diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-07-17 21:48:46 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-07-17 21:48:46 +0000 |
commit | f35ee21d899cbdc77b8f2c1d95229a1bd5d8f211 (patch) | |
tree | b308de66b9eef31a73f14c876c5f15d51b6c2b51 /sbin | |
parent | 93fd7a94f48148ec0b408a35b6f14a0ce3ba8efd (diff) |
regress/x509/certificate.txt: Merge with EOM 1.4
asn_useful.h: Merge with EOM 1.7
asn.c: Merge with EOM 1.28
asn.h: Merge with EOM 1.19
asn_useful.c: Merge with EOM 1.12
pkcs.c: Merge with EOM 1.21
pkcs.h: Merge with EOM 1.9
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/asn.c | 1213 | ||||
-rw-r--r-- | sbin/isakmpd/asn.h | 157 | ||||
-rw-r--r-- | sbin/isakmpd/asn_useful.c | 144 | ||||
-rw-r--r-- | sbin/isakmpd/asn_useful.h | 97 | ||||
-rw-r--r-- | sbin/isakmpd/pkcs.c | 382 | ||||
-rw-r--r-- | sbin/isakmpd/pkcs.h | 85 | ||||
-rw-r--r-- | sbin/isakmpd/regress/x509/certificate.txt | 8 |
7 files changed, 0 insertions, 2086 deletions
diff --git a/sbin/isakmpd/asn.c b/sbin/isakmpd/asn.c deleted file mode 100644 index 68d7c2826ca..00000000000 --- a/sbin/isakmpd/asn.c +++ /dev/null @@ -1,1213 +0,0 @@ -/* $OpenBSD: asn.c,v 1.8 1999/06/05 18:01:28 niklas Exp $ */ -/* $EOM: asn.c,v 1.27 1999/06/05 18:02:38 niklas Exp $ */ - -/* - * Copyright (c) 1998 Niels Provos. All rights reserved. - * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Ericsson Radio Systems. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#include <sys/param.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <stdlib.h> -#include <string.h> -#include <gmp.h> -#include <unistd.h> - -#include "sysdep.h" - -#include "log.h" -#include "asn.h" -#include "gmp_util.h" - -struct asn_handler table[] = { - { - TAG_INTEGER, asn_free_integer, asn_get_encoded_len_integer, - asn_decode_integer, asn_encode_integer - }, - { - TAG_OBJECTID, asn_free_objectid, asn_get_encoded_len_objectid, - asn_decode_objectid, asn_encode_objectid - }, - { - TAG_SEQUENCE, asn_free_sequence, asn_get_encoded_len_sequence, - asn_decode_sequence, asn_encode_sequence - }, - { - TAG_SET, asn_free_sequence, asn_get_encoded_len_sequence, - asn_decode_sequence, asn_encode_sequence - }, - { - TAG_UTCTIME, asn_free_string, asn_get_encoded_len_string, - asn_decode_string, asn_encode_string - }, - { - TAG_BITSTRING, asn_free_string, asn_get_encoded_len_string, - asn_decode_string, asn_encode_string - }, - { - TAG_OCTETSTRING, asn_free_string, asn_get_encoded_len_string, - asn_decode_string, asn_encode_string - }, - { - TAG_BOOL, asn_free_string, asn_get_encoded_len_string, asn_decode_string, - asn_encode_string - }, - { - TAG_PRINTSTRING, asn_free_string, asn_get_encoded_len_string, - asn_decode_string, asn_encode_string - }, - { - TAG_RAW, asn_free_raw, asn_get_encoded_len_raw, asn_decode_raw, - asn_encode_raw - }, - { - TAG_NULL, asn_free_null, asn_get_encoded_len_null, asn_decode_null, - asn_encode_null - }, - { TAG_ANY, asn_free_null, 0, asn_decode_any, 0 }, - { TAG_STOP, 0, 0, 0, 0 } -}; - -int -asn_get_from_file (char *name, u_int8_t **asn, u_int32_t *asnlen) -{ - int fd, res = 0; - struct stat st; - - if (stat (name, &st) == -1) - { - log_error ("asn_get_from_file: failed to state %s", name); - return 0; - } - - *asnlen = st.st_size; - - if ((fd = open (name, O_RDONLY)) == -1) - { - log_error ("asn_get_from_file: failed to open %s", name); - return 0; - } - - *asn = malloc (st.st_size); - if (!*asn) - { - log_print ("asn_get_from_file: malloc (%d) failed", st.st_size); - res = 0; - goto done; - } - - if (read (fd, *asn, st.st_size) != st.st_size - || asn_get_len (*asn) != *asnlen) - { - log_print ("x509_asn_obtain: asn file ended early"); - free (*asn); - res = 0; - goto done; - } - - res = 1; - - done: - close (fd); - - return res; -} - -struct norm_type * -asn_template_clone (struct norm_type *obj, int constructed) -{ - struct norm_type *p; - u_int32_t i; - - if (!constructed) - { - p = malloc (sizeof (struct norm_type)); - if (!p) - { - log_error ("asn_template_clone: malloc (%d) failed", - sizeof (struct norm_type)); - return 0; - } - - memcpy (p, obj, sizeof (struct norm_type)); - - obj = p; - } - - if (obj->type != TAG_SEQUENCE && obj->type != TAG_SET) - { - obj->len = 0; - obj->data = 0; - } - else if (obj->type == TAG_SEQUENCE || obj->type == TAG_SET) - { - p = obj; - obj = obj->data; - i = 0; - while (obj[i++].type != TAG_STOP); - - p->data = malloc (i * sizeof (struct norm_type)); - if (!p->data) - { - log_error ("asn_template_clone: malloc (%d) failed", - i * sizeof (struct norm_type)); - return 0; - } - memcpy (p->data, obj, i * sizeof (struct norm_type)); - obj = p->data; - - i = 0; - while (obj[i].type != TAG_STOP) - { - obj[i].len = 0; - if (!asn_template_clone (&obj[i], 1)) - return 0; - - i++; - } - } - - return obj; -} - -/* Associates a human readable name to an OBJECT IDENTIFIER. */ -char * -asn_parse_objectid (struct asn_objectid *table, char *id) -{ - u_int32_t len = 0; - char *p = 0; - static char buf[LINE_MAX]; - - if (!id) - return 0; - - while (table->name) - { - if (strcmp (table->objectid, id) == 0) - return table->name; - if (strncmp (table->objectid, id, strlen (table->objectid) == 0) - && strlen (table->objectid) > len) - { - len = strlen (table->objectid); - p = table->name; - } - - table++; - } - - if (len == 0) - return 0; - - strncpy (buf, p, sizeof (buf) - 1); - buf[sizeof (buf) - 1] = 0; - strncat (buf + strlen (buf), id + len, sizeof (buf) - 1 - strlen (buf)); - buf[sizeof (buf) - 1] = 0; - - return buf; -} - -/* Retrieves the pointer to a data type referenced by the path name. */ -struct norm_type * -asn_decompose (char *path, struct norm_type *obj) -{ - char *p, *p2, *tmp; - int counter; - - if (strcasecmp (path, obj->name) == 0) - return obj->data; - - p = strdup (path); - if (!p) - { - log_error ("asn_decompose: strdup(\"%s\") failed", path); - return 0; - } - path = p; - p2 = strsep (&p, "."); - - if (strcasecmp (p2, obj->name) || !p) - goto fail; - - while (p) - { - obj = obj->data; - if (!obj) - break; - - p2 = strsep (&p, "."); - - /* - * For SEQUENCE OF or SET OF, we want to be able to say - * AttributeValueAssertion[1] for the 2nd value. - */ - tmp = strchr (p2, '['); - if (tmp) - { - counter = atoi (tmp + 1); - *tmp = 0; - } - else - counter = 0; - - /* Find the tag. */ - while (obj->type != TAG_STOP) - { - if (strcasecmp (p2, obj->name) == 0 && counter-- == 0) - break; - obj++; - } - - if (obj->type == TAG_STOP) - goto fail; - - if (!p) - goto done; - - if (obj->type != TAG_SEQUENCE && obj->type != TAG_SET) - goto fail; - } - - done: - free (path); - return obj; - - fail: - free (path); - return 0; -} - -/* Gets an entry from the ASN.1 tag switch table. */ -struct asn_handler * -asn_get (enum asn_tags type) -{ - struct asn_handler *h = table; - - while (h->type != TAG_STOP) - if (h->type == type) - return h; - else - h++; - - return 0; -} - -/* - * For the long form of BER encoding we need to know in how many - * octets the length can be encoded. - */ -u_int32_t -asn_sizeinoctets (u_int32_t len) -{ - u_int32_t log = 0; - - while (len) - { - log++; - len >>= 8; - } - - return log; -} - -u_int8_t * -asn_format_header (struct norm_type *obj, u_int8_t *asn, u_int8_t **data) -{ - u_int8_t *buf = 0, *erg; - u_int8_t type; - u_int16_t len_off, len; - struct asn_handler *h; - - h = asn_get (obj->type); - if (!h) - return 0; - - if (asn) - buf = asn; - - /* We only do low tags at the moment. */ - len_off = 1; - - len = h->get_encoded_len (obj, &type); - - if (!buf) - { - buf = malloc (len); - if (!buf) - { - log_error ("asn_format_header: malloc (%d) failed", len); - return 0; - } - } - - if (type != ASN_LONG_FORM) - { - len -= len_off + 1; - buf[len_off] = len; - - *data = buf + len_off + 1; - } - else - { - u_int16_t tmp; - int octets = asn_sizeinoctets (len); - - len -= len_off + 1 + octets; - *data = buf + len_off + 1 + octets; - - buf[len_off] = octets | ASN_LONG_FORM; - - tmp = len; - while (--octets >= 0) - { - buf[len_off + 1 + octets] = tmp; - tmp >>= 8; - } - } - - if (ISEXPLICIT (obj)) - { - /* Explicit tagging adds an outer layer. */ - struct norm_type tmp = {obj->type, obj->class&0x3, 0, 0, obj->data}; - - /* XXX Force the class to be CONTEXT. */ - buf[0] = GET_EXP (obj) | (((enum asn_classes)CONTEXT & 0x3) << 6) - | ASN_CONSTRUCTED; - erg = asn_format_header (&tmp, *data, data); - - if (erg && (obj->type == TAG_SEQUENCE || obj->type == TAG_SET)) - erg[0] |= ASN_CONSTRUCTED; - } - else - /* XXX Low tags only. */ - buf[0] = obj->type | (obj->class << 6); - - return buf; -} - -u_int32_t -asn_get_encoded_len (struct norm_type *obj, u_int32_t len, u_int8_t *type) -{ - u_int32_t len_off = 1; - - if (len <= 127) - { - /* Short form */ - len = len + 1 + len_off; - if (type) - *type = 0; - } - else - { - /* Long Form */ - len = len + asn_sizeinoctets (len) + 1 + len_off; - if (type) - *type = ASN_LONG_FORM; - } - - if (obj && ISEXPLICIT (obj)) - len = asn_get_encoded_len (0, len, 0); - - return len; -} - -/* Tries to decode an ANY tag, if we cant handle it we just raw encode it. */ -u_int8_t * -asn_decode_any (u_int8_t *asn, u_int32_t asnlen, struct norm_type *obj) -{ - struct asn_handler *h; - enum asn_tags type; - - type = TAG_TYPE (asn); - if (type == TAG_SEQUENCE || type == TAG_SET) - type = TAG_RAW; - - h = asn_get (type); - if (!h) - { - type = TAG_RAW; - h = asn_get (type); - } - - obj->type = type; - return h->decode (asn, asnlen, obj); -} - -u_int32_t -asn_get_encoded_len_integer (struct norm_type *obj, u_int8_t *type) -{ - u_int16_t len_off; - u_int32_t len = obj->len; - u_int32_t tmp; - mpz_t a; - - /* XXX We only do low tags at the moment. */ - len_off = 1; - - obj->len = len = mpz_sizeinoctets ((mpz_ptr) obj->data); - mpz_init_set (a, (mpz_ptr) obj->data); - - if (len > 1) - mpz_fdiv_q_2exp (a, a, (len - 1) << 3); - - tmp = mpz_fdiv_r_ui (a, a, 256); - mpz_clear (a); - - /* - * We only need to encode positive integers, ASN.1 defines - * negative integers to have the msb set, so if data[0] has - * msb set we need to introduce a zero octet. - */ - if (tmp & 0x80) - len++; - - return asn_get_encoded_len (obj, len, type); -} - -/* - * Encode an integer value. - * Input = obj, output = asn or return value. - */ -u_int8_t * -asn_encode_integer (struct norm_type *obj, u_int8_t *asn) -{ - u_int8_t *buf, *data; - u_int32_t len; - - buf = asn_format_header (obj, asn, &data); - - if (!buf) - return 0; - - len = mpz_sizeinoctets ((mpz_ptr) obj->data); - mpz_getraw (data, (mpz_ptr) obj->data, len); - - /* XXX We only deal with unsigned integers at the moment. */ - if (data[0] & 0x80) - { - memmove (data + 1, data, len); - data[0] = 0; - } - - return buf; -} - -u_int8_t * -asn_decode_integer (u_int8_t *asn, u_int32_t asnlen, struct norm_type *obj) -{ - u_int8_t *data; - u_int32_t len; - mpz_ptr p; - - if (asnlen < asn_get_len (asn)) - { - log_print ("asn_decode_integer: ASN.1 content is bigger than buffer"); - return 0; - } - - len = asn_get_data_len (obj, &asn, &data); - - if (TAG_TYPE (asn) != TAG_INTEGER) - { - log_print ("asn_decode_integer: expected tag type INTEGER, got %d", - TAG_TYPE (asn)); - return 0; - } - - p = malloc (sizeof *p); - if (!p) - { - log_error ("asn_decode_integer: malloc (%d) failed", sizeof *p); - return 0; - } - - mpz_init (p); - mpz_setraw (p, data, len); - - obj->len = len; - obj->data = p; - - return data + len; -} - -void -asn_free_integer (struct norm_type *obj) -{ - if (obj->data) - { - mpz_clear ((mpz_ptr) obj->data); - free (obj->data); - } -} - - -u_int32_t -asn_get_encoded_len_string (struct norm_type *obj, u_int8_t *type) -{ - return asn_get_encoded_len (obj, obj->len, type); -} - -/* - * Encode a String - * Input = obj, output = asn or return value. - */ -u_int8_t * -asn_encode_string (struct norm_type *obj, u_int8_t *asn) -{ - u_int8_t *buf, *data; - - buf = asn_format_header (obj, asn, &data); - - if (!buf) - return 0; - - memcpy (data, obj->data, obj->len); - - return buf; -} - -u_int8_t * -asn_decode_string (u_int8_t *asn, u_int32_t asnlen, struct norm_type *obj) -{ - u_int8_t *data; - u_int32_t len; - - obj->len = len = asn_get_data_len (obj, &asn, &data); - - if (TAG_TYPE (asn) != obj->type) - { - log_print ("asn_decode_string: expected tag type STRING(%d), got %d", - obj->type, TAG_TYPE (asn)); - return 0; - } - - if (asnlen < asn_get_len (asn)) - { - log_print ("asn_decode_string: ASN.1 content is bigger than buffer"); - return 0; - } - - obj->data = malloc (obj->len + 1); - if (!obj->data) - { - log_error ("asn_decode_string: malloc (%d) failed", obj->len + 1); - return 0; - } - memcpy ((char *)obj->data, data, obj->len); - - /* - * Encode a terminating '0', this is irrelevant for OCTET strings - * but nice for printable strings which do not include the terminating - * zero. - */ - ((char *)obj->data)[obj->len] = 0; - - return data + len; -} - -void -asn_free_string (struct norm_type *obj) -{ - if (obj->data) - free (obj->data); -} - - -u_int32_t -asn_get_encoded_len_objectid (struct norm_type *obj, u_int8_t *type) -{ - u_int16_t len_off; - u_int32_t len; - u_int32_t tmp; - char *buf, *buf2; - - /* XXX We only do low tags at the moment. */ - len_off = 1; - - /* The first two numbers are encoded together. */ - buf = obj->data; - tmp = strtol (buf, &buf2, 10); - buf = buf2; - tmp = strtol (buf, &buf2, 10); - buf = buf2; - - len = 1; - while (*buf) - { - tmp = strtol (buf, &buf2, 10); - if (buf == buf2) - break; - - buf = buf2; - do { - tmp >>= 7; - len++; - } while (tmp); - } - - /* The first two IDs are encoded as one octet. */ - obj->len = len - 1; - - return asn_get_encoded_len (obj, len, type); -} - -/* - * Encode an Object Identifier - * Input = obj, output = asn or return value. - */ -u_int8_t * -asn_encode_objectid (struct norm_type *obj, u_int8_t *asn) -{ - u_int8_t *buf, *data; - char *enc, *enc2; - u_int32_t tmp, tmp2; - int flag = 0; - - buf = asn_format_header (obj, asn, &data); - - if (!buf) - return 0; - - enc = obj->data; - while (*enc) - { - /* First two IDs are encoded as one octet. */ - if (flag == 0) - { - tmp = strtol (enc, &enc2, 10); - if (enc == enc2) - return 0; - enc = enc2; - tmp2 = strtol (enc, &enc2, 10) + 40 * tmp; - flag = 1; - } - else - tmp2 = strtol (enc, &enc2, 10); - - if (enc == enc2) - break; - - /* Reverse the digits to base-128. */ - tmp = 0; - do { - tmp <<= 7; - tmp += tmp2 & 0x7f; - tmp2 >>= 7; - } while (tmp2); - - enc = enc2; - do { - /* If the next octet still belongs to the data set MSB. */ - *data++ = (tmp & 0x7f) | ( tmp > 127 ? 0x80 : 0); - tmp >>= 7; - } while (tmp); - } - - return buf; -} - -u_int8_t * -asn_decode_objectid (u_int8_t *asn, u_int32_t asnlen, struct norm_type *obj) -{ - u_int8_t *data; - u_int32_t len, c, tmp; - int flag = 0; - void *new_buf; - - len = asn_get_data_len (obj, &asn, &data); - - if (TAG_TYPE (asn) != TAG_OBJECTID) - { - log_print ("asn_decode_objectid: expected tag type OBJECTID, got %d", - TAG_TYPE (asn)); - return 0; - } - - if (asnlen < asn_get_len (asn)) - { - log_print ("asn_decode_objectid: ASN.1 content is bigger than buffer"); - return 0; - } - - obj->data = 0; - obj->len = 0; - while (len > 0) - { - tmp = 0; - do - { - tmp <<= 7; - tmp += *data & 0x7f; - } - while (len-- > 0 && (*data++ & 0x80)); - - if (flag == 0) - c = snprintf (0, 0, "%d %d ", tmp / 40, tmp % 40) + 1; - else - c = snprintf (0, 0, "%d ", tmp) + 1; - - new_buf = realloc (obj->data, obj->len + c); - if (!new_buf) - { - log_error ("asn_decode_objectid: realloc (%p, %d) failed", obj->data, - obj->len + c); - free (obj->data); - obj->data = 0; - return 0; - } - obj->data = new_buf; - - if (flag == 0) - { - sprintf (obj->data + obj->len, "%d %d ", tmp/40, tmp % 40); - flag = 1; - } - else - sprintf (obj->data + obj->len, "%d ", tmp); - - obj->len = strlen (obj->data); - } - - if (obj->data) - ((char *)obj->data)[obj->len - 1] = 0; - - return data; -} - -void -asn_free_objectid (struct norm_type *obj) -{ - if (obj->data) - free (obj->data); -} - - -u_int32_t -asn_get_encoded_len_raw (struct norm_type *obj, u_int8_t *type) -{ - if (type) - { - if (obj->len > 127) - *type = ASN_LONG_FORM; - else - *type = 0; - } - - return obj->len; -} - -u_int8_t * -asn_encode_raw (struct norm_type *obj, u_int8_t *asn) -{ - u_int8_t *buf = 0; - - if (obj->len == 0) - return asn; - - if (asn) - buf = asn; - - if (!buf) - { - buf = malloc (obj->len); - if (!buf) - { - log_error ("asn_encode_raw: malloc (%d) failed", obj->len); - return 0; - } - } - - memcpy (buf, obj->data, obj->len); - - return buf; -} - -u_int8_t * -asn_decode_raw (u_int8_t *asn, u_int32_t asnlen, struct norm_type *obj) -{ - obj->len = asn_get_len (asn); - if (asnlen < obj->len) - { - log_print ("asn_decode_raw: ASN.1 content is bigger than buffer"); - return 0; - } - - obj->data = malloc (obj->len); - if (!obj->data) - { - log_error ("asn_decode_raw: malloc (%d) failed", obj->len); - return 0; - } - - memcpy (obj->data, asn, obj->len); - - return asn + obj->len; -} - -void -asn_free_raw (struct norm_type *obj) -{ - if (obj->data) - free (obj->data); -} - -u_int32_t -asn_get_encoded_len_null (struct norm_type *obj, u_int8_t *type) -{ - return asn_get_encoded_len (obj, 0, type); -} - -u_int8_t * -asn_encode_null (struct norm_type *obj, u_int8_t *asn) -{ - u_int8_t *buf = 0; - - if (asn) - buf = asn; - - if (!buf) - { - buf = malloc (2); - if (!buf) - { - log_error ("asn_encode_null: malloc (2) failed"); - return 0; - } - } - - buf[0] = obj->type; - buf[1] = 0; - - return buf; -} - -u_int8_t * -asn_decode_null (u_int8_t *asn, u_int32_t asnlen, struct norm_type *obj) -{ - obj->data = 0; - obj->len = 0; - - return asn + asn_get_len (asn); -} - -void -asn_free_null (struct norm_type *obj) -{ - obj->data = 0; -} - -void -asn_free (struct norm_type *obj) -{ - struct asn_handler *h = asn_get (obj->type); - - if (!h) - log_print ("asn_free: unkown ASN.1 type %d", obj->type); - else - h->deallocate (obj); -} - -/* Returns the whole length of the BER encoded ASN.1 object. */ -u_int32_t -asn_get_len (u_int8_t *asn) -{ - u_int32_t len; - u_int8_t *data; - struct norm_type tmp = { TAG_RAW, UNIVERSAL, 0, 0, 0 }; - - len = asn_get_data_len (&tmp, &asn, &data); - - if (!asn) - return 0; - - return (data - asn) + len; -} - -/* - * Returns the length of the ASN content, and a pointer to the content - * data itself. - * For TAG_NULL the data length is zero, so we have to return an error - * in asn, asn will be NULL in case of error. - */ -u_int32_t -asn_get_data_len (struct norm_type *obj, u_int8_t **asn, u_int8_t **data) -{ - u_int32_t len; - u_int16_t len_off = 1; - static struct norm_type tmp = { TAG_RAW, UNIVERSAL, 0, 0, 0 }; - - if (obj && ISEXPLICIT (obj)) - { - if (TAG_TYPE (*asn) != GET_EXP (obj)) - { - log_print ("asn_get_data_len: explicit tagging was needed"); - *asn = 0; - return 0; - } - - asn_get_data_len (&tmp, asn, data); - *asn = *data; - } - - if ((*asn)[len_off] & ASN_LONG_FORM) - { - int i, octets = (*asn)[len_off] & 0x7f; - - /* XXX We only decode really small lengths. */ - if (octets > sizeof len) - { - log_print ("asn_get_data_len: long form length %d exceeds " - "allowed maximum", octets); - *asn = 0; - return 0; - } - - for (len = 0, i = 0; i < octets; i++) - { - len = (len << 8) | (*asn)[len_off + 1 + i]; - } - - if (data) - *data = *asn + len_off + 1 + octets; - } - else - { - /* Short form */ - len = (*asn)[len_off]; - - if (data) - *data = *asn + len_off + 1; - } - - return len; -} - -void -asn_free_sequence (struct norm_type *obj) -{ - struct norm_type *in = obj->data; - struct asn_handler *h; - - if (!in) - return; - - while (in->type != TAG_STOP) - { - h = asn_get (in->type); - if (!h) - break; - - h->deallocate (in++); - } - - free (obj->data); -} - -u_int32_t -asn_get_encoded_len_sequence (struct norm_type *seq, u_int8_t *type) -{ - u_int32_t len, i; - struct asn_handler *h; - struct norm_type *obj = (struct norm_type *) seq->data; - - /* Get whole data length */ - for (len = 0, i = 0; obj[i].type != TAG_STOP; i++) - { - h = asn_get (obj[i].type); - if (!h) - { - log_print ("asn_encode_sequence: unknown type %d", obj[i].type); - break; - } - len += h->get_encoded_len (&obj[i], 0); - } - - return asn_get_encoded_len (seq, len, type); -} - -u_int8_t * -asn_encode_sequence (struct norm_type *seq, u_int8_t *asn) -{ - u_int32_t len; - u_int8_t *erg, *data; - struct norm_type *obj; - struct asn_handler *h; - int i; - - h = asn_get (seq->type); - if (!h) - return 0; - - obj = (struct norm_type *) seq->data; - - erg = asn_format_header (seq, asn, &data); - if (!erg) - return 0; - - for (i = 0, len = 0; obj[i].type != TAG_STOP; i++) - { - h = asn_get (obj[i].type); - if (!h) - { - log_print ("asn_encode_sequence: unknown ASN.1 tag %d", obj[i].type); - return 0; - } - - /* A structure can be optional, indicated by data == 0. */ - if (!h->encode (&obj[i], data + len) && obj->data) - { - log_print ("asn_encode_sequence: encoding of %s failed", - obj[i].name); - return 0; - } - len += h->get_encoded_len (&obj[i], 0); - } - - erg[0] |= ASN_CONSTRUCTED; - - return erg; -} - -u_int8_t * -asn_decode_sequence (u_int8_t *asn, u_int32_t asnlen, struct norm_type *obj) -{ - u_int8_t *p, *data; - u_int32_t len, flags, objects; - struct asn_handler *h; - void *new_buf; - - if (asnlen < asn_get_len (asn)) - { - log_print ("asn_decode_sequence: ASN.1 content is bigger than buffer"); - return 0; - } - - len = asn_get_data_len (obj, &asn, &data); - - /* XXX An empty sequence is that okay. */ - if (len == 0) - return data; - - if (TAG_TYPE (asn) != obj->type) - { - log_print ("asn_decode_sequence: expected tag type SEQUENCE/SET, got %d", - TAG_TYPE (asn)); - return 0; - } - - /* Handle dynamic sized sets and sequences. */ - flags = obj->flags; - - if (flags & ASN_FLAG_ZEROORMORE) - { - struct norm_type stop_tag = { TAG_STOP }; - struct norm_type *tmp; - - /* Zero occurences */ - if (len == 0) - { - asn_free (obj); - obj->data = 0; - return data; - } - - /* Count number of objects */ - p = data; - objects = 0; - while (p < data + len) - { - objects++; - p += asn_get_len (p); - } - if (p != data + len) - { - log_print ("asn_decode_sequence: SEQ/SET OF too many elements"); - return 0; - } - - /* - * Create new templates for dynamically added objects, - * the ASN.1 tags SEQUENCE OF and SET OF, specify an unknown - * number of elements. - */ - new_buf = realloc (obj->data, - (objects + 1) * sizeof (struct norm_type)); - if (!new_buf) - { - log_error ("asn_decode_sequence: realloc (%p, %d) failed", obj->data, - (objects + 1) * sizeof (struct norm_type)); - asn_free (obj); - obj->data = 0; - return 0; - } - obj->data = new_buf; - - tmp = obj->data; - - /* Copy TAG_STOP */ - memcpy (tmp + objects, &stop_tag, sizeof (struct norm_type)); - while (objects-- > 1) - { - memcpy (tmp + objects, tmp, sizeof (struct norm_type)); - if (!asn_template_clone (tmp + objects, 1)) - return 0; - } - } - - obj = (struct norm_type *) obj->data; - - p = data; - while (p < data + len) - { - if (obj->type == TAG_STOP) - break; - h = asn_get (obj->type); - if (!h) - { - log_print ("asn_decode_sequence: unknown ASN.1 tag %d", obj->type); - return 0; - } - - p = h->decode (p, (data - p) + len, obj++); - if (!p) - break; - } - - if (p < data + len) - log_print ("asn_decode_sequence: ASN tag was not decoded completely"); - - if (!p) - return 0; - - return data + len; -} diff --git a/sbin/isakmpd/asn.h b/sbin/isakmpd/asn.h deleted file mode 100644 index 4e161687a36..00000000000 --- a/sbin/isakmpd/asn.h +++ /dev/null @@ -1,157 +0,0 @@ -/* $OpenBSD: asn.h,v 1.4 1999/04/19 20:01:48 niklas Exp $ */ -/* $EOM: asn.h,v 1.18 1999/04/05 18:27:32 niklas Exp $ */ - -/* - * Copyright (c) 1998 Niels Provos. All rights reserved. - * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Ericsson Radio Systems. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#ifndef _ASN_H_ -#define _ASN_H_ - -/* Very very simple module for compiling ASN.1 BER encoding */ - -enum asn_classes { - UNIVERSAL = 0, - APPLICATION = 1, - CONTEXT = 2, - PRIVATE = 3 -}; - -#define TAG_EXPLICIT 4 -#define TAG_EXPSHIFTS 5 - -#define ISEXPLICIT(x) ((x)->class & TAG_EXPLICIT) -#define ADD_EXP(x,y) ((x << TAG_EXPSHIFTS) | TAG_EXPLICIT | (y)) -#define GET_EXP(x) ((x)->class >> TAG_EXPSHIFTS) - -enum asn_tags { - TAG_BOOL = 1, - TAG_INTEGER = 2, - TAG_BITSTRING = 3, - TAG_OCTETSTRING = 4, - TAG_NULL = 5, - TAG_OBJECTID = 6, /* Internal Representation as ASCII String */ - TAG_SEQUENCE = 16, - TAG_SET = 17, - TAG_PRINTSTRING = 19, - TAG_UTCTIME = 23, /* Represenation as ASCII String */ - TAG_STOP = -1, /* None official ASN tag, indicates end */ - TAG_RAW = -2, /* Placeholder for something we cant handle */ - TAG_ANY = -3, /* Either we can handle it or it is RAW */ -}; - -struct norm_type { - enum asn_tags type; - enum asn_classes class; - const char *name; - u_int32_t len; - void *data; - u_int32_t flags; -}; - -struct asn_objectid { - char *name; - char *objectid; -}; - -struct asn_handler { - enum asn_tags type; - void (*deallocate) (struct norm_type *); - u_int32_t (*get_encoded_len) (struct norm_type *, u_int8_t *type); - u_int8_t *(*decode) (u_int8_t *, u_int32_t, struct norm_type *); - u_int8_t *(*encode) (struct norm_type *, u_int8_t *); -}; - -#define ASN_FLAG_ZEROORMORE 0x0001 - -/* Construct a Sequence */ -#define SEQ(x,y) {TAG_SEQUENCE, UNIVERSAL, x, 0, y} -#define SEQOF(x,y) {TAG_SEQUENCE, UNIVERSAL, x, 0, y, ASN_FLAG_ZEROORMORE} -#define SET(x,y) {TAG_SET, UNIVERSAL, x, 0, y} -#define SETOF(x,y) {TAG_SET, UNIVERSAL, x, 0, y, ASN_FLAG_ZEROORMORE} - -#define TAG_TYPE(x) ((enum asn_tags)((x)[0] & 0x1f)) - -/* Tag modifiers */ -#define ASN_CONSTRUCTED 0x20 /* Constructed object type */ - -/* Length modifiers */ -#define ASN_LONG_FORM 0x80 /* Number of length octets */ - -/* Function prototypes */ - -u_int8_t *asn_encode_integer (struct norm_type *, u_int8_t *); -u_int8_t *asn_decode_integer (u_int8_t *, u_int32_t, struct norm_type *); -u_int32_t asn_get_encoded_len_integer (struct norm_type *, u_int8_t *); -void asn_free_integer (struct norm_type *); - -u_int8_t *asn_encode_string (struct norm_type *, u_int8_t *); -u_int8_t *asn_decode_string (u_int8_t *, u_int32_t, struct norm_type *); -u_int32_t asn_get_encoded_len_string (struct norm_type *, u_int8_t *); -void asn_free_string (struct norm_type *); - -u_int8_t *asn_encode_objectid (struct norm_type *, u_int8_t *); -u_int8_t *asn_decode_objectid (u_int8_t *, u_int32_t, struct norm_type *); -u_int32_t asn_get_encoded_len_objectid (struct norm_type *, u_int8_t *); -void asn_free_objectid (struct norm_type *); - -u_int8_t *asn_encode_raw (struct norm_type *, u_int8_t *); -u_int8_t *asn_decode_raw (u_int8_t *, u_int32_t, struct norm_type *); -u_int32_t asn_get_encoded_len_raw (struct norm_type *, u_int8_t *); -void asn_free_raw (struct norm_type *); - -u_int8_t *asn_encode_null (struct norm_type *, u_int8_t *); -u_int8_t *asn_decode_null (u_int8_t *, u_int32_t, struct norm_type *); -u_int32_t asn_get_encoded_len_null (struct norm_type *, u_int8_t *); -void asn_free_null (struct norm_type *); - -u_int8_t *asn_encode_sequence (struct norm_type *, u_int8_t *); -u_int8_t *asn_decode_sequence (u_int8_t *, u_int32_t, struct norm_type *); -u_int32_t asn_get_encoded_len_sequence (struct norm_type *, u_int8_t *); -void asn_free_sequence (struct norm_type *); - -u_int8_t *asn_decode_any (u_int8_t *, u_int32_t, struct norm_type *); - -void asn_free (struct norm_type *); - -int asn_get_from_file (char *, u_int8_t **, u_int32_t *); -struct norm_type *asn_template_clone (struct norm_type *, int); - -u_int32_t asn_sizeinoctets (u_int32_t); -u_int32_t asn_get_len (u_int8_t *); -u_int32_t asn_get_data_len (struct norm_type *, u_int8_t **, u_int8_t **); -u_int32_t asn_get_encoded_len (struct norm_type *, u_int32_t, u_int8_t *); - -char *asn_parse_objectid (struct asn_objectid *, char *); -struct norm_type *asn_decompose (char *, struct norm_type *); -#endif /* _ASN_H_ */ diff --git a/sbin/isakmpd/asn_useful.c b/sbin/isakmpd/asn_useful.c deleted file mode 100644 index 695917e6263..00000000000 --- a/sbin/isakmpd/asn_useful.c +++ /dev/null @@ -1,144 +0,0 @@ -/* $OpenBSD: asn_useful.c,v 1.7 1999/04/19 19:54:53 niklas Exp $ */ -/* $EOM: asn_useful.c,v 1.11 1999/04/02 00:57:27 niklas Exp $ */ - -/* - * Copyright (c) 1998 Niels Provos. All rights reserved. - * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Ericsson Radio Systems. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#include <sys/param.h> - -#include "sysdep.h" - -#include "asn.h" -#include "asn_useful.h" - -struct norm_type AlgorithmIdentifier[] = { - { TAG_OBJECTID, UNIVERSAL, "algorithm", 0, 0 }, - { TAG_ANY, UNIVERSAL, "parameters", 0, 0 }, - { TAG_STOP, UNIVERSAL, 0, 0, 0 } -}; - -struct norm_type Signed[] = { - { TAG_RAW, UNIVERSAL, "data", 0, 0}, - SEQ("algorithm", AlgorithmIdentifier), - { TAG_BITSTRING, UNIVERSAL, "encrypted", 0, 0 }, - { TAG_STOP, UNIVERSAL, 0, 0, 0 } -}; - -struct norm_type Validity[] = { - { TAG_UTCTIME, UNIVERSAL, "notBefore", 0, 0 }, - { TAG_UTCTIME, UNIVERSAL, "notAfter", 0, 0 }, - { TAG_STOP, UNIVERSAL, 0, 0, 0 } -}; - -struct norm_type AttributeValueAssertion[] = { - { TAG_OBJECTID, UNIVERSAL, "AttributeType", 0, 0 }, - { TAG_ANY, UNIVERSAL, "AttributeValue", 0, 0 }, - { TAG_STOP, UNIVERSAL, 0, 0, 0 } -}; - -struct norm_type RelativeDistinguishedName[] = { - SEQ ("AttributeValueAssertion", AttributeValueAssertion), - { TAG_STOP } -}; - -/* - * For decoding this structure is dynamically resized, we add two Names - * only for encoding purposes. - */ -struct norm_type RDNSequence[] = { - SETOF ("RelativeDistinguishedName", RelativeDistinguishedName), - SETOF ("RelativeDistinguishedName", RelativeDistinguishedName), - { TAG_STOP } -}; - -struct norm_type SubjectPublicKeyInfo[] = { - SEQ ("algorithm", AlgorithmIdentifier), - { TAG_BITSTRING, UNIVERSAL, "subjectPublicKey", 0, 0 }, - { TAG_STOP } -}; - -struct norm_type Extension[] = { - { TAG_OBJECTID, UNIVERSAL, "extnId", 0, 0 }, - { TAG_BOOL, UNIVERSAL, "critical", 0, 0 }, - { TAG_OCTETSTRING, UNIVERSAL, "extnValue", 0, 0 }, - { TAG_STOP } -}; - -struct norm_type Extensions[] = { - SEQ ("extension", Extension), - { TAG_STOP } -}; - -struct norm_type Certificate[] = { - /* We need to add an explicit tag, HACK XXX */ - { TAG_INTEGER, ADD_EXP(0, UNIVERSAL), "version", 0, 0 }, - { TAG_INTEGER, UNIVERSAL, "serialNumber", 0, 0 }, - SEQ ("signature", AlgorithmIdentifier), - SEQOF ("issuer", RDNSequence), - SEQ ("validity", Validity), - SEQOF ("subject", RDNSequence), - SEQ ("subjectPublicKeyInfo", SubjectPublicKeyInfo), - { TAG_RAW, UNIVERSAL, "extension", 0, 0 }, - { TAG_STOP } -}; - -struct norm_type DigestInfo[] = { - SEQ ("digestAlgorithm", AlgorithmIdentifier), - { TAG_OCTETSTRING, UNIVERSAL, "digest", 0, 0 }, - { TAG_STOP } -}; - -struct asn_objectid asn_ids[] = { - { "AttributeType", ASN_ID_ATTRIBUTE_TYPE }, - { "CountryName", ASN_ID_COUNTRY_NAME }, - { "LocalityName", ASN_ID_LOCALITY_NAME }, - { "StateOrProvinceName", ASN_ID_STATE_NAME }, - { "OrganizationName", ASN_ID_ORGANIZATION_NAME }, - { "OrganizationUnitName", ASN_ID_ORGUNIT_NAME }, - { "CommonUnitName", ASN_ID_COMMONUNIT_NAME }, - { "pkcs-1", ASN_ID_PKCS }, - { "rsaEncryption", ASN_ID_RSAENCRYPTION }, - { "md2WithRSAEncryption", ASN_ID_MD2WITHRSAENC }, - { "md4WithRSAEncryption", ASN_ID_MD4WITHRSAENC }, - { "md5WithRSAEncryption", ASN_ID_MD5WITHRSAENC }, - { "md2", ASN_ID_MD2 }, - { "md4", ASN_ID_MD4 }, - { "md5", ASN_ID_MD5 }, - { "emailAddress", ASN_ID_EMAILADDRESS }, - { "id-ce", ASN_ID_CE }, - { "subjectAltName", ASN_ID_SUBJECT_ALT_NAME }, - { "issuerAltName", ASN_ID_ISSUER_ALT_NAME }, - { "basicConstraints", ASN_ID_BASIC_CONSTRAINTS }, - { 0, 0 } -}; diff --git a/sbin/isakmpd/asn_useful.h b/sbin/isakmpd/asn_useful.h deleted file mode 100644 index 0db7ec42f3b..00000000000 --- a/sbin/isakmpd/asn_useful.h +++ /dev/null @@ -1,97 +0,0 @@ -/* $OpenBSD: asn_useful.h,v 1.3 1998/11/17 11:10:07 niklas Exp $ */ -/* $EOM: asn_useful.h,v 1.6 1998/08/21 13:47:57 provos Exp $ */ - -/* - * Copyright (c) 1998 Niels Provos. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Ericsson Radio Systems. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#ifndef _ASN_USEFUL_H_ -#define _ASN_USEFUL_H_ - -extern struct norm_type AlgorithmIdentifier[]; -extern struct norm_type Signed[]; -extern struct norm_type Validity[]; -extern struct norm_type RDNSequence[]; -extern struct norm_type Extensions[]; -extern struct norm_type Certificate[]; -extern struct norm_type DigestInfo[]; - -extern struct asn_objectid asn_ids[]; - -/* Accessing a SIGNED type */ -#define ASN_SIGNED(x) ((struct norm_type *)((x)->data)) -#define ASN_SIGNED_DATA(x) (ASN_SIGNED(x)->data) -#define ASN_SIGNED_ALGID(x) ((struct norm_type *)(ASN_SIGNED(x)+1)->data) -#define ASN_SIGNED_ENCRYPTED(x) (ASN_SIGNED(x)+2)->data - -#define ASN_SIGNED_ALGORITHM(x) (ASN_SIGNED_ALGID(x)->data) - -/* Accessing a Certificate */ -#define ASN_NT struct norm_type * -#define ASN_CERT(x) ((ASN_NT)((x)->data)) -#define ASN_CERT_VERSION(x) ASN_CERT(x)->data -#define ASN_CERT_SN(x) (ASN_CERT(x)+1)->data -#define ASN_CERT_ALGID(x) ((ASN_NT)((ASN_CERT(X)+2)->data)) -#define ASN_CERT_ALGORITHM(x) (ASN_CERT_ALGID(x)->data) -#define ASN_CERT_ISSUER(x) (ASN_CERT(x)+3) -#define ASN_CERT_VALIDITY(x) (ASN_CERT(x)+4) -#define ASN_CERT_SUBJECT(x) (ASN_CERT(x)+5) -#define ASN_CERT_PUBLICKEY(x) (ASN_CERT(x)+6) - -/* Accesing type Validity */ -#define ASN_VAL_BEGIN(x) (char *)(((ASN_NT)((x)->data))->data) -#define ASN_VAL_END(x) (char *)(((ASN_NT)((x)->data)+1)->data) - -#define ASN_ID_ATTRIBUTE_TYPE "2 5 4" -#define ASN_ID_COUNTRY_NAME ASN_ID_ATTRIBUTE_TYPE" 6" -#define ASN_ID_LOCALITY_NAME ASN_ID_ATTRIBUTE_TYPE" 7" -#define ASN_ID_STATE_NAME ASN_ID_ATTRIBUTE_TYPE" 8" -#define ASN_ID_ORGANIZATION_NAME ASN_ID_ATTRIBUTE_TYPE" 10" -#define ASN_ID_ORGUNIT_NAME ASN_ID_ATTRIBUTE_TYPE" 11" -#define ASN_ID_COMMONUNIT_NAME ASN_ID_ATTRIBUTE_TYPE" 3" - -#define ASN_ID_PKCS "1 2 840 113549 1 1" -#define ASN_ID_MD2 "1 2 840 113549 2 2" -#define ASN_ID_MD4 "1 2 840 113549 2 4" -#define ASN_ID_MD5 "1 2 840 113549 2 5" -#define ASN_ID_RSAENCRYPTION ASN_ID_PKCS" 1" -#define ASN_ID_MD2WITHRSAENC ASN_ID_PKCS" 2" -#define ASN_ID_MD4WITHRSAENC ASN_ID_PKCS" 3" -#define ASN_ID_MD5WITHRSAENC ASN_ID_PKCS" 4" - -#define ASN_ID_EMAILADDRESS "1 2 840 113549 1 9 1" - -#define ASN_ID_CE "2 5 29" -#define ASN_ID_SUBJECT_ALT_NAME ASN_ID_CE" 17" -#define ASN_ID_ISSUER_ALT_NAME ASN_ID_CE" 18" -#define ASN_ID_BASIC_CONSTRAINTS ASN_ID_CE" 19" -#endif /* _ASN_USEFUL_H_ */ diff --git a/sbin/isakmpd/pkcs.c b/sbin/isakmpd/pkcs.c deleted file mode 100644 index 03830424299..00000000000 --- a/sbin/isakmpd/pkcs.c +++ /dev/null @@ -1,382 +0,0 @@ -/* $Id: pkcs.c,v 1.10 1999/07/08 06:02:39 niklas Exp $ */ - -/* - * Copyright (c) 1998 Niels Provos. All rights reserved. - * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Ericsson Radio Systems. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#include <sys/param.h> -#include <gmp.h> -#include <stdlib.h> -#include <string.h> - -#include "sysdep.h" - -#include "gmp_util.h" -#include "log.h" -#include "asn.h" -#include "asn_useful.h" -#include "pkcs.h" - -struct norm_type RSAPublicKey[] = { - { TAG_INTEGER, UNIVERSAL, "modulus", 0, 0 }, /* modulus */ - { TAG_INTEGER, UNIVERSAL, "publicExponent", 0, 0 }, /* public exponent */ - { TAG_STOP, 0, 0, 0, 0 } -}; - -struct norm_type RSAPrivateKey[] = { - { TAG_INTEGER, UNIVERSAL, "version", 1, "" }, /* version */ - { TAG_INTEGER, UNIVERSAL, "modulus", 0, 0 }, /* modulus */ - { TAG_INTEGER, UNIVERSAL, "publicExponent", 0, 0 }, /* public exponent */ - { TAG_INTEGER, UNIVERSAL, "privateExponent", 0, 0 }, /* private exponent */ - { TAG_INTEGER, UNIVERSAL, "prime1", 0, 0 }, /* p */ - { TAG_INTEGER, UNIVERSAL, "prime2", 0, 0 }, /* q */ - { TAG_INTEGER, UNIVERSAL, "exponent1", 0, 0 }, /* d mod (p-1) */ - { TAG_INTEGER, UNIVERSAL, "exponent2", 0, 0 }, /* d mod (q-1) */ - { TAG_INTEGER, UNIVERSAL, "coefficient", 0, 0 }, /* inv. of q mod p */ - { TAG_STOP, 0, 0, 0, 0 } -}; - -/* - * Fill in the data field in struct norm_type with the octet data - * from n. - */ -int -pkcs_mpz_to_norm_type (struct norm_type *obj, mpz_ptr n) -{ - mpz_ptr p; - - p = malloc (sizeof *p); - if (!p) - { - log_error ("pkcs_mpz_to_norm_type: malloc (%d) failed", sizeof *p); - return 0; - } - - mpz_init_set (p, n); - - obj->len = sizeof *p; - obj->data = p; - - return 1; -} - -/* - * Given the modulus and the public key, return an BER ASN.1 encoded - * PKCS#1 compliant RSAPublicKey object. - */ -u_int8_t * -pkcs_public_key_to_asn (struct rsa_public_key *pub) -{ - u_int8_t *erg; - struct norm_type *key, seq = {TAG_SEQUENCE, UNIVERSAL, 0, 0, 0 }; - - seq.data = &RSAPublicKey; - asn_template_clone (&seq, 1); - key = seq.data; - if (!key) - return 0; - - if (!pkcs_mpz_to_norm_type (&key[0], pub->n)) - { - free (key); - return 0; - } - - if (!pkcs_mpz_to_norm_type (&key[1], pub->e)) - { - free (key[0].data); - free (key); - return 0; - } - - erg = asn_encode_sequence (&seq, 0); - - asn_free (&seq); - - return erg; -} - -/* - * Initalizes and Set's a Public Key Structure from an ASN BER encoded - * Public Key. - */ -int -pkcs_public_key_from_asn (struct rsa_public_key *pub, u_int8_t *asn, - u_int32_t len) -{ - struct norm_type *key, seq = {TAG_SEQUENCE, UNIVERSAL, 0, 0, 0 }; - - mpz_init (pub->n); - mpz_init (pub->e); - - seq.data = RSAPublicKey; - asn_template_clone (&seq, 1); - - if (!seq.data) - return 0; - - if (!asn_decode_sequence (asn, len, &seq)) - { - asn_free (&seq); - return 0; - } - - key = seq.data; - mpz_set (pub->n, (mpz_ptr)key[0].data); - mpz_set (pub->e, (mpz_ptr)key[1].data); - - asn_free (&seq); - - return 1; -} - -void -pkcs_free_public_key (struct rsa_public_key *pub) -{ - mpz_clear (pub->n); - mpz_clear (pub->e); -} - -/* - * Get ASN.1 representation of PrivateKey. - * XXX I am not sure if we need this. - */ -u_int8_t * -pkcs_private_key_to_asn (struct rsa_private_key *priv) -{ - struct norm_type *key, seq = { TAG_SEQUENCE, UNIVERSAL, 0, 0, 0 }; - u_int8_t *erg = 0; - - mpz_t tmp; - - seq.data = RSAPrivateKey; - asn_template_clone (&seq, 1); - key = seq.data; - if (!key) - return 0; - - if (!pkcs_mpz_to_norm_type (&key[1], priv->n)) - goto done; - - if (!pkcs_mpz_to_norm_type (&key[2], priv->e)) - goto done; - - if (!pkcs_mpz_to_norm_type (&key[3], priv->d)) - goto done; - - if (!pkcs_mpz_to_norm_type (&key[4], priv->p)) - goto done; - - if (!pkcs_mpz_to_norm_type (&key[5], priv->q)) - goto done; - - if (!pkcs_mpz_to_norm_type (&key[6], priv->d1)) - goto done; - - if (!pkcs_mpz_to_norm_type (&key[7], priv->d2)) - goto done; - - if (!pkcs_mpz_to_norm_type (&key[8], priv->qinv)) - goto done; - - mpz_init (tmp); - mpz_set_ui (tmp, 0); - - if (!pkcs_mpz_to_norm_type (&key[0], tmp)) - goto done; - - erg = asn_encode_sequence (&seq, 0); - - done: - mpz_clear (tmp); - asn_free (&seq); - - - return erg; -} - -/* - * Initalizes and Set's a Private Key Structure from an ASN BER encoded - * Private Key. - */ -int -pkcs_private_key_from_asn (struct rsa_private_key *priv, u_int8_t *asn, - u_int32_t len) -{ - struct norm_type *key, seq = { TAG_SEQUENCE, UNIVERSAL, 0, 0, 0 }; - u_int8_t *erg; - - mpz_init (priv->n); - mpz_init (priv->p); - mpz_init (priv->q); - mpz_init (priv->e); - mpz_init (priv->d); - mpz_init (priv->d1); - mpz_init (priv->d2); - mpz_init (priv->qinv); - - seq.data = RSAPrivateKey; - asn_template_clone (&seq, 1); - if (!seq.data) - return 0; - - if (!(erg = asn_decode_sequence (asn, len, &seq))) - goto done; - - key = seq.data; - if (mpz_cmp_ui ((mpz_ptr)key[0].data, 0)) - { - log_print ("pkcs_set_private_key: version too high"); - erg = 0; - goto done; - } - - mpz_set (priv->n, key[1].data); - mpz_set (priv->e, key[2].data); - mpz_set (priv->d, key[3].data); - mpz_set (priv->p, key[4].data); - mpz_set (priv->q, key[5].data); - mpz_set (priv->d1, key[6].data); - mpz_set (priv->d2, key[7].data); - mpz_set (priv->qinv, key[8].data); - - mpz_init (priv->qinv_mul_q); - - mpz_mul (priv->qinv_mul_q, priv->qinv, priv->q); - - done: - asn_free (&seq); - - return erg ? 1 : 0; -} - -void -pkcs_free_private_key (struct rsa_private_key *priv) -{ - mpz_clear (priv->n); - mpz_clear (priv->e); - mpz_clear (priv->d); - mpz_clear (priv->p); - mpz_clear (priv->q); - mpz_clear (priv->d1); - mpz_clear (priv->d2); - mpz_clear (priv->qinv); - mpz_clear (priv->qinv_mul_q); -} - -/* - * Creates a PKCS#1 block with data and then uses the private - * exponent to do RSA encryption, returned is an allocated buffer - * with the encryption result. - * - * Either pub_key or priv_key must be specified - * - * XXX CRIPPLED in the OpenBSD version as RSA is patented in the US. - */ -int -pkcs_rsa_encrypt (int art, struct rsa_public_key *pub_key, - struct rsa_private_key *priv_key, u_int8_t *data, - u_int32_t len, u_int8_t **out, u_int32_t *outlen) -{ - /* XXX Always fail until we interface legal (in the US) RSA code. */ - return 0; -} - -/* - * Private Key Decryption, the 'in'-buffer is being destroyed - * Either pub_key or priv_key must be specified - * - * XXX CRIPPLED in the OpenBSD version as RSA is patented in the US. - */ -int -pkcs_rsa_decrypt (int art, struct rsa_public_key *pub_key, - struct rsa_private_key *priv_key, u_int8_t *in, - u_int8_t **out, u_int16_t *outlen) -{ - /* XXX Always fail until we interface legal (in the US) RSA code. */ - return 0; -} - -/* - * Generates a keypair suitable to be used for RSA. No checks are done - * on the generated key material. The following criteria might be - * enforced: p and q chosen randomly, |p-q| should be large, (p+1), (q+1), - * (p-1), (q-1) should have a large prime factor to be resistant e.g. - * against Pollard p-1 and Pollard p+1 factoring algorithms. - * For p-1 and q-1 the large prime factor itself - 1 should have a large - * prime factor. - * - * XXX CRIPPLED in the OpenBSD version as RSA is patented in the US. - */ -int -pkcs_generate_rsa_keypair (struct rsa_public_key *pubk, - struct rsa_private_key *seck, u_int32_t bits) -{ - /* XXX Always fail until we interface legal (in the US) RSA code. */ - return 0; -} - -/* Generate a random prime with at most bits significant bits */ -int -pkcs_generate_prime (mpz_ptr p, u_int32_t bits) -{ - u_int32_t tmp, i; - - mpz_set_ui (p, 0); - i = tmp = 0; - while (bits > 0) - { - tmp = sysdep_random (); - - if (i++ == 0) - { - if (bits & 0x1f) - tmp &= (1 << (bits & 0x1f)) - 1; - tmp |= 1 << ((bits - 1) & 0x1f); - } - - mpz_mul_2exp (p, p, 32); - mpz_add_ui (p, p, tmp); - - bits -= (bits & 0x1f ? bits & 0x1f : 32); - } - - /* Make p odd */ - mpz_setbit (p, 0); - - /* Iterate as long as p is not a probable prime */ - while (!mpz_probab_prime_p (p, 50)) - mpz_add_ui (p, p, 2); - - return 1; -} diff --git a/sbin/isakmpd/pkcs.h b/sbin/isakmpd/pkcs.h deleted file mode 100644 index 96fa435a096..00000000000 --- a/sbin/isakmpd/pkcs.h +++ /dev/null @@ -1,85 +0,0 @@ -/* $OpenBSD: pkcs.h,v 1.5 1999/04/19 19:54:54 niklas Exp $ */ -/* $EOM: pkcs.h,v 1.8 1999/04/02 00:58:05 niklas Exp $ */ - -/* - * Copyright (c) 1998 Niels Provos. All rights reserved. - * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Ericsson Radio Systems. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#ifndef _PKCS_H_ -#define _PKCS_H_ - -#include <gmp.h> - -#define PKCS_PRIVATE 1 /* Private Key Encryption */ -#define PKCS_PUBLIC 2 /* Public Key Encryption */ - -struct rsa_public_key { - mpz_t n; /* Group Modulus */ - mpz_t e; /* Public Exponent */ -}; - -struct rsa_private_key { - mpz_t n; /* Group Modulus */ - mpz_t p; /* Prime p */ - mpz_t q; /* Prime q */ - mpz_t d1; /* d mod (p - 1) */ - mpz_t d2; /* d mod (q - 1) */ - mpz_t e; /* Public Exponent */ - mpz_t d; /* Private Exponent */ - mpz_t qinv; /* inversion of q modulo p */ - mpz_t qinv_mul_q; /* qinv mul q */ -}; - -struct norm_type; - -int pkcs_mpz_to_norm_type (struct norm_type *obj, mpz_ptr n); - -u_int8_t *pkcs_public_key_to_asn (struct rsa_public_key *); -int pkcs_public_key_from_asn (struct rsa_public_key *, u_int8_t *, u_int32_t); -void pkcs_free_public_key (struct rsa_public_key *); - -u_int8_t *pkcs_private_key_to_asn (struct rsa_private_key *); -int pkcs_private_key_from_asn (struct rsa_private_key *, u_int8_t *, - u_int32_t); -void pkcs_free_private_key (struct rsa_private_key *); - -int pkcs_rsa_encrypt (int, struct rsa_public_key *, struct rsa_private_key *, - u_int8_t *, u_int32_t, u_int8_t **, u_int32_t *); -int pkcs_rsa_decrypt (int, struct rsa_public_key *, struct rsa_private_key *, - u_int8_t *, u_int8_t **, u_int16_t *); - -int pkcs_generate_rsa_keypair (struct rsa_public_key *, - struct rsa_private_key *, u_int32_t); -int pkcs_generate_prime (mpz_ptr, u_int32_t); - -#endif /* _PKCS_H_ */ diff --git a/sbin/isakmpd/regress/x509/certificate.txt b/sbin/isakmpd/regress/x509/certificate.txt deleted file mode 100644 index eb6a19f064c..00000000000 --- a/sbin/isakmpd/regress/x509/certificate.txt +++ /dev/null @@ -1,8 +0,0 @@ -version: 2 -serialnumber: 0 -issuer1: SE -issuer2: We, our grandmother and God himself -subject1: SE -subject2: We, our grandmother and God himself -start: 990601000000Z -end: 000601000000Z |