/* $OpenBSD: cert.c,v 1.25 2004/03/31 10:54:46 ho Exp $ */ /* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */ /* * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. * Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* * This code was written under funding by Ericsson Radio Systems. */ #include <sys/param.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include "sysdep.h" #include "isakmp_num.h" #include "log.h" #include "cert.h" #ifdef USE_X509 #include "x509.h" #endif #ifdef USE_KEYNOTE #include "policy.h" #endif struct cert_handler cert_handler[] = { #ifdef USE_X509 { ISAKMP_CERTENC_X509_SIG, x509_cert_init, x509_crl_init, x509_cert_get, x509_cert_validate, x509_cert_insert, x509_cert_free, x509_certreq_validate, x509_certreq_decode, x509_free_aca, x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects, x509_cert_dup, x509_serialize, x509_printable, x509_from_printable }, #endif #ifdef USE_KEYNOTE { ISAKMP_CERTENC_KEYNOTE, keynote_cert_init, NULL, keynote_cert_get, keynote_cert_validate, keynote_cert_insert, keynote_cert_free, keynote_certreq_validate, keynote_certreq_decode, keynote_free_aca, keynote_cert_obtain, keynote_cert_get_key, keynote_cert_get_subjects, keynote_cert_dup, keynote_serialize, keynote_printable, keynote_from_printable }, #endif }; /* Initialize all certificate handlers */ int cert_init (void) { size_t i; int err = 1; for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) if (cert_handler[i].cert_init && !(*cert_handler[i].cert_init) ()) err = 0; return err; } int crl_init (void) { size_t i; int err = 1; for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) if (cert_handler[i].crl_init && !(*cert_handler[i].crl_init) ()) err = 0; return err; } struct cert_handler * cert_get (u_int16_t id) { size_t i; for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) if (id == cert_handler[i].id) return &cert_handler[i]; return 0; } /* * Decode the certificate request of type TYPE contained in DATA extending * DATALEN bytes. Return a certreq_aca structure which the caller is * responsible for deallocating. */ struct certreq_aca * certreq_decode (u_int16_t type, u_int8_t *data, u_int32_t datalen) { struct cert_handler *handler; struct certreq_aca aca, *ret; handler = cert_get (type); if (!handler) return 0; aca.id = type; aca.handler = handler; if (datalen > 0) { aca.data = handler->certreq_decode (data, datalen); if (!aca.data) return 0; } else aca.data = 0; ret = malloc (sizeof aca); if (!ret) { log_error ("certreq_decode: malloc (%lu) failed", (unsigned long)sizeof aca); handler->free_aca (aca.data); return 0; } memcpy (ret, &aca, sizeof aca); return ret; } void cert_free_subjects (int n, u_int8_t **id, u_int32_t *len) { int i; for (i = 0; i < n; i++) free (id[i]); free (id); free (len); }