diff options
Diffstat (limited to 'src/libstrongswan/plugins')
| -rw-r--r-- | src/libstrongswan/plugins/x509/Makefile.am | 3 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/ietf_attr_list.c | 396 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/ietf_attr_list.h | 79 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.c | 42 |
4 files changed, 28 insertions, 492 deletions
diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am index 560e186e2..853b1cebc 100644 --- a/src/libstrongswan/plugins/x509/Makefile.am +++ b/src/libstrongswan/plugins/x509/Makefile.am @@ -11,7 +11,6 @@ libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \ x509_ac.h x509_ac.c \ x509_pkcs10.h x509_pkcs10.c \ x509_ocsp_request.h x509_ocsp_request.c \ - x509_ocsp_response.h x509_ocsp_response.c \ - ietf_attr_list.h ietf_attr_list.c + x509_ocsp_response.h x509_ocsp_response.c libstrongswan_x509_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.c b/src/libstrongswan/plugins/x509/ietf_attr_list.c deleted file mode 100644 index d1ba7266e..000000000 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright (C) 2007 Andreas Steffen, Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <string.h> -#include <stdio.h> - -#include <debug.h> -#include <library.h> - -#include <asn1/oid.h> -#include <asn1/asn1.h> -#include <asn1/asn1_parser.h> -#include <utils/lexparser.h> - -#include "ietf_attr_list.h" - -/** - * Private definition of ietfAttribute kinds - */ -typedef enum { - IETF_ATTRIBUTE_OCTETS = 0, - IETF_ATTRIBUTE_OID = 1, - IETF_ATTRIBUTE_STRING = 2 -} ietfAttribute_t; - -typedef struct ietfAttr_t ietfAttr_t; - -/** - * Private definition of an ietfAttribute - */ -struct ietfAttr_t { - /** - * IETF attribute kind - */ - ietfAttribute_t kind; - - /** - * IETF attribute valuse - */ - chunk_t value; - - /** - * Compares two ietfAttributes - * - * return -1 if this is earlier in the alphabet than other - * return 0 if this equals other - * return +1 if this is later in the alphabet than other - * - * @param this calling object - * @param other other object - */ - int (*compare) (const ietfAttr_t *this ,const ietfAttr_t *other); - - /** - * Destroys the ietfAttr_t object. - * - * @param this ietfAttr_t to destroy - */ - void (*destroy) (ietfAttr_t *this); -}; - -/** - * Implements ietfAttr_t.compare. - */ -static int ietfAttr_compare(const ietfAttr_t *this ,const ietfAttr_t *other) -{ - int cmp_len, len, cmp_value; - - /* OID attributes are appended after STRING and OCTETS attributes */ - if (this->kind != IETF_ATTRIBUTE_OID && other->kind == IETF_ATTRIBUTE_OID) - { - return -1; - } - if (this->kind == IETF_ATTRIBUTE_OID && other->kind != IETF_ATTRIBUTE_OID) - { - return 1; - } - - cmp_len = this->value.len - other->value.len; - len = (cmp_len < 0)? this->value.len : other->value.len; - cmp_value = memcmp(this->value.ptr, other->value.ptr, len); - - return (cmp_value == 0)? cmp_len : cmp_value; -} - -/** - * Implements ietfAttr_t.destroy. - */ -static void ietfAttr_destroy(ietfAttr_t *this) -{ - free(this->value.ptr); - free(this); -} - -/** - * Creates an ietfAttr_t object. - */ -static ietfAttr_t *ietfAttr_create(ietfAttribute_t kind, chunk_t value) -{ - ietfAttr_t *this = malloc_thing(ietfAttr_t); - - /* initialize */ - this->kind = kind; - this->value = chunk_clone(value); - - /* function */ - this->compare = ietfAttr_compare; - this->destroy = ietfAttr_destroy; - - return this; -} - -/** - * Adds an ietfAttr_t object to a sorted linked list - */ -static void ietfAttr_add(linked_list_t *list, ietfAttr_t *attr) -{ - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *current_attr; - bool found = FALSE; - - while (iterator->iterate(iterator, (void **)¤t_attr)) - { - int cmp = attr->compare(attr, current_attr); - - if (cmp > 0) - { - continue; - } - if (cmp == 0) - { - attr->destroy(attr); - } - else - { - iterator->insert_before(iterator, attr); - } - found = TRUE; - break; - } - iterator->destroy(iterator); - if (!found) - { - list->insert_last(list, attr); - } -} - -/* - * Described in header. - */ -bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b) -{ - bool result = TRUE; - - /* lists must have the same number of attributes */ - if (list_a->get_count(list_a) != list_b->get_count(list_b)) - { - return FALSE; - } - /* empty lists - no attributes */ - if (list_a->get_count(list_a) == 0) - { - return TRUE; - } - - /* compare two alphabetically-sorted lists */ - { - iterator_t *iterator_a = list_a->create_iterator(list_a, TRUE); - iterator_t *iterator_b = list_b->create_iterator(list_b, TRUE); - ietfAttr_t *attr_a, *attr_b; - - while (iterator_a->iterate(iterator_a, (void **)&attr_a) && - iterator_b->iterate(iterator_b, (void **)&attr_b)) - { - if (attr_a->compare(attr_a, attr_b) != 0) - { - /* we have a mismatch */ - result = FALSE; - break; - } - } - iterator_a->destroy(iterator_a); - iterator_b->destroy(iterator_b); - } - return result; -} - -/* - * Described in header. - */ -void ietfAttr_list_list(linked_list_t *list, FILE *out) -{ - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *attr; - bool first = TRUE; - - while (iterator->iterate(iterator, (void **)&attr)) - { - if (first) - { - first = FALSE; - } - else - { - fprintf(out, ", "); - } - - switch (attr->kind) - { - case IETF_ATTRIBUTE_OCTETS: - case IETF_ATTRIBUTE_STRING: - fprintf(out, "%.*s", (int)attr->value.len, attr->value.ptr); - break; - case IETF_ATTRIBUTE_OID: - { - int oid = asn1_known_oid(attr->value); - - if (oid == OID_UNKNOWN) - { - fprintf(out, "0x#B", &attr->value); - } - else - { - fprintf(out, "%s", oid_names[oid]); - } - } - break; - default: - break; - } - } - iterator->destroy(iterator); -} - -/* - * Described in header. - */ -void ietfAttr_list_create_from_string(char *msg, linked_list_t *list) -{ - chunk_t line = { msg, strlen(msg) }; - - while (eat_whitespace(&line)) - { - chunk_t group; - - /* extract the next comma-separated group attribute */ - if (!extract_token(&group, ',', &line)) - { - group = line; - line.len = 0; - } - - /* remove any trailing spaces */ - while (group.len > 0 && *(group.ptr + group.len - 1) == ' ') - { - group.len--; - } - - /* add the group attribute to the list */ - if (group.len > 0) - { - ietfAttr_t *attr = ietfAttr_create(IETF_ATTRIBUTE_STRING, group); - - ietfAttr_add(list, attr); - } - } -} - -/** - * ASN.1 definition of ietfAttrSyntax - */ -static const asn1Object_t ietfAttrSyntaxObjects[] = -{ - { 0, "ietfAttrSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "policyAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | - ASN1_BODY }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "values", ASN1_SEQUENCE, ASN1_LOOP }, /* 3 */ - { 2, "octets", ASN1_OCTET_STRING, ASN1_OPT | - ASN1_BODY }, /* 4 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 5 */ - { 2, "oid", ASN1_OID, ASN1_OPT | - ASN1_BODY }, /* 6 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 2, "string", ASN1_UTF8STRING, ASN1_OPT | - ASN1_BODY }, /* 8 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */ - { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define IETF_ATTR_OCTETS 4 -#define IETF_ATTR_OID 6 -#define IETF_ATTR_STRING 8 - -/* - * Described in header. - */ -void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - - parser = asn1_parser_create(ietfAttrSyntaxObjects, chunk); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case IETF_ATTR_OCTETS: - case IETF_ATTR_OID: - case IETF_ATTR_STRING: - { - ietfAttribute_t kind = (objectID - IETF_ATTR_OCTETS) / 2; - ietfAttr_t *attr = ietfAttr_create(kind, object); - ietfAttr_add(list, attr); - } - break; - default: - break; - } - } - parser->destroy(parser); -} - -/* - * Described in header. - */ -chunk_t ietfAttr_list_encode(linked_list_t *list) -{ - chunk_t ietfAttributes; - size_t size = 0; - u_char *pos; - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *attr; - - /* precalculate the total size of all values */ - while (iterator->iterate(iterator, (void **)&attr)) - { - size_t len = attr->value.len; - - size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len; - } - iterator->destroy(iterator); - - pos = asn1_build_object(&ietfAttributes, ASN1_SEQUENCE, size); - - iterator = list->create_iterator(list, TRUE); - while (iterator->iterate(iterator, (void **)&attr)) - { - chunk_t ietfAttribute; - asn1_t type = ASN1_NULL; - - switch (attr->kind) - { - case IETF_ATTRIBUTE_OCTETS: - type = ASN1_OCTET_STRING; - break; - case IETF_ATTRIBUTE_STRING: - type = ASN1_UTF8STRING; - break; - case IETF_ATTRIBUTE_OID: - type = ASN1_OID; - break; - } - ietfAttribute = asn1_simple_object(type, attr->value); - - /* copy ietfAttribute into ietfAttributes chunk */ - memcpy(pos, ietfAttribute.ptr, ietfAttribute.len); - pos += ietfAttribute.len; - free(ietfAttribute.ptr); - } - iterator->destroy(iterator); - - return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes); -} - -/* - * Described in header. - */ -void ietfAttr_list_destroy(linked_list_t *list) -{ - list->destroy_offset(list, offsetof(ietfAttr_t, destroy)); -} diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h deleted file mode 100644 index 124468bac..000000000 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (C) 2007 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup ietf_attr_list ietf_attr_list - * @{ @ingroup x509_p - */ - -#ifndef IETF_ATTR_LIST_H_ -#define IETF_ATTR_LIST_H_ - -#include <library.h> -#include <utils/linked_list.h> - - -/** - * @brief Compare two linked lists of ietfAttr_t objects for equality - * - * @param list_a first alphabetically-sorted list - * @param list_b second alphabetically-sorted list - * @return TRUE if equal - */ -bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b); - -/** - * @brief Lists a linked list of ietfAttr_t objects - * - * @param list alphabetically-sorted linked list of attributes - * @param out output file - */ -void ietfAttr_list_list(linked_list_t *list, FILE *out); - -/** - * @brief Create a linked list of ietfAttr_t objects from a string - * - * @param msg string with comma-separated group names - * @param list alphabetically-sorted linked list of attributes - */ -void ietfAttr_list_create_from_string(char *msg, linked_list_t *list); - -/** - * @brief Create a linked list of ietfAttr_t objects from an ASN.1-coded chunk - * - * @param chunk chunk containing ASN.1-coded attributes - * @param list alphabetically-sorted linked list of attributes - * @param level0 parsing level - */ -void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int level0); - -/** - * @brief Encode a linked list of ietfAttr_t objects into an ASN.1-coded chunk - * - * @param list alphabetically-sorted linked list of attributes - * @return chunk containing ASN.1-coded attributes - */ -chunk_t ietfAttr_list_encode(linked_list_t *list); - -/** - * @brief Destroys a linked list of ietfAttr_t objects - * - * @param list list to be destroyed - */ -void ietfAttr_list_destroy(linked_list_t *list); - -#endif /** IETF_ATTR_LIST_H_ @}*/ - diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 878406a71..5e8ea2e71 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -1,10 +1,10 @@ /* * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter - * Copyright (C) 2002-2008 Andreas Steffen + * Copyright (C) 2002-2009 Andreas Steffen * Copyright (C) 2009 Martin Willi * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -18,7 +18,6 @@ */ #include "x509_ac.h" -#include "ietf_attr_list.h" #include <time.h> @@ -30,6 +29,7 @@ #include <utils/identification.h> #include <utils/linked_list.h> #include <credentials/certificates/x509.h> +#include <credentials/ietf_attributes/ietf_attributes.h> #include <credentials/keys/private_key.h> extern chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, @@ -100,12 +100,12 @@ struct private_x509_ac_t { /** * List of charging attributes */ - linked_list_t *charging; + ietf_attributes_t *charging; /** * List of groub attributes */ - linked_list_t *groups; + ietf_attributes_t *groups; /** * Authority Key Identifier @@ -413,10 +413,14 @@ static bool parse_certificate(private_x509_ac_t *this) DBG2(" need to parse accessIdentity"); break; case OID_CHARGING_IDENTITY: - ietfAttr_list_create_from_chunk(object, this->charging, level); + DBG2("-- > --"); + this->charging = ietf_attributes_create_from_encoding(object); + DBG2("-- < --"); break; case OID_GROUP: - ietfAttr_list_create_from_chunk(object, this->groups, level); + DBG2("-- > --"); + this->groups = ietf_attributes_create_from_encoding(object); + DBG2("-- < --"); break; case OID_ROLE: parse_roleSyntax(object, level); @@ -543,7 +547,7 @@ static chunk_t build_attribute_type(int type, chunk_t content) static chunk_t build_attributes(private_x509_ac_t *this) { return asn1_wrap(ASN1_SEQUENCE, "m", - build_attribute_type(OID_GROUP, ietfAttr_list_encode(this->groups))); + build_attribute_type(OID_GROUP, this->groups->get_encoding(this->groups))); } /** @@ -664,6 +668,14 @@ static chunk_t get_authKeyIdentifier(private_x509_ac_t *this) } /** + * Implementation of certificate_t.get_groups. + */ +static ietf_attributes_t* get_groups(private_x509_ac_t *this) +{ + return this->groups ? this->groups->get_ref(this->groups) : NULL; +} + +/** * Implementation of certificate_t.get_type */ static certificate_type_t get_type(private_x509_ac_t *this) @@ -881,9 +893,8 @@ static void destroy(private_x509_ac_t *this) DESTROY_IF(this->holderCert); DESTROY_IF(this->signerCert); DESTROY_IF(this->signerKey); - - ietfAttr_list_destroy(this->charging); - ietfAttr_list_destroy(this->groups); + DESTROY_IF(this->charging); + DESTROY_IF(this->groups); free(this->serialNumber.ptr); free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); @@ -902,7 +913,8 @@ static private_x509_ac_t *create_empty(void) this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial; this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial; this->public.interface.get_holderIssuer = (identification_t* (*)(ac_t*))get_holderIssuer; - this->public.interface.get_authKeyIdentifier = (chunk_t(*)(ac_t*))get_authKeyIdentifier; + this->public.interface.get_authKeyIdentifier = (chunk_t (*)(ac_t*))get_authKeyIdentifier; + this->public.interface.get_groups = (ietf_attributes_t* (*)(ac_t*))get_groups; this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_subject; this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -928,8 +940,8 @@ static private_x509_ac_t *create_empty(void) this->holderCert = NULL; this->signerCert = NULL; this->signerKey = NULL; - this->charging = linked_list_create(); - this->groups = linked_list_create(); + this->charging = NULL; + this->groups = NULL; this->ref = 1; return this; @@ -992,7 +1004,7 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) ac->serialNumber = chunk_clone(va_arg(args, chunk_t)); continue; case BUILD_IETF_GROUP_ATTR: - ietfAttr_list_create_from_string(va_arg(args, char*), ac->groups); + ac->groups = ietf_attributes_create_from_string(va_arg(args, char*)); continue; case BUILD_CERT: ac->holderCert = va_arg(args, certificate_t*); |