa/tasks/ike_cert_post.c b/src/libcharon/sa/tasks/ike_cert_post.c
index ba5d76baa..bedf323ff 100644
--- a/src/libcharon/sa/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/tasks/ike_cert_post.c
@@ -62,14 +62,14 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL))
{
- return cert_payload_create_from_cert(cert, CERTIFICATE);
+ return cert_payload_create_from_cert(CERTIFICATE, cert);
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
{
DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
- return cert_payload_create_from_cert(cert, CERTIFICATE);
+ return cert_payload_create_from_cert(CERTIFICATE, cert);
}
if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
@@ -86,12 +86,12 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, CERT_X509, id);
if (enumerator->enumerate(enumerator, &url))
{
- payload = cert_payload_create_from_hash_and_url(hash, url, CERTIFICATE);
+ payload = cert_payload_create_from_hash_and_url(hash, url);
DBG1(DBG_IKE, "sending hash-and-url \"%s\"", url);
}
else
{
- payload = cert_payload_create_from_cert(cert, CERTIFICATE);
+ payload = cert_payload_create_from_cert(CERTIFICATE, cert);
}
enumerator->destroy(enumerator);
chunk_free(&hash);
@@ -154,7 +154,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message)
{
if (type == AUTH_RULE_IM_CERT)
{
- payload = cert_payload_create_from_cert(cert, CERTIFICATE);
+ payload = cert_payload_create_from_cert(CERTIFICATE, cert);
if (payload)
{
DBG1(DBG_IKE, "sending issuer cert \"%Y\"",
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 21:57:49 +0000